Linux Security Week: September 19th 2005
Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Passwords are key for security," "The Six Dumbest Ideas in Computer Security," and "The Non-Wireless Wireless Network Monitoring System."

Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

LINUX ADVISORY WATCH - This week, advisories were released for apache, kdelibs, cvs, mod_ssl, tdiary, squid, mozilla, common-lisp, turqstat, slib, umb-scheme, psmisc, gtk, file, subversion, unzip, e2fsprogs, selinux-policy-targeted, firefox, mozilla, vte, xdelta, tvtime, dhcp, gnupg, util-linux, mc, libwnck, pcre, exim, and squid. The distributors include, Debian, Fedora, Gentoo, and Red Hat. Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Real-time exploits tracking with Anti-Exploit
  14th, September, 2005

This is a review of the first on-access Anti-Exploit scanner. Anti-Exploit can help IT professionals to discover local attackers before they manage to execute malicious programs.
  Users tackle question of Linux vs. Windows on the server
  13th, September, 2005

The battle between Linux and Windows for server-side dominance is continuing to play out in data centers worldwide. While some are drawn to Microsoft due to Windows' ease-of-use, manageability and application availability, others feel that low cost, high stability and the freedom of being able to tweak and analyze source code makes Linux the only choice.
  Passwords are key for security
  13th, September, 2005

Security can be a double-edged sword, especially if you buy a used computer. Many people protect their laptops with a password for the BIOS — the “basic input/output system? — that controls a computer when you first turn it on. If you don’t know the BIOS password, you might as well be buying a paperweight. Computer manufactures charge $300 to $500 to remove a BIOS password, often more than the cost of a used laptop.
  The Six Dumbest Ideas in Computer Security
  13th, September, 2005

There's lots of innovation going on in security - we're inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I'm invited to a new computer security conference, or I'm asked to write a foreword for a new computer security book. And, thanks to the fact that it's a topic of public concern and a "safe issue" for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a "hot topic." But why are we spending all this time and money and still having problems?
  Acoustic Snooping on Typed Information
  14th, September, 2005

Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.)
  Linux talent scarce as penguins' teeth
  15th, September, 2005

he penguins were on the streets of Kanata yesterday, searching for scarce Linux software developers. In a sign of the recovering technology industry, recruiters from Liquid Computing dressed up as penguins -- the symbol of the popular open-source technology -- in a bid to find 20 more staff. Since raising $14 million U.S. in new capital in May, Liquid has doubled the workforce to 60 full-time and contract employees.
  The gloves are off taking the fight to the spammers
  16th, September, 2005

2005 has already seen spammers and virus writers become more shrewd, more malicious, more sophisticated and more hungry for commercial gain. The potential damage that this will inflict on brand reputation, customer relationships, and capacity to run a business will continue to move IT security management further up the boardroom agenda - never has it been so important to get it right.
  Hackers work to exploit latest Firefox flaw
  15th, September, 2005

Security researchers claim to have found ways to exploit a serious bug in Firefox and Mozilla Web browsers, a sign that attacks could be on the way. ... Disclosure of a flaw typically starts a race in the security community to exploit it. In the past few days, at least two security researchers have posted messages to popular security mailing lists claiming they have found ways attackers could take advantage of the vulnerability.
  The Non-Wireless Wireless Network Monitoring System
  12th, September, 2005

This new Linux-based wireless intrusion detection system is aimed at stopping a network's security from being compromised by detecting the installation of unauthorized access points. The wireless detection system utilizes wireless drones to develop a wireless network solely to detect any wireless signals that emanate from within their workplace. By incorporating a GPS module the location of any intruding device can be pinpointed. A standard web interface allows the administrator to monitor network usage; the system uses e-mail and pop-up alerts to signal possible intrusions of the network.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!