Linux Security Week: September 26th 2005
Source: Contribtors - Posted by Benjamin D. Thomas   
Linux Security Week This week, perhaps the most interesting articles include "Protecting Linux against automated attackers," "Information Security Concepts Primer," and "Five common mistakes that Linux IT managers make."

LINUX ADVISORY WATCH - This week, advisories were released for turqstat, centericq, lm-sensors, kdebase, python, XFree86, Mailutils, Shorewall, mozilla, mod_ssl, clam, mod_ssl, Zebedee, umount, squid, and mod_ssl. The distributors include Debian, Fedora, Gentoo, and Red Hat. Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to with "subscribe" as the subject.

Thank you for reading the weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  Firefox woes spread to Linux
  22nd, September, 2005

When I saw all the headlines this week about a new Symantec report contradicting popular perception that Firefox was the secure alternative to Microsoft Internet Explorer, the timing couldn't have been better. Just three days earlier I wrote this blog about Firefox surpassing Microsoft Internet Explorer in monthly vulnerabilities and a flood of angry comments followed in the talkback and Slashdot had another 500 plus comments.

  Cisco security certifications changing
  20th, September, 2005

Cisco Systems Inc. is revamping its security professional-level certifications to better reflect the networking giant's emphasis on its Self-Defending Network strategy.

  Protecting Linux against automated attackers
  22nd, September, 2005

As many systems administrators will tell you, attacks from automated login scripts specifically targeting common account names with weak passwords have become a substantial threat to system security, especially via SSH (a popular program that allows remote users to log in to a Linux computer and execute commands locally). Here are some common-sense rules to follow that can greatly improve security, as well as several scripts to cut down on the computing resources wasted by these attacks.

  Underground without firewalls
  23rd, September, 2005

Deep underground somewhere in south-east England, security experts have built a data hosting center almost entirely based on open source operating systems. The cryptologists at the Bunker, an ex-Nato anti-nuclear hideout owned by a data hosting group also known as the Bunker, are so confident of good security, that they say they have no need for firewalls – the tools commonly used for keeping hackers away.

  Novell strengthens its security products
  20th, September, 2005

At Novell's Brainshare user conference in Barcelona last week, the software supplier said it had strengthened its identity and access management security products, Novell Identity & Access Management. Novell also claimed significant customer gains in Europe with its open source SuSE Linux desktop and enterprise server.

  EnGarde Secure Linux 3.0 PR1
  21st, September, 2005

"Guardian Digital is shortly going to be announcing the next major release of its award-winning EnGarde Secure Linux platform, and we'd like to offer the engarde-users community a first-glimpse at this release. Within this new release, codenamed Rapier, you'll find: Linux 2.6 kernel featuring SELinux Mandatory Access Control; Guardian Digital Secure Network features free access to all system and security updates; support for new hardware, including 64-bit AMD architecture; web-based management of all functions...."

  Firefox Command Line URL Shell Command Injection
  21st, September, 2005

Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).

  Prelude Releases 0.9 of Hybrid IDS Framework
  21st, September, 2005

The Prelude Project has released the 0.9 version of their Hybrid IDS Framework. Which represents over seven years of development. It supports over 40 different types of devices and log types. As well as other security software such as Snort and Samhain offering support for reporting to Prelude. Many other advancements have been made to the Prelude Framework. Including the all new Prewikka front-end for correlation and monitoing of alerts.

  Auditor: The security tool collection
  23rd, September, 2005

The Auditor security collection is a GPL-licensed live CD based on Knoppix, with more than 300 security software tools. Auditor gives you easy access to a broad range of tools in almost no time.

  Are IT Departments Security Risks?
  19th, September, 2005

Workers are more like to indulge in risky Internet behavior -- surfing to unknown or even suspicious sites, for example -- when they have an IT department behind them to clean up their mess, a recently released study claims. According to the July study -- which was released Tuesday by Tokyo-based Trend Micro and based on polls of 1,200 users, 400 each in the U.S., Germany, and Japan -- 39 percent of enterprise workers believed that their company's IT department would keep them safe from viruses, worms, spyware, spam, and phishing and pharming attacks.

  Hackers thwart security by going small
  19th, September, 2005

Computer attackers are trying to circumvent improved defences in corporate networks by creating smaller worms and viruses that infect individual computers, says a report on Internet security to be released today.

  ISS discusses its security procedures
  20th, September, 2005

Internet Security Systems Chairman, CEO and President Tom Noonan says customers increasingly are looking for security platforms that do two basic things: Let the good guys in and keep the bad guys out. He spoke with Network World's Editor in Chief John Dix and News Editor Bob Brown. Here is an edited transcript of Noonan's thoughts on a host of topics.

  Passwords In Security
  21st, September, 2005

Breaking into corporate networks, and thereby corporate information, has never been easier. Why? Firstly, access to systems (usually Windows) at the desktop is universal. Secondly, most people, including techies, don't appear to know how to select adequately secure passwords.

  Viruses not just a Windows issue
  21st, September, 2005

According to a report from antivirus company Kaspersky, recently hosted Linux versions of the Mozilla browser and Thunderbird mail client that were infected with the Linux RST.b virus. The versions involved were the localised Korean releases, and they have now been removed. RST.b infects ELF executable files to insert a backdoor onto the victim's computer and automatically downloads exploit scripts from an Internet site.

  Information Security Concepts Primer
  22nd, September, 2005

Information Security is such a broad discipline that it’s easy to get lost in a single area and lose perspective. The discipline covers everything from how high to build the fence outside your business, all the way to how to harden a Windows 2003 server.

It’s important, however, to remember not to get caught up in the specifics. Each best practice is tied directly to a higher, more philosophical security concept, and those concepts are what I intend to discuss here.

  Five common mistakes that Linux IT managers make
  23rd, September, 2005

After seeing the same mistakes repeated by different IT managers over the years, I've noticed a pattern of common errors. Here are the five common mistakes, along with tips for avoiding them.

  Name that worm plan looks to cut through chaos
  23rd, September, 2005

Zotob.E, Tpbot-A, Rbot.CBQ and IRCbot.worm: all names given to a single worm that wreaked havoc in Windows 2000 systems last month. Among the plethora of identifiers, perhaps the most useful--CME-540--didn't make an impact.

  Protect Yourself Against Rogue Employees
  20th, September, 2005

You have problems. The annual report spreadsheet has disappeared from a server. A virus is loose in company e-mail. Someone has access to the network through some kind of back door. Those are big problems.


Only registered users can write comments.
Please login or register.

Powered by AkoComment!