This week, perhaps the most interesting articles include Diffie: Infrastructure a disaster in the making," From SATAN to OVAL: The Evolution of Vulnerability Assessment," and Taking a swipe at two-factor authentication.
DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software Understanding the anti-spam solution market and its various choices and buzzwords can be daunting task. This free whitepaper from Roaring Penguin Software helps you cut through the hype and focus on the basics: determining what anti-spam features you need, whether a solution you are considering includes them, and to what degree. Find out more!
LINUX ADVISORY WATCH - This week packages were released for axel, gftp, wireless-tools, glibc, selinux-policy-targeted, kernel, autofs, GnomeVFS, phpMyAdmin, shorewall, gtk, shareutils, gdk-buf, kdegraphics, dhcp, and gaim. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE.
LinuxSecurity.com Feature Extras:
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - The Tao of Network Security Monitoring is one of the most comprehensive and up-to-date sources available on the subject. It gives an excellent introduction to information security and the importance of network security monitoring, offers hands-on examples of almost 30 open source network security tools, and includes information relevant to security managers through case studies, best practices, and recommendations on how to establish training programs for network security staff.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| A federated crypto guy | ||
| 14th, April, 2005
WHEN budgets get tight, R&D is often one of the first departments to feel the squeeze. But at RSA Security, vice-president of research Burt Kaliski and his team are considered the heart and soul of the business. RSA puts about 18-20 per cent of its revenue into applied research and standards development at its research centre, RSA Laboratories. |
||
| TuxJournal is online! | ||
| 11th, April, 2005
The first on-line Italian Magazine is on-line. All the Italian readers can find here a very good source of news and articles about the OpenSource and Technology World. TuxJournal.net |
||
| And here's a key to combat hacking | ||
| 11th, April, 2005
As we rely more on computers, the potential for hackers to hurt us and destroy our personal records has grown. Corporates and public networks, instead of individuals face the brunt of hackers’ ingenuity. However, there are ways to build unhackable network. |
||
| Using a Linux failover router | ||
| 13th, April, 2005
Today, it's hard to imagine an organization operating without taking advantage of the vast resources and opportunities that the Internet provides. The Internet's role has become so significant that no organization can afford to have its Net connection going down for too long. Consequently, most organizations have some form of a secondary or backup connection ready (such as a leased line) in case their primary Net connection fails. |
||
| Diffie: Infrastructure a disaster in the making | ||
| 13th, April, 2005
In the 1970s, Martin Hellman and Whitfield Diffie wrote the recipe for one of today's most widely used security algorithms in a paper called "New Directions in Cryptography. The paper mapped out the Diffie-Hellman key exchange, a major advancement in Public Key Infrastructure (PKI) technology that allows for secure online transactions and is used in such popular protocols as the Secure Sockets Layer (SSL) and Secure Shell (SSH). In 2000, they received the prestigious Marconi Foundation award for their contributions. |
||
| Network monitoring with Nagios | ||
| 14th, April, 2005
How can a system administrator monitor a large number of machines and services to proactively address problems before anyone else suffers from them? |
||
| From SATAN to OVAL: The Evolution of Vulnerability Assessment | ||
| 15th, April, 2005
With the growing reliance and dependence on our inter-connected world, security vulnerabilities are a real world issue requiring focus and attention. Security vulnerabilities are the path to security breaches and originate from many different areas - incorrectly configured systems, unchanged default passwords, product flaws, or missing security patches to name a few. The comprehensive and accurate identification and remediation of security vulnerabilities is a key requirement to mitigate security risk for enterprises. |
||
| Developers Rate Linux More Secure Than Windows In Survey | ||
| 14th, April, 2005
A new study addressing security issues finds that software-development managers generally rate Linux as a more secure operating system than Windows. The study, which will be released by the end of the month, was conducted by BZ Research, the research subsidiary of publisher BZ Media LLC. It was not funded by any vendors. |
||
| Breaking software easier than you think | ||
| 15th, April, 2005
One reason software security vulnerabilities are so tough to fix is because they are so hard to find. Unlike other bugs that become apparent when an application acts up, security holes tend to hide from normal view. And that's just how the hacker underground likes it. |
||
| Fortinet in court for hiding Linux in its code | ||
| 15th, April, 2005
A German court has granted a preliminary injunction against security firm Fortinet for allegedly violating the general public licence (GPL) and hiding Linux in its code. The ruling could prevent the security appliance vendor from further distributing its products until it complies with the open source licence. |
||
| Cisco: Malicious ICMP messages could cause denial of service | ||
| 15th, April, 2005
A publicly available document on how to use how the Internet Control Message Protocol (ICMP) to launch denial-of-service attacks has prompted Cisco Systems to issue an advisory outlining a variety of vulnerable products. |
||
| Taking a swipe at two-factor authentication | ||
| 11th, April, 2005
An essay in an April trade magazine maintains two-factor authentication can't counter emerging threats, and that the industry would be wise to come up with a better solution to the nation's biggest cyberproblem: identity theft. |
||
| HIPAA Compliance In 30 Days or Less | ||
| 12th, April, 2005
HIPAA. We are all sick of the acronym by now, and the April 20 compliance deadline for the Health Insurance Portability and Accountability Act is looming. At the state agency where I work, the information security officer (ISO), who is responsible for HIPAA security rule compliance, has spent the past seven months or so writing policies and procedures. He divided them into two groups: "required" (stuff we have to do) and "addressable" (stuff we'd better be thinking about doing). |
||
| Strategic Security | ||
| 12th, April, 2005
Christofer Hoff is on a mission. As the director of information security at Western Corporate Federal Credit Union (WesCorp), Hoff has launched an initiative to quantify the benefits of information security spending for business executives at the San Dimas, Calif.-based company. |
||
| Linux servers praised for security | ||
| 12th, April, 2005
Software development managers rate Linux significantly higher than Windows server products for security, according to the latest research. |
||
| The two-edged sword: Legal computer forensics and open source | ||
| 12th, April, 2005
Ryan Purita of Totally Connected Security is one of the leading computer forensic experts in private practice in Canada. He is a Certified Information Systems Security Professional, holding one of the most advanced security qualifications in the world. Working for both the prosecution and the defence in legal cases, Purita has also taught computer security to law enforcement agencies, probation officers and social workers, and is currently developing programs for the Justice Institute of British Columbia. Much of his daily work is an extension of a system administrator's activities. A good part of it involves the advanced use of open source tools, including several standard system tools. His work methods offer fresh perspectives on security, privacy issues and the relative merits of Windows and GNU/Linux -- to say nothing of a niche industry where open source is more than holding its own. |
||
| First Spam Felony Case Nets 9-Year Jail Term | ||
| 11th, April, 2005
A Virginia judge sentenced a spammer to nine years in prison Friday in the nation's first felony prosecution for sending junk e-mail, though the sentence was postponed while the case is appealed. |
||
| Universities To Aid U.S. Cybersecurity Effort | ||
| 12th, April, 2005
Experts from a consortium of colleges will lead a far-reaching effort to keep the nation's computer data safe from cyberattack, the National Science Foundation announced Monday. |
||
| Linux programmer wins legal victory | ||
| 14th, April, 2005
A Linux programmer reported a new victory in a German court Thursday in enforcing the General Public License, which governs countless projects in the free and open-source software realms. |
||
| LexisNexis Data on 310,000 People Feared Stolen | ||
| 12th, April, 2005
Data broker LexisNexis said Tuesday that personal information may have been stolen on 310,000 U.S. citizens, or nearly 10 times the number found in a data breach announced last month. |
||
| 180,000 warned credit-card data exposed | ||
| 14th, April, 2005
Data apparently stolen from the popular clothing retailer Polo Ralph Lauren Inc. is forcing banks and credit card issuers to notify thousands of consumers that their credit-card information may have been exposed. |
||
