Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
LINUX ADVISORY WATCH - This week, advisories were released for gaim, gopher, pdns, apt- catcher, ethereal, im-sdk, selinux-policy-targeted, gamin, pam, netpbm, mkinitrd, kde, arts, NetworkManager, labraw, ckermit, httpd, gphoto, coreutils, iiimf, yum, gimp, redhead, zlib, fetchmail, sandbox prsotext, proftpd, nbsmtp, dump, and SquirrelMail. The distributors include Debian, Fedora, Gentoo, and Red Hat.
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Ten Reasons towards Cryptography | ||
|
5th, August, 2005
Cryptography is already the de facto way of securing sensitive web traffic and it is now reaching across the entire enterprise as companies start to use industry-standard protocols such as SSL internally - even between servers only a few feet apart. |
||
| Exploit writers team up to target Cisco routers | ||
|
1st, August, 2005
It's Saturday night, a time for blowout parties at the annual DEF CON hacker convention, including the Goth-flavored Black and White Ball. But a half dozen researchers in the nondescript room quietly drink, stare at the screens of their laptops, and in low voices, discuss how to compromise two flat metal boxes sitting on a sofa side table: Cisco routers. |
||
| Google now a hacker's tool | ||
|
2nd, August, 2005
Although security software can identify when an attacker is performing reconnaissance work on a company's network, attackers can find network topology information on Google instead of snooping for it on the network they're studying, he said. This makes it harder for the network's administrators to block the attacker. "The target does not see us crawling their sites and getting information," he said. |
||
| What to do before an IOS disaster strikes | ||
|
2nd, August, 2005
Last week, former Internet Security Systems researcher Michael Lynn presented at the Black Hat USA 2005 conference a reliable process that could be used to exploit Cisco routers running the Internetworking Operating System (IOS.) Even though the exact exploit demonstrated during his presentation was not disclosed, Lynn showed enough details to prove that the exploit is real and that previous misconceptions that routers and switches are not exploitable are false. |
||
| DNS servers - an Internet Achilles heel | ||
|
3rd, August, 2005
Hundreds of thousands of Internet servers are at risk of an attack that would redirect unknowing Web surfers from legitimate sites to malicious ones. In a scan of 2.5 million so-called Domain Name System machines, which act as the White Pages of the Internet, security researcher Dan Kaminsky found that about 230,000 are potentially vulnerable to a threat known as DNS cache poisoning. |
||
| More Lynn/Cisco Information | ||
|
3rd, August, 2005
There's some new information on last week's Lynn/Cisco/ISS story: Mike Lynn gave an interesting interview to Wired. Here's some news about the FBI's investigation. And here's a video of Cisco/ISS ripping pages out of the BlackHat conference proceedings. |
||
| Worms could dodge Net traps | ||
|
5th, August, 2005
Future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken, according to new research. In a pair of papers presented at the Usenix Security Symposium here Thursday, computer scientists said would-be attackers can locate such sensors, which act as trip wires that detect unusual activity. That would permit nefarious activities to take place without detection. |
||
| Linux Kernel Security and Quality Improved Dramatically in Last Six Months, New Coverity Study Finds | ||
|
3rd, August, 2005
Coverity, Inc., makers of the world's most advanced and scalable source code analysis solution today announced results from a new study on the security and quality of the Linux kernel. Six months ago Coverity analyzed Linux kernel 2.6.9, the same version used in Red Hat Enterprise Linux 4.0, and found six potentially critical defects in the core filesystem and networking code. Today's findings on the newest Linux kernel 2.6.12 show that all critical defects have been fixed. |
||
| Key bugs in core Linux code squashed | ||
|
4th, August, 2005
Serious security bugs in key parts of the latest Linux code have been fixed, but some small glitches have been introduced, according to a recent scan. In December, Coverity looked at version 2.6.9 of the Linux kernel, the heart of the open-source operating system, and found six critical defects in the core file system and networking code. In July, the code analysis company scanned the latest version of the Linux kernel, version 2.6.12, and found no such programming errors, Coverity CEO Seth Hallem said. |
||
| Flaws Found in MySQL Tracking System | ||
|
2nd, August, 2005
Flaws have been found in MySQL Eventum 1.5.5 and prior that allow malicious users to conduct cross-site scripting and SQL injection attacks. |
||
| Car Whisperer | ||
|
3rd, August, 2005
The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. A Bluetooth passkey is used within the pairing process that takes place, when two Bluetooth enabled devices connect for the first time. Besides other public data, the passkey is a secret parameter used in the process that generates and exchanges the so-called link key. In Bluetooth communication scenarios the link key is used for authentication and encryption of the information that is exchanged between the counterparts of the communication. |
||
| The Sniffer vs. the Cybercrooks | ||
1st, August, 2005
The investment bank, despite billions in annual revenue and the small squadron of former police, military and security officers on its payroll, was no match for Mark Seiden. |
||
| Linux Security - Is it Ready For The Average User? | ||
|
1st, August, 2005
There seems to be a new important security patch out for Linux every month, lots of "do not use this program" warnings, too many articles and books with too little useful information, high-priced consultants, and plenty of talk about compromised systems. It is almost enough to send someone back to Windows. Can the average Linux user or system administrator keep his or her system secure and still have time to do other things? Bob Toxen is happy to say yes and article is how to do it. |
||
| Cyber-criminals turn to extortion and fraud | ||
|
3rd, August, 2005
Governments, financial services firms and manufacturing companies are now the top targets for security attacks, according to research published today by IBM. The first half of this year has seen a whopping 50 per cent increase in what Big Blue calls "customised" attacks. |
||
| An IT Manager’s Guide to Provisioning and Identity Management | ||
|
4th, August, 2005
With staff now requiring access to so many internal and external computer systems, all of which might require separate usernames, passwords and access privileges, identity management is far from straightforward. Learn what can be done to simplify identity management in this article. |
||
| A Hacker Games the Hotel | ||
|
1st, August, 2005
A vulnerability in many hotel television infrared systems can allow a hacker to obtain guests' names and their room numbers from the billing system. It can also let someone read the e-mail of guests who use web mail through the TV, putting business travelers at risk of corporate espionage. And it can allow an intruder to add or delete charges on a hotel guest's bill or watch pornographic films and other premium content on their hotel TV without paying for it. |
||
| Hackers Demonstrate Their Skills in Vegas | ||
|
2nd, August, 2005
Even the ATM machines were suspect at this year's Defcon conference, where hackers play intrusion games at the bleeding edge of computer security. With some of the world's best digital break-in artists pecking away at their laptops, sending e-mails or answering cell phones could also be risky. Defcon is a no-man's land where customary adversaries — feds vs. digital mavericks — are supposed to share ideas about making the Internet a safer place. But it's really a showcase for flexing hacker muscle. |
||
| Wireless hijacking under scrutiny | ||
|
1st, August, 2005
A recent court case, which saw a West London man fined £500 and sentenced to 12 months' conditional discharge for hijacking a wireless broadband connection, has repercussions for almost every user of wi-fi networks. |
||
| The Threat From Within | ||
|
2nd, August, 2005
Malicious insiders represent today's toughest challenge for security architects. Traditional database security tools such as encryption and access controls are rendered useless by a trusted employee who has--or can easily obtain--the right credentials. In addition, more users in the enterprise are getting database access, including DBAs, application developers, software engineers, and even marketing, HR, and customer support representatives. And whether spurred by revenge or tempted by easy money, insiders can sell their booty on a bustling information black market. |
||
| Hackers cash in on 802.1x confusion | ||
|
3rd, August, 2005
Companies are leaving their wireless networks exposed to hackers because of widespread failure to understand or implement 802.11x security systems, a survey has claimed. |
||
| Hackers Say Wireless Is Weak | ||
|
4th, August, 2005
Lock down your wireless network -- that’s the message coming loud and clear now that the DefCon hacker convention has rolled through Las Vegas. Jesse Krembs, president of The Hacker Foundation, who spoke at the show, warned that wireless is the weak under-belly of many businesses. “I think that the main thing that people will be looking at is more wireless hacking, | ||
