Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LINUX ADVISORY WATCH - This week, advisories were released for httpd, mod_auth_pgsql, auth_ldap, ethereal, struts, cups, gpdf, apache, and the kernel. The distributor for this week is Red Hat.
LinuxSecurity.com Feature Extras:
Hacks From Pax: SELinux Administration - This week, I'll talk about how an SELinux system differs from a standard Linux system in terms of administration. Most of what you already know about Linux system administration will still apply to an SELinux system, but there are some additions and changes that are critical to understand when using SELinux.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Cisco squashes VoIP, router bugs | ||
19th, January, 2006
Flaws in Cisco Systems software for routers and IP telephony could be a conduit for attacks on enterprise networks, the company has warned. On Wednesday, it released two security alerts along with fixes for Cisco CallManager, which runs Internet-based phone calling. Two flaws exist in the software: One could allow an attacker to paralyze a Cisco IP telephony installation, the other could allow someone with read-only access to the system to gain full privileges, according to the alerts. |
||
| Five Mistakes of Vulnerability Management | ||
18th, January, 2006
Vulnerability management is viewed by some as an esoteric security management activity. Others see it as a simple process that needs to be done in conjunction with Microsoft Corp.'s monthly patch update. "Yet another group considers it a marketing buzzword made up by the vendors. This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas. |
||
| Hey, hey it's Oracle patching day | ||
19th, January, 2006
Wednesday became a busy day for database administrators after Oracle released its quarterly patch update which, this time around, tackles more than 80 vulnerabilities in different Oracle software packages and components. Various flavours of Oracle database (37 security bugs), Oracle E-Business Suite and Applications (27), Oracle Collaboration Suite (20) and Oracle Application Server (17) are most in need of update. |
||
| Novell opens AppArmour source code | ||
17th, January, 2006
Looking to spread the usage of the AppArmour application security software it acquired when it bought Immunix, Novell announced last week that it would release the software's source code under the GNU General Public License (GPL) and sponsor a project to maintain and improve it. |
||
| D-Link Fortifies Security With Checkpoint Partnership | ||
18th, January, 2006
D-Link jumped aboard the unified threat management (UTM) bandwagon this week with a partnership with security vendor Checkpoint Software to develop a new line of small business-focused security appliances. Under the agreement, D-Link will weave Checkpoint's firewall and VPN technology into two new additions to its NetDefend line of SMB security appliances. Slated to be available sometime this quarter, the appliances are aimed at businesses of up to 100 seats and 25 VPN users. |
||
| Users take a shine to Fedora Directory Server 1.0 | ||
19th, January, 2006
Putting on its fedora hat, Red Hat last month released the first version of its free, open-source Directory Server. The Fedora Project is Red Hat's pure open-source arm, with all product releases and source code being freely available without the company's licensing, or "subscription" restrictions, which are required for running Red Hat's enterprise product offerings. |
||
| Tips For Staying Secure in 2006 | ||
16th, January, 2006
Securing data while it travels between applications, business partners, suppliers, customers, and other members of an extended enterprise is crucial. As enterprise networks continue to become increasingly accessible, so do the risks that information will be intercepted or altered in transmission. |
||
| Draft of GPL Version 3 now available for comment | ||
16th, January, 2006
The Free Software Foundation has published the first draft of the much-anticipated version 3 of the GNU General Public License. The draft of the new version is almost twice as long as version 2: It weighs in at more than 4,500 words, versus 2,900 for the earlier version. |
||
| Tracking the Attackers | ||
17th, January, 2006
It has become increasingly important for security professionals to deploy new detection mechanisms to track and capture an attacker's activities. Third Generation (GenIII) Honeynets provide all the components and tools required to gather this information at the deepest level. Sebek is the primary data capture tool for GenIII Honeynets. |
||
| Security Pros Get Their Due | ||
17th, January, 2006
There's a growing market for information security expertise, and salaries are reflecting heightened demand. But beware--when it comes to pay, there's essentially no difference between IS workers with high school diplomas and bachelor's degrees, according to the SANS Institute's 2005 Information Security Salary and Career Advancement survey of more than 4,250 IS pros. People with grad degrees can expect to earn significantly more, however. |
||
| IT security industry 'to be professionalised' | ||
18th, January, 2006
An organisation is being set up to ensure that IT security officers are competent, but it won't have the power to stop people working if they make mistakes IT security officers are to get their own professional body in the UK with the launch of the Institute of Information Security Professionals (IISP) next month. The IISP, which was given the go-ahead by the Department for Trade and Industry at the end of last year, is due to officially launch in February. |
||
| Hackers blackmail milliondollar site | ||
18th, January, 2006
The FBI is investigating the hijacking of milliondollarhomepage.com - the website that earned $1m (£566,000) for its British creator Alex Tew by hosting micro-advertisements - by hackers who demanded a ransom to restore the site. Mr Tew was sent a demand for $50,000 by e-mail by a hacker, believed to be Russian. When he refused, the website crashed. |
||
| New FBI Computer Crime Survey | ||
19th, January, 2006
Want insight into the cyber attacks that U.S. organizations are facing, what defenses they're using against these assaults, and the implications for industry and government? You'll be interested in reading the new 2005 FBI Computer Crime Survey (PDF), their largest survey on these issues to date. |
||
| Has Corporate Info Security Gotten Out of Hand? | ||
19th, January, 2006
What is the right balance between security and productivity, in the corporate IT environment? Looking back at my company, 10 years ago, our machines were connected directly to the Internet, no proxy, no firewall, no antivirus software. Today, my company's proxy server blocks access to: 'bad' web sites (such as Google Groups; our 'antivirus' software prevents our machines (even machines that host production applications) from carrying out legitimate functions, such as the sending of email via SMTP; and individual employees are forced to apply security patches with little or no notice, under threat of their machines loosing network access, if they do not comply by the deadline. |
||
| PC virus celebrates 20th birthday | ||
20th, January, 2006
Today, 19 January is the 20th anniversary for the appearance of the first PC virus. Brain, a boot sector virus, was let loose in January 1986. Brain spread via infected floppy disks and was a relatively innocuous nuisance in contrast with modern Trojan, rootkits and other malware. The appearance of the first Windows malware nonetheless set in train a chain of events that led up to today's computer virus landscape. |
||
| Computer crime costs $67 billion, FBI says | ||
20th, January, 2006
Dealing with viruses, spyware, PC theft and other computer-related crimes costs U.S. businesses a staggering $67.2 billion a year, according to the FBI. The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period. |
||
| Stallman Speaks on the Future of GPL 3.0 | ||
20th, January, 2006
Q&A: Richard Stallman, founder of the FSF, talks about his goals for the GPL and the hopes and fears of free software advocates. The update to the GNU General Public License 2.0, which was some five years in the making, was released this week for a year of public commentary. |
||
| Flaw researcher offers ad space in report | ||
20th, January, 2006
A security researcher who previously tried to auction off a vulnerability in Microsoft Excel plans to sell ad space in the public report about the flaw, SecurityFocus has learned. |
||
| Novell urged to build open source around AppArmor Linux | ||
20th, January, 2006
On Jan. 10 2005, Novell announced the creation of the AppArmor project, an open-source project designed to develop Linux application security using Novell's AppArmor technology. AppArmor technology has previously been available with SUSE Linux 10.0 and Novell's SUSE Linux Enterprise Server 9 Service Pack 3. However, Gartner warned that the move does not guarantee that the AppArmor project will be successful. |
||
| US tests e-Passports | ||
16th, January, 2006
The US government has started testing electronic passports which contain an RFID chip holding information and a digital photo of the passport's carrier. The tests started yesterday at San Francisco airport, Changi Airport in Singapore and Sydney Airport in Australia. Singapore Airlines crew, some US diplomats and some citizens from Australia and New Zealand are carrying the new passports. |
||
| DOD Eyes Network Revamp | ||
17th, January, 2006
The U.S. Military's point man for global network operations says that a total overhaul of the government's classified and unclassified information networks may be necessary to ward off legions of hackers and adequately protect the military from crippling attacks in future conflicts. |
||
| Hackers: If You Can't Beat 'em, Recruit 'em | ||
16th, January, 2006
In the days of increased reliance on the Internet, hackers are making computers increasingly unsafe. To counter that, IT security firms are turning around and hiring talented hackers to find security system holes. Sebastian Schreiber's face lights up with a mischievous grin and his eyes gleam with excitement as he talks about computer hack attacks. |
||
