[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Linux Security Week - December 16th 2002



+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  December 16th, 2002                          Volume 3, Number 49n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@xxxxxxxxxxxxxxxxx    |
|                   Benjamin Thomas         ben@xxxxxxxxxxxxxxxxx     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Know Your Enemy
- Learning with User-Mode Linux," "Buried By The Authentication
Avalanche," "Secure Passwordless Logins with SSH," and "Six Basic Tips For
Securing Wireless Networks."


Network Security Audit - "Information for the right people at right time
and from anywhere" has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.

http://www.linuxsecurity.com/feature_stories/feature_story-131.html

LINUX ADVISORY WATCH:
This week, advisories were released for nss_ldap, icecast, fileutils, imp,
apache, groff, html2ps, im, gtetrinet, tcpdump, tetex, perl, python,
canna, and wget.  The distributors include Caldera, Debian, Mandrake, and
Red Hat.

http://www.linuxsecurity.com/articles/forums_article-6367.html


CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2

Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following
guidelines.

http://www.linuxsecurity.com/feature_stories/feature_story-130.html


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+


* Know Your Enemy - Learning with User-Mode Linux
December 13th, 2002

This paper will focus on building a Honeynet using a single computer and
free, OpenSource software. This will be accomplished by building a Virtual
Honeynet, using the OpenSource solutions User-Mode Linux (often called
UML) and IPTables.

http://www.linuxsecurity.com/articles/documentation_article-6370.html


* Buried By The Authentication Avalanche
December 13th, 2002

With identity theft on the rampage, network managers are being hit by an
increasing barrage of software, hardware and services for user
authentication. Organizations are implementing technologies ranging from
traditional passwords/PINs to PKI and SSL certificates, tokens,
fingerprint readers, and even voiceprints.

http://www.linuxsecurity.com/articles/network_security_article-6374.html


* Rooting Out Corrupted Code
December 12th, 2002

Sometimes it's easy to tell when you're dealing with an imposter. That
Mona Lisa at your neighbor's yard sale is unlikely to be the real thing.
When you see Elvis at the mall, you can be pretty sure that he's a fake,
too.

http://www.linuxsecurity.com/articles/documentation_article-6361.html


* Apache Suffers More Attacks
December 12th, 2002

I report on a lot of software vulnerabilities, and I try to weed out the
unimportant ones. But there's no real way to know in advance which ones
will be exploited and which ones cybervandals will essentially ignore.

http://www.linuxsecurity.com/articles/vendors_products_article-6359.html


* Secure Passwordless Logins with SSH Part 1
December 11th, 2002

Many of my past newsletters have detailed configuration setups that
required you to be able to execute commands on remote machines without
interactively supplying a password. The next few articles will help show
how you can set up such a system.

http://www.linuxsecurity.com/articles/documentation_article-6358.html


* IT users in password hell
December 11th, 2002

Heavy users of technology now employ nearly two dozen passwords to gain
access to various IT systems and Web sites--but are compromising security
by writing them down. The 2002 NTA Monitor Password Survey found that the
typical intensive IT user now has 21 passwords, and has two strategies to
cope, neither of which is advisable from a security standpoint: they
either use common words as passwords or keep written records of them. The
survey found that some of these heavy users maintain up to 70 passwords.

http://www.linuxsecurity.com/articles/network_security_article-6357.html



+------------------------+
| Network Security News: |
+------------------------+

* Network Vulnerability Rises Exponentially When Moving From Wired To
Wireless
December 12th, 2002

In international news at the end of last week, Richard Clarke, special
advisor to the US president for cyberspace security, together with other
experts labelled wireless networking technology as a potential terrorist
target.

http://www.linuxsecurity.com/articles/forums_article-6362.html


* XML Encryption Specs Approved
December 11th, 2002

The two specs, XML Encryption Syntax and Processing and Decryption
Transform for XML Signature, will enable Web pages using Extensible Markup
Language to encrypt parts of a document being exchanged between Web sites,
the World Wide Web Consortium said.

http://www.linuxsecurity.com/articles/cryptography_article-6351.html


* Law may be updated to cover DoS attacks
December 11th, 2002

The government is considering amending the Computer Misuse Act (CMA), amid
concern within the Internet industry that denial of service (DoS) attacks
may not be covered by the law.The Home Office, in consultation with groups
such as the police and industry representatives, is currently examining
ways of updating the CMA, according to a Home Office spokeswoman.

http://www.linuxsecurity.com/articles/government_article-6356.html


* Six Basic Tips For Securing Wireless Networks
December 10th, 2002

Wireless networks offer opportunities for hackers. But it doesn't have to
be that way The purpose of properly securing a wireless access point is to
close off the network from outsiders who do not have authoristion to use
your services. This is often easier said than done.

http://www.linuxsecurity.com/articles/documentation_article-6346.html


* Risk Assessment Essentials
December 9th, 2002

We all claim to understand the importance of network security. We stand
around water coolers chatting about this worm, that newly discovered
security hole, this patch, and that hot fix.  As IT managers, we know it's
our job to ensure that all the latest patches are not only applied, but
applied immediately.


http://www.linuxsecurity.com/articles/security_sources_article-6339.html



+------------------------+
| Cryptography News:     |
+------------------------+

* Crypto-Gram December 15th, 2002
December 15th, 2002

Crypto-Gram is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on computer security and cryptography. This
month, Comments on the Department of Homeland Security, Security Notes
from All Over:  Dan Cooper, Crime: The Internet's Next Big Thing, and
more.

http://www.linuxsecurity.com/articles/cryptography_article-6375.html



+------------------------+
| General News:          |
+------------------------+

* IDC: Cyberterror to hit in 2003
December 13th, 2002

A major cyberterrorism event will occur in 2003, a technology research
group predicted on Thursday, one that will disrupt the economy and bring
the Internet to its knees for at least a day or two.

http://www.linuxsecurity.com/articles/general_article-6368.html


* Homeland Security Will Consolidate Software Licenses
December 12th, 2002

Speaking at a Spy Museum breakfast today, Secret Service assistant
director Steve Colo said the new Homeland Security Department will
consolidate all its component agencies' software licenses "for the greater
good," looking first at large contracts with vendors such as Microsoft
Corp. and Oracle Corp. <

http://www.linuxsecurity.com/articles/government_article-6364.html


* Today's Pain Points Are Tomorrow's Vendor Opportunities
December 11th, 2002

If you want to predict the most important information security tools for
CSOs in the coming year, just look at the problems that CIOs are trying to
resolve today. Whereas today's security tools are intrusive, clunky and
require significant commitment from both staff and users alike, tomorrow's
tools will increasingly be automatic and even autonomous.

http://www.linuxsecurity.com/articles/security_sources_article-6353.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.