[ISN] Linux Security Week, August 23rd, 2004
InfoSec News
isn at c4i.org
Tue Aug 24 02:38:09 EDT 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| August 23, 2004 Volume 5, Number 33n |
| |
| Editorial Team: Dave Wreski dave at linuxsecurity.com |
| David Isecke dai at linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Crypto
researchers abuzz over flaws", "No Easy Fix for Internal Security", "Big
Brother's Last Mile", and "Vulnerability Protection: A Buffer for
Patching".
----
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
----
LINUX ADVISORY WATCH:
This week, advisories were released for acroread, ftpd, gaim, glibc, gv,
kdelibs, kernel, mozilla, mysql, Nessus, Netscape, pam, qt3, Roundup,
rsync, ruby, semi, spamassassin, squirrelmail, and Tomcat. The
distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, NetBSD,
Red Hat, Suse, and Trustix.
http://www.linuxsecurity.com/articles/forums_article-9645.html
----
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* Computer Security 101
August 18th, 2004
Within the space of a single introductory article it is impossible to
cover every aspect of the virus / antivirus topic. I will attempt to
provide as much knowledge as I can without overwhelming you.
http://www.linuxsecurity.com/articles/host_security_article-9634.html
* Vulnerability Protection: A Buffer for Patching
August 17th, 2004
The purpose of this paper is to identify the problem facing the network
security community regarding vulnerabilities and patches. It explains why
current security technologies such as firewalls, intrusion detection and
prevention systems, and automated patch management solutions have failed
in preventing vulnerabilities from being exploited.
http://www.linuxsecurity.com/articles/network_security_article-9632.html
* Password to easy fraud lies in pets' names and birthdays
August 16th, 2004
Most internet and online banking customers leave themselves open to
fraudsters by using predictable passwords, new research claims. More than
three-quarters of people surveyed used words that could be easily guessed.
http://www.linuxsecurity.com/articles/host_security_article-9624.html
+------------------------+
| Network Security News: |
+------------------------+
* Introduction to Vulnerability Scanning
August 18th, 2004
Similar to packet sniffing, port scanning and other "security tools",
vulnerability scanning can help you to secure your own network or it can
be used by the bad guys to identify weaknesses in your system to mount an
attack against. The idea is for you to use these tools to identify and fix
these weaknesses before the bad guys use them against you.
http://www.linuxsecurity.com/articles/server_security_article-9633.html
* No Easy Fix for Internal Security
August 17th, 2004
Not too long ago, the Gartner Group raised a minor dustup in the IT
community by releasing a report claiming that portable storage
media--including consumer devices such as cameras and MP3 players with
built-in or removable memory--represent a new security threat to corporate
networks.
http://www.linuxsecurity.com/articles/network_security_article-9631.html
* Big Brother's Last Mile
August 17th, 2004
On August 9th, 2004, the U.S. Federal Communications Commission (FCC) took
a major step toward mandating the creation and implementation of new
Internet Protocol standards to make all Internet communications less safe
and less secure. What is even worse, the FCC's ruling will force ISP's and
others to pay what may amount to billions of dollars to ensure that IP
traffic remains insecure.
http://www.linuxsecurity.com/articles/network_security_article-9629.html
+------------------------+
| General Security News: |
+------------------------+
* Crypto researchers abuzz over flaws
August 19th, 2004
Encryption circles are buzzing with news that mathematical functions
embedded in common security applications have previously unknown
weaknesses. The excitement began Thursday with an announcement that French
computer scientist Antoine Joux had uncovered a flaw in a popular
algorithm called MD5, often used with digital signatures.
http://www.linuxsecurity.com/articles/cryptography_article-9640.html
* Open-Source Backups Using Amanda
August 19th, 2004
This well tested network backup tool depends on standard tools such as
dump, cron and GNU tar. Find out how to set up regular backups for your
whole network. Those of us who have received the call can feel the tension
and nervous tone in the caller's voice when he or she asks, "How good are
the backups?"
http://www.linuxsecurity.com/articles/host_security_article-9639.html
* Scientists Work On Quantum Code
August 16th, 2004
Relying on the principles of uncertainty underlying quantum mechanics,
Harvard researchers recently established the first experimental secure
network that, when perfected, should make it impossible for hackers to
gain unauthorized access to documents shared electronically.
http://www.linuxsecurity.com/articles/cryptography_article-9623.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list