[ISN] Linux Security Week - May 31st 2004

InfoSec News isn at c4i.org
Tue Jun 1 04:28:47 EDT 2004


+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  May 31st, 2004                                Volume 5, Number 22n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Minimizing
Privileges," "Security in an ERP World," "Key Considerations for
Outsourcing Security," and "CIOs Gear Up for Changing Security Climate."

----

>> Secure Online Data Transfer with SSL <<

Get Thawte's new introductory guide to SSL security which covers the
basics of how it operates. A discussion of the various applications of SSL
certificates and their appropriate deployment is also included along with
details of how to test SSL on your web server.

Download a guide to learn more:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06

----

LINUX ADVISORY WATCH:
This week, advisories were released for libneon, mailman, kde, xpcd,
kdepim, httpd, SquirrelMail, cvs, neon, subversion, cadaver, metamail,
firebird, opera, mysql, mc, apache, heimdal, kernel, utempter, and LHA.
The distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo,
Mandrake, OpenBSD, Red Hat, Slackware, SuSE, and TurboLinux.

http://www.linuxsecurity.com/articles/forums_article-9355.html

----

Linux and National Security

As the open source industry grows and becomes more widely accepted, the
use of Linux as a secure operating system is becoming a prominent choice
among corporations, educational institutions and government sectors.
With national security concerns at an all time high, the question remains:
Is Linux secure enough to successfully operate the government and
military's most critical IT applications?

http://www.linuxsecurity.com/feature_stories/feature_story-165.html

----

>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the
network.


http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04

--------------------------------------------------------------------

Guardian Digital Security Solutions Win Out At Real World Linux

Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out
successes.

http://www.linuxsecurity.com/feature_stories/feature_story-164.html

----

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf



+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+

* Secure programmer: Minimizing privileges
May 26th, 2004

Secure programs must minimize privileges so that any bugs are less likely
to be become security vulnerabilities. This article discusses how to
minimize privileges by minimizing the privileged modules, the privileges
granted, and the time the privileges are active.

http://www.linuxsecurity.com/articles/documentation_article-9348.html


* Secure coding attracts interest, investment
May 26th, 2004

A new product from computer security firm @stake will help developers
search computer code for errors, security holes and other flaws that
malicious hackers can use to break applications -- and break into
computers.

http://www.linuxsecurity.com/articles/host_security_article-9345.html


* Security in an ERP World
May 25th, 2004

Every good hacker story ends with the line: "and then he's got root access
to your network and can do whatever he wants." But the story really
doesn't end there. This is just the beginning of the real damage that the
hacker can inflict.

http://www.linuxsecurity.com/articles/network_security_article-9341.html


+------------------------+
| Network Security News: |
+------------------------+

* Snort up for revamp, says creator
May 24th, 2004

The creator of Snort, the open-source network-based Intrusion Detection
System (IDS), says the software is up for an overhaul.  IDS has failed to
impress the market, Martin Roesch told delegates at the AusCERT computer
security conference in Queensland.

http://www.linuxsecurity.com/articles/intrusion_detection_article-9336.html


+------------------------+
| General Security News: |
+------------------------+

* Key Considerations for Outsourcing Security
May 27th, 2004

As last summer's virus attacks vividly demonstrated, companies of every
size are finding themselves hard pressed to maintain around-the-clock
network security.

http://www.linuxsecurity.com/articles/vendors_products_article-9351.html


* CIOs Gear Up for Changing Security Climate
May 27th, 2004

"Security and business continuity have been pushed to the top of my list
post-9/11," says Lockheed Martin CIO Joseph R. Cleveland. "We've always
been focused on information security, but now we've had to think
differently about the combination of information and physical security."

http://www.linuxsecurity.com/articles/general_article-9350.html


* Auditors warn of foreign risks to weapons software
May 27th, 2004

The Defense Department's control of the source of weapons software came
under fire today in a report issued by the General Accounting Office,
which said overseas production of software creates an unacceptable
security environment.

http://www.linuxsecurity.com/articles/government_article-9352.html


* EU seeks quantum cryptography response to Echelon
May 26th, 2004

The European Union plans to invest $13 million during the next four years
to develop a secure communication system based on quantum cryptography,
using physical laws governing the universe on the smallest scale to create
and distribute unbreakable encryption keys, project coordinators said
today.

http://www.linuxsecurity.com/articles/cryptography_article-9346.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list