[ISN] Linux Security Week - June 14th 2004

InfoSec News isn at c4i.org
Tue Jun 15 01:52:21 EDT 2004


+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  June 14th, 2004                               Volume 5, Number 24n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Using Jabber as
a log monitor," "Best Practices for Storage Security," "Use Webmin for
Linux Administration," and "Secure Development: A Polarised Response."

----

>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the
network.


http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04

----

LINUX ADVISORY WATCH:

This week, advisories were released for gatos, jftpgw, ethereal, gallery,
rsync, log2mail, kernel, lha, postgresql, cvs, cups, squirrelmail, squid,
tla, Ethereal, tripwire, sitecopy, mailman, apache, mdkonline, xpcd,
mod_ssl, ksymoops, and kerberos5. The distributors include Debain, Fedora,
FreeBSD, Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, SuSE,
Trustix, and Turbo Linux.

http://www.linuxsecurity.com/articles/forums_article-34.html

----

Interview with Brian Wotring, Lead Developer for the Osiris Project

Brian Wotring is currently the lead developer for the Osiris project and
president of Host Integrity, Inc.He is also the founder of knowngoods.org,
an online database of known good file signatures. Brian is the co-author
of Mac OS X Security and a long-standing member of the Shmoo Group, an
organization of security and cryptography professionals.

http://www.linuxsecurity.com/feature_stories/feature_story-164.html

--------------------------------------------------------------------

Guardian Digital Launches Next Generation Secure Mail Suite

Guardian Digital, the premier open source security company, announced the
availability of the next generation Secure Mail Suite, the industry's most
secure open source corporate email system. This latest edition has been
optimized to support the changing needs of enterprise and small business
customers while continually providing protection from the latest in email
security threats.

http://www.linuxsecurity.com/feature_stories/feature_story-166.html

----

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf



+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+

* More flaws foul security of open-source repository
June 10th, 2004

Security researchers have found at least six more flaws in the
open-software world's most popular program for maintaining code under
development.

http://www.linuxsecurity.com/articles/projects_article-28.html


* The need for Security Testing
June 10th, 2004

Will help C-level executives understand what Security Testing is and how
the Open Source Security Testing Methodology Manual (OSSTMM) can help
raise the level of security within their organization.

http://www.linuxsecurity.com/articles/network_security_article-31.html


* The ease of (ab)using X11, Part 2
June 9th, 2004

Last time we looked at how you can get access to an X11 server, the
desktop software you are using when you're running graphical environments
like Gnome or KDE. When you have access to the X11 server, you can do some
remarkable things.

http://www.linuxsecurity.com/articles/documentation_article-27.html


* Best Practices for Storage Security
June 9th, 2004

IT professionals and their businesses have learned the hard way in recent
years that disaster can strike at anytime and that they must be prepared.
Companies unable to resume operations within ten days of a disaster hit
are not likely to survive, stated a study from the Strategic Research
Institute.

http://www.linuxsecurity.com/articles/network_security_article-25.html


* Use Webmin for Linux Administration
June 9th, 2004

Administering Linux and Unix-based servers does not need to be the scourge
of your work day.  With a handy tool called Webmin as part of your
arsenal, you can regain complete control of your servers via the Web
browser.

http://www.linuxsecurity.com/articles/server_security_article-24.html



+------------------------+
| Network Security News: |
+------------------------+

* Using Jabber as a log monitor
June 14th, 2004

Jabber, the streaming XML technology mainly used for instant messaging, is
well-suited to its most common task. However, Jabber is a far more generic
tool. It's not a chat server per se, but rather a complete XML routing
framework. This has some pretty far-reaching implications.

http://www.linuxsecurity.com/articles/network_security_article-39.html


* Managing the security of data flow
June 14th, 2004

Customer Relationship Management (CRM) systems are cited as one of the
major technology successes of the last decade. These 'super databases'
enable the real-time sharing of information across global organisations,
increasing the visibility of the sales pipeline and providing a central
control of the customer experience.

http://www.linuxsecurity.com/articles/network_security_article-41.html


* Ease the security burden with a central logging server
June 14th, 2004

Every network device on your network has some type of logging capability.
Switches and routers are extremely proficient in logging network events.
Your organization's security policy should specify some level of logging
for all network devices.

http://www.linuxsecurity.com/articles/server_security_article-40.html


* The DOMINO Theory: How to Thwart Wi-Fi Cheats
June 10th, 2004

Byaltering the Multiple Access Control (MAC) protocol, one of the series
of protocols that govern how bandwidth is distributed between multiple
users of the same wi-fi access point byrandomly assigning each hotspot
user a rate for data transfer, it is possible tosiphon off most or all of
the bandwidth.

http://www.linuxsecurity.com/articles/network_security_article-29.html


* Securing the Wireless Enterprise
June 10th, 2004

With recent technological advances, wireless devices are well positioned
to add value as corporate productivity tools. Investments in this area
have the potential to provide widespread improvements in mobile worker
efficiency, business activity monitoring, exception handling, and
organizational throughput.

http://www.linuxsecurity.com/articles/network_security_article-30.html


+------------------------+
| General Security News: |
+------------------------+

* Security holes splatter Open Source
June 11th, 2004

A KEY OPEN source tool used by developers to track and manage changes in
computer code has six security glitches and counting. Concurrent Versions
System (CVS) is used to manage code on a number of top open source
software development projects.

http://www.linuxsecurity.com/articles/general_article-33.html


* Secure Development: A Polarised Response
June 8th, 2004

Thankfully these days' assessing the security of an application prior to
implementation is a normal process for most organisations.

http://www.linuxsecurity.com/articles/projects_article-21.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list