[ISN] Linux Security Week - October 11th 2004

InfoSec News isn at c4i.org
Tue Oct 12 02:18:55 EDT 2004 

+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  October 11th, 2004                        Volume 5, Number 40n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Secure E-Mail
and Public Key Cryptography: Together At Last," "Nessus Network Auditing,"
and "The Twenty Most Critical Internet Security Vulnerabilities."

----

>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05

----

LINUX ADVISORY WATCH:
This week, advisories were released for syscons, shareutils, netpbm,
kdelibs, PHP, samba, kernel, XFree86, samba, getmail, zlib, mozilla, and
squid. The distributors include Debian, Slackware, SuSE, Trustix, and
Turbolinux.

http://www.linuxsecurity.com/articles/forums_article-10045.html


AIDE and CHKROOTKIT

Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.

http://www.linuxsecurity.com/feature_stories/feature_story-173.html

----

An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com

http://www.linuxsecurity.com/feature_stories/feature_story-171.html

----

>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+

* Secure E-Mail and Public Key Cryptography: Together At Last?
October 6th, 2004

With its ability to authenticate, digitally sign, and encrypt messages,
public key cryptography seems like a natural fit for protecting e-mail:
With one solution, you can ensure the integrity of the content and prove
the identity of the sender. But public key cryptography is akin to peace
in the Middle East--everyone agrees it's a good idea, but the associated
complexities can derail implementation.

http://www.linuxsecurity.com/articles/cryptography_article-10021.html


* Anti-virus program detects GNU Public Licence
October 6th, 2004

POPULAR OPEN SOURCE virus scanner Clamav has been hastily updated this
morning to remove a 'false positive': the scanner was detecting the GNU
Public Licence as a virus. Thousands of Open Source programs, including
Clamav itself, include a copy of this licence, and since it is a plain
text file it is incapable of containing a virus.

http://www.linuxsecurity.com/articles/vendors_products_article-10035.html


* Role-based Windows subsets will compete more directly with Linux
October 5th, 2004

Microsoft is developing versions of its Windows operating system with only
a subset of the Windows code base, designed for specific server tasks, in
a move that could reduce maintenance costs for customers and create
products that are less vulnerable to attack.

http://www.linuxsecurity.com/articles/vendors_products_article-10013.html


+------------------------+
| Network Security News: |
+------------------------+

* Nessus Network Auditing
October 8th, 2004

Syngress Publishing, Inc., today announced the publication of "Nessus
Network Auditing" (ISBN: 1-931836-08-6), co-authored by Nessus Project
Founder Renaud Deraison and a team of leading Nessus developers.

http://www.linuxsecurity.com/articles/documentation_article-10046.html


+------------------------+
| General Security News: |
+------------------------+

* The Twenty Most Critical Internet Security Vulnerabilities
October 8th, 2004

The vast majority of worms and other successful cyber attacks are made
possible by vulnerabilities in a small number of common operating system
services. Attackers are opportunistic.

http://www.linuxsecurity.com/articles/projects_article-10047.html


* Indian government outsources Linux security to New Jersey firm
October 8th, 2004

Indian Space Research Organization (ISRO) headquarters. And, according to
Guardian Digital spokesperson Nicole Pearson, ISRO made the first contact.
were originally looking for a secure mail server," says Pearson, who noted
that ISRO found Guardian Digital through its online presence, not because
of a sales call or other direct marketing efforts.

http://www.linuxsecurity.com/articles/vendors_products_article-10048.html


* Vendors sharpen vulnerability-assessment tools
October 7th, 2004

A pair of vulnerability-assessment and remediation tool vendors are
separately upgrading their products so that customers more easily can
prioritize which networked systems need to be fixed.

http://www.linuxsecurity.com/articles/network_security_article-10037.html


* A Seven-Step Plan For Protecting Corporate Data
October 7th, 2004

A pharmaceutical researcher develops a new product formula, recording his
work in an electronic notebook. The company e-mails the new formula to its
contract manufacturers and must assure that they don't mistakenly revert
to older, out-of-date formulas.

http://www.linuxsecurity.com/articles/security_sources_article-10044.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

More information about the ISN mailing list