[ISN] Linux Security Week - September 27th 2004
InfoSec News
isn at c4i.org
Tue Sep 28 05:13:25 EDT 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| September 27th, 2004 Volume 5, Number 38n |
| |
| Editorial Team: Dave Wreski dave at linuxsecurity.com |
| Benjamin D. Thomas ben at linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Sawing Linux
Logs with Simple Tools," "Open source wireless tools emerge," and
"Security Still A Worry As WLANs Expand."
----
>> Crypto Challenge VI has begun <<
Be the first to crack the code and win a Sony DCRHC40 MiniDV Digital
Handycam Camcorder. More prizes in the weekly Lunch Hour Challenge -
make sure you check the site regularly.
CLICK HERE to sign up NOW
http://ad.doubleclick.net/clk;10740242;10262156;m
----
LINUX ADVISORY WATCH:
This week, advisories were released for lukemftpd, cvs, Heimdal, mpg123,
SnipSnap, Foomatic, CUPS, and login_radius. The distributors include
Debian, FreeBSD, Gentoo, Mandrake, OpenBSD, and Suse.
http://www.linuxsecurity.com/articles/forums_article-9931.html
AIDE and CHKROOTKIT
Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.
http://www.linuxsecurity.com/feature_stories/feature_story-173.html
----
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
----
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* Hardening the PAM framework
September 25th, 2004
In yesterday's article we began looking at how PAM can securely
authenticate Windows users. Today we'll check the PAM framework, harden
the basic services that we expect to authenticate to, and look at new PAM
modules that might make our systems more secure.
http://www.linuxsecurity.com/articles/documentation_article-9939.html
* Sawing Linux Logs with Simple Tools
September 24th, 2004
So there you are with all of your Linux servers humming along happily. You
have tested, tweaked, and configured until they are performing at their
peak of perfection. Users are hardly whining at all. Life is good. You may
relax and indulge in some nice, relaxing rounds of TuxKart. After all, you
earned it.
http://www.linuxsecurity.com/articles/documentation_article-9930.html
* Hardening Linux authentication and user identity
September 23rd, 2004
PAM is an authentication mechanism that originated on Solaris, but is used
on various systems, including Linux. The Linux PAM implementation allows a
system administrator to choose how users authenticate to various services.
New modules can be added by an administrator at any time, offering overall
flexibility in how authentication happens.
http://www.linuxsecurity.com/articles/documentation_article-9922.html
* SpamAssassin sports new open-source license
September 23rd, 2004
Project leaders for the widely used software chose to enter the fold of
the Apache Software Foundation to take advantage of the nonprofit group's
legal and technical resources. To make the move, SpamAssassin had to adopt
the Apache License.
http://www.linuxsecurity.com/articles/vendors_products_article-9927.html
+------------------------+
| Network Security News: |
+------------------------+
* Open source wireless tools emerge
September 23rd, 2004
The wireless development landscape differs from the wired world in a
number of ways. For one thing, the dominance of handheld device
manufacturers and proprietary OS makers has meant that open source
projects for wireless connectivity have been slow to take off. But now
this sector is showing some signs of life.
http://www.linuxsecurity.com/articles/security_sources_article-9924.html
* Are Firewalls Useful? And Another Thing...
September 23rd, 2004
If you ever feel in need of a lesson in humility, try reading through the
TCP/IP RFCs and related literature. I have two questions I have no idea
how to answer but rather naively expected that reading this material would
help. It didn't, in truth because I didn't understand most of it; so now
I'm asking you to explain the issues to me.
http://www.linuxsecurity.com/articles/firewalls_article-9919.html
* Security Still A Worry As WLANs Expand: Survey
September 22nd, 2004
About half the companies responding to the survey said that security was
the chief concern preventing growth of WLANs. However, about 84 percent of
the companies that have deployed WLANs said they have not suffered from
security breaches.
http://www.linuxsecurity.com/articles/network_security_article-9904.html
+------------------------+
| General Security News: |
+------------------------+
* Open Source VoIP Ready For Its Close Up
September 25th, 2004
Open Source Voice over IP (define) is ready for its close up. Asterisk, a
popular Voice over IP PBX (define), has released version 1.0.0.
http://www.linuxsecurity.com/articles/forums_article-9938.html
* European Companies Join In Boosting Linux Security
September 24th, 2004
A consortium of European companies, including Linux-distributor
Mandrakesoft, has been awarded a three-year, $8.6 million contract to
boost security of the open-source Linux operating system, the companies
said Thursday.
http://www.linuxsecurity.com/articles/projects_article-9934.html
* Insiders Weigh Law Banning Wireless Spam
September 24th, 2004
In less than a month, it will be illegal to send commercial messages to
any Internet domain associated with wireless messaging subscription
services.
http://www.linuxsecurity.com/articles/network_security_article-9929.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list