[ISN] Linux Security Week - July 4th 2005
InfoSec News
isn at c4i.org
Tue Jul 5 03:27:47 EDT 2005
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| July 4th, 2005 Volume 6, Number 28n |
| |
| Editorial Team: Dave Wreski dave at linuxsecurity.com |
| Benjamin D. Thomas ben at linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Linux to
the rescue: A review of three system rescue CDs," "We Don't Need the
GPL Anymore," and "Senators propose sweeping data-security bill."
---
## Internet Productivity Suite: Open Source Security ##
Trust Internet Productivity Suite's open source architecture to
give you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced
ideas and methods into their design.
Click to find out more!
http://store.guardiandigital.com/html/eng/products/software/ips_overview.sh=
tml
---
LINUX ADVISORY WATCH
This week, advisories were released for crip, Network Manager,
HelixPlayer, gedit, gzip, selinux, gnome, openssh, libwpd, openoffice,
openssh, binutils, totem, rgmanager, magma-plugins, iddev, fence,
dlm, cman, css, GFS, mod_perl, Heimdal, and sudo. The distributors
include Debian, Fedora, Gentoo, and Red Hat.
http://www.linuxsecurity.com/content/view/119466/150/
---
Review: The Book of Postfix: State-of-the-Art Message Transport
I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.
http://www.linuxsecurity.com/content/view/119027/49/
---
Introduction: Buffer Overflow Vulnerabilities
Buffer overflows are a leading type of security vulnerability. This
paper explains what a buffer overflow is, how it can be exploited,
and what countermeasures can be taken to prevent the use of buffer
overflow vulnerabilities.
http://www.linuxsecurity.com/content/view/118881/49/
---
Getting to Know Linux Security: File Permissions
Welcome to the first tutorial in the 'Getting to Know Linux Security'
series. The topic explored is Linux file permissions. It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod. This guide is intended for users new to Linux
security, therefore very simple.
http://www.linuxsecurity.com/content/view/118181/49/
--------
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn05
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* ActiveState Releases ActivePerl, ActivePython & ActiveTcl for Sun's Solaris 10
28th, June, 2005
ActiveState, a leading provider of developer tools and services for
dynamic languages, today announced the release of ActiveState's
ActivePerl, ActivePython, and ActiveTcl language distributions for
Sun's Solaris 10.
http://www.linuxsecurity.com/content/view/119430
* Linux to the rescue: A review of three system rescue CDs
30th, June, 2005
We've all had this nightmare. You turn on your functioning
Windows/Linux PC, and all you get is a blank screen, or a message
telling you that certain files are missing, or the kernel has
panicked for some obscure reason. Nothing works, and you need the
data on your machine. Yes, now's the time to whip out that trusty
backup disk, and heave a sigh of relief that all the important stuff
is backed up, right? Well, think again.
http://www.linuxsecurity.com/content/view/119458
* What is the Best Firewall for Servers?
28th, June, 2005
I maintain a bunch of servers at our labs in the university. Of late,
the number of attacks on the computers has been more noticeable. The
university provides firewall software (Kerio) but that doesn't work
with Win 2003. And so we keep getting hit by zombie machines taken
over in the Education Department or from Liberal Arts. So what does
the Slashdot crowd use when they need to secure their Linux and
Windows servers? Does it cost less than US
$100?
http://www.linuxsecurity.com/content/view/119427
* Xen Developers Focus on Security
28th, June, 2005
With the next major release of the Xen Virtual Machine Monitor
expected this August, the project's developers have turned their
attention to a new issue: security.
Over the last few months, a group of the project's open source
developers have begun work on a "security enhanced" version of Xen
called XenSE that is similar in concept to the Security Enhanced
Linux project backed by the U.S. National Security Agency (NSA).
http://www.linuxsecurity.com/content/view/119426
* Browser Identification For Web Applications
27th, June, 2005
Browser identification is not a new concept. With the focus having
shifted to desktops from networks and servers, a topic such as remote
browser identification needs to be revisited.
http://www.linuxsecurity.com/content/view/119425
* The Going Gets Hot
28th, June, 2005
As if angry customers, declining consumer confidence, and the threat
of fines weren't enough, business executives have something new to
mull on the troubling issue of lost or stolen customer data. Two U.S.
senators are floating the prospect of jail time for business leaders
who knowingly conceal such breaches. If top managers can't secure
data in a well-guarded environment, well, perhaps they'll find
themselves in one.
http://www.linuxsecurity.com/content/view/119428
* Virtual Private Servers Virtualize the OS
29th, June, 2005
In today's never-ending crusade to reduce IT costs, various
techniques are used to squeeze every drop of computing power out of
servers.
One popular technique is consolidation. Through consolidation, under
used servers are subdivided into smaller, more usable pieces. And
with these pieces, you generally achieve greater server performance
overall. Often, it completely eliminates the need for some of the
physical servers.
http://www.linuxsecurity.com/content/view/119432
* Open-source projects get free checkup by automated tools
29th, June, 2005
More open-source software projects are gaining the benefits of the
latest code-checking software, as the programs' makers look to prove
their worth.
On Tuesday, code-analysis software maker Coverity announced that its
automated bug finding tool had analyzed the community-built operating
system FreeBSD and flagged 306 potential software flaws, or about one
issue for every 4,000 lines of code. The tool, which identifies
certain types of programming errors, has previously been used to find
flaws in other open-source software, including the Linux kernel and
the MySQL database.
http://www.linuxsecurity.com/content/view/119433
* Open source .not big' in SMEs
30th, June, 2005
Open source software has not made a big impact in small to medium
enterprises (SMEs), according to a report by research firm
BMI-TechKnowledge . .SME IT End-User Trends and Market Forecast..
BMI-T analyst Astrid Hamilton says 74% of the 165 respondents
indicated they were not currently considering the use of open source
software (OSS). Fifteen percent of respondents said they were using
OSS, while 11% said they were considering using
it.
http://www.linuxsecurity.com/content/view/119457
* Return of the Anti-Zombies
30th, June, 2005
It's a recurring theme on security discussion lists: Someone ought to
build a worm that infects insecure systems and remedies the problems
on them.
http://www.linuxsecurity.com/content/view/119460
* Final Draft of ISO 27001 Released
1st, July, 2005
Following hot on the heels of the publication of the latest release
of ISO 17799, ISO have published the final draft of ISO 27001.
This is the eagerly awaited replacement for BS7799-2, the Information
Security Management Systems standard. It is anticipated that the
final version will be published before the end of the year.
http://www.linuxsecurity.com/content/view/119462
* ESR: "We Don't Need the GPL Anymore"
1st, July, 2005
Recently, during FISL (F=F3rum Internacional de Software Livre) in
Brazil, Eric Raymond gave a keynote speech about the open source
model of development in which he said, "We don't need the GPL
anymore. It's based on the belief that open source software is weak
and needs to be protected. Open source would be succeeding faster if
the GPL didn't make lots of people nervous about adopting it."
Federico Biancuzzi decided to interview Eric Raymond to learn more
about that.
http://www.linuxsecurity.com/content/view/119467
* White hat heroes
4th, July, 2005
Scanit is holding an ethical hacking course from September 4-8 2005
at Knowledge Village in Dubai in a bid to encourage regional network
professionals to use the black arts of hacking to make their
companies safer.
The course is intended for network and system engineers that want to
learn how to assess the security of their IT infrastructure and IT
consultants who want to learn to perform in-depth security
assessments.
http://www.linuxsecurity.com/content/view/119476
* Rats in the security world
4th, July, 2005
Not too long ago my wife and I decided to try out a Chinese
restaurant in our area we had never visited before. I was looking at
the menu and my wife gasped, then laughed a bit. I looked up and she
pointed out a rat crawling right under the restaurant's buffet table.
http://www.linuxsecurity.com/content/view/119477
* Italian Police 1 / Privacy 0
27th, June, 2005
The cryptographic services offered by the Autistici/Inventati server,
housed in the Aruba web farm, have been compromised on 15th June
2004. We discovered the fact on 21st June 2005. One year later.
One year ago the authorities (i.e. the postal police), during the
investigation that led to the suspension of an email account
(croceneraanarchica-at-inventati.org), shut down our server without
any notice, and copied the keys necessary for the decryption of the
webmail. Since then, they potentially had access to all the data on
the disks, including sensible information about our users. This
happened with the collaboration of Aruba, our provider.
http://www.linuxsecurity.com/content/view/119416
* Senators propose sweeping data-security bill
30th, June, 2005
Corporate data-security practices would be hit with an avalanche of
new rules and information burglars would face stiff new penalties
under a far-reaching bill introduced Wednesday in the U.S. Senate.
The bill represents the most aggressive--and at 91 pages, the most
regulatory--legislative proposal crafted so far in response to a slew
of high-profile security breaches in the last few months.
http://www.linuxsecurity.com/content/view/119459
* Hackers unleash industrial spy Trojan
29th, June, 2005
IT security experts have detected a malware-based hack attack that
attempts to gain unauthorised access to the networks of specifically
targeted domains.
http://www.linuxsecurity.com/content/view/119435
* Phishing Up By 226 Percent
1st, July, 2005
Phishing is up dramatically over the last two months according to
data released Thursday by computer maker IBM and message filtering
firm Postini.
http://www.linuxsecurity.com/content/view/119468
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list