[ISN] Linux Security Week - April 19th 2004

[InfoSec News]

+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  April 19th, 2004                              Volume 5, Number 16n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "CARP your way to
high availability," "File and Email Encryption with GnuPG," "Lies, damned
Lies and Patches," and "Slow down the Security Patch Cycle."

----

>> Free Trial SSL Certificate from Thawte <<

Take your first step towards giving your online business a competitive
advantage. Test-drive a Thawte SSL certificate our easy online guide will
show you how.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten03

----

LINUX ADVISORY WATCH:
This week, advisories were released for apache, the Linux kernel, mysql,
xonix, ssmtp, openoffice, squid, cvs, Heimdal, iproute, pwlib, scorched,
tcpdump, cadaver, and mailman. The distributors include Conectiva, Debian,
Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-9190.html

----

Guardian Digital Launches Next Generation Internet
Defense & Detection System

Guardian Digital has announced the first fully open source system designed
to provide both intrusion detection and prevention functions. Guardian
Digital Internet Defense & Detection System (IDDS) leverages best-in-class
open source applications to protect networks and hosts using a unique
multi-layered approach coupled with the security expertise and ongoing
security vigilance provided by Guardian Digital.

http://www.linuxsecurity.com/feature_stories/feature_story-163.html

----

>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the
network.


http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04

--------------------------------------------------------------------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf



+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+

* CARP your way to high availability
April 16th, 2004

You're putting out system management fires, with five SSH sessions open on
your desktop. The mail server needs a restart after that kernel patch, so
you su to root and type reboot. Just as the connection closes, your brain
catches up with your fingertips.

http://www.linuxsecurity.com/articles/network_security_article-9191.html


* OSVDB Looking for Developers
April 16th, 2004

The OSVDB project has been growing steadily for the last 2 years. At first
the software behind OSVDB was simple, and easily maintained by a single
person with others contributing smaller pieces.

http://www.linuxsecurity.com/articles/security_sources_article-9192.html


* File and email encryption with GnuPG (PGP) part five
April 15th, 2004

Verification is part of any security system. SSH, FTP, POP, and IMAP
servers ask for your password before it lets you log into the machine, get
your files, or snag your email. NTP can be configured to require keys
before it'll let you mess with it's clock. CIFS requires a password or
kerberos tickets before granting you access to shares.

http://www.linuxsecurity.com/articles/documentation_article-9188.html


* Linux Kernel  ISO9660 File System Component Buffer Overflow
Vulnerability
April 15th, 2004

The Linux kernel performs no length checking on symbolic links stored on
an ISO9660 file system, allowing a malformed CD to perform an arbitrary
length overflow in kernel memory.

http://www.linuxsecurity.com/articles/host_security_article-9185.html


* Lies, damned  lies and patches
April 13th, 2004

Vendors can argue about platform security all they want, but there's a
simple test of a secure computer: it's the machine that has been patched,
says Kerry Thompson.

http://www.linuxsecurity.com/articles/host_security_article-9174.html


+------------------------+
| Network Security News: |
+------------------------+

* Hackers Attack Linux Supercomputers
April 14th, 2004

Unknown attackers have compromised a large number of Linux and Solaris
machines in high-speed computing networks at Stanford University,
California, and other academic research facilities, according to a
university advisory.

http://www.linuxsecurity.com/articles/hackscracks_article-9179.html


* Auditors working on cyber-risk standard
April 14th, 2004

Plans by an industry consortium to develop a checklist to assess
cyber-threats could help IT directors justify security spending and help
protect companies against hackers, according to IT directors and industry
experts.

http://www.linuxsecurity.com/articles/general_article-9180.html



+------------------------+
| General Security News: |
+------------------------+

* Would you bend the rules?
April 15th, 2004

Windows users in your organisation are severely affected by a spate of
viruses, worms and blended threats. Meanwhile, non-Windows users (Linux
and Mac OS users for instance) are spared and continue with their daily
chores. As the IT manager, you finally decide that an IT security policy
be implemented. This policy sets out several guidelines, one of which
governs the use of acceptable applications within the company network.

http://www.linuxsecurity.com/articles/general_article-9189.html


* Check out Securitydocs.com
April 14th, 2004

SecurityDocs.com was founded two months ago with the intention of indexing
information security white papers.  The web site currently has about 1,400
papers in over 80 categories.

http://www.linuxsecurity.com/articles/documentation_article-9183.html


* Slow down the security patch cycle
April 13th, 2004

There are many myths surrounding computer network security that are
counterproductive to finding a true solution to the problem. One of these
is the belief that vendors should speed up the process of producing and
releasing patches for security vulnerabilities that have been discovered
by security researchers.

http://www.linuxsecurity.com/articles/host_security_article-9175.html


* The end of an era?
April 13th, 2004

McKee's argument has merit, and there is an army of hardcore Linux
developers and users who agree and are pushing to make this open source
technology an alternative to the omnipresent Windows. Security, stability
and the democratic nature of Linux development are all reasons why the
software is superior to Windows, advocates say; but the most important
reason to adopt Linux, according to McKee and his allies, is because it's
free.

http://www.linuxsecurity.com/articles/general_article-9173.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------