[ISN] Linux Security Week - August 2nd 2004

InfoSec News isn at c4i.org
Wed Aug 4 13:49:35 EDT 2004

| LinuxSecurity.com                               Weekly Newsletter  |
| August 2, 2004                               Volume 5, Number 31n  |
|                                                                    |
|                Editorial Team:  Dave Wreski dave at linuxsecurity.com |
|                              Benjamin Thomas ben at linuxsecurity.com |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "A Database
Encryption Solution", "Wireless access security scheme gets tryout",
"E-commerce attack is imminent, warn security experts" and "Linux in
Government: Unseating Incumbents"


 >> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications. More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the




This week, advisories were released for MMDF, Mozilla, kernel, php4,
webmin, samba, ethereal, l2tpd, mailman, httpd, libxml2, wv, php, Unreal,
Opera, mod_ssl and freeswan. The distributors include SCO Group,
Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware and Suse.



An Interview with Gary McGraw, Co-author of Exploiting Software: How to
Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com



Security Expert Dave Wreski Discusses Open Source Security

LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian
Digital, Inc. and respected author of various hardened security and Linux
publications, to talk about how Guardian Digital is changing the face of
IT security today. Guardian Digital is perhaps best known for their
hardened Linux solution EnGarde Secure Linux, touted as the premier
secure, open-source platform for its comprehensive array of general
purpose services, such as web, FTP, email, DNS, IDS, routing, VPN,
firewalling, and much more.



--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Survey Results Show Few Linux Security Problems
August 2nd, 2004

Other research companies, such as Denmark-based Acunia, have released
surveys that report very different results found by those at Evans. Some
of these reports note that Windows and Linux are equally secure. Petreley
called these findings "erroneous."


* Linux Gets Host Application Security
July 28th, 2004

When it comes to security, telling applications what they're allowed to do
can be a useful antidote to today's unending software vulnerabilities.
Simply put, host-based application security allows applications to only
perform or communicate in prescribed ways.


* A Database Encryption Solution
July 28th, 2004

Security is becoming one of the most urgent challenges in database
research and industry, and there has also been increasing interest in the
problem of building accurate data mining models over aggregate data, while
protecting privacy at the level of individual records. Instead of building
walls around servers or hard drives, a protective layer of encryption is
provided around specific sensitive data-items or objects.


| Network Security News: |

* Data Integrity =96 The Unknown Threat
July 30th, 2004

Much of the attention commanded by computer security issues focuses on
threats from external sources. Firewalls and perimeter defense tools are
deployed to deny unauthorised entry to the network. Experts look for
vulnerabilities and ways to ensure that the perimeter cannot be breached.


* Wireless access security scheme gets tryout
July 29th, 2004

Paul Wouter of Xelerence Corp. of Canada, is a fan of IPsec. The company
maintains and develops Opswan, the Linux IPsec implementation, and he
thinks IPsec should be the default tool for wireless connections. Wouter
used the Black Hat Briefings this week to test a prototype IPsec wireless
authentication scheme called WaveSEC for Windows clients.


* Secure programming with the OpenSSL API
July 29th, 2004

Learning how to use the API for OpenSSL -- the best-known open library for
secure communication -- can be intimidating, because the documentation is
incomplete. Fill in the gaps, and tame the API, with the tips in this
article. After setting up a basic connection, see how to use OpenSSL's BIO
library to set up both a secured and unsecured connection.


* Other People's Wi-Fi
July 27th, 2004

If you come across an unencrypted, unprotected Wi-Fi signal that isn't
yours, do you have a right to use it? That's the question I faced a couple
of weeks back, when I sat down in my Dad's living room in his fifth-floor
apartment in lovely Queens, N.Y. - home of Archie Bunker, Harry Houdini's
grave, the Ramones, and the New York Mets (motto: "At least we're not the
Montreal Expos.")


* E-commerce attack is imminent, warn security experts
July 26th, 2004

A surge in internet scanning activity in the past week could indicate a
fresh wave of attacks on e-commerce servers, UK-based web services company
Netcraft warned. The firm has detected a surge in scans of port 443, used
by Secure Sockets Layer (SSL), a technology designed for securely
transmitting financial data such as e-commerce transactions.


| General Security News: |

* Linux in Government: Unseating Incumbents
July 30th, 2004

Despite the riotous cheerleading occuring among Democrats in Boston this
week and that soon to occur among Republicans in New York, it's the summer
doldrums in a still flat technology market. At times like this, you can
imagine tumbleweeds rolling by as the saloon doors flap and creek to


* Are P2P networks leaking military secrets?
July 30th, 2004

A new Web log is posting what it purports are pictures, documents and
letters from U.S. soldiers and military bases in Iraq and elsewhere--all
of which the site's operator claims to have downloaded from peer-to-peer
networks such as Gnutella.


* The best-laid plans for protecting your data in a power failure
July 29th, 2004

Case in point, on Aug. 14, 2003, at about 4:20 p.m. EST, the power went
out across much of the Northeastern U.S., affecting an estimated 50
million people. Since the outage occurred on a weekday afternoon,
businesses were in the midst of conducting their routine activities and
transactions, with most using computers.


* Survey Says Linux Hacks Are Rare
July 29th, 2004

Adding more fuel to the Linux vs. Windows fire, a research firm released a
survey Wednesday that noted only 8% of Linux developers had ever seen a
virus infect their systems. Evans Data, a research firm that regularly
polls developers, surveyed 500 Linux developers. An overwhelming
majority--92%--claimed that their machines had never been infected by
malicious code, and fewer than 7% said that they'd been the victims of
three of more hacker intrusions.


* Cybersecurity experts wanted
July 26th, 2004

New worries about national cybersecurity are prompting government
officials to press colleges for rigorous curricula that train future
cyberprotectors. More educational programs, and up-to-date classes that
adapt quickly to new needs in cybersecurity, were among suggestions at a
hearing in the House Science Committee Wednesday.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list