[ISN] Linux Security Week - August 16, 2004

InfoSec News isn at c4i.org
Tue Aug 17 05:44:53 EDT 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  August 16, 2004                           Volume 5, Number 32n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Image flaw
pierces PC security", "OpenVPN 101: introduction to OpenVPN", "SSH
Authentication: A Basic Overview", and "Wi-Fi hacking, a primer"


 >> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the



This week, advisories were released for apache, Cfengine, Courier,
Ethereal, Gaim, glibc, gnome-vfs, gv, imagemagick, kernel, libpng,
libpng10, mozilla, MPlayer, Nessus, Opera, PuTTY, Roundup, sox,
SpamAssassin, squirrelmail, and shorewall.



An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com



Security Expert Dave Wreski Discusses Open Source Security

LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian
Digital, Inc. and respected author of various hardened security and Linux
publications, to talk about how Guardian Digital is changing the face of
IT security today. Guardian Digital is perhaps best known for their
hardened Linux solution EnGarde Secure Linux, touted as the premier
secure, open-source platform for its comprehensive array of general
purpose services, such as web, FTP, email, DNS, IDS, routing, VPN,
firewalling, and much more.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Image flaw pierces PC security
August 11th, 2004

Six vulnerabilities in a common code that handles an open-source image
format could allow intruders to compromise computers running Linux and may
allow attacks against Windows PCs as well as Macs running OS X. The
security issues appear in a library supporting the portable network
graphics (PNG) format, used widely by programs such as the Mozilla and
Opera browsers and various e-mail clients.


* Secure Your Workplace When Going On Vacation
August 10th, 2004

In the northern hemisphere, the long-awaited summer holidays are just
around the corner for many workers. The longer days and warmer weather
will see many people taking a well-earned break from the office. But
leaving computers unattended for a few days can also be a problem unless
you take the right precautions.


* Spam Blocking Techniques
August 10th, 2004

Recent analyst estimates indicate that over 60 percent of the world's
email is unsolicited email, or "spam." Spam has now become a significant
security issue and a massive drain on financial resources. In fact, this
deluge of spam costs corporations an estimated $20 billion each year in
lost productivity.


| Network Security News: |

* Wi-Fi hacking, a primer
August 13th, 2004

Wi-Foo: The Secrets of Wireless Hacking is a new technical tome about the
security (and insecurity) if 802.11 standards. Written by three security
consultants with a history roaming the occult worlds of encyrption and
hackery, the book is not for dabblers or those who blush at the site of a
UNIX prompt.


* OpenVPN 101: introduction to OpenVPN
August 12th, 2004

This document will introduce OpenVPN as a free, secure and easy to use and
configure SSLbased VPN solution. The document will present some simple
(and verified) scenario's that might be useful for preparing
security/networking labs with students, for creating a remote access
solution or as a new project for the interested home user.


* Security Cavities Ail Bluetooth
August 9th, 2004

Serious flaws discovered in Bluetooth technology used in mobile phones can
let an attacker remotely download contact information from victims'
address books, read their calendar appointments or peruse text messages on
their phones to conduct corporate espionage. An attacker could even plant
phony text messages in a phone's memory, or turn the phone sitting in a
victim's pocket or on a restaurant table top into a listening device to
pick up private conversations in the phone's vicinity.


* What is fwknop?
August 9th, 2004

fwknop stands for "Firewall Knock Operator" and is an upcoming piece of
fwknop implements network access controls (via iptables) based on a
flexible port knocking mini-language, but with a twist; it combines port
knocking and passive operating system fingerprinting to make it possible
to do things like only allow, say, Linux-2.4/2.6 systems to connect to
your SSH daemon.


| Cryptography News:     |

* SSH Authentication: A Basic Overview
August 11th, 2004

SSH is most commonly used to gain a remote shell, but it can be used for
file transfers, to display remote X applications on a local machine, and
even to securely connect to services that lack encryption. Unfortunately,
many who use it from day to day don't have a good understanding of how it
actually works.


| General Security News: |

* Spam: Made In The U.S.A.
August 12th, 2004

Proof that the United States is capitalism's capital, a survey released
Thursday said that nearly all the world's spam is spewed by a limited
number of hard-core spammers within the U.S.


* Interview with Bruce Schneier, Counterpane Internet Security
August 12th, 2004

Bruce Schneier, founder and CTO of Counterpane Internet Security, is one
of the world's foremost security experts and author of the influential
books Applied Cryptography, Secrets & Lies and Beyond Fear.  His free
monthly newsletter, Crypto-Gram, has over 100,000 readers.  Interviewed by
Glyn Moody, he discusses the lack of accountability of software companies,
security through diversity, and why he would rather re-write Windows than


* Executive Conversation: Attacking the Phishing Threat - What Every
Company Needs to Know
August 11th, 2004

By now just about every person with an email inbox has been exposed to a
phishing scam. Spoofs are showing up with alarming frequency and to make
matters worse, criminals have upped the ante with increasingly
sophisticated coding and graphics.


* Of course Linux is more secure...
August 9th, 2004

In the hacking world the answer would probably be 'NO'. Any idiot can
write alter somebody else's code to write a virus or worm for Windows. To
try and hack into a Linux box that's been properly set up and is kept
patched is extremely difficult... not to say virtually impossible.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list