[ISN] Linux Security Week, August 23rd, 2004

InfoSec News isn at c4i.org
Tue Aug 24 02:38:09 EDT 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  August 23, 2004                           Volume 5, Number 33n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   David Isecke            dai at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Crypto
researchers abuzz over flaws", "No Easy Fix for Internal Security", "Big
Brother's Last Mile", and "Vulnerability Protection: A Buffer for


>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.



This week, advisories were released for acroread, ftpd, gaim, glibc, gv,
kdelibs, kernel, mozilla, mysql, Nessus, Netscape, pam, qt3, Roundup,
rsync, ruby, semi, spamassassin, squirrelmail, and Tomcat. The
distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, NetBSD,
Red Hat, Suse, and Trustix.



An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Computer Security 101
August 18th, 2004

Within the space of a single introductory article it is impossible to
cover every aspect of the virus / antivirus topic. I will attempt to
provide as much knowledge as I can without overwhelming you.


* Vulnerability Protection: A Buffer for Patching
August 17th, 2004

The purpose of this paper is to identify the problem facing the network
security community regarding vulnerabilities and patches. It explains why
current security technologies such as firewalls, intrusion detection and
prevention systems, and automated patch management solutions have failed
in preventing vulnerabilities from being exploited.


* Password to easy fraud lies in pets' names and birthdays
August 16th, 2004

Most internet and online banking customers leave themselves open to
fraudsters by using predictable passwords, new research claims. More than
three-quarters of people surveyed used words that could be easily guessed.


| Network Security News: |

* Introduction to Vulnerability Scanning
August 18th, 2004

Similar to packet sniffing, port scanning and other "security tools",
vulnerability scanning can help you to secure your own network or it can
be used by the bad guys to identify weaknesses in your system to mount an
attack against. The idea is for you to use these tools to identify and fix
these weaknesses before the bad guys use them against you.


* No Easy Fix for Internal Security
August 17th, 2004

Not too long ago, the Gartner Group raised a minor dustup in the IT
community by releasing a report claiming that portable storage
media--including consumer devices such as cameras and MP3 players with
built-in or removable memory--represent a new security threat to corporate


* Big Brother's Last Mile
August 17th, 2004

On August 9th, 2004, the U.S. Federal Communications Commission (FCC) took
a major step toward mandating the creation and implementation of new
Internet Protocol standards to make all Internet communications less safe
and less secure. What is even worse, the FCC's ruling will force ISP's and
others to pay what may amount to billions of dollars to ensure that IP
traffic remains insecure.


| General Security News: |

* Crypto researchers abuzz over flaws
August 19th, 2004

Encryption circles are buzzing with news that mathematical functions
embedded in common security applications have previously unknown
weaknesses. The excitement began Thursday with an announcement that French
computer scientist Antoine Joux had uncovered a flaw in a popular
algorithm called MD5, often used with digital signatures.


* Open-Source Backups Using Amanda
August 19th, 2004

This well tested network backup tool depends on standard tools such as
dump, cron and GNU tar. Find out how to set up regular backups for your
whole network. Those of us who have received the call can feel the tension
and nervous tone in the caller's voice when he or she asks, "How good are
the backups?"


* Scientists Work On Quantum Code
August 16th, 2004

Relying on the principles of uncertainty underlying quantum mechanics,
Harvard researchers recently established the first experimental secure
network that, when perfected, should make it impossible for hackers to
gain unauthorized access to documents shared electronically.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list