[ISN] Linux Security Week - December 6th 2004

InfoSec News isn at c4i.org
Tue Dec 7 03:24:41 EST 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  December 6th, 2004                         Volume 5, Number 48n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include, Anti-Hacker
Tool Kit 2/e, A Secure Network Needs Informed Workers, Network
Forensic Tools, and Transcript of the LinuxSecurity.com Launch Chat.


>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.



This week advisories were released for java, abiworld, cyrus,
squirrelmail, libgd1, openssl, hpsockd, policycoreutils, prelink,
libselinux, udev, tcpdump, samba, gaim, FreeBSD kernel, phpMyAdmin,
libxpm4, kde, amavisd, open motif, linux kernel, and cyrus-imapd.
The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake,
Trustix, Red Hat, and SuSE.



Open Letter to the Linux Security Community

With an all new look & feel, organizational  changes, security events,
and additions to our staff, we hope to better serve  the Linux and open
source community. Although there are many aesthetic improvements, a major
part of our development has focused on creating a content structure and
backend system that is easy to update.



Mass deploying Osiris

Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system.  A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people.  The communication is all done over an encrypted
communication channel.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Anti-Hacker Tool Kit 2/e
  2nd, December, 2004

In every day life people do all sorts of things with all sorts of
tools. But, do they get it right? Every tool has to be used in a
certain manner, and if one doesn=E2=80=99t know how to use it, the result c=
be damage. It's the same is with computer and network security tools.
Before you can select the right tools for the job, you have to know
what tools are available and learn how to use them.


* Unprotected PCs can be hijacked in minutes
  30th, November, 2004

Simply connecting to the Internet -- and doing nothing else --
exposes your PC to non-stop, automated break-in attempts by intruders
looking to take control of your machine surreptitiously.


* Network Forensic Tools
  3rd, December, 2004

Stage 1: Network-capable initial analysis products for first
responders, such as Guidance's EnCase Enterprise Edition and
Technology Pathway's ProDiscover. These two products can acquire
drive images remotely in a live environment, and their use eliminates
the need for the Stage 2 tools.


* Hacking tool reportedly draws FBI subpoenas
  1st, December, 2004

The author of the popular freeware hacking tool Nmap warned users
this week that FBI agents are increasingly seeking access to
information from the server logs of his download site,


| Network Security News: |

* AirTight Networks announced first Wi-Fi Firewall
  1st, December, 2004

AirTight Networks, formerly Wibhu Technologies, announced on Tuesday
the availability of SpectraGuard 2.0, the first Wi-Fi firewall to
protect enterprise networks from wireless security threats.


* Bad, Bad Bots
  1st, December, 2004

Automated attacks are coming from unexpected quarters--from across
the globe, across town, and most creepily, even from across the hall.

According to a recent report from anti-virus vendor Symantec, this
year's 450 percent increase in the number of attacks on Windows
machines is evidence that automation is proving as efficient for
21st-Century hackers as it did for 20th-Century manufacturers.


* Linux Netwosix 1.2 Jinko is released
  28th, November, 2004

I'm ready to announce that Linux Netwosix 1.2 is ready.  I have
completely rebuilt , upgraded and secured the system. Please, read
the Announcement Release. Is based on the powerful and reliable
Kernel 2.6.9 and has been created for the requirements of every
SysAdmin. Nepote contains the updated packages.  You can download
Netwosix from our Download Center or from one of our mirrors. Thank


| General Security News: |

* User knowledge key to good security
  1st, December, 2004

Given the continual drive to secure today's enterprises, and in light
of National Computer Security Day celebrated this week, Security
Pipeline tapped Kathleen M. Coe, Symantec Corp.'s regional education
director of education services, for insight on how to foster better
user security behavior, as well as how to seed a strong corporate
security culture companies require today.


* Panelists: A Secure Network Needs Informed Workers
  1st, December, 2004

Analysts, law enforcement agents and corporate IT managers focused on
surprisingly nontechnical security solutions Tuesday as they
discussed the latest risks to corporate networks as part of Ziff
Davis Media's online "virtual" tradeshow on security.


* Why you should take information security seriously
  1st, December, 2004

All of us rely on information every day in just about every aspect of
our life. As information is so important, we tend to rank it by its
reliability. There are some people whose opinion we trust implicitly
on certain matters. We accept as a matter of course that information
is only valuable if it is accurate. The most valuable sources of
information are those that are seen to be inherently reliable and
easy to access.


* Federated ID facilitates Web services
  1st, December, 2004

Companies looking to make Web services available to business partners
and their respective user bases must first figure out how to federate
identity. Federated identity management refers to managing access so
that only those who have a right to use specific services may do so.


* Community Spam Fighting Effort Faces Heat
  2nd, December, 2004

Lycos Europe is offering a "screensaver that spams the spammers,"
using idle computer time to attack sites that have been blacklisted
for abusive spamming practices. Monitoring of three of the targets
housed on Chinese servers shows that two of the sites, bokwhdok.com
and printmediaprofits.biz, have been knocked offline by the attack. A
third target, rxmedherbals.info, has remained largely available, with
intermittent outages.


* Transcript of Launch Chat
  2nd, December, 2004

To celebrate the launch of the new LinuxSecurity.com, we hosted a
community chat event.  It was held yesterday (December 1st 2004) at
4:00pm, and featured several prominent visionaries from the open
source community including Jay Beale, Brian Hatch, Paul Vixie, Lance
Spitzner, and Dave Wreski.  The topics discussed ranged from
authentication, patch management, honeypots, virtues of open source,
SELinux, as well as others.  We are planning another event to held in
January; please send us your ideas. (contribute at linuxsecurity.com)


* Follow-up: Lycos pulls anti-spam screensaver from site
  3rd, December, 2004

Lycos Europe appeared to have pulled a controversial anti-spam
screensaver program from its site on Friday, after coming under fire
from both security experts and the spammers themselves.


* FBI's Cyber-Crime Chief Relates Struggle for Top Talent
  1st, December, 2004

The FBI's inability to recruit and keep the best available IT talent
has proven to be one of the biggest challenges facing the
government's Internet Crime Complaint Center (I3C), a senior official
said Tuesday.


* Linux in Government: The Government Open Code Collaborative
  3rd, December, 2004

As we celebrate the holiday season and prepare for the next round of
legislation, a group of state and local governments has banded
together to collect and distribute freely the costly software that
normally runs taxpayers $100 billion annually. Called the Government
Open Code Collaborative or GOCC.gov, this organization states that
its members work together voluntarily to encourage "the sharing, at
no cost, of computer code developed for and by government entities
where the redistribution of this code is allowed".


* Is Cyberterrorism Being Thwarted?
  3rd, December, 2004

Recently, there's been increased criticism of the federal
government's efforts to secure the Internet. The September departure
of Amit Yoran from the Department of Homeland Security was widely
cited as indicative of problems that run deep, not just through DHS,
but the entire government. While everyone agrees there's much work to
do, it's important to recognize the accomplishments of the past few


* Mobile & Wireless: Security was the Watchword in 2004
  1st, December, 2004

It's no surprise that the issue that topped the Wi-Fi agenda in 2004
was the same one that's plagued it almost from its introduction.
Security, or rather "lack thereof," was an inherent problem in WEP
(Wired Equivalent Privacy), the native security spec in the 802.11
IEEE standard.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list