[ISN] Linux Security Week - June 21, 2004
InfoSec News
isn at c4i.org
Tue Jun 22 06:57:17 EDT 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| June 21, 2004 Volume 5, Number 25n |
| |
| Editorial Team: Dave Wreski dave at linuxsecurity.com |
| Benjamin Thomas ben at linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Using Jabber as
a log monitor," "Ease the security burden with a central logging server"
and "Managing the security of data flow".
----
>> Bulletproof Virus Protection <<
Protect your network from costly security breaches with Guardian
Digital's multi-faceted security applications. More then just an
email firewall, on demand and scheduled scanning detects and disinfects
viruses found on the network.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn04
----
LINUX ADVISORY WATCH:
This week, advisories were released for cvs, krb5, kernel, subversion,
ethereal, squirrelmail, gallery, Webmin, squid, aspell and tripwire. The
distributors include Debian, Fedora, Gentoo, Red Hat, Slackware, Suse, and
Trustix.
http://www.linuxsecurity.com/articles/forums_article-9425.html
----
Open Source Leaving Microsoft Sitting on the Fence?
The open source model, with special regard to Linux, has no doubt become a
formidable competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings and
marketing campaigns refuting the claims of the new found competition are
inevitable. However, in the case of Microsoft, it seems they have not
taken a solid or plausible position on the use of open source applications
as an alternative to Windows.
http://www.linuxsecurity.com/feature_stories/feature_story-168.html
--------------------------------------------------------------------
Interview with Brian Wotring, Lead Developer for the Osiris Project
Brian Wotring is currently the lead developer for the Osiris project and
president of Host Integrity, Inc.He is also the founder of knowngoods.org,
an online database of known good file signatures. Brian is the co-author
of Mac OS X Security and a long-standing member of the Shmoo Group, an
organization of security and cryptography professionals.
http://www.linuxsecurity.com/feature_stories/feature_story-164.html
--------------------------------------------------------------------
Guardian Digital Launches Next Generation Secure Mail Suite
Guardian Digital, the premier open source security company, announced the
availability of the next generation Secure Mail Suite, the industry's most
secure open source corporate email system. This latest edition has been
optimized to support the changing needs of enterprise and small business
customers while continually providing protection from the latest in email
security threats.
http://www.linuxsecurity.com/feature_stories/feature_story-166.html
----
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* Baiting the Hook to Catch the Hacker
June 18th, 2004
The hacking community has cost organisations around the globe many
millions of dollars in lost time and revenue. In SA, hackers pose a huge
security threat - even though companies often do not openly admit
this.Graham Vorster, chief technology officer at Duxbury Networking, says
it's time to take a more aggressive stance with hackers as he describes
new methods of 'hacker baiting'.
http://www.linuxsecurity.com/articles/general_article-9423.html
* Defacement spree hits government sites
June 18th, 2004
The IT security of Australian Web-hosting providers has come under serious
question, with more than 30 state and local government Web sites defaced
in the last six months - including the homepages of two locally hosted
foreign diplomatic missions and the highly sensitive NSW Casino Control
Board.
http://www.linuxsecurity.com/articles/hackscracks_article-9422.html
* HNS Audio Learning Session: Alternatives to Passwords
June 17th, 2004
The third annual survey into office scruples conducted by Infosecurity
Europe 2004 found that office workers are still not information security
savvy. A survey of office workers found that 71% were willing to part with
their password for a chocolate bar. In this 8 minutes long audio learning
session, John Stuart, Signify CEO, discusses what are the alternatives to
passwords.
http://www.linuxsecurity.com/articles/network_security_article-9420.html
* New Linux Security Hole Found
June 15th, 2004
A Linux bug was recently uncovered by a young Norwegian programmer that,
when exploited by a simple C program, could crash most Linux 2.4 or 2.6
distributions running on an x86 architecture. "Using this exploit to
crash Linux systems requires the (ab)user to have shell access or other
means of uploading and running the program--like cgi-bin and FTP access,"
reports the discoverer, =C3=98yvind S=C3=A6ther.
http://www.linuxsecurity.com/articles/server_security_article-45.html
+------------------------+
| Network Security News: |
+------------------------+
* Wireless Infidelity
June 21st, 2004
While the growth of 802.11b wireless networking has been explosive,
problems with security of data being transmitted have plagued the
technology almost since its conception. Still in spite of its drawbacks
802.11b has some compelling reasons for its deployment, both by the
consumer and in the enterprise. Those reasons include its low cost, its
ease of deployment and the tremendous convenience that wireless networking
offers.
http://www.linuxsecurity.com/articles/network_security_article-9433.html
* Application Denial of Service (DoS) Attacks
June 18th, 2004
Denial of Services attacks aimed at disrupting network services range from
simple bandwidth exhaustion attacks and those targeted at flaws in
commercial software to complex distributed attacks exploiting specific
COTS software flaws. These types of attack are not new and have been used
to devastating effect to prevent normal operation of the victim sites.
Historically, these attacks by hacktivists and extortionists alike have
targeted companies as diverse as eBay and Microsoft, the RIAA and SCO, and
a plethora of online gambling companies.
http://www.linuxsecurity.com/articles/network_security_article-9426.html
* Ease the security burden with a central logging server
June 16th, 2004
Every network device on your network has some type of logging capability.
Switches and routers are extremely proficient in logging network events.
Your organization's security policy should specify some level of logging
for all network devices.
http://www.linuxsecurity.com/articles/network_security_article-50.html
* Using Jabber as a log monitor
June 14th, 2004
Jabber, the streaming XML technology mainly used for instant messaging, is
well-suited to its most common task. However, Jabber is a far more generic
tool. It's not a chat server per se, but rather a complete XML routing
framework. This has some pretty far-reaching implications.
http://www.linuxsecurity.com/articles/network_security_article-39.html
+------------------------+
| General Security News: |
+------------------------+
* Open source Internet protocol security project gets nod from Novell
June 18th, 2004
Novell announced that it is sponsoring and contributing to the popular
open source Linux implementation of the IP security (IPsec) standard
development project, Openswan. The open source project brings all of the
features needed for building and deploying secure commercial grade virtual
private networks (VPNs) to Linux.
http://www.linuxsecurity.com/articles/projects_article-9424.html
* Evaluating the ROSI: Where's the problem?
June 17th, 2004
Many believe that demonstrating a ROSI in the enterprise is nigh
impossible because there are no metrics that measure the ROSI unless a
company is attacked or security is outsourced to a managed security
provider. However, I've always been astounded by this attitude, as to me
it appears that the most obvious point has been completely missed;
organisations must begin with information risk assessments in order to
evaluate the true effectiveness of their ROSI.
http://www.linuxsecurity.com/articles/network_security_article-9419.html
* First mobile phone virus discovered
June 16th, 2004
The first ever computer virus that can infect mobile phones has been
discovered, anti-virus software developers said today, adding that up
until now it has had no harmful effect.
http://www.linuxsecurity.com/articles/network_security_article-9414.html
* Managing the security of data flow
June 14th, 2004
Customer Relationship Management (CRM) systems are cited as one of the
major technology successes of the last decade. These 'super databases'
enable the real-time sharing of information across global organisations,
increasing the visibility of the sales pipeline and providing a central
control of the customer experience. A far cry from the early databases
which were supported in the locally networked environment, CRM systems
have pushed database capabilities into the enterprise arena, providing
accurate monitoring of customer information and enabling corporations to
sell and market to customers through a centrally managed delivery
mechanism.
http://www.linuxsecurity.com/articles/network_security_article-41.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list