[ISN] Linux Security Week - June 28, 2004

InfoSec News isn at c4i.org
Tue Jun 29 09:25:20 EDT 2004


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  June 28, 2004                           Volume 5, Number 26n       |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Linux users
under threat", "Stealth wallpaper could keep WLANs secure" and "Secure
Development Framework". ----

>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the
network.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn04

----

LINUX ADVISORY WATCH:
This week, advisories were released for sup, super, rlpr, Multiple,
kernel, libpng and Usermin. The distributors include Debian, EnGarde,
Fedora, Gentoo, Openwall, RedHat, Trustix, and Turbolinux.

http://www.linuxsecurity.com/articles/forums_article-9448.html

----
Open Source Leaving Microsoft Sitting on the Fence?

The open source model, with special regard to Linux, has no doubt become a
formidable competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings and
marketing campaigns refuting the claims of the new found competition are
inevitable. However, in the case of Microsoft, it seems they have not
taken a solid or plausible position on the use of open source applications
as an alternative to Windows.

http://www.linuxsecurity.com/feature_stories/feature_story-168.html

--------------------------------------------------------------------

Interview with Brian Wotring, Lead Developer for the Osiris Project

Brian Wotring is currently the lead developer for the Osiris project and
president of Host Integrity, Inc.He is also the founder of knowngoods.org,
an online database of known good file signatures. Brian is the co-author
of Mac OS X Security and a long-standing member of the Shmoo Group, an
organization of security and cryptography professionals.

http://www.linuxsecurity.com/feature_stories/feature_story-164.html

--------------------------------------------------------------------

Guardian Digital Launches Next Generation Secure Mail Suite

Guardian Digital, the premier open source security company, announced the
availability of the next generation Secure Mail Suite, the industry's most
secure open source corporate email system. This latest edition has been
optimized to support the changing needs of enterprise and small business
customers while continually providing protection from the latest in email
security threats.

http://www.linuxsecurity.com/feature_stories/feature_story-166.html

----

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+

* Linux users under threat
June 24th, 2004

A newly discovered security hole in Linux, published on an open source
website, has raised questions about how Linux security issues should be
handled. The vulnerability could allow malicious users to bring down Linux
machines with just 24 lines of code, which are available from several open
source websites and internet news groups.

http://www.linuxsecurity.com/articles/server_security_article-9444.html

* Latest Web services spec tackles application flaws
June 24th, 2004

OASIS addressed another layer of security concerns around Web services
Wednesday when it ratified the Application Vulnerability Description
Language (AVDL) 1.0 as a standard, the organization's highest level of
ratification. AVDL is an XML schema that enables security products to
communicate information about new and existing Web application
vulnerabilities between themselves, according to AVDL Technical Committee
co-chairman Kevin Heineman.

http://www.linuxsecurity.com/articles/projects_article-9445.html


* Secure Development Framework
June 21st, 2004

This whitepaper deals with developing a secure framework, both for
internal and outsourced development. Within this context, secure
development is considered to be the process of producing reliable, stable,
bug and vulnerability free software.

http://www.linuxsecurity.com/articles/projects_article-9436.html

+------------------------+
| Network Security News: |
+------------------------+

* Wireless endpoint security: Tie up the loose ends
June 28th, 2004

Endpoint security transcends the use of personal firewalls and antivirus
software. Endpoint devices such as laptops, home-office and remote
desktops, and Internet-enabled handhelds are some of the biggest headache
sources for security managers. It's hard enough keeping your in-house
workstations and servers secure with up-to-date antivirus software and the
latest patches and updates.

http://www.linuxsecurity.com/articles/network_security_article-9450.html

* Building a Linux Router-Firewall
June 25th, 2004

This site is an introduction to simple hardware routers for small networks
built from old, obsolete hardware and free software. The intended audience
for this site are Newbies to both Linux and to hardware routers and
firewalls. Included are instructions for hardware assembly and software
configuration. One page is a primer for Network security and discusses
Firewalls, Anti-Virus and other security tools.

http://www.linuxsecurity.com/articles/firewalls_article-9447.html


* HNS Audio Learning Session: The Benefits of SSL VPNs
June 23rd, 2004

Secure Sockets Layer (SSL) Virtual Private Networks are quickly gaining
popularity as serious contenders in the remote-access marketplace.
Analysts predict that products based on SSL VPN technology will rival - or
even replace - IP Security Protocol (IPSec) VPNs as remote-access
solutions.

http://www.linuxsecurity.com/articles/network_security_article-9440.html

* Stealth wallpaper could keep WLANs secure
June 21st, 2004

UK defence contractor BAE Systems has developed a stealth wallpaper to
beat electronic eavesdropping on company Wi-Fi networks. The company has
produced panels using the technology to produce a screen that will prevent
outsiders from listening in on companies' Wi-Fi traffic but let other
radio and mobile phone traffic get through.

http://www.linuxsecurity.com/articles/privacy_article-9435.html

+------------------------+
| General Security News: |
+------------------------+

* Book Review: HackNotes Network Security Portable Reference
June 25th, 2004

The HackNotes series quickly became one of the best selling titles in the
computer security publishing sector. With some great marketing, mostly
derived from the famous Hacking Exposed titles, it wasn't a tough job for
Foundstone staffers to create this series of successful portable reference
publications. Today I'm taking a look at one of the HackNotes titles that
is concentrated on Network Security.

http://www.linuxsecurity.com/articles/documentation_article-9449.html


* Security qualification makes the grade
June 24th, 2004

IT departments looking to hire new staff will be interested to learn that
one of the world's leading security qualifications, the CISSP (certified
information systems security professional), has become the first in the
industry to meet the new ISO/IEC 17024 standard. The 17204 benchmark was
launched last year by the International Standards Organization as a way of
assessing whether qualifications across a range of professions could
demonstrate minimum standards.

http://www.linuxsecurity.com/articles/general_article-9443.html


* Secure Web Based Mail Services
June 23rd, 2004

There used to be a time when secure e-mail management was simple.
"Managing" meant sorting through your e-mail messages and putting them
into appropriate folders. Secure e-mail back then meant using a simple
password for e-mail access. However, today, with e-mail being a
business-critical application, more threats against e-mail than ever
before, and government regulatory concerns, secure e-mail management takes
on a whole different meaning.

http://www.linuxsecurity.com/articles/privacy_article-9441.html


* City firms still failing to guard WLans
June 22nd, 2004

Businesses in Europe's leading financial centres are failing to secure
their wireless access points despite the risk of "drive-by" hacking. More
than 33% of businesses surveyed in London, Milan, Paris and Frankfurt are
still making fundamental security mistakes, research by RSA Security
revealed.

http://www.linuxsecurity.com/articles/network_security_article-9439.html

* Akamai Attack Reveals Increased Sophistication
June 22nd, 2004

An attack last week against Akamai Technologies Inc. demonstrated the
disruption of key Web site activity that a well-placed assault on the
Internet's Domain Name System can cause. The incident also revealed a
troubling capability on the part of hackers to target core Internet
infrastructure technologies, security experts said.

http://www.linuxsecurity.com/articles/network_security_article-9437.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list