[ISN] Linux Security Week - May 10th 2004

InfoSec News isn at c4i.org
Tue May 11 01:48:56 EDT 2004

|  LinuxSecurity.com                            Weekly Newsletter     |
|  May 10th, 2004                                Volume 5, Number 19n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Guarded Memory
Move," "Scanning the Horizon," "DNS Troubleshooting: Everything Depends on
It," and "Benefits of BCC."


>> Certify your Software Integrity <<

As a software developer you know that the product you make available on
the Internet can be tampered with if it is not secured. Our Free Guide
will show you how to securely distribute your code over the Internet and
how these certificates operate with different software platforms:

Download a guide to learn more:


This week, advisories were released for mc, libpng, LHA, httpd, and rsync.
The distributors include Debian, Mandrake, Red Hat, and Trustix.



Guardian Digital Security Solutions Win Out At Real World Linux

Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out



>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the



Interview with Siem Korteweg: System Configuration Collector

In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Book Review: Computer Security
May 8th, 2004

Thomas Greene is well-known within the computer and security world for his
work as Associate Editor of The Register- a British tech newspaper. This
book is a great contribution to the home and small office market.


* "Every Principle of Security is Being Violated," Says O'Dowd
May 7th, 2004

"There is no way to fix Linux to bring it up to the level of security that
is required for national defense systems, a level that is already
available in proprietary operating systems," says Dan O'Dowd. He's just
released his third white paper in a series focusing on what his company
Green Hills Software terms "an urgent security threat posed by the use of
the Linux operating system in U.S. defense systems."


* Benefits of BCC
May 7th, 2004

Benefits of BCC Although in many situations it may be appropriate to list
email recipients in the To: or CC: fields, sometimes using the BCC: field
may be the most desirable option. What is BCC?


* Guarded Memory Move (GMM)
May 5th, 2004

The Guarded Memory Move tool gets handy when you have to study buffer
overflows and you need to catch them together with a "good" stack image.
When a stack overflow has been exploited, the back trace is already gone
together with good information about parameters and local variables, that
are of vital importance when trying to understand how the attacker is
trying to work out the exploit.


* SELinux Boosts Server Security
May 4th, 2004

Security enhanced Linux, a set of kernel modifications and utilities
initially developed by the National Security Agency, bolsters the security
of Linux systems by enabling administrators to more finely tune data and
process permissions. SELinux enforces mandatory access control policies,
which limit user and application privileges to the minimum required to do
the job.


| Network Security News: |

* SecurityTalk with K Rudolph, CISSP
May 6th, 2004

Dancho: Hi Kaie, nice to have you in our first SecurityTalk discussing the
importance of Security Awareness programmes and the problems related to
the education of end users.


* Scanning the Horizon
May 5th, 2004

How secure is your enterprise network? Today that's a harder question to
answer than ever, especially as enterprise networks continue to grow in
size and complexity.


* HNS Learning Session: DDoS Threats
May 4th, 2004

For the second learning session on Help Net Security, they've got Steve
Woo, Riverhead Networks Vice President of Marketing and Business
Development, discussing the threats of Distributed Denial of Service
attacks. Since the making of this audio session, Riverhead Networks was
acquired by Cisco Systems.


* DNS Troubleshooting  Everything Depends on It
May 4th, 2004

The Domain Name System (DNS) service is required to access e-mail, browse
Web sites and use hostnames in general. DNS resolves hostnames to IP
addresses and back (e.g. www.cyberguard.com translates to
This article details how DNS works under normal circumstances and provides
troubleshooting tips.


| General Security News: |

* The Internet's Wilder Side
May 6th, 2004

It was just another Wednesday on the sprawling Internet chat-room network
known as I.R.C. In a room called Prime-Tyme-Movies, users offered free
pirated downloads of "The Passion of the Christ'' and "Kill Bill Vol. 2.''
In the DDO-Matrix channel, illegal copies of Microsoft's Windows software
and "Prince of Persia: The Sands of Time,'' an Xbox game, were ripe for


* Mitnick busts bomb hoaxer
May 4th, 2004

Ex-hacker Kevin Mitnick is a hero to the small town of River Rouge,
Michigan, after using his tech skills to help officials nab the culprit
behind a harrowing series of bomb threats.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list