[ISN] Linux Security Week - May 17th 2004

InfoSec News isn at c4i.org
Tue May 18 06:13:47 EDT 2004

|  LinuxSecurity.com                            Weekly Newsletter     |
|  May 17th, 2004                                Volume 5, Number 20n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Voice Over IP
Can Be Vulnerable To Hackers," "Spec in Works to Secure Wireless
Networks," and "Understanding TCP Reset Attacks."


>> Need to Secure Multiple Domain or Host Names? <<

Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital

Download a guide to learn more:


This week, advisories were released for lha, rsync, film, exim, mc,
OpenSSL, heimdal, libneon, clamav, utempter, propftd, apache2, systrace,
cvs, procfs, libpng, openoffice, kernel, sysklogd, and live. The
distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake,
NetBSD, OpenBSD, Red Hat, Slackware, and SuSE.



Guardian Digital Security Solutions Win Out At Real World Linux

Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out



>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the



Interview with Siem Korteweg: System Configuration Collector

In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* The ease of (ab)using X11, Part 1
May 14th, 2004

A friend of mine decided to finally get a computer recently. He's one of
those people who is very bright, he just didn't have the need for one
before.[1] Being a very intelligent and worldly guy, he naturally wanted a
Linux box.


* HNS Learning Session: Introduction to Computer Forensics
May 13th, 2004

For this learning session on Help Net Security, we've got Michael J.
Staggs, Senior Security Engineer at Guidance Software, discussing the
basics of computer forensics.


* Fundamentals: Password Madness
May 12th, 2004

While senior technology editor Curt Franklin was hard at work testing
authentication tokens for this issue's cover story, I coincidentally ran
into some questionable authentication policies and practices as a user.


* Net(Free)BSD Systrace Local Root Vulnerability
May 12th, 2004

At the end of March Brad Spengler from grsecurity informed the world about
a silently patched systrace bypass vulnerability within the linux port of
systrace. He also revealed that he found two more holes within systrace,
which he did not disclose further. His mail was reason enough to have a
look into systrace on nearly all of its supported platforms.


| Network Security News: |

* Voice Over IP Can Be Vulnerable To Hackers, Too
May 14th, 2004

As voice over IP sweeps across the high-tech landscape, many IT managers
are being lulled into a dangerous complacency because they look upon
Internet phoning as a relatively secure technology--not as an IP service
susceptible to the same worms, viruses, and other pestilence that
threatens all networked systems.


* BlueTooth Hacking For Fun and Profit
May 13th, 2004

WiFi wardriving tools have now advanced to the point where it is less a
sign of techno-machismo and more a sign of social maladjustment to
actually go out and wardrive in your neighborhood. So what's a young
wireless data enthusiast to do?


* Spec in Works to Secure Wireless Networks
May 13th, 2004

The Trusted Computing Group said Monday that it is working on a
specification to ensure that wireless clients connecting to a network
won't serve as a back door to worms and crackers.


* Web worm tests network security
May 12th, 2004

Using vulnerabilities revealed at the same time as those exploited by the
web worm, security firm IRM has demonstrated how they can be used to gain
control of a Windows web server.


* Understanding TCP Reset Attacks, Part I
May 11th, 2004

A vulnerability in TCP, the transmission control protocol, recently
received some exposure in the media. Paul Watson released a white paper
titled Slipping In The window: TCP Reset Attacks at the 2004 CanSecWest
conference, providing a much better understanding of the real-world risks
of TCP reset attacks.


* Network Security Basics
May 11th, 2004

A solid network foundation is the key to business agility, process
efficiency, productivity, and competitiveness. It provides intelligent
services such as security, availability, reliability, and quality of
service (QoS).


| General Security News: |

* Students warn of hacking threat
May 14th, 2004

Three Brisbane university students have discovered a major flaw in
wireless network technology that means hackers can bring down critical
infrastructure in as little as five seconds.


* Book Review: Malicious Cryptography
May 10th, 2004

Most people are familiar with malware- viruses, worms, Trojans, etc.- and
most people are familiar, at least with the concept, of cryptography.
However there are far fewer people that truly understand either of these
technologies, and even fewer still who understand how the two can be
combined to create the next generation of malicious code.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list