[ISN] Linux Security Week - May 24th 2004

InfoSec News isn at c4i.org
Tue May 25 02:14:22 EDT 2004

|  LinuxSecurity.com                            Weekly Newsletter     |
|  May 24th, 2004                                Volume 5, Number 21n |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin Thomas         ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Security flaws
could corrupt open source databases," "TCP/IP Skills Required for Security
Analysts," and "Regulation Compliance Tops Companies' Security Concerns."


>> NEW Step-by-Step SSL Guide for Apache from Thawte <<

Thawtes new guide will show you how to test, purchase, install and use a
Thawte Digital Certificate on your Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.

Download a guide to learn more:


This week, advisories were released for heimdal, cvs, neon, cadaver,
libpng, iproute, lha, mailman, kdelibs, tcpdump, utempter, subversion,
exim, Pound, ProFTPD, Icecast, libuser, passwd, apache, kdelibs, mc,
rsync, the and kernel.  The distributors include Debian, Fedora, FreeBSD,
Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.



Guardian Digital Security Solutions Win Out At Real World Linux

Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out



>> Bulletproof Virus Protection <<

Protect your network from costly security breaches with Guardian Digital's
multi-faceted security applications.  More then just an email firewall, on
demand and scheduled scanning detects and disinfects viruses found on the



Interview with Siem Korteweg: System Configuration Collector

In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Security flaws could corrupt open source databases
May 20th, 2004

Flaws in two popular source code database applications could allow
attackers to access and corrupt open-source software projects, according
to a security researcher.  One vulnerability affects the Concurrent
Versions System (CVS), an application used by many developers to store
program code.


* Safe and insecure
May 19th, 2004

Last week, I turned off all the security features of my wireless router. I
removed WEP encryption, disabled MAC address filtering and made sure the
SSID was being broadcast loud and clear. Now, anyone with a wireless card
and a sniffer who happens by can use my connection to access the Internet.


* What's Wrong With E-Mail Accreditation?
May 18th, 2004

E-mail accreditation isn't taken all that seriously as a method of spam
control. I'm baffled as to why. It appears to be an effective means of
helping ensure that spam filters don't accidently block e-mail that the
recipient actually wants to get.


* Hardened-PHP
May 17th, 2004

The Hardened-PHP project team is pleased to announce the release of
version 0.1.1 of our PHP security hardening patch. This new Hardened-PHP
release is the first one that is publicly announced and is considered
stable on atleast linux systems.


| Network Security News: |

* Do We Suffer From Wi-Fi Security Paranoia?
May 21st, 2004

I'm one of the world's most rabid fans of wireless networking -- known
variously as Wi-Fi, 802.11 or AirPort. (Would somebody PLEASE come up with
a consistent, user-friendly term for it?) It's just so glorious to be
standing in an airport, hotel lobby or city street, open your laptop, and
discover that you can go online at cable-modem speeds without hooking up a
single cable.


* Conference Wireless LAN is Hacker Heaven
May 20th, 2004

AirDefense is one of the more respected companies producing wireless LAN
security software. AirDefense performed a research experiment at the
recent Networld+Interop conference in Las Vegas. Their monitoring software
scanned for vulnerabilities and network attacks during the conference
producing some astonishing results.


* TCP/IP Skills Required for Security Analysts
May 19th, 2004

Breaking into the network security industry, and finding a job as a
computer security analyst can often be a daunting task. A great deal of us
who work in the industry started down this path with nothing but an
interest in computer security to begin with, and a desire to work in a
field that we love.


* No WLAN? You still need wireless security
May 17th, 2004

Although most wireless security solutions target organizations that have
deployed wireless networks, there is a class of solutions that target all
companies--even those that haven't deployed wireless networks.


* Strategies for real and virtual honeypots
May 17th, 2004

Few would deny that security has become a huge priority for network
administrators over the last few years. Administrators dedicate lots of
time to making sure their networks have all of the latest security
patches, firewalls, and intruder detection systems designed to log
suspicious activity.


* Centralizing the Management of Network Security
May 17th, 2004

Two extreme scenarios exist for handling security when dealing with
geographically disparate organizations: In the first scenario, local IT
staff is employed at the individual remote locations. In this case,
organizations have to deal with cultural differences, varying skill levels
and capabilities and language barriers that pose potential


| General Security News: |

* Open Source Users Unaffected by Sasser Worm
May 21st, 2004

Since the 'Sasser' worm hit the Telstra BigPond network at 1AM Saturday,
1st May, Australian computer users have suffered major disruptions, with
thousands of home and business users running Microsoft operating systems
infected and others experiencing network congestion.


* Cisco to patent security fix
May 20th, 2004

Cisco Systems has applied for patents on technology that it claims will
fix a flaw that has recently been found in one of the most common
communications protocols.


* Embracing the Art of Hacking
May 19th, 2004

The idea that every hacker is an artist and every artist is a hacker isn't
groundbreaking -- recent gallery and museum shows have focused on the link
between art and coding -- but a new book by programmer Paul Graham gives
the concept a fresh twist by advising hackers to improve their skills by
borrowing creative techniques from other artists.


* Regulation Compliance Tops Companies' Security Concerns
May 18th, 2004

Just a few short years ago, the primary security-related concern for most
IT executives was how to prevent hackers from infiltrating their
companies' systems. Although that issue still is quite relevant, it's no
longer the top concern of many organizations. Today, that honor goes to
how to comply with the increasing number of regulatory and compliance
mandates required by the U.S. government.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list