[ISN] Linux Security Week - November 1st 2004

InfoSec News isn at c4i.org
Wed Nov 3 07:56:30 EST 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  November 1st, 2004                        Volume 5, Number 43n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Linux More
Secure than Windows says Study," "Firewall Security Tips," and "Common
Sense About Passwords."


>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.



This week, advisories were released for mozilla, zlib, kernel, glib2,
MySQL, Gaim, MIT, Netatalk, socat, mpg123, rssh, xpdf, gpdf, cups,
kdegraphics, squid, and libtiff. The distributors include Conectiva,
Fedora, Gentoo, Mandrake, Red Hat, Slackware, and SuSE.



Mass deploying Osiris

Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system.  A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people.  The communication is all done over an encrypted
communication channel.




Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Hole in Linux kernel
October 28th, 2004

Leading Linux distributor Suse has uncovered a security hole in the linux
2.6 kernel. It is claimed that this vulnerability can be used to shut down
a system running 2.6-based software remotely. Bad news, indeed.


* Suse warns of hole in Linux kernel
October 27th, 2004

Linux distributor Suse has warned of one of the most serious security
holes to date in version 2.6 of the Linux kernel, which could allow
attackers to shut down a system running 2.6-based software.


* Linux more secure than Windows says study
October 27th, 2004

Another brown study in the Windows vs Linux security debate claims to
prove that the Mighty Vole fudged things when it claimed that its software
was more secure than Linux.  The study, compiled by tech journalist
Nicholas Petreley concludes that Microsoft's "Get The Facts" campaign does
not deal with the "real facts."


* Integer overflows  the next big threat
October 26th, 2004

THE NEXT big problem the IT security community faces is integer overflow
attacks, said Theo de Raadt, OpenBSD's project founder and leader.

According to him, the community currently can't see a clear method to
circumvent any future vulnerabilities that would arise from integer


| Network Security News: |

* Week 45: Firewall Security Tips
October 28th, 2004

In the limited space available here, I cannot possibly address how to
secure a firewall. Instead, I'll note the considerations that go into
doing so and point you to some useful resources. CNSS Instruction No.
4009, revised May 2003, National Information Assurance (IA) Glossary
defines a firewall as a "system designed to defend against unauthorized
access to or from a private network."


* Computer Security 101
October 26th, 2004

With Lesson 8 we begin to enter the home stretch in the 10-part Computer
Security 101 Series. The object of Computer Security 101 is to provide an
introduction for new or novice users to the technology, terminology and
acronyms commonly used with computers and networks. Understanding these
things better will hopefully help people understand what, how and why they
need to secure their computers as well.


| General Security News: |

* Linux users: welcome to the world of malware
October 29th, 2004

Linux users are often smug about the state of their computer security,
rightly criticizing Windows for its numerous security holes, but
overlooking their own vulnerabilities.  Now it's their turn to suffer.


* Common Sense About Passwords
October 29th, 2004

Passwords are a pain, but new thinking about passwords and some new tools
make it possible to make passwords easier to manage and more effective.

Passwords are expensive for IT staff to manage.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list