[ISN] Linux Security Week - November 29th 2004

InfoSec News isn at c4i.org
Tue Nov 30 01:49:43 EST 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  November 29th, 2004                        Volume 5, Number 47n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Linux vendors
rush out e-mail server patches," "SANS updates its list of the Top 10
Linux/UNIX threats," and "Open Road: Intrusion Detection Systems."


>> LinuxSecurity.com Version 2 <<

Get ready ... the new LinuxSecurity.com site will soon be revealed. The
same great content you've come to expect with a whole new look and great
new features. A sneak preview is coming soon!


This week, advisories were released for bugzilla, samba, bnc, sudo, Cyrus,
yardradius, AbiWord, unarj, pdftohtml, ProZilla, phpBB, TWiki, XFree86,
libxpm4, a2ps, zip, kdebase, and kdelibs. The distributors include
Conectiva, Debian, Fedora, Gentoo, Mandrake, Openwall, and Trustix.




Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Linux vendors rush out e-mail server patches
November 26th, 2004

Several major Linux vendors have warned they are vulnerable to four flaws
in a widely used IMAP e-mail server from Carnegie Mellon University's
Cyrus Electronic Mail Project. The flaws could allow an attacker to take
over a server.


* X marks the Linux security hole
November 23rd, 2004

The X.Org Foundation and several Linux vendors have released updates for
the X Window System technology on which most Linux graphical front-ends
are based, fixing serious security flaws in a graphics-manipulation


* SANS updates its list of the Top 10 Linux/UNIX threats
November 22nd, 2004

For the past four years the SANS Institute has partnered with the FBI's
National Infrastructure Protection Center to compile and publish its list
of the most commonly exploited IT security vulnerabilities. This list is
regularly updated and revised. Earlier, I examined the latest Windows
threats from the list.


* Get ready for biometric security in the workplace, finds new survey
November 22nd, 2004

UK companies are anticipating the introduction of biometric technology to
increase workplace security, according to a new independent survey
commissioned as part of the Hitachi Data Systems Storage Index. The survey
finds that 65 per cent of firms expect to see iris scanning and
fingerprint recognition systems in the office, with 44 per cent expecting
to see them introduced within two years.


| Network Security News: |

* SSH and ssh-agent
November 24th, 2004

No one likes typing passwords. If people had their way, computers would
simply know who they were and what they should have access to without us
proving it at every turn. In my last article I showed you how to create
SSH Identities/Pubkeys, which can be used as an alternative to password


* Open Road: Intrusion Detection Systems
November 24th, 2004

This month, I'll begin the foray into Intrusion Detection Systems (IDS).
There are several decent IDS projects that run on Linux, one of the most
popular being Snort. Snort is a flexible tool that can be used for packet
sniffing, packet logging, or network intrusion detection


* Fighting Spammers With Honeypots: Part 1
November 24th, 2004

Like most advertising flyers found in postal mailboxes, millions of emails
-- now classically referred to as spam -- fill email inboxes around the
world everyday. Spam can be considered as the most annoying
cyber-pollution that targets all of us with tons of unsolicited emails.
Those emails usually contain advertisements and spammers are paid to
spread as many of them as possible.


| General Security News: |

* 'Virtual Tradeshow' to Address Top Security Threats
November 24th, 2004

Hackers are continuously finding new ways to break into corporate networks
and steal proprietary and sensitive data. Virus writers are elevating
their technology prowess, creating new worms and bugs that can sneak onto
your desktop or through a network firewall and wreak havoc on your IT


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list