[ISN] Linux Security Week - September 13th 2004

InfoSec News isn at c4i.org
Tue Sep 14 05:12:46 EDT 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  September 13th, 2004                      Volume 5, Number 36n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Defending
Against Cross-Site Scripting Attacks," "Linux-based Wi-Fi hot spot on CD,"
and "Dependence, Risks Drive Demand for Network Security."


>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.



This week, advisories were released for imlib, krb5, and kernel. The
distributors include Fedora, Mandrake, and Suse.



Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.



An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Make it & Break It: Defending Against Cross-Site Scripting Attacks.
September 13th, 2004

Most Web sites process dynamic content. They take user input from HTTP
requests, process the request on the server and then give the user new
content. The requests are processed using scripted code (JavaScript,
VBScript or Perl, for example) and server components (including CGI, JSP,
PHP, COM and ASP.Net).


* Group Policy controls extended to Unix, Linux
September 13th, 2004

Microsoft has made no secret of its determination to expand into the data
center, but this growth may not happen by the company's own hand.


* OpenBSDs Theo de Raadt talks software security
September 10th, 2004

With security the focus of this year's Australian Unix Users Group (AUUG)
conference, OpenBSD founder and project lead Theo de Raadt was invited to
speak on exploit mitigation techniques. In an exclusive interview with
Computerworld's Rodney Gedda, the man behind an operating system that lays
claim to only one remote exploit in the default install in seven years,
reveals where we are headed - and how far we have to go - in the search
for more secure software


* More big security holes in Linux
September 9th, 2004

Open-source developers have warned of serious security holes in two Linux
components that could allow attackers to take over a system by tricking a
user into viewing a specially-crafted image file or opening an archive.
Patches exist for the bugs, which affect LHA and imlib.


| Network Security News: |

* Juniper Incorporates Third-Party Security in SSL VPNs
September 8th, 2004

Juniper Networks Inc. is expanding users' security options by opening new
interfaces that allow integration of third-party tools with Juniper's line
of SSL VPNs Juniper's new Endpoint Defense Initiative works with all
NetScreen Secure Sockets Layer VPN appliances, according to officials in
Sunnyvale, Calif.


* Linux-based Wi-Fi hot spot on CD
September 8th, 2004

ZoneCD uses a modified version of the Debian Linux distribution called
Koppix, which is designed to run from CD and provides automatic hardware
detection and configuration. On top of this platform, Public IP provides
features needed to run a secure Wi-Fi public hot spot, such as user
authentication, a proxy server, content filtering, DNS caching and DHCP
and Web server functionality.


* Can spammers really exploit wireless networks?
September 8th, 2004

A landmark case in America could prove it. A US citizen is thought to have
become the first person to be accused of hacking a wireless network in
order to send spam.  Nicholas Tombros, 37, is charged under the US
CAN-SPAM act, which aims to clamp down on unsolicited junk mail.


* Dependence, risks drive demand for network security
September 8th, 2004

SMALL- to medium-scale enterprises (SMEs), especially those involved in
financial and retail services, are being driven by competition and are
thus becoming more dependent on the Internet as a business tool.


| General Security News: |

* Hacker communities play cat-and-mouse with security
September 10th, 2004

HACKERS worldwide will gradually find it more difficult to hack into
computer networks even as their communities continue to grow, according to
a German hacker known as Van Hauser.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list