[ISN] Linux Security Week - September 20th 2004

InfoSec News isn at c4i.org
Tue Sep 21 05:30:14 EDT 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  September 20th, 2004                      Volume 5, Number 37n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Do's and Don'ts
of Forensic Computer Investigations," "SysAdmin to SysAdmin: Service
monitoring with Nagios," and "Defending Against Cross-Site Scripting


>> SSL123 - New from Thawte <<

Get SSL123 the new full 128-bit capable digital certificate - issued
within minutes for US$159.00. Free reissues and experienced 24/5 multi-
lingual support included for the life of the certificate.

 Find out more!


This week, advisories were released for wv, kde, zlib, webmin, cupsys,
samba, gtk2, gallery, samba, sus, cdrtools, squid, apache2, mod_ssl,
httpd, mc, imlib, and multi. The distributors include Conectiva, Debian,
Fedora, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.



Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Solaris 10 Shines in Early Testing
September 20th, 2004

The increasing prominence of freely licensed Linux has prompted many to
view operating systems in general as a commodity. With Solaris 10, Sun
Microsystems hopes to demonstrate that a company's choice of operating
system does matter and that the level of innovation Sun has built into
Solaris 10 can deliver benefits across a company's infrastructure.


* Do's and Don'ts of Forensic Computer Investigations
September 17th, 2004

Opinion: When "something bad" happens, IT staffs can be called upon to
search for possible evidence lurking on a user's desktop, notebook or even
PDA. David Coursey says decisions made early in an investigation--or even
before it begins--can determine its outcome, and possibly the fates of
both the investigation's subject and the IT staff doing the investigating.
First of two parts.


* Security for developers  III
September 17th, 2004

This week we continue to explore common mistakes in the context of
application security management.


* SysAdmin to SysAdmin: Service monitoring with Nagios
September 15th, 2004

Nagios calls itself an "open source host, service and network monitoring
program". In reality, though, it's more of a monitoring framework, in that
it allows an administrator to quickly fold the one-liners they use to
gather information right into the configuration. Add to this the numerous
plugins available, and you can easily integrate Nagios with monitoring
tools you already use, like RRDTool or MRTG.


* Examining a Public Exploit, Part 2
September 15th, 2004

The first part of this article series set out to create an environment
that allowed readers to examine a public exploit as it was sent across the
network. The purpose of this exercise is to help the reader understand the
complex world of intrusion detection and low-level packet analysis, so
that he can better secure his network.


* Safe Databases Are Key to Security
September 14th, 2004

Those of you hung over from patching Windows XP SP2 can't sleep in just
yet. More than 40 vulnerabilities have been reported for Oracle's flagship
software products. Holes in the Database Server and its Listener element
can be exploited even without a valid user account. The Portal and
iSQL*Plus components of Oracle Application Server are similarly


* Make it & Break It: Defending Against Cross-Site Scripting Attacks.
September 13th, 2004

Most Web sites process dynamic content. They take user input from HTTP
requests, process the request on the server and then give the user new
content. The requests are processed using scripted code (JavaScript,
VBScript or Perl, for example) and server components (including CGI, JSP,
PHP, COM and ASP.Net). When the code runs on the server, it is converted
to HTML and sent back to the user's browser.


| Network Security News: |

* Build It: A Home Linux Server
September 17th, 2004

Many of the machines we show you how to build here at ExtremeTech are of
the "burn, baby burn" variety. But often those systems are Ferraris when
all you need is a Ford. A good example of this is a home server whose main
duties are to serve up files and a print queue 24/7 with minimal fuss. As
your needs get more sophisticated, it should be able to grow with them.


* When it comes to wireless security, good enough is simply not good
September 17th, 2004

As security threats increase in quantity and complexity, assuring business
continuity means that corporations need to aggressively and proactively
protect the entire network infrastructure.


* Passwords Fail To Defend Enterprises
September 17th, 2004

Passwords, the dominant form of securing enterprise assets, are a failure,
a research firm said Thursday.


* Intrusion detection with Tripwire
September 15th, 2004

A little over two years ago I was hacked. Someone broke into a web server
I was administrating that had only Apache and OpenSSH running publically,
and all packages were up-to-date. The hacker replaced my ps binary with
his own to hide his processes, added a new service that was executed from
the binary "/bin/crond "


* Wardriving: you can look, but don't touch
September 15th, 2004

Wardriving --the practice of driving around with a portable computing
device and Wi-Fi antenna, looking for open Wi-Fi networks--is not new. In
fact, wardialing, or calling up random phone numbers looking for modem
connections, has been going on for at least 20 years. There is, however, a
new ethical debate surrounding wardriving, whether it's legal, and whether
it serves a larger purpose.


* Net-Security Appliances Are Popping
September 14th, 2004

Enterprise customers last year moved from product trials to in-service
deployments of firewall/VPN and secure content management (SCM) security
appliances, producing large gains for such vendors` as Cisco and Nokia,
according to recent analyst reports.


| General Security News: |

* Shuttleworth's Linux vision matures
September 20th, 2004

A preview of a new Linux distribution inspired by South African
international open source software evangelist, Mark Shuttleworth, is
available on the Internet.


* Workers Want Employers to Take Responsibility for Blocking
Offensive Spam
September 17th, 2004

Sophos, a world leader in protecting organizations against spam and
viruses, conducted a poll of more than 1,000 computer users at small- to
medium-sized businesses (SMBs)* regarding the issue of spam.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list