[ISN] Linux Security Week - September 27th 2004

InfoSec News isn at c4i.org
Tue Sep 28 05:13:25 EDT 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  September 27th, 2004                      Volume 5, Number 38n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Sawing Linux
Logs with Simple Tools," "Open source wireless tools emerge," and
"Security Still A Worry As WLANs Expand."


>> Crypto Challenge VI has begun <<

 Be the first to crack the code and win a Sony DCRHC40 MiniDV Digital
 Handycam Camcorder. More prizes in the weekly Lunch Hour Challenge -
 make sure you check the site regularly.

 CLICK HERE to sign up NOW


This week, advisories were released for lukemftpd, cvs, Heimdal, mpg123,
SnipSnap, Foomatic, CUPS, and login_radius. The distributors include
Debian, FreeBSD, Gentoo, Mandrake, OpenBSD, and Suse.



Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.



An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* Hardening the PAM framework
September 25th, 2004

In yesterday's article we began looking at how PAM can securely
authenticate Windows users. Today we'll check the PAM framework, harden
the basic services that we expect to authenticate to, and look at new PAM
modules that might make our systems more secure.


* Sawing Linux Logs with Simple Tools
September 24th, 2004

So there you are with all of your Linux servers humming along happily. You
have tested, tweaked, and configured until they are performing at their
peak of perfection. Users are hardly whining at all. Life is good. You may
relax and indulge in some nice, relaxing rounds of TuxKart. After all, you
earned it.


* Hardening Linux authentication and user identity
September 23rd, 2004

PAM is an authentication mechanism that originated on Solaris, but is used
on various systems, including Linux. The Linux PAM implementation allows a
system administrator to choose how users authenticate to various services.
New modules can be added by an administrator at any time, offering overall
flexibility in how authentication happens.


* SpamAssassin sports new open-source license
September 23rd, 2004

Project leaders for the widely used software chose to enter the fold of
the Apache Software Foundation to take advantage of the nonprofit group's
legal and technical resources. To make the move, SpamAssassin had to adopt
the Apache License.


| Network Security News: |

* Open source wireless tools emerge
September 23rd, 2004

The wireless development landscape differs from the wired world in a
number of ways. For one thing, the dominance of handheld device
manufacturers and proprietary OS makers has meant that open source
projects for wireless connectivity have been slow to take off. But now
this sector is showing some signs of life.


* Are Firewalls Useful? And Another Thing...
September 23rd, 2004

If you ever feel in need of a lesson in humility, try reading through the
TCP/IP RFCs and related literature. I have two questions I have no idea
how to answer but rather naively expected that reading this material would
help. It didn't, in truth because I didn't understand most of it; so now
I'm asking you to explain the issues to me.


* Security Still A Worry As WLANs Expand: Survey
September 22nd, 2004

About half the companies responding to the survey said that security was
the chief concern preventing growth of WLANs. However, about 84 percent of
the companies that have deployed WLANs said they have not suffered from
security breaches.


| General Security News: |

* Open Source VoIP Ready For Its Close Up
September 25th, 2004

Open Source Voice over IP (define) is ready for its close up. Asterisk, a
popular Voice over IP PBX (define), has released version 1.0.0.


* European Companies Join In Boosting Linux Security
September 24th, 2004

A consortium of European companies, including Linux-distributor
Mandrakesoft, has been awarded a three-year, $8.6 million contract to
boost security of the open-source Linux operating system, the companies
said Thursday.


* Insiders Weigh Law Banning Wireless Spam
September 24th, 2004

In less than a month, it will be illegal to send commercial messages to
any Internet domain associated with wireless messaging subscription


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list