[ISN] Linux Security Week - April 11th 2005

InfoSec News isn at c4i.org
Tue Apr 12 07:06:37 EDT 2005

|  LinuxSecurity.com                         Weekly Newsletter        |
|  April 11th, 2005                           Volume 6, Number 15n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "7 Myths
About Network Security," " SANS tracking active DNS cache poisonings,"
and "The Day After: Your First Response To A Security Breach."


DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software

Understanding the anti-spam solution market and its various choices and
buzzwords can be daunting task. This free whitepaper from Roaring
Penguin Software helps you cut through the hype and focus on the basics:
determining what anti-spam features you need, whether a solution you are
considering includes them, and to what degree.

Find out more!



This week, advisories were released for MySQL, samba, ImageMagick, krb5,
remstats, wu-ftpd, sharutils, util-linux, words, gaim, e2fsprogs,
subversion, ipsec-tools, libexif, htdig, grip, gtk2, tetex, curl,
gdk-pixbuf, and XFree86.  The distributors include Conectiva, Debian,
Fedora, Gentoo, Mandrake, Red Hat, and SuSE.



Getting to Know Linux Security: File Permissions

Welcome to the first tutorial in the 'Getting to Know Linux Security'
series.  The topic explored is Linux file permissions.  It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod.  This guide is intended for users new to Linux
security, therefore very simple.



The Tao of Network Security Monitoring: Beyond Intrusion Detection

The Tao of Network Security Monitoring is one of the most
comprehensive and up-to-date sources available on the subject. It
gives an excellent introduction to information security and the
importance of network security monitoring, offers hands-on examples
of almost 30 open source network security tools, and includes
information relevant to security managers through case studies,
best practices, and recommendations on how to establish training
programs for network security staff.



Encrypting Shell Scripts

Do you have scripts that contain sensitive information like
passwords and you pretty much depend on file permissions to keep
it secure?  If so, then that type of security is good provided
you keep your system secure and some user doesn't have a "ps -ef"
loop running in an attempt to capture that sensitive info (though
some applications mask passwords in "ps" output).



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Security News:      | <<-----[ Articles This Week ]----------

* The Hacker-Proof Network
  5th, April, 2005

In Cambridge, Mass., not too far from the Charles River, which cuts
near Harvard and M.I.T., David Pearson is attempting to build an
un-hackable network.


* The security risk of hard disk password protection
  4th, April, 2005

In most notebooks the hard disk can be protected against unauthorized
access with the aid of a password. Without it the disk, even went
inserted into another computer, cannot be made to divulge its data.
This security function has meanwhile become a feature of almost all
3.5" ATA hard disks and presents a full-blown security loophole.


* A Couple Points on the "Open Source War"
  8th, April, 2005

If you're interested in this matter at all, you should go straight to
the primary source material: the Red Hat and Microsoft security
advisories. Your milage may vary, but my scans of the two lists shows
a lot of Red Hat fixes that are mostly irrelevant to my simple web
server, unless I've given lots of untrustworthy and industriously
malicious people shell access to log in to the server. On the other
hand, I see lots more references to "remote code execution" on the
Microsoft site, which is what I'm really afraid of when I'm exposing
a server to the internet.


* Hack Job
  4th, April, 2005

When a hacker broke into the network at George Mason University (VA)
earlier this year, IT officials were absolutely powerless to stop
him. Within minutes, the hacker compromised the school.s main Windows
2000 server and gained access to information that included names,
Social Security numbers, university identification numbers, and even
photographs of almost everyone on campus. Next, he poked around for a
back door into other GMU servers that store information such as
student grades, financial aid, and payroll.


* 7 Myths About Network Security
  4th, April, 2005

Hacker tools are growing more sophisticated and automated. Hackers
can now quickly adapt to new security vulnerabilities as they are
uncovered and distribute the fruits of their exploits more widely
with the help of automated toolkits. And they're employing an
ever-increasing range of methods to find individuals' and companies'
private information and use it to their own advantage.


* SANS tracking active DNS cache poisonings
  6th, April, 2005

Around 22:30 GMT on March 3, 2005 the SANS Internet Storm Center
began receiving reports from multiple sites about DNS cache poisoning
attacks that were redirecting users to websites hosting malware. As
the "Handler on Duty" for March 4, I began investigating the incident
over the course of the following hours and days. This report is
intended to provide useful details about this incident to the


* DNSSEC: What Is It Good For?
  7th, April, 2005

DNSSEC, which stands for DNS Security Extensions, is a method by
which DNS servers can verify that DNS data is coming from the correct
place, and that the response is unadulterated. In this article we
will discuss what DNSSEC can and cannot do, and then show a simple
ISC Bind 9.3.x configuration example.


* DNS cache poisoning update
  8th, April, 2005

The InfoCon is currently set at yellow in response to the DNS cache
poisoning issues that we have been reporting on for the last several
days. We originally went to yellow because we were uncertain of the
mechanisms that allowed seemingly "secure" systems to be vulnerable
to this issue. Now that we have a better handle on the mechanisms, WE
are running BIND, please consider updating to Version 9.


* Anatomy of an Attack: The Five Ps
  4th, April, 2005

In a meeting with an engineer (Jonathan Hogue) from a security
company called Okena (recently acquired by Cisco), I was introduced
to the concept of the five Ps. Hogue graciously gave me the
presentation slide and I use it all the time. There are a lot of
models of how an attack progresses, but this is the best I've seen.
These five steps follow an attack's progression whether the attack is
sourced from a person or an automated worm or script. We will
concentrate on the Probe and Penetrate phases here, since these are
the stages that Snort monitors. Hopefully, the attacker won't get
past these phases without being noticed. The five Ps are Probe,
Penetrate, Persist, Propagate, and Paralyze.


* To catch a thief?
  8th, April, 2005

When we turn our minds to matters of e-security, our first thoughts
tend to be about defenses such as firewalls and intrusion detection.
And rightly so. After all, there is much wisdom in the pursuit of
prevention before cure. But, what happens when our defenses are
breached? How should we respond to such an incident?


* Red Hat Patches Security Flaw
  5th, April, 2005

Enterprise Linux users should update their installations of XFree86
to remedy several security holes, some of which could allow attackers
to take over a system.


* Linux still seen as most secure
  7th, April, 2005

Microsoft's efforts to improve the security of Windows have paid off,
leading to significant improvements in patch management and other
areas, according to executives from North American companies surveyed
by Yankee Group.


* Red Hat patches critical hole
  4th, April, 2005

Red Hat is warning enterprise Linux users to update their
installations of XFree86 to fix a number of serious security bugs,
some of which could allow attackers to take over a system.


* Flaw found in Firefox
  7th, April, 2005

A flaw has been discovered in the popular open-source browser Firefox
that could expose sensitive information stored in memory, Secunia has


* Firefox Flaw Publicity Good for Open Source
  6th, April, 2005

Publicity surrounding the JavaScript flaw shows .the open source
system is working,. said Greg Minchak, an analyst with the Open
Source Industry Alliance. .The open source community swarms to a
problem the moment it.s made known..


* The Day After: Your First Response To A Security Breach
  4th, April, 2005

The security incident is over. The techs have all gone home and are
snug in their beds, dreaming of flawless code trees and
buffer-overflow repellent. Upper management has done all the damage
control they can. Everyone's shifting back into their normal
activities and schedules. Everyone, that is, except you. What can you
do to prevent this from ever happening again?


* Sued for finding security flaws?
  5th, April, 2005

In late March we mentioned that Sybase were making threats against a
security company about disclosure of security flaws they found in
Sybase code and a French company that took a security researcher to
court and had him fined 5000 Euro. Going from this Register story, it
looks like Sybase and NGSSoftware are going to settle their dispute
amicably, but it really does bring into view a point that many in the
Open Source community have been trying to make known for


* Security top reason IT pros consider Linux
  5th, April, 2005

Security concerns are the main reason IT managers consider switching
from Windows to Linux on the desktop - but the cost of migration and
compatibility issues remain significant barriers, according to a new


* U.S. government agencies turn to Linux
  7th, April, 2005

As government agencies are being forced to do more with a smaller
budget more agencies are turning to the open source movement for a
solution.In Mississippi three counties and 30 agencies formed a jail
management system to pool all law enforcement and homeland security
forces together using Linux.


* Phishers spread net for smaller prey
  4th, April, 2005

Phishers are moving away from big banking institutions and heading
for smaller targets, according to the Anti-Phishing Working Group


* Mobile-proofing your network
  4th, April, 2005

A stolen laptop made public last week by the University of
California, Berkeley contained unencrypted personal data on nearly
100,000 graduate students and applicants and is just the latest case
to underscore the need for increased protection of personal


* How 20% effort can get you 80% security
  6th, April, 2005

To manage risk, maintain razor-sharp security architecture and still
enjoy a peaceful night's sleep, security professionals at this week's
InfoSec World conference offered this advice: Know your limits, speak
the boss's language and embrace change.


* Using Intrusion Detection Systems To Keep Your WLAN Safe
  6th, April, 2005

Wireless LANs utilize radio waves for transporting information, which
results in security vulnerabilities that justifiably worry network
managers. To assuage those worries, most companies implement
authentication and encryption to harden security.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list