[ISN] Linux Security Week - April 18th 2005

InfoSec News isn at c4i.org
Mon Apr 18 05:59:45 EDT 2005

|  LinuxSecurity.com                         Weekly Newsletter        |
|  April 18th, 2005                           Volume 6, Number 16n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Diffie:
Infrastructure a disaster in the making," "From SATAN to OVAL: The
Evolution of Vulnerability Assessment," and "Taking a swipe at
two-factor authentication."


DEMYSTIFY THE SPAM BUZZ: Roaring Penguin Software

Understanding the anti-spam solution market and its various choices and
buzzwords can be daunting task. This free whitepaper from Roaring
Penguin Software helps you cut through the hype and focus on the basics:
determining what anti-spam features you need, whether a solution you are
considering includes them, and to what degree.

Find out more!



This week packages were released for axel, gftp, wireless-tools, glibc,
selinux-policy-targeted, kernel, autofs, GnomeVFS, phpMyAdmin,
shorewall, gtk, shareutils, gdk-buf, kdegraphics, dhcp, and gaim.  The
distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, and



Introduction: Buffer Overflow Vulnerabilities

Buffer overflows are a leading type of security vulnerability. This
paper explains what a buffer overflow is, how it can be exploited,
and what countermeasures can be taken to prevent the use of buffer
overflow vulnerabilities.



Getting to Know Linux Security: File Permissions

Welcome to the first tutorial in the 'Getting to Know Linux Security'
series.  The topic explored is Linux file permissions.  It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod.  This guide is intended for users new to Linux
security, therefore very simple.



The Tao of Network Security Monitoring: Beyond Intrusion Detection

The Tao of Network Security Monitoring is one of the most
comprehensive and up-to-date sources available on the subject. It
gives an excellent introduction to information security and the
importance of network security monitoring, offers hands-on examples
of almost 30 open source network security tools, and includes
information relevant to security managers through case studies,
best practices, and recommendations on how to establish training
programs for network security staff.



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Security News:      | <<-----[ Articles This Week ]----------

* A federated crypto guy
  14th, April, 2005

WHEN budgets get tight, R&D is often one of the first departments to
feel the squeeze.

But at RSA Security, vice-president of research Burt Kaliski and his
team are considered the heart and soul of the business. RSA puts
about 18-20 per cent of its revenue into applied research and
standards development at its research centre, RSA


* TuxJournal is online!
  11th, April, 2005

The first on-line Italian Magazine is on-line. All the Italian
readers can find here a very good source of news and articles about
the OpenSource and Technology World.


* And here's a key to combat hacking
  11th, April, 2005

As we rely more on computers,  the potential for hackers  to hurt us
and destroy our personal records has grown. Corporates and public
networks, instead of individuals face the brunt of hackers.
ingenuity. However, there are ways to build unhackable network.


* Using a Linux failover router
  13th, April, 2005

Today, it's hard to imagine an organization operating without taking
advantage of the vast resources and opportunities that the Internet
provides. The Internet's role has become so significant that no
organization can afford to have its Net connection going down for
too long.


* Diffie: Infrastructure a disaster in the making
  13th, April, 2005

In the 1970s, Martin Hellman and Whitfield Diffie wrote the recipe
for one of today's most widely used security algorithms in a paper
called "New Directions in Cryptography. The paper mapped out the
Diffie-Hellman key exchange, a major advancement in Public Key
Infrastructure (PKI) technology that allows for secure online
transactions and is used in such popular protocols as the Secure
Sockets Layer (SSL) and Secure Shell (SSH). In 2000, they received
the prestigious Marconi Foundation award for their contributions.


* Network monitoring with Nagios
  14th, April, 2005

How can a system administrator monitor a large number of machines
and services to proactively address problems before anyone
else suffers from them?


* From SATAN to OVAL: The Evolution of Vulnerability Assessment
  15th, April, 2005

With the growing reliance and dependence on our inter-connected
world, security vulnerabilities are a real world issue requiring
focus and attention. Security vulnerabilities are the path to
security breaches and originate from many different areas -
incorrectly configured systems, unchanged default passwords, product
flaws, or missing security patches to name a few. The comprehensive
and accurate identification and remediation of security
vulnerabilities is a key requirement to mitigate security risk for


* Developers Rate Linux More Secure Than Windows In Survey
  14th, April, 2005

A new study addressing security issues finds that
software-development managers generally rate Linux as a more secure
operating system than Windows. The study, which will be released by
the end of the month, was conducted by BZ Research, the research
subsidiary of publisher BZ Media LLC. It was not funded by any


* Breaking software easier than you think
  15th, April, 2005

One reason software security vulnerabilities are so tough to fix is
because they are so hard to find. Unlike other bugs that become
apparent when an application acts up, security holes tend to hide
from normal view. And that's just how the hacker underground likes


* Fortinet in court for hiding Linux in its code
  15th, April, 2005

A German court has granted a preliminary injunction against security
firm Fortinet for allegedly violating the general public licence
(GPL) and hiding Linux in its code.


* Cisco: Malicious ICMP messages could cause denial of service
  15th, April, 2005

A publicly available document on how to use how the Internet Control
Message Protocol (ICMP) to launch denial-of-service attacks has
prompted Cisco Systems to issue an...


* Taking a swipe at two-factor authentication
  11th, April, 2005

An essay in an April trade magazine maintains two-factor
authentication can't counter emerging threats, and that the industry
would be wise to come up with a better solution to the nation's
biggest cyberproblem: identity theft.


* HIPAA Compliance In 30 Days or Less
  12th, April, 2005

HIPAA. We are all sick of the acronym by now, and the April 20
compliance deadline for the Health Insurance Portability and
Accountability Act is looming.


* Strategic Security
  12th, April, 2005

Christofer Hoff is on a mission. As the director of information
security at Western Corporate Federal Credit Union (WesCorp), Hoff
has launched an initiative to quantify the benefits of information
security spending for business executives at the San Dimas,
Calif.-based company.


* Linux servers praised for security
  12th, April, 2005

Software development managers rate Linux significantly higher than
Windows server products for security, according to the latest


* The two-edged sword: Legal computer forensics and open source
  12th, April, 2005

Ryan Purita of Totally Connected Security is one of the leading
computer forensic experts in private practice in Canada. He is a
Certified Information Systems Security Professional, holding one of
the most advanced security qualifications in the world.


* First Spam Felony Case Nets 9-Year Jail Term
  11th, April, 2005

A Virginia judge sentenced a spammer to nine years in prison Friday
in the nation's first felony prosecution for sending junk e-mail,
though the sentence was postponed while the case is appealed.


* Universities To Aid U.S. Cybersecurity Effort
  12th, April, 2005

Experts from a consortium of colleges will lead a far-reaching effort
to keep the nation's computer data safe from cyberattack,
the National Science Foundation announced Monday.


* Linux programmer wins legal victory
  14th, April, 2005

A Linux programmer reported a new victory in a German court Thursday
in enforcing the General Public License, which governs countless
projects in the free and open-source software realms.

A Munich district court on Tuesday issued a preliminary injunction
barring Fortinet, a maker of multipurpose security devices, from
distributing products that include a Linux component called "initrd"
that Harald Welte helped write.


* LexisNexis Data on 310,000 People Feared Stolen
  12th, April, 2005

Data broker LexisNexis said Tuesday that personal information may
have been stolen on 310,000 U.S. citizens, or nearly 10 times the
number found in a data breach announced last month.


* 180,000 warned credit-card data exposed
  14th, April, 2005

Data apparently stolen from the popular clothing retailer Polo Ralph
Lauren Inc. is forcing banks and credit card issuers to notify
thousands of consumers that their credit-card information may have
been exposed.

Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list