[ISN] Linux Security Week - January 3rd 2005

InfoSec News isn at c4i.org
Tue Jan 4 06:31:49 EST 2005

|  LinuxSecurity.com                         Weekly Newsletter        |
|  January 3rd, 2005                           Volume 6, Number 1n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "A 2005 Linux
Security Resolution," "Unpatched Linux PCs Stay Secure For Months,"
and "Largest IPv6 network launched in China."


>> Internet Productivity Suite: Open Source Security <<

Trust Internet Productivity Suite's open source architecture to give
you the best security and productivity applications  available.
Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and
methods into their design.



Happy New Year! This week advisories were released for netpbm,
libtiff, imlib, Xpdf,CUPS, and ViewCVS. The distributors include
Conectiva, Debian, Gentoo, and Mandrake.



A 2005 Linux Security Resolution

Without a mission and plan, very little gets accomplished.  The new
year should not only be a time to set personal goals such as an
exercise regiment, but also a time to focus on security practices
and configurations.  2005 will be hostile, now is the time to



State of Linux Security 2004

In 2004, security continued to be a major concern. The beginning of
the year was plagued with several kernel flaws and Linux vendor
advisories continue to be released at an ever-increasing rate.
This year, we have seen the reports touting Window's security
superiority, only to be debunked by other security experts
immediately after release.



Vincenzo Ciaglia Speaks Security 2004

Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux
Security.  A full immersion in the world of Linux Security from many
sides and points of view.



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Host Security News: | <<-----[ Articles This Week ]----------

* SysAdmin to SysAdmin: Using RAID with PVFS under ROCKS
  30th, December, 2004

I administer a newly deployed ROCKS compute cluster, and I use the
Parallel Virtual Filesystem which comes with the ROCKS linux
distribution to provide a parallel IO system. For those who are not
familiar, check out my earlier ROCKS article, as well as my earlier
article about PVFS. My cluster is slightly older hardware -- dual
PIIIs, and each PC has two hard drives.


* Secure programmer: Call components safely
  28th, December, 2004

How you handle calls and returns is as important as which components
you call. Application programs typically make calls to other
components, such as the underlying operating system, database
systems, reusable libraries, Internet services (like DNS), Web
services, and so on.


* Unix, Linux Security Bugs Patched
  27th, December, 2004

Internet security research firm iDefense has announced a series of
vulnerabilities and patches for a variety of Unix- and Linux-based


* Unpatched Linux PCs Stay Secure For Months
  29th, December, 2004

The average unpatched Linux system survives for months on the
Internet before being hacked, a report recently issued by the
Honeypot Project claims.


* New, 'Critical' Windows Bug Lack Patches
  28th, December, 2004

A trio of new and unpatched vulnerabilities in Microsoft Windows were
made public on security mailing lists over the weekend, nudging some
security vendors to alert users that their systems may be open to
attack and hijacking. The vulnerabilities, first reported by a
Chinese group and then posted to the Bugtraq mailing list, are in
Windows' LoadImage API function, its animated cursor files, and in
the way it handles help files.


* Largest IPv6 network launched in China
  30th, December, 2004

An IPv6-based network linking 25 universities in 20 cities across
China began operating on Saturday. The China Education and Research
Network Information Center (CERNIC) announced the launch of the
network, called CERNET2, which is thought to be the largest single
IPv6 network yet created. CERNIC claimed it makes China a world
leader in the race to build the next generation of the Internet.


| Network Security News: |

* Linux, security skills projected hot skills for 2005
  30th, December, 2004

Security, Web services and Linux jobs continue to dominate the IT
help wanted ads and are projected to remain among the hottest skill
and certification areas in 2005, according to research firms that
specialize in tracking skills and certifications.


* What's Hot in 2005
  28th, December, 2004

What technologies are going to be most important for you to survive
2005? We pull out our looking glass and tell you what's hot.We Don't
Need No Stinking Power Cords! Power over Ethernet (PoE) technology
will be deployed big-time, allowing wireless access points, VoIP
phones, and many other devices to be used with less hassle and
expense, because they...


* Web services skills a must for 2005
  28th, December, 2004

Web services, security and Linux jobs continue to dominate the IT
help wanted ads and are projected to remain among the hottest skill
and certification areas in 2005, according to research firms that
specialize in tracking skills and certifications.


* Phone Worm Source Code Out, Expect More Threats
  29th, December, 2004

The source code for the most prevalent worm targeting mobile phones
has been made public, security firms announced Wednesday, a dangerous
disclosure that may lead to more effective attacks.


| General Security News: |

* Linux and Open Source: The 2005 Generation
  3rd, January, 2005

Sometimes people don't know when a revolution has happened until
afterwards. Then, the historians tell us that 2004 was the year that
open source started to become computing's mainstream.


* Security challenges spread to multiple fronts and
IT jobs will rebound in 2005
  3rd, January, 2005

In my last column, I reviewed the top security developments of 2004.
Now I'm going to extrapolate on the trends that I see affecting IT
security in 2005, both here and abroad.


* Biometric Sensors Keep Finger on Security
  27th, December, 2004

Biometrics authentication technology should be a promising means to
confirm a cardholder's authenticity. With a Linux-based radio
frequency (RF) personalizer that reads and writes in memory, the
administrator can set various parameters of the smart security
controller, such as real-time clock, personal identification number
(PIN) option, alarm options and reader delays.


* Security workers praise Sarbanes-Oxley
  27th, December, 2004

Many security workers feel that government regulations aimed at
protecting IT networks from threats are working, according to new


* ENN Year in Review 2004: Virus Wars
  30th, December, 2004

Malware used to be easy to detect and avoid. Virus writers would
attach a malicious programme to an e-mail and distribute it as widely
as possible. If any of the recipients opened the attachment, the
virus could delete system and data files, search for confidential
information and propagate itself on the local network. In those
simple days, viruses were like vampires -- as long as you didn't
invite them in, they couldn't do you any harm. If you refrained from
opening e-mail attachments from strangers, then you were safe.


* Spam Punishment Doesn't Fit the Crime
  28th, December, 2004

I hate spam as much as the next person, but recent decisions by
courts in Iowa and Virginia demonstrate how fear of technology (and
justifiable annoyance) can force the legal system to impose fines and
sentences that are grossly disproportionate to the harm caused by


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list