[ISN] Linux Security Week - June 13th 2005

InfoSec News isn at c4i.org
Tue Jun 14 12:47:29 EDT 2005

|  LinuxSecurity.com                         Weekly Newsletter        |
|  June 13th, 2005                            Volume 6, Number 25n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "The meagre
living of Linux virus writers," "Integrating and securing Linux
without a silver bullet," and "Cracking WEP in 10 minutes."


## Internet Productivity Suite: Open Source Security ##
Trust Internet Productivity Suite's open source architecture to
give you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced
ideas and methods into their design.

Click to find out more!



This week, advisories were released for krb4, mailutils, traversal,
Wordpress, SilverCity, kdbg, ImageMagick, openssh, dbus, rsh, and the Red
Hat kernel. The distributors include Debian, Gentoo, and Red Hat.



Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.



Introduction: Buffer Overflow Vulnerabilities

Buffer overflows are a leading type of security vulnerability. This
paper explains what a buffer overflow is, how it can be exploited,
and what countermeasures can be taken to prevent the use of buffer
overflow vulnerabilities.



Getting to Know Linux Security: File Permissions

Welcome to the first tutorial in the 'Getting to Know Linux Security'
series.  The topic explored is Linux file permissions.  It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod.  This guide is intended for users new to Linux
security, therefore very simple.



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Security News:      | <<-----[ Articles This Week ]----------

* Talking with Richard Stallman
  12th, June, 2005

Let's start. Can you explain to our readers why you started with
FSF in 1984? What did you need of? Why you created it?
What I started in 1984 was the development of the GNU operating
system.  All the operating systems for modern computers of the day
were proprietary; users were forbidden to share them, and could not
get the source code to change them.  The only way to use computers in
freedom was to replace those systems with a free operating system.
That's what GNU was meant to do. The Free Software Foundation was
started in late 1985 to raise funds for GNU development, and more
generally to promote free software.


* How well do you know your partner?
  7th, June, 2005

For those of you who follow the news, you may have read the recent
story of spy software discovered at some of Israel's leading
companies which reads just like the spy stories we've been reading
for years.


* Debian released without security update feature
  8th, June, 2005

A configuration mistake in the new Debian Linux distribution has
forced a fix less than 24 hours after the software was released.


* The meagre living of Linux virus writers
  9th, June, 2005

According to anti-virus firm Trend Micro, the number of Linux viruses
in the wild has not changed dramatically for two years, but its
figure of 500 dangerous and exploitative programs dashing around the
Internet seeking unprotected systems is cause for concern, until you
look closer at the reasoning.


* Attack Trends: 2004 and 2005
  7th, June, 2005

Counterpane Internet Security, Inc., monitors more than 450 networks
in 35 countries, in every time zone. In 2004 we saw 523 billion
network events, and our analysts investigated 648,000 security
"tickets." What follows is an overview of what's happening on the
Internet right now, and what we expect to happen in the coming


* Analysts say 'cloudy' forecast is OK
  7th, June, 2005

The network security forecast is cloudy, and that's not a bad thing
if you're to believe what analysts are saying at this week's Gartner
IT Security Summit.


* What to ask when evaluating intrusion-prevention systems
  8th, June, 2005

An intrusion-prevention system (IPS) is part of an overall security
strategy to protect your network from attack. The IPS literally
prevents an attack by blocking bad stuff, such as viruses or
malformed packets, from getting into the company network.


* Secure Mac and Linux authentication
  8th, June, 2005

CryptoCard (.com) makes a variety of secure authentication and ID
management tools, and they just released support for OS X Tiger (they
already did Panther). For the rest of you PC alternative fans, Linux
support includes Red Hat, SuSE, and an easy compile option for


* Integrating and securing Linux without a silver bullet
  10th, June, 2005

The difficulty in integrating Linux with legacy systems and securing
IT systems are two of IT managers' most common complaints about
Linux, says Peter Harrison, who canvassed many IT pros while writing
The Linux Quick Fix Notebook, a new book from Prentice Hall PTR. In
this tip, Harrison doesn't offer a quick fix, but he does offer sage
advice about security and integration.


* Has Ransomware Learned from Cryptovirology?
  6th, June, 2005

A secure cryptovirus, cryptotrojan or cryptoworm contains a payload
that activates under a particular circumstance. When it activates, it
generates a random symmetric key and encrypts the victim's files with
it. This key is then encrypted in turn with the attacker's public key
to produce an asymmetric ciphertext.


* Insecurity through obscurity
  9th, June, 2005

Security through obscurity is probably one of the oldest tricks in
the security book.The basic premise stems from the fact that people
are trying to ensure security by hiding certain facts of their software
or architecture design from regular users. This is equivalent to
someone hiding a house key under a pot of plants in front of his


* Gartner IDs 'Over-Hyped' Security Threats
  9th, June, 2005

Over-hyped security threats have made companies unnecessarily
hesitant to roll out new technologies, such as Internet telephony and
wireless networks, a research firm said Wednesday.


* A Tale of Two Hackers
  6th, June, 2005

Lapping up the sunshine here outside a downtown cafe, Kevin Mitnick
is apprehensive. He never asked to be the world's most high-profile
convicted computer criminal, he says, and he's sick of media
interviews dwelling on his criminal past.


* Israel espionage case points to new Net threat
  10th, June, 2005

Executives of top telecom firms accused of spying on each other. A
jealous ex-husband suspected of monitoring his former in-laws.
Private investigators implicated in computer-hacking-for-hire; one
now involved in a possible attempted suicide. So much bad publicity,
government officials worry it might impact the entire nation's


* Cracking WEP in 10 minutes
  8th, June, 2005

Yesterday I started noticing referral traffic from myscreencast.com,
a phpbb-based community site for finding and sharing screencasts. The
most entertaining one I found is called Cracking WEP in 10 minutes.
It was produced with Camtasia, but the action takes place in Whoppix,
which describes itself thusly.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list