[ISN] Linux Security Week - September 12th 2005

InfoSec News isn at c4i.org
Tue Sep 13 02:40:31 EDT 2005

|  LinuxSecurity.com                         Weekly Newsletter        |
|  September 12th, 2005                       Volume 6, Number 38n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Security
moves back into top 5 IT priorities," "Popular policies: keeping storage
secure," and "The Mobility Threat."


## Master of Science in Information Security ##

Earn your Master of Science in Information Security online from Norwich
University. Designated a "Center of Excellence", the program offers a
solid education in the management of information assurance, and the
unique case study method melds theory into practice.  Using today's
e-Learning technology, you can earn this esteemed degree, without
disrupting your career or home life.




This week, advisories were released for proftpd, sqwebmail, polygen,
affix, zsync, phpgroupware, webcalendar, pcre3, ntp, cvs, kdelibs,
evince, openmotif, cman, gnbd-kernel, dlm-kernel, lockdev, perl,
termcap, ckermit, kdegraphics, squid, pam, setup, tar, openssh,
tzdata, httpd, mplayer, and phpldapadmin. The distributors include
Debian, Fedora, Gentoo, and Red Hat.



Hacks From Pax: PHP Web Application Security
By: Pax Dickinson

Today on Hacks From Pax we'll be discussing PHP web application
security. PHP is a great language for rapidly developing web
applications, and is very friendly to beginning programmers, but
some of its design can make it difficult to write web apps that
are properly secure. We'll discuss some of the main security
"gotchas" when developing PHP web applications, from proper
user input sanitization to avoiding SQL injection



Network Server Monitoring With Nmap

Portscanning, for the uninitiated, involves sending connection requests
to a remote host to determine what ports are open for connections and
possibly what services they are exporting. Portscanning is the first step
a hacker will take when attempting to penetrate your system, so you should
be preemptively scanning your own servers and networks to discover
vulnerabilities before someone unfriendly gets there first.



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Security News:      | <<-----[ Articles This Week ]----------

* IptablesWeb v.1.0
  8th, September, 2005

IptablesWeb is a free software (under GPL licence): it makes possible
to inspect iptables logs by using a web browser.
It's a plugin-based multilanguage software written in PHP using 3
free php classes.


* Creating info society: Broadband and info security
  6th, September, 2005

The explosion of spamming, hoaxes and cyber attacks has highlighted
just how vulnerable users are to security breaches and the steps they
need to take to protect themselves. While both dial-up and broadband
connections can be affected by such security breaches, an always-on
broadband connection is undoubtedly an easier target. This is because
the always-on nature of a broadband connection means that attacks and
hacking can happen around the clock, raising the stakes by comparison
with a computer that is only on for short periods. Luckily, there are
many tools available to make broadband connections secure and
attractive to users and potential users.


* Big debate over small packets
  8th, September, 2005

Fernando Gont is nothing if not tenacious.  Earlier this year, the
Argentinian researcher highlighted several attacks that could disrupt
network connections using the Internet control message protocol, or
ICMP, and proposed four changes to the structure and handling of
network-data packets that would essentially eliminate the risk.


* Cisco Issues Fixes for Vulnerable Web Routers
  8th, September, 2005

Cisco alerted its customers Wednesday about a serious security flaw
in many of its Internet routers, which serve as key intersections in
channeling Web and e-mail traffic from point to point.	Cisco Systems
Inc., based in San Jose, Calif., warned that attackers could use the
flaw to seize control over specified vulnerable routers.not most
routers currently in use.


*  MS wrong on security claims: Red Hat
  6th, September, 2005

Red Hat is accusing Microsoft of getting its facts wrong in its
latest attack on Linux security.
In an update on security at Microsoft's recent world-wide partner
conference, the company's security head Mike Nash took aim at Linux
to single out Red Hat.


* OpenSSH update fixes recent vulnerabilities
  5th, September, 2005

The first fix prevents "GatewayPorts" from being "incorrectly
activated for dynamic ('-D') port forwardings when no listen address
was explicitly specified," according to the changelog.


* Red Hat Unveils IT Courses
  7th, September, 2005

Red Hat, the world's leading provider of open source solutions to the
Enterprise, announced the addition of Institute of Advanced Computing
Management (IACM) to their Authorised Training Partner Network, which
extends across India, Nepal, Bangladesh, Sri Lanka and Pakistan. Red
Hat's complete range of Training and Certification programs will now
be available at IACM.<P>


* Security moves back into top 5 IT priorities
  7th, September, 2005

With Labor Day weekend quickly vanishing into a memory, the team has
just finished compiling this month's IT priorities data. The big news
is that what happened last month with security is now pretty much
undone. It is back in the top 5 list, just barely edging out IT
management for the fifth position (it was in fourth back in July).
Software infrastructure and hardware upgrades also swapped positions
and are in second and third respectively. As usual, wired and
wireless projects are up on top as organizations buy into data and
voice network convergence and install wireless networking equipment.
Overall, things are looking good. According to the US Commerce
Department, in Q2 2005, businesses spent 17.3% more on computers and
peripheral equipment than they did in Q2


* Email security - what are the issues?
  8th, September, 2005

As email becomes more prevalent in the market, the <a
href="http://www.net-security.org/article.php?id=816">importance of
email security</a> becomes more significant. In particular, the
security implications associated with the management of email
storage, policy enforcement, auditing, archiving and data recovery.


* Popular policies: keeping storage secure
  9th, September, 2005

Secure storage of data has always been essential for any
organisation, of whatever size. In the past this involved accurate
filing of paper records, and then keeping the physical archive secure
. whether it was simply locking a filing cabinet, or guarding an
entire building.


* The Mobility Threat
  5th, September, 2005

We live in an era where mobile devices are being used by all levels
of society. Today, it is fairly common to see a CEO or a school kid
carrying a PDA or mobile phone. According to a survey by Infocomm
Authority of Singapore (IDA), the penetration rate of mobile phones
in Singapore has grown to 91 percent in 2004. Sophisticated PDA
phones and other mobile devices such as the Blackberry are actually
miniaturised PCs and they have become


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list