[ISN] Linux Security Week - September 26th 2005

InfoSec News isn at c4i.org
Tue Sep 27 02:11:05 EDT 2005

|  LinuxSecurity.com                         Weekly Newsletter        |
|  September 26th, 2005                       Volume 6, Number 40n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Protecting
Linux against automated attackers," "Information Security Concepts
Primer," and "Five common mistakes that Linux IT managers make."



This week, advisories were released for turqstat, centericq, lm-sensors,
kdebase, python, XFree86, Mailutils, Shorewall, mozilla, mod_ssl, clam,
mod_ssl, Zebedee, umount, squid, and mod_ssl. The distributors include
Debian, Fedora, Gentoo, and Red Hat.



Hacks From Pax: PHP Web Application Security
By: Pax Dickinson

Today on Hacks From Pax we'll be discussing PHP web application
security. PHP is a great language for rapidly developing web
applications, and is very friendly to beginning programmers, but
some of its design can make it difficult to write web apps that
are properly secure. We'll discuss some of the main security
"gotchas" when developing PHP web applications, from proper
user input sanitization to avoiding SQL injection



Network Server Monitoring With Nmap

Portscanning, for the uninitiated, involves sending connection requests
to a remote host to determine what ports are open for connections and
possibly what services they are exporting. Portscanning is the
first step a hacker will take when attempting to penetrate your
system, so you should be preemptively scanning your own servers
and networks to discover vulnerabilities before someone unfriendly
gets there first.



>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

| Security News:      | <<-----[ Articles This Week ]----------

* Firefox woes spread to Linux
  22nd, September, 2005

When I saw all the headlines this week about a new Symantec report
contradicting popular perception that Firefox was the secure
alternative to Microsoft Internet Explorer, the timing couldn't have
been better.  Just three days earlier I wrote this blog about Firefox
surpassing Microsoft Internet Explorer in monthly vulnerabilities and
a flood of angry comments followed in the talkback and Slashdot had
another 500 plus comments.


* Cisco security certifications changing
  20th, September, 2005

Cisco Systems Inc. is revamping its security professional-level
certifications to better reflect the networking giant's emphasis on
its Self-Defending Network strategy.


* Protecting Linux against automated attackers
  22nd, September, 2005

As many systems administrators will tell you, attacks from automated
login scripts specifically targeting common account names with weak
passwords have become a substantial threat to system security,
especially via SSH (a popular program that allows remote users to log
in to a Linux computer and execute commands locally). Here are some
common-sense rules to follow that can greatly improve security, as
well as several scripts to cut down on the computing resources wasted
by these attacks.


* Underground without firewalls
  23rd, September, 2005

Deep underground somewhere in south-east England, security experts
have built a data hosting center almost entirely based on open source
operating systems.


* Novell strengthens its security products
  20th, September, 2005

At Novell's Brainshare user conference in Barcelona last week, the
software supplier said it had strengthened its identity and access
management security products, Novell Identity & Access Management.


* EnGarde Secure Linux 3.0 PR1
  21st, September, 2005

"Guardian Digital is shortly going to be announcing the next major
release of its award-winning EnGarde Secure Linux platform, and we'd
like to offer the engarde-users community a first-glimpse at this
release. Within this new release, codenamed Rapier, you'll find:
Linux 2.6 kernel featuring SELinux Mandatory Access Control; Guardian
Digital Secure Network features free access to all system and
security updates; support for new hardware, including 64-bit AMD
architecture; web-based management of all functions...."


* Firefox Command Line URL Shell Command Injection
  21st, September, 2005

Peter Zelezny has discovered a vulnerability in Firefox, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch
Firefox parsing shell commands that are enclosed within backticks in
the URL provided via the command line. This can e.g. be exploited to
execute arbitrary shell commands by tricking a user into following a
malicious link in an external application which uses Firefox as the
default browser (e.g. the mail client Evolution on Red Hat Enterprise
Linux 4).


* Auditor: The security tool collection
  23rd, September, 2005

The Auditor security collection is a GPL-licensed live CD based on
Knoppix, with more than 300 security software tools. Auditor gives
you easy access to a broad range of tools in almost no time.


* Are IT Departments Security Risks?
  19th, September, 2005

Workers are more like to indulge in risky Internet behavior --
surfing to unknown or even suspicious sites, for example -- when they
have an IT department behind them to clean up their mess, a recently
released study claims.


* Hackers thwart security by going small
  19th, September, 2005

Computer attackers are trying to circumvent improved defences in
corporate networks by creating smaller worms and viruses that infect
individual computers, says a report on Internet security to be
released today.


* ISS discusses its security procedures
  20th, September, 2005

Internet Security Systems Chairman, CEO and President Tom Noonan says
customers increasingly are looking for security platforms that do two
basic things: Let the good guys in and keep the bad guys out. He
spoke with Network World's Editor in Chief John Dix and News Editor
Bob Brown. Here is an edited transcript of Noonan's thoughts on a
host of topics.


* Passwords In Security
  21st, September, 2005

Breaking into corporate networks, and thereby corporate information,
has never been easier Why? Firstly, access to systems (usually Windows)
at the desktop is universal. Secondly, most people, including techies,
don't appear to know how to select adequately secure


* Viruses not just a Windows issue
  21st, September, 2005

According to a report from antivirus company Kaspersky, Mozilla.org
recently hosted Linux versions of the Mozilla browser and Thunderbird
mail client that were infected with the Linux RST.b virus. The
versions involved were the localised Korean releases, and they have
now been removed. RST.b infects ELF executable files to insert a
backdoor onto the victim's computer and automatically downloads
exploit scripts from an Internet site.


* Information Security Concepts Primer
  22nd, September, 2005

Information Security is such a broad discipline that it.s easy to get
lost in a single area and lose perspective. The discipline covers
everything from how high to build the fence outside your business,
all the way to how to harden a Windows 2003 server.


* Five common mistakes that Linux IT managers make
  23rd, September, 2005

After seeing the same mistakes repeated by different IT managers over
the years, I've noticed a pattern of common errors. Here are the five
common mistakes, along with tips for avoiding them.


* Name that worm plan looks to cut through chaos
  23rd, September, 2005

Zotob.E, Tpbot-A, Rbot.CBQ and IRCbot.worm: all names given to a
single worm that wreaked havoc in Windows 2000 systems last month.
Among the plethora of identifiers, perhaps the most
useful--CME-540--didn't make an impact.


* Protect Yourself Against Rogue Employees
  20th, September, 2005

You have problems. The annual report spreadsheet has disappeared from
a server. A virus is loose in company e-mail. Someone has access to
the network through some kind of back door. Those are big problems.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list