[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Linux Security Week - April 29th 2002
From: InfoSec News <isn () c4i ! org>
Date: 2002-04-30 8:58:48
[Download RAW message or body]
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 29th, 2002 Volume 3, Number 17n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Cracking the
Cracking," "Setting up a FreeBSD firewall with an IPSec uplink,"
"Security is poor because vendors are not held responsible," and "Wireless
LAN Security: A Short History."
** FREE Apache SSL Guide from Thawte **
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
-> http://www.gothawte.com/rd252.html
This week, advisories were released for the FreeBSD kernel, webalizer,
sudo, PHPprojekt, ethereal, icecast, and squid. The vendors include
Caldera, Conectiva, Debian, EnGarde, FreeBSD, and Red Hat.
http://www.linuxsecurity.com/articles/forums_article-4877.html
Find technical and managerial positions available worldwide. Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
* Multiple vulnerabilities in stack smashing protection technologies
April 24th, 2002
As if IT managers didn't have enough security headaches, the rise of Web
site-based intrusions has risen over the last year, with aggressive
cookies and pop-up-spawned spyware leading the charge. Products like the
Gator password manager utility are reported to include a Web-user
monitoring component, which may even cause Web browsers to crash or behave
erratically.
http://www.linuxsecurity.com/articles/server_security_article-4869.html
* Cracking the Cracking
April 24th, 2002
Learning about the ins and outs of computer forensics technology and the
law make four recent releases worth investigating. Computer-based crime
has given rise to a new type of evidence gathering-or forensics-and a new
breed of investigator. But computer forensics is still a young discipline,
and almost no one today has been trained purely as a computer forensic
analyst.
http://www.linuxsecurity.com/articles/documentation_article-4866.html
* Using GnuPG
April 23rd, 2002
GnuPG, the GNU Privacy Guard, is the open source equivalent to PGP, or
Pretty Good Privacy, which has been available for Windows, DOS, and some
other operating systems for many years. It has all the same features,
based on the OpenPGP standard. The uses for GnuPG (or GPG) are varied: It
can be used to encrypt email messages and files, or to digitally sign
email messages and files.
http://www.linuxsecurity.com/articles/cryptography_article-4858.html
* Apache and SSL
April 22nd, 2002
Secure Sockets Layer (SSL), developed by Netscape Communications, and
Transport Layer Security (TLS), the open-standard replacement for SSL from
the Internet Engineering Task Force, are the two protocols that add
encryption and authentication to TCP/IP.
http://www.linuxsecurity.com/articles/cryptography_article-4854.html
+------------------------+
| Network Security News: |
+------------------------+
* Wireless Lans can be secure
April 26th, 2002
In the 1994 film Renaissance Man, Danny DeVito describes Military
Intelligence as an oxymoron. Who would have thought that eight years later
many would be making the same criticism of wireless security? At the heart
of the problem is the slow rate at which most corporate security policies
and solutions actually develop, and the way that 'mobile' is viewed within
businesses.
http://www.linuxsecurity.com/articles/network_security_article-4880.html
* Setting up a FreeBSD firewall with an IPSec uplink
April 25th, 2002
Though this article mainly deals with problems inherent to wireless
networks, the principals apply equally well to wired networks. Also,
though FreeBSD is the OS referenced, this may work equally well with other
flavors of BSD . The version of FreeBSD used was 4.5-release.
http://www.linuxsecurity.com/articles/network_security_article-4873.html
* ipsec_tunnel: An IPsec tunnel implementation for Linux
April 25th, 2002
I started this project because I was using a number of IPIP tunnels to
connect a number of private networks over the Internet, and I needed
encryption for a few resons. Above all I wanted to be able to use standard
protocols such as FTP and NFS without having to worry about cleartext
passwords and snooping.
http://www.linuxsecurity.com/articles/cryptography_article-4870.html
* Security is poor because vendors are not held responsible
April 25th, 2002
Network security is not a technological problem; it's a business problem.
The only way to address it is to focus on business motivations. To improve
the security of their products, companies - both vendors and users - must
care; for companies to care, the problem must affect stock price. The way
to make this happen is to start enforcing liabilities.
http://www.linuxsecurity.com/articles/vendors_products_article-4874.html
* Wireless LAN Security: A Short History
April 22nd, 2002
If you're holding back on an 802.11 deployment because of security
concerns, you're not alone. Research indicates that the perceived
insecurity of wireless networks is a major inhibitor to further market
growth. This short history of the security issues in wireless networks
should help shed some light on the problem.
http://www.linuxsecurity.com/articles/network_security_article-4849.html
+------------------------+
| Cryptography: |
+------------------------+
* Keeping e-mail encryption alive
April 22nd, 2002
Phil Zimmermann knows a thing or two about adversity. His invention for
encrypting e-mail, Pretty Good Privacy, was so good that the government
considered it munitions subject to tough export controls. Prosecutors
threatened him with criminal charges when others leaked it overseas.
http://www.linuxsecurity.com/articles/cryptography_article-4852.html
+------------------------+
| Vendor/Products: |
+------------------------+
* More Cross site Scripting in PHPNuke
April 24th, 2002
The European Commission has unveiled new proposals that could send
Internet hackers and spreaders of computer viruses to jail for years.
Industry and security experts welcomed the proposals, but said more
needed to be done to get companies, cautious of bad publicity, to
report Internet attacks and to boost law enforcement resources in the
fight against cybercrime
http://www.linuxsecurity.com/articles/hackscracks_article-4864.html
+------------------------+
| General: |
+------------------------+
* Training the cyberwar troops
April 26th, 2002
Systems administrator David Riebrandt's first hint that intruders had
hacked the military network came from telltale electronic footprints. From
the logs--electronic records of the information passed on the network--it
quickly became evident that a server with gate-keeping control over
different parts of the system was getting downright chatty with a foreign
computer via the Internet.
http://www.linuxsecurity.com/articles/network_security_article-4884.html
* Worries Of Cyberattacks On U.S. Are Aired
April 26th, 2002
U.S. officials warned yesterday that the Chinese military may be searching
for ways to attack defense and civilian computer networks in the United
States and Taiwan. But they said intelligence analysts have concluded that
China so far lacks the ability to cause much disruption.
http://www.linuxsecurity.com/articles/hackscracks_article-4879.html
* Honeynet looks to sting hackers
April 22nd, 2002
A group of 30 computer security researchers who set up inexpensive "fake"
networks to observe how hackers behave as they break into them are finding
out about new software vulnerabilities and warning the public.
http://www.linuxsecurity.com/articles/hackscracks_article-4850.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic