![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@securityfocus.com
Subject: [ISN] Linux Security Week - July 9th 2001
Date: Mon, 9 Jul 2001 03:00:57 -0500 (CDT)
Forwarded by: newsletter-admins@linuxsecurity.com
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| July 9th 2001 Volume 2, Number 27n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, the most interesting articles include "How to stay in front of
VPN management," "Encrypted Tunnels using SSH and MindTerm HOWTO," and
"Kerberos: Computer Security's Hellhound." If you are not already a
member of our linux security discussion list, I encourage you to
participate. Send an email with "subscribe" in the subject to:
security-discuss-request@linuxsecurity.com
This week, advisories were released for samba, xinetd, zope, scotty, and
webmin. The vendors include Caldera, EnGarde, Immunix, Mandrake, and
SuSE.
http://www.linuxsecurity.com/articles/forums_article-3291.html
We have released a FAQ for the EnGarde server platform. It outlines the
most common issues LIDS, the WebTool, FTP, MySQL and general usage. The
FAQ can be accessed at:
http://www.engardelinux.org/engardefaq.html
HTML Version available:
http://www.linuxsecurity.com/newsletter.html
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+
* A Study In Scarlet - Exploiting Common Vulnerabilities in PHP
Applications
July 6th, 2001
This paper is based on my speech during the Blackhat briefings in
Singapore and Hong Kong in April 2001. The speech was entitled "Breaking
In Through the Front Door - The impact of Web Applications and Application
Service Provision on Traditional Security Models". It initially discussed
the trend towards Web Applications (and ASP) and the holes in traditional
security methodology exposed by this trend.
http://www.linuxsecurity.com/articles/documentation_article-3290.html
* Your Network's Secret Life
July 5th, 2001
You may already be quite familiar with a tool in your system called top
that we discussed on this very corner back in our Tweaking Tux series.
What top does is provide a graphical (ncurses-based) interface to your
system's performance, load average, CPU usage and so on. You can fire up
top from the command line with top.
http://www.linuxsecurity.com/articles/network_security_article-3281.html
+------------------------+
| Network Security News: |
+------------------------+
* How to stay in front of VPN management
July 8th, 2001
As companies build larger and larger VPNs, they are faced with a chore
that grows with the networks: effective management. It's an important
issue to pay attention to because a good VPN management platform is not
just a matter of convenience it can also save companies money.
http://www.linuxsecurity.com/articles/network_security_article-3295.html
* Intrusion Detection Systems Terminology, Part One: A - H
July 5th, 2001
Intrusion Detection Systems (IDS) are still very much in their infancy,
but in terms of development they are growing at an extraordinary rate. The
terminology associated with IDS is also growing at rapidly. This article
is intended to introduce readers to some IDS terminology, some of it basic
and relatively common, some of it somewhat more obscure.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3282.html
* How to stop a service denial attack before it stops you
July 4th, 2001
It's not easy to defend a federal Web server against distributed service
denial attacks, but it?s not impossible either. For years now, the
government has been under the gun in an undeclared cyberwar with hackers
around the globe. The simplest and so far the most common attack is denial
of service, which keeps a server so busy with fake data traffic that it
can't do its real job.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3276.html
+------------------------+
| Cryptography News: |
+------------------------+
* Kerberos: Computer Security's Hellhound
July 5th, 2001
Kerberos is an authentication protocol that lets clients and servers
reliably verify each other's identity before establishing a network
connection. Developed at MIT in the late 1980s, Kerberos takes its name
from the three-headed hound in Greek mythology that guards the entrance to
Hades.
http://www.linuxsecurity.com/articles/network_security_article-3287.html
* Using a Cryptographic Hardware Token with Linux: the OpenSSL
Project's New Engine
July 3rd, 2001
In this article, I discuss our experience of integrating a hardware
cryptographic token under Linux, using another open-source project known
as OpenSSL. Public Key Infrastructure (PKI) is a critical technology in
today's computer oriented world. Without it there would be no secure
e-commerce transactions or secure connections.
http://www.linuxsecurity.com/articles/cryptography_article-3272.html
* Encrypted Tunnels using SSH and MindTerm HOWTO
July 2nd, 2001
First written as an article for LinuxSecurity.com, this document describes
how to use SSH and the Java-based program MindTerm to create quick,
secure, and reliable VPN-like tunnels over insecure networks.
http://www.linuxsecurity.com/articles/documentation_article-3265.html
+------------------------+
| General Security News: |
+------------------------+
* Cybercrime Skyrockets, Say Security Reports
July 8th, 2001
Cybercops say computer crime incidents more than doubled last year,
creating a virtual crime wave across computer systems all over the world.
More than 21,000 incidents, up from nearly 10,000 in 1999, were reported
in 2000 to Carnegie Mellon University's Software Engineering Institute,
which tracks online criminal activity in the United States and helps
victims. This year's first quarter saw more than 7000 reported incidents.
http://www.linuxsecurity.com/articles/hackscracks_article-3293.html
* Open source the answer to dog-eat-dog security
July 3rd, 2001
So I believe, ultimately, for security to be real, it must be "open
sourced". This concept involves distributing the instructions making up an
application with the finished program itself. In this way, the processes
underpinning an e-commerce transaction can be made transparent not just
what is being done on your system but how it is being done open to
inspection by all.
http://www.linuxsecurity.com/articles/forums_article-3269.html
* Kernel Security Extensions USENIX BOF Summary
July 2nd, 2001
Emily Ratliff posted a summary of the recent USENIX "Birds of a Feather"
(BOF) discussion about the Linux Security Module effort. This effort is
trying to devise a set of Linux kernel hooks to support "plugging in" to
Linux support for advanced security policies.
http://www.linuxsecurity.com/articles/server_security_article-3264.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe@SecurityFocus.com.