![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Security Week - December 3, 2001
Date: Tue, 4 Dec 2001 02:34:05 -0600 (CST)
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 3rd, 2001 Volume 2, Number 48n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Theo de Raadt
Discusses OpenBSD and Security," "Telecommuting: Keeping Data Safe and
Secure," and "Vulnerability Life Cycles." Also this week the "qmail
Anti-Spam HOWTO" and "Securing Debian HOWTO" was released.
* Why be vulnerable? Its your choice.
Are you looking for a solution that provides the applications necessary to
easily create thousands of virtual Web sites, manage e-mail, DNS,
firewalling database functions for an entire organization, and supports
high-speed broadband connections all using a Web-based front-end? EnGarde
Secure Professional provides those features and more!
Be Secure with EnGarde Secure Professional:
http://store.guardiandigital.com/html/eng/493-AA.shtml
This week, advisories were released for wu-ftp, imp, rpm, postfix, sasl,
and sendmail. The vendors include Caldera, Conectiva, Immunix, Red Hat,
Slackware and SuSE.
http://www.linuxsecurity.com/articles/forums_article-4089.html
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
* qmail Anti-Spam HOWTO
December 1st, 2001
This document discusses anti-spam philosophies from a variety of
perspectives and provides information about available options for dealing
with spam. Spam is defined here as unsolicited commercial e-mail, usually
sent in bulk. In other words, spam is simply electronic junk mail. Dealing
with spam is, at best, a very difficult task.
http://www.linuxsecurity.com/articles/documentation_article-4097.html
* Securing Debian HOWTO
November 29th, 2001
This document describes the process of securing and hardening the default
Debian installation. It covers some of the common taks to setup a secure
network environment using Debian GNU/Linux. This document just gives an
overview of what you can do to increase the security of your Debian
GNU/Linux system.
http://www.linuxsecurity.com/articles/host_security_article-4086.html
* Theo de Raadt Discusses OpenBSD and Security
November 26th, 2001
This week, KernelTrap spoke with OpenBSD creator and maintainer, Theo de
Raadt. OpenBSD is widely hailed as being the most secure OS available. The
latest version, OpenBSD 3.0, is slated for an official release on December
1st.
http://www.linuxsecurity.com/articles/forums_article-4069.html
+------------------------+
| Network Security News: |
+------------------------+
* Telecommuting: Keeping Data Safe and Secure
November 30th, 2001
With the increased availability of broadband access and VPNs,
telecommuting is more viable for many workers. But with this new
opportunity comes new risks. While telecommuting is an advantage for
employees, making sure they adhere to security policies can be a headache.
http://www.linuxsecurity.com/articles/network_security_article-4092.html
+------------------------+
| Cryptography News: |
+------------------------+
* Phil Zimmerman and PGP
November 27th, 2001
InfoSecurityMag talks with the creator of PGP and the motivations behind
creating it. "Zimmermann says he was confident that the first release of
PGP domestically would be safe from legal restrictions, albeit not
unnoticed.
http://www.linuxsecurity.com/articles/cryptography_article-4070.html
+------------------------+
| Vendors/Products: |
+------------------------+
* Common sense key to beating hackers
November 28th, 2001
Today's wireless local area network (Lan) investigation highlights common
problems with all IT security. Computing spoke to a panel of experts about
the key issues when it comes to protecting your company network and data.
Are wireless networks safe? Yes, if common sense principles are applied,
say experts. "It's important wireless Lans are deployed in a manner
consistent with the security practices used to secure wired Lans and
dial-up access connections," said Chris McNab, a consultant with security
firm Matta and a former ethical hacker.
http://www.linuxsecurity.com/articles/network_security_article-4079.html
* PKCS #11 openCryptoki for Linux
November 28th, 2001
openCryptoki is an implementation of the PKCS #11 API that allows
interfacing to devices (such as a smart card, smart disk, or PCMCIA card)
that hold cryptographic information and perform cryptographic functions.
openCryptoki provides application portability by isolating the application
from the details of the cryptographic device.
http://www.linuxsecurity.com/articles/cryptography_article-4077.html
+------------------------+
| General News: |
+------------------------+
* Got hacked? Blame it on the software
December 1st, 2001
There's only one problem with software development these days, according
to security analyst and author Gary McGraw: It isn't any good. McGraw,
noted for his books on Java security, is out with a new book that purports
to tell software developers how to do it better.
http://www.linuxsecurity.com/articles/security_sources_article-4096.html
* Bush Signs Spending Bill With Cyber-Security Funding
November 30th, 2001
President George W. Bush on Wednesday signed into law the Commerce, State,
Justice appropriations bill, a 2002 spending package that contains
significant funding for a range of cyber-security and online
crime-fighting programs.
http://www.linuxsecurity.com/articles/government_article-4091.html
* EFF Update on Sklyarov Case
November 30th, 2001
Ever since the FBI confirmed the existence of their Internet wiretapping
device a device they named Carnivore, cyberprivacy activists have been up
in arms. Carnivore promised to be their worst nightmare: a technology that
could track and record every email sent, every Web page browsed, every
chat room visited.
http://www.linuxsecurity.com/articles/privacy_article-4093.html
* Confounding Carnivore: How to Protect Your Online Privacy
November 30th, 2001
Ever since the FBI confirmed the existence of their Internet wiretapping
device -- a device they named Carnivore -- cyberprivacy activists have
been up in arms. Carnivore promised to be their worst nightmare: a
technology that could track and record every email sent, every Web page
browsed, every chat room visited
http://www.linuxsecurity.com/articles/privacy_article-4090.html
* Key steps to bolster security
November 29th, 2001
Good security systems depend more on good processes and design than on
specific technologies, and to make the right choices requires a careful
assessment of value and risk. Timothy Dyck reports.
http://www.linuxsecurity.com/articles/security_sources_article-4087.html
* Vulnerability Life Cycles
November 26th, 2001
The vulnerability life cycle has three phases: the research/discovery
phase -- in which both malicious and nonmalicious security researchers
seek new holes in products; the disclosure phase -- in which the
discoverer of the new vulnerability tells others about it; and the
exploitation phase -- in which the specifics of bug information are
incorporated into a program designed to take advantage of the
vulnerability.
http://www.linuxsecurity.com/articles/server_security_article-4067.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.