![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Mon, 29 Jan 2001 00:19:08 -0500
From: newsletter-admins@LINUXSECURITY.COM
Subject: [ISN] Linux Security Week - January 29th 2001
To: ISN@SECURITYFOCUS.COM
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| January 29, 2001 Volume 2, Number 5n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.
A few good papers were released this week. Some of the best include
"Linux security basics," "Top Ten Secure Shell FAQs," and "GnuPG: An
Open Solution to Data Protection." If you are just getting started
in security these articles may prove to be very helpful.
Benjamin Thomas just released a product review covering the Arkeia
backup solution for Linux. The review covers a combination of the
Arkia software and the Ecrix rakpak dual 66G drive, discussion of
the features, security, usage, documentation, and support.
http://www.linuxsecurity.com/feature_stories/feature_story-74.html
This week, advisories were released for icecast, MySQL, kdesu, glibc,
splitvt, micq, sash, wu-ftpd, jazip, tinyproxy, squid, php, apache,
exmh, ipfw, ip6fw, XFree86, crontab, and bind. The vendors include
Conectiva, Caldera, Debian, FreeBSD, Mandrake, Red Hat, SuSE, and
Trustix.
http://www.linuxsecurity.com/articles/forums_article-2383.html
# FREE VISOR with purchase of Guardian Digital's Linux Lockbox #
Guardian Digital has just announced an offer for a free Handspring
Visor with the purchase of any secure Linux Lockbox. The Lockbox is
an Open Source network server appliance engineered to be a complete
secure e-business solution. It can be used as a commerce server, web
server, DNS, mail, and database server. Please see Guardian
Digital's website for details.
http://www.guardiandigital.com/visoroffer.html
** OpenDoc Publishing **
Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.
http://www.linuxsecurity.com/sponsors/opendocs.html
HTML Version available:
http://www.linuxsecurity.com/newsletter.html
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+
* Linux security basics
January 26th, 2001
Here is a defensive driving course for the information superhighway.
Learn to develop a threat model, to implement security measures, and
to find out what the newest threats may be. There seem to be two
kinds of people in the world: those who think computer security is
fun and exciting, and those who think it is arcane and scary.
http://www.linuxsecurity.com/articles/host_security_article-2382.html
* NFS and NIS Security
January 25th, 2001
Why is it that when you read almost any book or paper about Solaris
security it will explicitly say: turn off the NFS and NIS services.
Some system administrators, though, cannot just turn off these
services, as they are already key services implemented across their
enterprises.
http://www.linuxsecurity.com/articles/host_security_article-2374.html
+------------------------+
| Network Security News: |
+------------------------+
* SSL is not a magic bullet
January 28th, 2001
Unfortunately, SSL has a checkered past and present. Like other
security problems involving encryption packages, the issues lie not
so much in SSL as in the software used to implement and support it.
Instead of guaranteeing security, SSL may provide a false sense of
security through its occasional failings.
http://www.linuxsecurity.com/articles/cryptography_article-2386.html
* Top Ten Secure Shell FAQs
January 28th, 2001
SSH, the Secure Shell, is a set of protocols and software that
provide secure, remote terminal sessions between networked
computers. In addition to a simple remote command prompt, most SSH
implementations also provide secure forwarding of X Window traffic as
well as forwarding of connections to arbitrary TCP ports. These
features can protect otherwise insecure protocols such as POP, IMAP,
SMTP, and so on.
http://www.linuxsecurity.com/articles/cryptography_article-2387.html
+------------------------+
| Cryptography News: |
+------------------------+
* GnuPG: An Open Solution to Data Protection
January 24th, 2001
Gnu Privacy Guard (GnuPG or GPG), is an open, patent-free encryption
application whose main purpose is to protect communication and
secure data archives. It achieves this goal by implementing a hybrid
cipher system that utilizes both a symmetric cipher system and a
public-key cipher system.
http://www.linuxsecurity.com/articles/cryptography_article-2364.html
* Top WWII code cracker dies
January 24th, 2001
Leo Marks, WWII codemaker and codebreaker, and later playwright, has
died aged 80. He was chief cryptographer of Special Operations
Executive during WWII, having trained as a cryptographer in Bedford
when called up for National Service.
http://www.linuxsecurity.com/articles/cryptography_article-2363.html
* EFF asks court for relief in DVD encryption ban
January 22nd, 2001
The Electronic Frontier Foundation (EFF), an online civil liberties
group, said it has petitioned a federal appeals court to overturn a
lower court's interpretation of the Digital Millennium Copyright Act
(DMCA). The group said in a statement that the decision created an
unconstitutional restraint on free expression.
http://www.linuxsecurity.com/articles/government_article-2352.html
+-------------------------+
| Vendors/Tools/Products: |
+-------------------------+
* Some Thoughts on the Occasion of the NSA Linux Release
January 27th, 2001
There are two things I am sure of after all these years: there is a
growing societal need for high assurance software, and market forces
are never going to provide it. Superficially, I'm going to offer a
few comments on the technology underlying the NSA release.
http://www.linuxsecurity.com/articles/server_security_article-2385.html
+------------------------+
| General News: |
+------------------------+
* Internet Exploits Defined
January 26th, 2001
Start with the basics. "No longer does a hacker have to huddle in
front of a glowing monitor. Today's hacker has at his disposal a
literal arsenal of fully automated tools, through which he can gain
access to your system without lifting so much as a finger. These are
known as "exploits."
http://www.linuxsecurity.com/articles/hackscracks_article-2380.html
* Security patches aren't being applied
January 24th, 2001
As a result, this easily avoidable problem has reached near-epidemic
proportions. Making matters more frustrating is knowing that so many
losses could have been easily avoided with a few mundane but crucial
steps. "I would put patching in the top two things an admin can do
to secure their computers," said Lance Spitzner, coordinator for the
security group Honeynet Project.
http://www.linuxsecurity.com/articles/hackscracks_article-2369.html
* Reverse Engineering: Necessary Function Or Illegal Activity?
January 23rd, 2001
A key ruling last October by the 9th U.S. Circuit Court of Appeals,
located in San Mateo, Calif., affecting the home video game sector
is having a direct impact on the entire software industry. The
ruling, which upholds engineers' rights to reverse-engineer other
companies' proprietary hardware for purposes of research, flies in
the face of federal legislation passed two years ago banning most
forms of reverse engineering.
http://www.linuxsecurity.com/articles/hackscracks_article-2362.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".