![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Security Week - August 27th 2001
Date: Tue, 28 Aug 2001 04:57:53 -0500 (CDT)
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| August 27th, 2001 Volume 2, Number 34n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.
This week, perhaps the most interesting articles include "DDoS effort
ill-placed," "NIST Special: Intrusion Detection Systems," and
"Researchers develop SSH cracker." Also this week, good news for
security vendors and professionals in "Internet Security Revenue To
Exceed $14 Billion by 2005," and "Every job requires commitment to
network security."
This week, advisories were released for fetchmail, groff, ucd-snmp,
ipfw, sdb, gdm, telnetd, procfd, openssl prng, dump, sendmail, and tcp
wrappers. The vendors include Caldera, Conectiva, FreeBSD, Mandrake,
NetBSD, Progeny, and SuSE.
http://www.linuxsecurity.com/articles/forums_article-3562.html
Maximize your security with EnGarde! EnGarde was designed from the ground
up as a secure solution, starting with the principle of least privilege,
and carrying it through every aspect of its implementation.
http://www.engardelinux.org
EnGarde Quick Start Guide - This is a document that provides you with the
information necessary to quickly begin using your EnGarde system.
http://www.guardiandigital.com/docs/EnGardeManual/ESLQuick-1.0.1.pdf
HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
* Unix, Linux Admins Urged To Upgrade Sendmail Security
August 24th, 2001
Security experts and vendors of Linux and other Unix-like operating
systems are urging network administrators to replace some versions of
popular e-mail server software known as Sendmail, because the most recent
open-source versions can provide a doorway for local hackers.
http://www.linuxsecurity.com/articles/server_security_article-3561.html
+------------------------+
| Network Security News: |
+------------------------+
* DDoS effort ill-placed
August 23rd, 2001
It's no secret that the Distributed Denial of Service (DDoS) attack is the
biggest security threat to commercial networks since the advent of the
virus. In fact, hackers are now using viruses as the data delivered by
zombies, further complicating DDoS attacks.
http://www.linuxsecurity.com/articles/network_security_article-3554.html
* Using SSH
August 21st, 2001
SSH is a secure replacement for telnet, rlogin, other r* and ftp protocols
which handle sensitive information in an unsecure manner. Telnet
broadcasts sensitive information such as usernames and passwords
unencrpyted whereas SSH encrypts them, so that a malicious user trying to
retrieve them with a, i.e. some sniffer could have no use for them as
such.
http://www.linuxsecurity.com/articles/host_security_article-3534.html
* NIST Special: Intrusion Detection Systems
August 20th, 2001
This document translated from PDF by Cryptome provides a great overview of
Intrusion Detection Systems. Intrusion detection is the process of
monitoring the events occurring in a computer system or network and
analyzing them for signs of intrusions, defined as attempts to compromise
the confidentiality, integrity, availability, or to bypass the security
mechanisms of a computer or network.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3530.html
+------------------------+
| Cryptography News: |
+------------------------+
* Carnivore to add wireless to its menu?
August 24th, 2001
Federal law enforcement officials may use a controversial surveillance
technology to monitor e-mail and other text messages delivered through
wireless devices, such as cell phones--a fact that has one
telecommunications group concerned.
http://www.linuxsecurity.com/articles/privacy_article-3564.html
* Tool dumbs down wireless hacking
August 22nd, 2001
A hacking tool which can recover the encryption keys used to "protect"
data sent over wireless networks has been released on the Internet.
AirSnort is one of the first tools that automates the process of breaking
in wireless networks and takes advantages of flaws in the Wired Equivalent
Protocol (WEP) which were highlighted by a group of cryptographers a
couple of weeks ago.
http://www.linuxsecurity.com/articles/cryptography_article-3542.html
* Researchers develop SSH cracker
August 22nd, 2001
Researchers at the University of California at Berkeley have discovered
more vulnerabilities in Secure Shell (SSH) which allow an attacker to
learn significant information about what data is being transferred in SSH
sessions, including passwords. SSH was designed as a secure channel
between two machines, based on strong encryption and authentication. But
by observing the rhythm of keystrokes, and using advanced statistical
techniques on timing information collected, attackers can pick up
significant details.
http://www.linuxsecurity.com/articles/cryptography_article-3547.html
+------------------------+
| Vendors/Tools |
+------------------------+
* Internet Security Revenue To Exceed $14 Billion by 2005
August 23rd, 2001
The worldwide market for Internet security experienced significant growth
this past year. According to IDC, all security software markets -
firewalls, encryption software, security authentication, authorization,
and administration (3A), and antivirus software - grew 25% or more in
2000, with the firewalls segment growing the most at 42%.
http://www.linuxsecurity.com/articles/general_article-3552.html
* Every job requires commitment to network security
August 20th, 2001
It is not enough to realize how many attacks occur, or the types of
attacks that are happening. We must develop a defensive mindset that will
create an on-going sense of urgency about protecting data and systems.
We all have responsibility for information security, regardless of whether
we work in information technology.
http://www.linuxsecurity.com/articles/network_security_article-3533.html
+------------------------+
| General Security News: |
+------------------------+
* Getting started in computer forensics
August 24th, 2001
Many private companies are turning to the military and law enforcement
agencies to find computer forensics and security professionals. Some
officers are leaving their posts for jobs in the corporate world,
sometimes doubling or even tripling their salaries.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3560.html
* Kevin Mitnick Interview Transcript, Part 1
August 24th, 2001
On the August 20 show of 'The Screen Savers,' Leo Laporte interviewed
ex-hacker Kevin Mitnick. They discussed the good and bad aspects of
hacking, the peculiar nature of Mitnick's trial and sentence, the current
nature of hacking, and much more. Watch the video clips of the entire
interview and read the transcript of the first half.
http://www.linuxsecurity.com/articles/forums_article-3559.html
* Is prosecuting hackers worth the bother?
August 22nd, 2001
When you've been hacked, it's wise to evaluate the damage done before
calling in the Feds, San Diego Supercomputer Center Security Manager Tom
Perrine explained during the tenth annual USENIX Security Symposium in
Washington last week, during a talk entitled "Cops are from Mars,
Sysadmins are from Pluto: Dealing with Law Enforcement."
http://www.linuxsecurity.com/articles/hackscracks_article-3541.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.