![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Security Week - October 8th 2001
Date: Tue, 9 Oct 2001 06:25:58 -0500 (CDT)
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 8th, 2001 Volume 2, Number 40n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Analyzing your
internet applications log files," "BSD security fundamentals," and "A
Beginner's Introduction to Network Security." Also this week, SANS
released an updated security list. The 'top 10' security list has now
become 'top 20.'
This week, the only vendor to release advisories was Conectiva. The
advisories are for mod_auth_pgsql and groff. Webmasters, if you would
like to have a dynamic Linux advisory feed on your website we encourage
you to take advantage of our RDF file.
http://www.linuxsecurity.com/articles/forums_article-3795.html
* Don't Risk your network installing an insecure OS *
EnGarde was designed from the ground up as a secure solution, starting
with the principle of least privilege, and carrying it through every
aspect of its implementation.
* http://www.engardelinux.org
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
* Linux system administration - A user's guide
October 5th, 2001
System administration is an area everyone has to deal with, at some point
of their IT career or in personal affairs. Even the most computer
illiterate people do it, aware of it or not. It is a necessity, a must you
can say. For who else can be in touch with your desires and needs, and
have the access to your system other than yourself?
http://www.linuxsecurity.com/articles/documentation_article-3797.html
* BSD security fundamentals
October 5th, 2001
Subterrian.net has a copy of the presentation delivered by Sean Lewis at
ToorCon 2001, held last weekend in San Diego, Calif. Lewis discusses BSD
essential BSD security issues, working well as a primer for new and
experienced users alike. Read all about encrypted communication,
filesystem lockdowns, kernel securelevels, services, ftpd, Apache, and
security auditing.
http://www.linuxsecurity.com/articles/server_security_article-3801.html
* Analyzing your internet applications' log files
October 2nd, 2001
This article is the first in a series about using lire to analyze log
files of internet server applications. This is not limited to one service,
e.g. Apache, but is an integrated analyzer for many different services.
Included are DNS, WWW and email. This article explains how to get started
with lire. It discusses installation and configuration to generate
reports.
http://www.linuxsecurity.com/articles/host_security_article-3774.html
+------------------------+
| Network Security News: |
+------------------------+
* Information Warfare: When Intrusion Detection Isn't Enough
October 5th, 2001
September 11, 2001... that date will be engraved upon the memories of most
Americans for many years to come. That is the date when Terrorists brought
their battle to the U.S. soil. One week later, the Internet came under
attack by the Nimda worm. Many claimed this was an act of Information
Warfare.
http://www.linuxsecurity.com/articles/intrusion_detection_article-3800.html
* Companies Stress Network Security
October 4th, 2001
Corporations and government agencies have long viewed security of computer
networks as an optional cost. No more. In the era of cyberterrorism, it
is critical. "Network security used to be a necessary evil, but now it's
a core value of companies," says CEO Peggy Weigle of Internet security
firm Sanctum.
http://www.linuxsecurity.com/articles/general_article-3790.html
* A Beginner's Introduction to Network Security
October 3rd, 2001
Lately, the word "security" has been tossed around a lot in the news, IRC
channels and elsewhere in the community. It seems that there's no end to
viruses and script kiddies out there just waiting to get through the
security on your network and damage something, or use your network to help
with the latest denial-of-service attack.
http://www.linuxsecurity.com/articles/network_security_article-3784.html
* SANS Top 10 Security List Becomes Top 20
October 2nd, 2001
The FBI and the SANS Institute today released a list of the 20 top
vulnerabilities of Internet-connected systems and urged companies to close
dangerous holes while warning again of virulent cyberattacks to come
http://www.linuxsecurity.com/articles/security_sources_article-3781.html
* Full Disclosure: How Much Security Info Is Too Much?
October 1st, 2001
In publicizing the details of how a given security hole is exploited, are
virus fighters simply providing aid and comfort to the enemy? The debate
over how much detail to release on software security gaps and when to go
public with potentially sensitive security information has experts looking
for a middle ground, wherein systems can be secured without helping
hackers.
http://www.linuxsecurity.com/articles/general_article-3771.html
+------------------------+
| Cryptography News: |
+------------------------+
* Zimmermann defends strong crypto against govt assault
October 4th, 2001
Strong cryptography does more good for society than harm and placing
backdoors in encryption products to allow law enforcement access to plain
text messages would be "worse than futile", encryption guru Phil
Zimmermann told The Register today.
http://www.linuxsecurity.com/articles/cryptography_article-3791.html
* Security, biometrics research likely to get more attention
October 2nd, 2001
Government research on computer security and identification technologies
will likely receive greater attention in the aftermath of the Sept. 11
terror attacks against the United States, according to the chairman of the
House Science Committee.
http://www.linuxsecurity.com/articles/cryptography_article-3775.html
* Encryption Debate Revived
October 2nd, 2001
Revived efforts to restrict software encryption in the wake of the recent
terrorist attacks could have an adverse impact on e-commerce, IT managers
and security experts say, but it's unlikely the government will succeed in
curtailing encryption.
http://www.linuxsecurity.com/articles/cryptography_article-3779.html
* Three Minutes With Security Expert Bruce Schneier
October 1st, 2001
Bruce Schneier is founder and chief technology officer of Internet
security firm Counterpane. He has written two books on cryptography and
computer security, Secrets and Lies and Applied Cryptography, and is an
outspoken critic of Microsoft and other software vendors that produce
products that contain dangerous security holes.
http://www.linuxsecurity.com/articles/general_article-3763.html
+------------------------+
|Vendors/Tools/Products: |
+------------------------+
* Customers Proactive About Security Spending
October 4th, 2001
Growing concerns about cyberterrorism and the spread of computer viruses
are causing more businesses to become proactive about security spending,
solution providers believe. Solutions involving firewall protection,
intrusion detection, vulnerability assessment and anti-hacking technology
are all moving to the forefront, as customers beef up their security
awareness.
http://www.linuxsecurity.com/articles/general_article-3792.html
+------------------------+
| General News: |
+------------------------+
* Net users lose a secret-alias tool
October 5th, 2001
The company that pushed encryption and networking technology to the limits
to enhance people's privacy said Thursday that it has decided to close its
flagship anonymity network and focus on security software for home users.
http://www.linuxsecurity.com/articles/privacy_article-3798.html
* comp.os.linux.security FAQ Updated
October 4th, 2001
Daniel Swan sent us a note indicating he's updated the c.o.l.s FAQ and
it's indeed much improved! Would you like to contribute? Send us a note
and share your experiences. The FAQ covers "Specifically, security as it
pertains to the Linux operating system.
http://www.linuxsecurity.com/articles/documentation_article-3794.html
* Carnivore substitute keeps Feds honest
October 2nd, 2001
The Forensics Explorers division of CTX is ready to go to market with a
Carnivore-like suite called NetWitness which, the company says, can enable
ISPs to surrender to the Feds only those specific bits of information
about a suspect which a court has authorized for collection.
http://www.linuxsecurity.com/articles/government_article-3780.html
* The Black Hat Briefings Amsterdam 2001
October 2nd, 2001
Every year leaders in the security field are brought together to this
conference to discuss the latest threats, trends, products, and influences
in the Internet and security environment. Don't miss it. This year's
topics include: Routing Protocol Attacks, Mobile Security: SMS and WAP,
One-Way SQL Hacking, eBooks Security - Theory and Practice: Part II,
Hackproofing Lotus Domino, Protecting your IP Network Infrastructure,
RFP.Labs vs. Webservers: Finding Problems.
http://www.linuxsecurity.com/articles/organizations_events_article-3773.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.