![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Security Week - October 22nd 2001
Date: Tue, 23 Oct 2001 02:37:19 -0500 (CDT)
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 22nd, 2001 Volume 2, Number 42n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Good Security
information is crucial," "An Overview of LIDS," and "Intrusion Detection
Systems for the Uninitiated." Also this week, several interesting
articles were written on privacy and encryption.
This week, advisories were released for w3m, xvt, procmail, zope, openssh,
openssl, until-linux, htdig, kernel, apache, and xinetd. The vendors
include Caldera, Conectiva, Debian, EnGarde, Immunix, Mandrake, Red Hat,
and Trustix.
http://www.linuxsecurity.com/articles/forums_article-3872.html
** FREE Apache SSL Guide from Thawte **
Planning Web Server Security? Find out how to implement SSL!
Get the free Thawte Apache SSL Guide and find the answers to all your
Apache SSL security issues and more at:
http://www.gothawte.com/rd90.html
* Don't Risk your network installing an insecure OS *
EnGarde was designed from the ground up as a secure solution, starting
with the principle of least privilege, and carrying it through every
aspect of its implementation.
* http://www.engardelinux.org
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
* Good security administration is crucial
October 20th, 2001
Firms should revamp their security admin rather than just avoiding
Microsoft products, warns expert. Firms are being advised to tighten up
on security administration rather than switch from Microsoft software to
open source operating systems, as fears over digital vulnerabilities
mount.
http://www.linuxsecurity.com/articles/server_security_article-3884.html
* An Overview of LIDS
October 18th, 2001
In traditional Unix models, the root user is all-powerful. Root is exempt
from the rules and regulations of the filesystem, and has abilities that
other users do not: putting interfaces into promiscuous mode, for example.
Many folks realized that this uncontrolled access could be a bad thing.
Should a vulnerability be found in a program that is run as root, it could
cause boundless damage.
http://www.linuxsecurity.com/articles/projects_article-3867.html
+------------------------+
| Network Security News: |
+------------------------+
* Firewalls not perfect but needed these days
October 21st, 2001
With the numbers of hackers and viruses these days, everyone who has a
computer that's connected to a network -- including the Internet -- should
have a firewall or be running behind one. This is a Q&A sessions about
firewalls with Patrick Marshall, a Technology columnists for The Seattle
Times.
http://www.linuxsecurity.com/articles/firewalls_article-3885.html
* Firing up Firewalls
October 20th, 2001
One of the first lines of defense against hackers is your firewall. The
firewall acts as a filter, blocking unwanted packets from reaching your
network. In most cases, a properly configured firewall will protect a
network from viruses such as the Code Red worm, even if there are
vulnerable machines residing inside the network.
http://www.linuxsecurity.com/articles/firewalls_article-3880.html
* Intrusion Detection Systems for the Uninitiated, Part 2; Installing
and Configuring Snort
October 17th, 2001
Shashank Pandey returns to Linux.com with part two of his popular series
on IDS: Intrusion detection Systems for Linux. Quizzing PortSentry in his
last article, in today's Pandey cast a sharp eye over working with snort.
And remember in some primitive parts of the world you have to pay for
information like this!
http://www.linuxsecurity.com/articles/intrusion_detection_article-3860.html
+------------------------+
| Cryptography News: |
+------------------------+
* Encryption: How Prevalent Is It?
October 15th, 2001
Many companies have reassessed their technology initiatives in the month
since the tragic attacks on the United States. Some are focusing on
security measures for IT systems while others are deepening efforts to
secure facilities and intellectual property.
http://www.linuxsecurity.com/articles/cryptography_article-3840.html
+------------------------+
|Vendors/Tools/Products: |
+------------------------+
* Openwall Kernel Security Patch Update
October 21st, 2001
The Openwall kernel security patch is a collection of security-related
features for the Linux kernel, all configurable via the new 'Security
options' configuration section. In addition to the new features, some
versions of the patch contain various security fixes. A new revision of
the Openwall Linux kernel patch, 2.2.19-ow3, is now available.
http://www.linuxsecurity.com/articles/host_security_article-3889.html
* A Sysadmin's Security Basics
October 19th, 2001
System administrators are no longer alone in their concern for security.
The increase in high-profile virus attacks, and a general sense of
heightened security, means that executives are likely to have security on
their mind. It may be easier than ever to enlist their support for
securing our networks and systems, and they may be more likely to put up
with some inconvenience for users if it means tighter security.
http://www.linuxsecurity.com/articles/server_security_article-3876.html
* Open source tool put on red alert
October 15th, 2001
Hundreds of thousands of websites may be at risk after hackers discovered
a vulnerability in a popular web server program. Users running PHP Nuke, a
free open source tool for database-based websites, were put on red alert
yesterday when it was discovered that hackers were exploiting a recently
discovered flaw in the code to take control of servers. The glitch exists
in all versions of PHP Nuke and allows unauthorised users to copy files to
and from the web server and possibly gain control of the machine. There
are over 22,000 users registered at the program's PHPNuke.org website but
it is thought that there may be hundreds of thousands of sites running the
vulnerable software.
http://www.linuxsecurity.com/articles/projects_article-3844.html
* Startup offers gains in multilayer security silicon
October 15th, 2001
A security processor startup with a design team composed of engineers from
Compaq Computer Corp.'s former Alpha operation has introduced a new
encryption chip that it claims will shatter the current standards for
high-end encryption.
http://www.linuxsecurity.com/articles/vendors_products_article-3850.html
+------------------------+
| General News: |
+------------------------+
* Eric Raymond Responds to Disclosure Rhetoric
October 21st, 2001
Cryptographers and security experts have known for years that peer review
of open source code is the only reliable way to verify the effectiveness
of encryption systems and other security software. So Microsoft's
closed-source mode of development guarantees that customers will continue
getting cracked and Microsoft will continue pointing the finger of blame
everywhere except where it actually belongs.
http://www.linuxsecurity.com/articles/forums_article-3887.html
* IRS seeks more security funding
October 18th, 2001
John Reece, the chief information officer at the Internal Revenue Service,
said priorities have changed in the wake of the Sept. 11 terrorist
attacks, and the tax agency is seeking more money for security. Like
other agencies, Reece said the IRS has asked the Office of Management and
Budget for increased funds immediately to help secure systems at the tax
agency.
http://www.linuxsecurity.com/articles/government_article-3869.html
* Must privacy die too?
October 16th, 2001
As an IT security professional Neil Barrett welcomes moves to record
online activity, but as a private citizen he doubts that increased online
surveillance is healthy So, the terrorists who hijacked the planes and
caused heart- and commerce-stopping panic used email, encryption,
steganography and the rest, did they? And because of this, the FBI and
police forces are re-opening the painful debates about retention and
release of Internet content and traffic data, the extensive interception
of email, and the release of information on users.
http://www.linuxsecurity.com/articles/privacy_article-3851.html
* CERT/CC Statistics 1988-2001
October 16th, 2001
The CERT/CC statistics on incidents handled, vulnerabilities reported,
security alerts and notes published, hotline calls handled, and email
messages handled have been updated with information from the third quarter
of 2001.
http://www.linuxsecurity.com/articles/security_sources_article-3856.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.