Home page logo

isn logo Information Security News mailing list archives

Linux Security Week - October 1st 2001
From: InfoSec News <isn () c4i org>
Date: Tue, 2 Oct 2001 04:27:27 -0500 (CDT)

|  LinuxSecurity.com                            Weekly Newsletter     |
|  September 30th, 2001                        Volume 2, Number 39n   |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Improving the
security of open Unix platforms," "Focus on Operating Systems," and
"Denying Denial of Service."  Also this week, there are a few good
articles in the General section regarding cyber-terrorism.

This week, advisories were released for uucp, man, openssh, squid, and
setserial. The vendors include Conectiva, Mandrake, and Red Hat.

 Are you tired of rebuilding servers hit by NIMDA? 
 EnGarde Secure Linux was designed from the ground up as a secure
 solution, starting with the principle of least privilege, and carrying it
 through every aspect of its implementation.
 * http://www.engardelinux.org 
Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request () linuxsecurity com with "subscribe"
as the subject.

| Host Security News: | <<-----[ Articles This Week ]-------------

* Improving the security of open UNIX platforms
September 27th, 2001

This article takes a look at a little shell application that uses an
innovative approach to increasing open UNIX security. A step-by-step
analysis of the code is provided. The author's areas of expertise are in
Web programming and cutting-edge network security development.


* Focus on operating systems
September 25th, 2001

Crackers are immediately going to concentrate on the most popular systems
in order to affect the highest number of systems. As Linux becomes ever
more popular, the attention it receives, as far as finding vulnerabilities
is concerned, is going to be greatly increased.  Linux was initially
developed to create an operating system with the user at its heart.


| Network Security News: |

* Denying Denial of Service
September 28th, 2001

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
have been around for years, but with reports that 4,000 DoS attacks are
launched each week, it's clear the problem isn't close to being resolved.
In fact, in a recent poll of Information Security readers, 90 percent said
they remained either "very concerned" or "somewhat concerned" about DoS or
DDoS (see Reader Poll).


* Battle Brews Over Authentication
September 27th, 2001

"Security and identity are facets of almost every big issue in the digital
world today," said Esther Dyson, chairman of EDventure Holdings and former
chairman of ICANN. "They touch it all: privacy, anonymity, integrity of
data and safety assets, freedom of speech, legitimacy, trust and trust
worthiness, branding, visibility of marketers and visibility to marketers.


* Expert: Net security's a losing battle
September 26th, 2001

The complexity of the Internet is increasing more rapidly than our ability
to secure it, according to Internet security expert Bruce Schneier.  At
the opening of the annual Information Security Solutions Europe (ISSE)
conference in London on Wednesday, Schneier, who is chief technology
officer of Counterpane Internet Security, claimed that the problem of
Internet security will never be resolved.


* You've just been hacked. Now what? Here's how to avoid resorting to
panic mode.
September 24th, 2001

The first reaction to a security breach is almost always denial. This must
be a network glitch or a stupid joke. Once the severity of the situation
sinks in, however, a variety of emotions ensue--anger at the perpetrator,
betrayal by the security vendors that didn't prevent it from happening and
finally, sheer panic.


| Cryptography News:     |

* International Cryptography Institute 2001 announced by ISSE Center
September 27th, 2001

More than 20 students recently sat in a room on the 12th floor of a New
York office building to learn how to hack into Linux systems. But it
wasn't an underground session run by computer criminals; instead, these
students hoped to learn how to protect their computer systems and
E-commerce Web sites from attack.


* Godfather of encryption hits back
September 26th, 2001

Godfather of encryption Phil Zimmerman has responded to attacks directed
at him over the use of encryption software in the terrorist attacks on the
US.  Zimmerman, who created the Pretty Good Privacy (PGP) encryption
software a decade ago, apparently came under fire from some members of the
internet community after it emerged that the US Government is
investigating whether PGP, or a similar technology, was used by the
hijackers to co-ordinate the attacks securely.


* Terrorists and steganography
September 24th, 2001

Guess what? Osama Bin Ladin uses steganography. According to nameless
"U.S. officials and experts" and "U.S. and foreign officials," terrorist
groups are "hiding maps and photographs of terrorist targets and posting
instructions for terrorist activities on sports chat rooms, pornographic
bulletin boards and other Web sites."


|Vendors/Tools/Products: |
* New release of the LSM-based SELinux prototype
September 27th, 2001

The SELinux web site including the mail list archive has been updated. The
site includes a new release of the LSM-based SELinux prototype. This
release contains many bug fixes and improvements to both LSM and SELinux
and is based on the lsm-2001_09_23 patch against kernel 2.4.10. The
release includes new and reworked hooks to control additional operations.


|  General News:         |

* Cyber Liberties Group Sound Alarm Over Anti-Terror Proposal
September 28th, 2001

Civil liberties groups are concerned that the anti-terrorism bill proposed
by the Bush Administration would lump small-time hackers in with murderous
terrorists.  The draft proposal from Attorney General John Ashcroft would
expand law enforcement's freedom to catch and punish terrorists.


* In Response To Attacks ICANN Eyes Security Matters
September 28th, 2001

This is one meeting I would love to be involved with. How exciting! "The
body that manages the Internet's worldwide addressing system will meet in
November as planned, but will shuffle its agenda to address Internet
"security and stability" issues as they relate to the global dangers
highlighted by the Sept.


* EFF: Surveillance Legislation Continues to Threaten Privacy
September 27th, 2001

The Electronic Frontier Foundation (EFF) urges continued activism against
the "Anti-Terrorism Act" (ATA), proposed by the US Department of Justice,
and related legislation (presently 3 bills), because many provisions of
the bills would dramatically alter the civil liberties landscape through
unnecessarily broad restrictions on free speech and privacy rights in the
United States and abroad. Your urgent action is needed TODAY.


* Cyberterrorists: our invisible enemies
September 24th, 2001

As Attorney General John Ashcroft fielded reporters' questions last
Tuesday about the attack on the World Trade Center and the Pentagon, one
journalist asked if a new computer worm, discovered only hours earlier,
was in any way related to the terrorist strikes. It was not, Ashcroft
assured the nation--or at least, there was as yet no evidence linking it
to Osama bin Laden and his ilk.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • Linux Security Week - October 1st 2001 InfoSec News (Oct 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]