Home page logo

isn logo Information Security News mailing list archives

Linux Security Week - October 29th 2001
From: InfoSec News <isn () c4i org>
Date: Tue, 30 Oct 2001 03:35:21 -0600 (CST)

|  LinuxSecurity.com                            Weekly Newsletter     |
|  October 29th, 2001                          Volume 2, Number 43n   |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Avoiding
security holes when developing an application," "Secure Communications
with OpenSSH," and "Intrusion Detection Systems for the Uninitiated."

This week, advisories were released for gftp, diffutils, nvi, squid,
util-linux, openssh, shadow/login, htdig, mod_auth_pgsql, and the Linux
kernel.  The vendors include Conectiva, Debian, Immunix, and Red Hat.


  ** FREE Apache SSL Guide from Thawte **
  Planning Web Server Security? Find out how to implement SSL! 
  Get the free Thawte Apache SSL Guide and find the answers to all 
  your Apache SSL security issues and more at: 

* Don't Risk your network installing an insecure OS *
EnGarde was designed from the ground up as a secure solution, starting
with the principle of least privilege, and carrying it through every
aspect of its implementation.
* http://www.engardelinux.org 
Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request () linuxsecurity com with "subscribe"
as the subject.
| Host Security News: | <<-----[ Articles This Week ]-------------

* Avoiding security holes when developing an application - Part 5:
race conditions
October 24th, 2001

This fifth article of our series is dedicated to security problems related
to multitasking. A race condition occurs when different processes use the
same resource (file, device, memory) at the same time and each one
"believes" it has exclusive access.


* Secure Communications with OpenSSH
October 22nd, 2001

Computer networks are an inherently insecure medium. Unless you are
assured that your packets will never pass through a router or computer
which you do not have direct control over, your data is not safe. It may
be viewed by an untrustworthy sysadmin or script kiddie, it may be
tampered with en route, or it may be intercepted and replaced with
entirely different data.


| Network Security News: |

* Intrusion Detection Systems for the Uninitiated, Part 2; Installing
and Configuring Snort
October 26th, 2001

Snort is a lightweight network-based intrusion detection system (called
NIDS). NIDS is unlike 'portsentry', which is a host based IDS and capable
of performing real-time traffic analysis and packet logging on IP
networks. The reason Snort is called 'lightweight' NIDS, is because it's
easy to use and install and is designed primarily for small networks.


* Survey finds security practices appalling
October 24th, 2001

Despite the recent attacks of viruses, individuals are reluctant to review
their security practices, according to a recent survey conducted by
Central Command. The results however, were completely aligned to the
general feeling among industry analysts that security is not seen as a
priority among users.


* Introduction to Security Policies, Part Four: A Sample Policy
October 24th, 2001

This is the fourth in a four-part overview of security policies. In the
first article, we looked at what policies are and what they can achieve.
The second article looked at the organizational support required to
implement security policies successfully. The third installment discussed
how to develop and structure a security policy.


| Cryptography News:     |
* Encryption technology is not an enemy of the state
October 25th, 2001

The perennial target for government disapproval is encryption, and recent
events in New York have added serious fuel to the already glowing embers
of the argument. It is a touchy subject in light of the recent atrocities,
which are being used as an excuse to push legislation through.


* Master key encryption plan abandoned
October 25th, 2001

As concern grows over the vulnerability of government and industry
organizations, a familiar and controversial battle has been revisited on
Capitol Hill: the question of whether government should have control of
encrypted messages.


* Prediction in chaos points to secure transmissions
October 25th, 2001

A secure method for sending and receiving encrypted messages may follow
the first demonstration of a technique that predicts chaotic fluctuations
in laser light.  Researchers from the University of Wales in Bangor have
shown that by using two duplicate chaotic semiconducting laser systems,
one to send an encrypted message and another to receive and decipher it, a
state called anticipating synchronisation occurs.


|Vendors/Tools/Products: |
* Now is the time for two-factor security
October 26th, 2001

Whether you're a consumer, or a manager who shares the responsibility for
protecting your company's digital assets and the privacy of your
customers, it's time to get ready for two-factor security. In fact, it's
time to start insisting on it


|  General News:         |

* Cybernarks - Who's hunting the Hackers?
October 27th, 2001

Steven Lynch was first introduced to the joys of hunting down hackers in
MIT in 1989. While working in the University's IT department he came
across Australia's very own Leftist and Urvile, as they took control of
the institutions servers and used them to poke holes in systems on the
other side of the world. Phoenix and Electron were eventually tracked down
to a flat in Melbourne, but not before Lynch spent countless hours
following their clandestine progress through unsuspecting networks.


* Keeping Security Issues in the Open
October 26th, 2001

Microsoft's security manager is arguing, in effect, that security issues
should be kept secret - and out of the flow of publicly available
information.  The manager of the security response center at Microsoft
(Nasdaq: MSFT), Scott Culp, apparently wants to keep security issues in a
box -- and out of the hands of those affected by them.


* Dave Dittrich Responds to WinXP Security Claim
October 25th, 2001

Dave Dittrich, best known for his Honeynet and DDoS expertise, responds to
claims made by Steve Gibson claiming that "raw sockets are the devil" in
the latest OS by Microsoft. Dave writes, "Steve Gibson is *still* pushing
"raw sockets are the devil?" Anyone (especially journalists) who are
interested in this topic had best look into the details, not just take
what Steve tells them."


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • Linux Security Week - October 29th 2001 InfoSec News (Oct 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]