Home page logo

isn logo Information Security News mailing list archives

Linux Security Week - September 10th 2001
From: InfoSec News <isn () c4i org>
Date: Tue, 11 Sep 2001 01:09:31 -0500 (CDT)

|  LinuxSecurity.com                            Weekly Newsletter     |
|  September 10th, 2001                        Volume 2, Number 36n   |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "OpenSSH key
management, Part 2," "An Introduction to OpenSSL, Part Two:  
Cryptographic Functions Continued," and "Remote Monitoring."  Also this
week, if you have not read about Echelon, there are two good articles in
the general section of this newsletter.


EnGarde was designed from the ground up as a secure solution, starting
with the principle of least privilege, and carrying it through every
aspect of its implementation.


This week, advisories were released for xinet, windowmaker, sendmail,
fetchmail, xli, telnetd, rmuser, NetBSD kernel, and fts.  The vendors
include Conectiva, NetBSD, Mandrake, and SuSE. Mandrake users are
especially encouraged to update this week because there is such a great
number of advisories.


HTML Version:
| Host Security News: | <<-----[ Articles This Week ]-------------
* An Introduction to OpenSSL, Part Two: Cryptographic Functions
September 6th, 2001

This is the second article in a series on OpenSSL, a library written in
the C programming language that provides routines for cryptographic
primitives utilized in implementing the Secure Sockets Layer (SSL)
protocol. In the first article in the series, we discussed some of the
basics of cryptography.


* OpenSSH key management, Part 2
September 6th, 2001

Many developers use the excellent OpenSSH as a secure, encrypted
replacement for the venerable telnet and rsh commands. One of OpenSSH's
more intriguing features is its ability to authenticate users using the
RSA and DSA authentication protocols, which are based upon a pair of
complementary numerical "keys".


* Inside Jail: FreeBSD
September 6th, 2001

On most UNIX systems, root has omnipotent power. This promotes insecurity.
If an attacker were to gain root on a system, he would have every function
at his fingertips. In FreeBSD there are sysctls which dilute the power of
root, in order to minimize the damage caused by an attacker.


* The First Step of Exploring a System
September 6th, 2001

The first step to exploring a system is not just another point and click.
It is the part that suprisingly, no one really talks about; gathering
information on the subject. In order to successfully get in a system, one
must know enough about the entity to gain access to it.


| Network Security News: |
* Honeynet Project: September Scan Results
September 4th, 2001

The purpose of this monthly project is to help the security community
develop the forensic and analysis skills to decode blackhat attacks. This
is done by taking signatures we have captured in the wild and challenging
the security community to decode the signatures.


* SC Mag: Remote Monitoring
September 4th, 2001

Why Outsource IDS Monitoring, Anyway?  The simple answer to that, if there
is one, is that organizations are caught between massive security
requirements and miniscule security budgets. Outsourcing offers the
benefits of economies of scale in that the client does not need to hire
staff, spend money for specialized infrastructure, etc.


* A Growing Demand for Security Administrators, Part 2
September 4th, 2001

Demand for security specialists will only continue to grow, enabling
security administrators to move in several different directions.
Advertisement Within internal IT, they can move up the management chain to
security architect, network architect, ecommerce architect, and beyond to
director of networking or operations director and up.


* A network setup with FreeBSD and OpenBSD
September 3rd, 2001

This article discusses a network setup which might prove useful for people
who like to put some extra effort into connecting their machines to the
Internet. The goal is to build a secure client and server farm on a single
IP address.


| Cryptography News:     |

* PGP opens up complete encryption source code
September 7th, 2001

One of the first encryption products is made available to all.  PGP
Security -- a division of Network Associates that has been criticised in
the past for being too proprietary -- has made available the electronic
distribution of its complete source code for the PGPsdk, its cryptographic
toolkit. PGP, which was one of the world's first encryption products and a
de facto standard for encryption, is the foundation of all PGP Desktop,
Wireless and Server products.  The release of the source code will provide
academic researchers and cryptographers the ability to review every detail
of PGPsdk's cryptographic features. The move comes a short time after the
US government recently relaxed export regulations on cryptographic source
code, Santa Clara, California-based PGP Security said. All of article.


* Quantum Crypto to the Rescue
September 7th, 2001

This week has been big for cryptography.  It's seen both technical and
theoretical advances in next-generation quantum crypto systems and
technology.  It's seen a prototype enter its testing phase that could send
secret crypto keys through open air to a satellite or across town.


* In PKI We Trust?
September 4th, 2001

When PKIs hit the streets a few years ago, a media frenzy ensued --
remember 1999, the year of the public-key infrastructure? Now it's the
morning after, and we've gotten a dose of reality when it comes to the
cost and complexity of rolling out a PKI.


| Vendors/Products:      |

* Prioritizing patches: A precipitous pandemonium
September 8th, 2001

Is the patching of mission critical systems and related software a
priority for your business? May I suggest that patching such software
become an imperative task incorporated into an IT position ASAP.


* Rule Set Based Access Control version 1.1.2 Now Available
September 3rd, 2001

After project leaders pan vulnerability assessment, a Back Orifice
demonstration quells the skeptics. My company is about to deploy a virtual
private network (VPN). During a recent project meeting, the project
manager asked each department representative to identify six tasks related
to our areas of responsibility.


| General Security News: |

* Echelon spying network exists, EU committee says
September 6th, 2001

Echelon exists, the European Union (EU) Parliament was told Wednesday.  
Echelon, allegedly a vast information collection system capable of
monitoring all the electronic communications in the world, has been talked
about in security circles for several years. But no government agency in
the world has ever confirmed or denied its existence. An EU committee has
been investigating the system for almost a year.  Just because the
surveillance network exists, however, doesn't mean that government
agencies can access all the information Echelon collects, Gerhard Schmid,
the German Member of the European Parliament (MEP), told Parliament
members in Strasbourg.  The European Parliament accepted Schmid and his
team's 130-page-plus report and its 44 recommendations in a 367-159 vote.
There were 34 abstentions, though these were not explained.


* Information Security Certification: A Rule Of Thumb
September 4th, 2001

Take a wander through the landscape of infosec certification and you will
encounter a morass of acronyms, training and exam fees, claims and
counterclaims. Pete Thomas, Editor of SecurityWatch, and Tony Rich,
Account Director of UK IT security recruitment specialists Acumin, help
you find your way.


* What is Echelon?
September 4th, 2001

The following information consists entirely of excerpts from the European
Parliament's "Temporary Committee on the ECHELON Interception System"
report. After reading the entire lengthy, and often technical, report I
decided to sift through and find the information that most people would
find informative and applicable to their own lives and use of the Internet
and electronic communications in general.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • Linux Security Week - September 10th 2001 InfoSec News (Sep 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]