Home page logo

isn logo Information Security News mailing list archives

Linux Security Week - September 17th 2001
From: InfoSec News <isn () c4i org>
Date: Tue, 18 Sep 2001 03:04:46 -0500 (CDT)

|  LinuxSecurity.com                            Weekly Newsletter     |
|  September 17th, 2001                        Volume 2, Number 37n   |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting security articles include "Public
Key Infrastructure Overview," "GPG: the Best Free Crypto You Aren't
Using," and "Information Warfare: How to Survive Cyber Attacks."  As you
might expect, many cryptography articles were released in response to the
tragedy.  If you are interested in the crypto debate, I invite you read
what is available.

## It has been a tragic week.  Our own Dave Wreski writes, "Today's events
mark more than a display of courage by Americans, an effort to exact
retribution on those who committed this senseless act, and how this
country will be changed as a result. It directly impacts us all on an
international scale as individual architects of the global Internet."

  Special: International Security, Privacy and Solidarity 

This week, advisories were released for fetchmail, sendmail, xinetd,
bugzilla, apache-contrib, uucp, and xloadimage.  The vendors include
Caldera, Conectiva, Red Hat, and SuSE.


| Host Security News: | <<-----[ Articles This Week ]-------------

* UnderLinux Interviews Elias Levy
September 12th, 2001

Josue writes, "The underlinux brazilian site has an interesting interview
with one of the most important security experts in the world. Aleph1 the
bugtraq moderator answer some questions about de present and the future of
computers security.


* GPG: the Best Free Crypto You Aren't Using, Part I of II
September 11th, 2001

Ten years after Phil Zimmermann released PGP v.1.0 (Pretty Good Privacy),
PGP has evolved from an underground tool for paranoiacs to the gold
standard, even an internet standard, for e-mail encryption. GnuPG, the GNU
Privacy Guard, is a 100% free alternative to commercial PGP and is
included in most Linux distributions.


| Network Security News: |

* SSL toolkit flaw poses risk
September 14th, 2001

A vulnerability has been discovered in versions of software development
toolkits from RSA Security, which could allow an attacker to bypass SSL
client authentication.  In a security notice on the issue, RSA said the
vulnerability meant that hackers "might potentially gain access to data
intended only for authorised users".


* Automatic patching: Will it make the world safe from worms?
September 13th, 2001

Worms and viruses often target specific vulnerabilities in common
software. But what if the terms were reversed? Rather than attacking the
vulnerability of software for malicious purposes, what if the worm or
virus actually attempted to secure the software by applying a patch? Like
it or not, it is already happening.


* Information Warfare: How to Survive Cyber Attacks
September 11th, 2001

As an information security professional, I take an extreme interest in
information warfare, as it is closely connected to the infosec field.
Thus, I was excited to read Information Warfare: How to Survive Cyber
Attacks, and see what it offered from the information security point of


* Public Key Infrastructure Overview
September 11th, 2001

Public key cryptography supports security mechanisms such as
confidentiality, integrity, authentication, and non-repudiation. However,
to successfully implement these security mechanisms, you must carefully
plan an infrastructure to manage them. A public key infrastructure (PKI)
is a foundation on which other applications, system, and network security
components are built.


* Stealth encoding bypasses IDS protection
September 10th, 2001

Cisco's Intrusion Detection System (IDS)is not the only technology that
fails to protect ISS Web servers against stealth unicode attacks.  An
advisory by eEye Digital Security, reports that network and server sensors
from ISS, Dragon Sensor 4.x, Snort (prior to version 1.8.1) and components
of Cisco Secure IDS are affected by the issue. Symantec and Network
Associates have stated that their products are not vulnerable.


| Cryptography News:     |
* Senator calls for encryption crackdown
September 15th, 2001

The horror of Tuesday's coordinated attacks on the commercial and military
centers of America has prompted the U.S. Congress to call for a global ban
on "uncrackable" encryption products.


* Crypto-Gram September 15
September 15th, 2001

In this month's crypto-gram, Bruce Schneier talks about the events of
September 11, and how it may affect our liberties, the NSA's Dual Counter
Mode, and general news. "Unfortunately, the quickest and easy way to
satisfy those demands is by decreasing liberties.


* NSA begins crypto upgrade
September 10th, 2001

The National Security Agency is beginning a 15-year, multibillion-dollar
effort to modernize the nation's cryptographic systems, which are rapidly
growing obsolete and vulnerable.  Cryptographic systems encode messages
and include such tools as secure telephones, tactical radios and smart


| Vendors/Products:      |

* Biometrics: Just in a James Bond Flick? Not Anymore!
September 12th, 2001

The word 'Biometry' basically comprises of two words : bio + metry. The
word 'bio' refers to life or a living being and the word 'metry' refers to
'measurement'. So 'Biometric' can be summed up as: the science of
measurement of physical attributes(unique) to a living being (for
authentication /authorization.)


* PGP bolsters security package
September 10th, 2001

PGP Security will unveil this week at NetWorld+Interop 2001 in Atlanta an
easier-to-use version of its CyberCop network vulnerability-assessment
tool that will help customers more quickly find and fix security
weaknesses in PCs, servers, switches and firewalls.


| General Security News: |

* This is how we know Echelon exists
September 14th, 2001

The European Parliament published its report into the Echelon spying
system last week in which it concluded it did exist, was against the law
and that the UK had a lot of explaining to do.


* Hackers Discuss Retaliatory Cyberstrikes
September 13th, 2001

Although the U.S. government has yet to publicly identify suspects in
Tuesday's terrorist attacks on America, some hackers are already plotting
counterstrikes against Islamic Web sites, according to postings in
Internet newsgroups.  So far, the impact of the planned retaliatory
hacking has been limited.


* Report: Echelon engaged months in advance of attack
September 13th, 2001

The U.S. National Security Agency engaged the so-called Echelon
communications monitoring network, following on warnings of possible
terrorist attacks, as long as three months ago, the Frankfurter Allgemeine
Zeitung newspaper reported.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • Linux Security Week - September 17th 2001 InfoSec News (Sep 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]