Home page logo

isn logo Information Security News mailing list archives

Linux Security Week - November 25th 2002
From: InfoSec News <isn () c4i org>
Date: Tue, 26 Nov 2002 01:30:42 -0600 (CST)

|  LinuxSecurity.com                            Weekly Newsletter     |
|  November 25th, 2002                          Volume 3, Number 46n  |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Keeping
User-Level Access When Locked Out," "chroot login HOWTO," "Making a
Connection With Tcpdump," and "Open-Source Security Comes Under Fire."

Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following


This week, advisories were released for squid, wwoffled, lynx, tcpdump,
fetchmail, courier, KDE SSL, nullmailer, mhonarc, smrsh, bind, ypserv,
getbyname, ftpd, Red Hat kernel, samba, windowmaker, dhcp, php, and
gtetrinet.  The distributors include Caldera, Debian, FreeBSD, Gentoo,
Mandrake, NetBSD, OpenPKG, Red Hat, SuSE, and Trustix.



CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.



FEATURE: Security - Physical and Service
The first installation of a 3 part article covering everything from
physical security and service security to LAMP security (Linux Apache


| Host Security News: | <<-----[ Articles This Week ]-------------

* Keeping User-Level Access When Locked Out
November 20th, 2002

Incomplete user-locking procedures can fail, leaving opportunities for
them to maintain access to your system without your consent.


* chroot login HOWTO
November 20th, 2002

This HOWTO details creating accounts on a *nix operating system that are
chroot'ed to their home directory. That is, one this user logs in, they
will not be able to access any other part of the filesystem(s) other than
what lies in the account's home directory.


* Caught in a BIND
November 20th, 2002

Weinberg's second law, a decades-old programmers' joke, states, "If
builders built buildings the way programmers wrote programs, then the
first woodpecker that came along would destroy civilization."


* Your DNS Servers Aren't Safe
November 18th, 2002

A huge new hole that allows remote code execution takeovers of DNS servers
is in the news. And--once again--it spells big trouble and long hours for
CSOs and system administrators.


| Network Security News: |

* VPN, firewall sales expected to boom
November 21st, 2002

Worldwide revenue from sales of VPN (virtual private network) and firewall
hardware and software will grow by 31 percent from $668 million in the
third quarter of 2002 to $874 million in the third quarter of next year,
according to research released Wednesday by Infonetics Research.


* Military Pushes For Wireless Security
November 21st, 2002

Military leaders agree that wireless communication is the wave of the
future, but they also agree that it needs far greater security features to
become deployable and reliable on the battlefield.


* Secure your Samba shares
November 21st, 2002

RAV AntiVirus for Samba (Linux) is, as the name describes it, an antivirus
product 100% dedicated to Linux, protecting file servers from viruses and
other malwares, regardless of the systems targeted. Due to integration of
a cutting edge technology named "total platform independence", RAV engine
detects all malwares, be it for Windows, Linux or other OS.


* Environment Audit
November 21st, 2002

Env_audit is a program that ferrets out everything it can about the
environment. It is ideal for looking for security problems due to
misconfiguration or software bugs.  Software developers that write any
program that shells out to run a command should be audited with this


* The worst security problems?
November 19th, 2002

About a month ago, the SANS Institute, in cooperation with the U.S.
Federal Bureau of Investigation, released its list of "The Twenty Most
Critical Internet Security Vulnerabilities (Updated) - The Experts'
Consensus" for 2002.


* Making a Connection With tcpdump, Part II
November 18th, 2002

Using tcpdump we can analyze the PDUs that establish and terminate a
TCP/IP connection. TCP uses a special mechanism to open and close
connections. The tcpdump output below display data from different
connection scenarios between host and The
following tcpdump command and options were used to generate output.


* Making a Connection With tcpdump, Part I
November 18th, 2002

As an system administrator, small command-line utilities that require
little setup and can be used for troubleshooting increase in value --
especially when you are called out at 2:00am for a system problem.


| Cryptography News:     |

* Light at End of Encryption Tunnel
November 21st, 2002

Quantum encryption is about to make life much more difficult for Internet
spies.  A new method of scrambling data manipulates light to create more
complex patterns than just "on" or "off," as with typical encryption. As a
result, the information in an e-mail message or file is indecipherable
because it contains too much "noise."  Not only will it make data
uncrackable, the new technology also speeds up the increasingly slow
process of sending coded messages over the Internet.


|  General News:         |

* Open-Source Security Comes Under Fire
November 22nd, 2002

Thanks to several high-profile vulnerabilities and an overall increase in
the number of flaws, open-source software has taken over Microsoft Corp.'s
position at the bottom of the security heap.


* Real World Linux Security, 2e
November 22nd, 2002

The author of this book, Bob Toxen, is one of the 162 recognized
developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years
of Linux experience. Trivia from his resume includes that he was one of
the four developers who did the initial port of UNIX to Silicon Graphics
hardware, that he was an architect of the client/server system used by
NASA's Kennedy Space Center and that he wrote the "The Problem Solver"
column for popular UNIX Review magazine. Currently he is a president of
Fly-By-Day Consulting, Inc. offering Linux security-consulting services.


* Is IT Overspending On Security?
November 20th, 2002

While viruses, worms and hacking attacks continue to evolve, the costs of
security failure have about doubled for each of the last five years. It
has been standard practice for too long for companies to counter this
trend by investing in additional security technology. In the end, however,
they still lag the hackers and the malefactors of malicious code.


* Interview with Lance Spitzner
November 20th, 2002

Lance Spitzner is a geek who constantly plays with computers, especially
network security.  His passion is researching honeypot technologies and
using them to learn more about the enemy. He is the founder of the
Honeynet Project, moderator of the honeypot mailing list, co-author of
"Know Your Enemy", author of Honeypots: Tracking Hackers" and also author
of several whitepapers. He works as a senior security architect for Sun
Microsystems, Inc.


* IT Security: Have You Checked Out Your Staff?
November 19th, 2002

Research has revealed firms are increasing their spend on IT security as
companies become more concerned about protecting data, especially against
employees.  IT security spend continues to rise in the UK despite the
ongoing high-tech recession, with companies broadening their strategies to
include an oft-neglected area: their staff.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

  By Date           By Thread  

Current thread:
  • Linux Security Week - November 25th 2002 InfoSec News (Nov 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]