+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 24th, 2001 Volume 2, Number 51n | | | | Editorial Team: Dave Wreski dave@linuxsecurity.com | | Benjamin Thomas ben@linuxsecurity.com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Letter to Santa from a Security Administrator," "Application Gateways and Stateful Inspection: Comparing and Contrasting," and "Social Engineering Fundamentals, Part I: Hacker Tactics." If you are interested in crypto/stegano you may also want to read "Steganography, Next Generation," and "Paving the way for 'uncrackable' codes." * Features Review by 8Wire.com: EnGarde Secure Linux 1.0.1 If you've never used Linux before and need to set up a server fast and easily, this is one of the best ways to do it. It's also very cost effective because it will run on almost any PC and doesn't require any expensive hardware, not to mention that the software itself sells for a very low price. http://www.linuxsecurity.com/articles/projects_article-4174.html This week advisories were released for mailman, htdig, xsane, OpenSSH, kerberos, libgtop, glibc, and the Trustix kernel. The vendors include EnGarde, Debian, Immunix, FreeBSD, Mandrake, Red Hat, and Trustix. http://www.linuxsecurity.com/articles/forums_article-4194.html * Why be vulnerable? Its your choice. Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! Be Secure with EnGarde Secure Professional: http://store.guardiandigital.com/html/eng/493-AA.shtml +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Letter to Santa from a Security Administrator December 22nd, 2001 Dear Santa, I'll not trouble you with the "been a good boy" stuff. You know and I know the truth. Nevertheless, in the event that you're into grace above justice this year -- as you most certainly have been in the past -- here's what I want this year. http://www.linuxsecurity.com/articles/forums_article-4197.html * Is Linux Immune to E-Mail Viruses? December 17th, 2001 Some of the recent press regarding the "Goner" e-mail virus has brought about interesting commentary from antivirus manufacturers. It seems that a number of these folks feel that Linux viruses soon will be rampaging through the Internet alongside their Windows brethren. http://www.linuxsecurity.com/articles/network_security_article-4171.html +------------------------+ | Network Security News: | +------------------------+ * Security for Telecommuting and Broadband Communications December 23rd, 2001 NIST has recently developed the draft NIST Special Publication Security for Telecommuting and Broadband Communications. This document is intended to assist those responsible users, system administrators, and management for telecommuting security, by providing introductory information about broadband communication security and policy, security of home office systems, and considerations for system administrators in the central office. http://www.linuxsecurity.com/articles/documentation_article-4199.html * Application Gateways and Stateful Inspection: Comparing and Contrasting December 18th, 2001 This article dated back in 1998 is one of the most informative articles I've seen on Application Gateways and Stateful Inspection. The Internet Security industry has grown tremendously in the past several years: the increase in demand for related products has far outstripped even this rapid expansion. http://www.linuxsecurity.com/articles/firewalls_article-4175.html * monitord: network security monitor December 18th, 2001 A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface. http://www.linuxsecurity.com/articles/network_security_article-4179.html +------------------------+ | Cryptography News: | +------------------------+ * Steganography, Next Generation December 19th, 2001 Steganography, the science of burying secret messages within something innocuous, has endured bad publicity recently, with unsubstantiated rumors of missives from Osama bin Laden hidden in images on websites. But the good guys can play, too. A new steganography-based technique hides barcodes inside pictures and could help create forgery-proof identity documents. http://www.linuxsecurity.com/articles/cryptography_article-4185.html * Paving the way for 'uncrackable' codes December 17th, 2001 The heart of a new light-emitting diode (LED) developed in Cambridge, UK, can be controlled so precisely that it emits just one single photon of light each time it is switched on. The device could be a key component in quantum cryptography, a code-making technology which, it is hoped, will be uncrackable. http://www.linuxsecurity.com/articles/cryptography_article-4170.html +------------------------+ | Vendors/Products: | +------------------------+ * Review: EnGarde Secure Linux 1.0.1 December 18th, 2001 If you've never used Linux before and need to set up a server fast and easily, this is one of the best ways to do it. It's also very cost effective because it will run on almost any PC and doesn't require any expensive hardware, not to mention that the software itself sells for a very low price. http://www.linuxsecurity.com/articles/projects_article-4174.html +------------------------+ | General News: | +------------------------+ * Is Distributed Computing A Crime? December 20th, 2001 Ann Harrison of SecurityFocus.com writes, "A college computer technician who offered his school's unused computer processing power for an encryption research project will be tried next month in Georgia for computer theft and trespassing charges that carry a potential total of 120 years in jail. http://www.linuxsecurity.com/articles/forums_article-4189.html * Want better workplace security? December 20th, 2001 An established company moves into a downtown high-rise and a few months later discovers that many of its secrets are going public. How is that possible? Its networks are locked down. Its employees use passwords, and are given security clearances. http://www.linuxsecurity.com/articles/general_article-4187.html * Social Engineering Fundamentals, Part I: Hacker Tactics December 19th, 2001 Sarah Granger writes, "Security is all about trust. Trust in protection and authenticity. Generally agreed upon as the weakest link in the security chain, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. Many experienced security experts emphasize this fact." http://www.linuxsecurity.com/articles/general_article-4182.html * The Survivor's Guide to 2002 December 17th, 2001 Security is a process, not a product. And it touches every aspect of an organization. Yet security is often an afterthought. Even worse, some organizations' idea of security is the firewall sitting at the network edge or the virus scanner integrated into the mail servers. Wrong. Security is none of these things. http://www.linuxsecurity.com/articles/security_sources_article-4169.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------