Linux Security Week - December 24th 2001

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+---------------------------------------------------------------------+
|  LinuxSecurity.com                            Weekly Newsletter     |
|  December 24th, 2001                         Volume 2, Number 51n   |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@linuxsecurity.com    |
|                   Benjamin Thomas         ben@linuxsecurity.com     |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Letter to Santa
from a Security Administrator," "Application Gateways and Stateful
Inspection:  Comparing and Contrasting," and "Social Engineering
Fundamentals, Part I: Hacker Tactics."  If you are interested in
crypto/stegano you may also want to read "Steganography, Next Generation,"
and "Paving the way for 'uncrackable' codes."


 * Features Review by 8Wire.com: EnGarde Secure Linux 1.0.1

 If you've never used Linux before and need to set up a server fast
 and easily, this is one  of the best ways to do it. It's also very
 cost effective because it will run on almost any PC  and doesn't
 require any expensive hardware, not to mention that the software
 itself sells  for a very low price. 

 http://www.linuxsecurity.com/articles/projects_article-4174.html


This week advisories were released for mailman, htdig, xsane, OpenSSH,
kerberos, libgtop, glibc, and the Trustix kernel.  The vendors include
EnGarde, Debian, Immunix, FreeBSD, Mandrake, Red Hat, and Trustix.

http://www.linuxsecurity.com/articles/forums_article-4194.html


* Why be vulnerable?  Its your choice.
 
Are you looking for a solution that provides the applications necessary to
easily create thousands of virtual Web sites, manage e-mail, DNS,
firewalling database functions for an entire organization, and supports
high-speed broadband connections all using a Web-based front-end? EnGarde
Secure Professional provides those features and more!
 
 Be Secure with EnGarde Secure Professional:
 http://store.guardiandigital.com/html/eng/493-AA.shtml
 
 

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
 

* Letter to Santa from a Security Administrator
December 22nd, 2001

Dear Santa, I'll not trouble you with the "been a good boy" stuff. You
know and I know the truth. Nevertheless, in the event that you're into
grace above justice this year -- as you most certainly have been in the
past -- here's what I want this year.

http://www.linuxsecurity.com/articles/forums_article-4197.html


* Is Linux Immune to E-Mail Viruses?
December 17th, 2001

Some of the recent press regarding the "Goner" e-mail virus has brought
about interesting commentary from antivirus manufacturers. It seems that a
number of these folks feel that Linux viruses soon will be rampaging
through the Internet alongside their Windows brethren.


http://www.linuxsecurity.com/articles/network_security_article-4171.html



+------------------------+
| Network Security News: |
+------------------------+

* Security for Telecommuting and Broadband Communications
December 23rd, 2001

NIST has recently developed the draft NIST Special Publication Security
for Telecommuting and Broadband Communications. This document is intended
to assist those responsible users, system administrators, and management
for telecommuting security, by providing introductory information about
broadband communication security and policy, security of home office
systems, and considerations for system administrators in the central
office.

http://www.linuxsecurity.com/articles/documentation_article-4199.html


* Application Gateways and Stateful Inspection:  Comparing and
Contrasting
December 18th, 2001

This article dated back in 1998 is one of the most informative articles
I've seen on Application Gateways and Stateful Inspection. The Internet
Security industry has grown tremendously in the past several years: the
increase in demand for related products has far outstripped even this
rapid expansion.

http://www.linuxsecurity.com/articles/firewalls_article-4175.html


* monitord: network security monitor
December 18th, 2001

A lightweight (distributed?) network security monitor for TCP/IP+Ethernet
LANs. It will capture certain network events and record them in a
relational database. The recorded data will be available for analysis
through a CGI based interface.


http://www.linuxsecurity.com/articles/network_security_article-4179.html



+------------------------+
| Cryptography News:     |
+------------------------+

* Steganography, Next Generation
December 19th, 2001

Steganography, the science of burying secret messages within something
innocuous, has endured bad publicity recently, with unsubstantiated rumors
of missives from Osama bin Laden hidden in images on websites.  But the
good guys can play, too. A new steganography-based technique hides
barcodes inside pictures and could help create forgery-proof identity
documents.

http://www.linuxsecurity.com/articles/cryptography_article-4185.html


* Paving the way for 'uncrackable' codes
December 17th, 2001

The heart of a new light-emitting diode (LED) developed in Cambridge, UK,
can be controlled so precisely that it emits just one single photon of
light each time it is switched on. The device could be a key component in
quantum cryptography, a code-making technology which, it is hoped, will be
uncrackable.

http://www.linuxsecurity.com/articles/cryptography_article-4170.html



+------------------------+
|  Vendors/Products:     |
+------------------------+

* Review: EnGarde Secure Linux 1.0.1
December 18th, 2001

If you've never used Linux before and need to set up a server fast and
easily, this is one of the best ways to do it. It's also very cost
effective because it will run on almost any PC and doesn't require any
expensive hardware, not to mention that the software itself sells for a
very low price.

http://www.linuxsecurity.com/articles/projects_article-4174.html



+------------------------+
|  General News:         |
+------------------------+

* Is Distributed Computing A Crime?
December 20th, 2001

Ann Harrison of SecurityFocus.com writes, "A college computer technician
who offered his school's unused computer processing power for an
encryption research project will be tried next month in Georgia for
computer theft and trespassing charges that carry a potential total of 120
years in jail.

http://www.linuxsecurity.com/articles/forums_article-4189.html


* Want better workplace security?
December 20th, 2001

An established company moves into a downtown high-rise and a few months
later discovers that many of its secrets are going public. How is that
possible? Its networks are locked down. Its employees use passwords, and
are given security clearances.

http://www.linuxsecurity.com/articles/general_article-4187.html


* Social Engineering Fundamentals, Part I: Hacker Tactics
December 19th, 2001

Sarah Granger writes, "Security is all about trust. Trust in protection
and authenticity. Generally agreed upon as the weakest link in the
security chain, the natural human willingness to accept someone at his or
her word leaves many of us vulnerable to attack. Many experienced security
experts emphasize this fact."

http://www.linuxsecurity.com/articles/general_article-4182.html


* The Survivor's Guide to 2002
December 17th, 2001

Security is a process, not a product. And it touches every aspect of an
organization.  Yet security is often an afterthought. Even worse, some
organizations' idea of security is the firewall sitting at the network
edge or the virus scanner integrated into the mail servers. Wrong.
Security is none of these things.

http://www.linuxsecurity.com/articles/security_sources_article-4169.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux