|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Linux Security Week, January 8th 2001
newsletter-admins
linuxsecurity.com
Date: Mon Jan 08 2001 - 10:03:17 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| January 8, 2001 Volume 2, Number 2n |
| |
| Editorial Team: Dave Wreski davelinuxsecurity.com |
| Benjamin Thomas benlinuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, a few interesting papers were released. Among them were, "IDS
Evasion with Unicode," "FreeBSD IPsec mini-HOWTO," and "Linux Intrusion
Detection." Each article provides information that could be helpful. If
you have not yet set up an IDS on your network, it would be a great time
to get started. Attacks are increasing, and it is something that simply
cannot be ignored.
This week, advisories were released for slocate, gnupg, procfs, bitchx,
gpm, piranha, ircii, openldap, and emacs. The vendors include Conectiva,
FreeBSD, LinuxPPC, and Mandrake. It was a big week for LinuxPPC
advisories. If you are maintaining any PPC servers we recommend that you
update or remove any vulnerable packages.
http://www.linuxsecurity.com/articles/forums_article-2237.html
=================================================================
FREE Apache SSL Guide from Thawte
Are you planning your Web Server Security? Click here to get a
FREE Thawte Apache SSL guide and find the answers to all your
Apache SSL security issues:
<http://www.thawte.com/ucgi/gothawte.cgi?a=n074917540018000>
=================================================================
HTML Version available:
<http://www.linuxsecurity.com/newsletter.html>
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+
* Using ssh
January 7th, 2001
While this is a good article on using ssh, OpenSSH is really the
version of choice these days. "Ssh (Secure Shell) is a program for
logging into a remote machine and executing commands in a remote
machine. It is intended to replace rlogin and rsh, and provide secure
encrypted communications between two untrusted hosts over an insecure
network.
http://www.linuxsecurity.com/articles/cryptography_article-2248.html
* Introduction to Digital Signatures in Java
January 4th, 2001
To set up a digital signature in Java, you first need to set up a
private key, usually by using keytool or the security API methods.
Programmers often use the Java Certificate feature to securely
verify public key authenticity. After you have a public key, you
generate a digital signature using the jarsigner tool or the API
methods.
http://www.linuxsecurity.com/articles/cryptography_article-2228.html
* FreeBSD IPsec mini-HOWTO
January 4th, 2001
This document is intended to be a primer on how to get IPsec on
FreeBSD up and running, interoperating both with another FreeBSD (or
NetBSD or any other KAME-derived stack) machine, and a Windows 2000
machine. IPsec is a means to secure IP layer communications between
hosts, and can secure both IPv4 and IPv6 traffic. Only IPsec over
IPv4 will be discussed here.
http://www.linuxsecurity.com/articles/cryptography_article-2232.html
+------------------------+
| Network Security News: |
+------------------------+
* DDoS: Internet Weapons of Mass Destruction
January 5th, 2001
EBay. Amazon. CNN. None of these Internet heavy hitters was
adequately prepared to withstand a series of DDoS (distributed
denial of service) attacks that made headlines and disrupted
operations early last year. What makes you think you're in any
better position?
http://www.linuxsecurity.com/articles/network_security_article-2236.html
* IDS Evasion with Unicode
January 4th, 2001
A thief obtains his prize by bypassing alarms and security systems
that are in place. IDS evasion is no different. An attacker knows
that the IDS will alarm on certain attack signatures and, therefore,
will try to evade the IDS by disguising the attack.
http://www.linuxsecurity.com/articles/intrusion_detection_article-2231.html
* Intrusion Detection: Be Afraid, Be Very Afraid
January 4th, 2001
If you're not afraid about the state of your company's security, you
should be. Hackers are scanning ports en masse, coordinated attacks
are gaining popularity, and network users who appear to be valid are
often impostors. And that's just outside attacks.
http://www.linuxsecurity.com/articles/intrusion_detection_article-2234.html
* Linux Intrusion Detection
January 3rd, 2001
One key to intrusion detection is understanding the most common
security exploits. This knowledge will allow you to set up a
checklist for periodic security checks of your system. If you're
running a DNS server, BIND is a favorite target for attack. BIND has
a number of security issues and should be disabled if not needed.
http://www.linuxsecurity.com/articles/intrusion_detection_article-2222.html
+------------------------+
| Cryptography News: |
+------------------------+
* Crypto-Politics: Decoding the New Encryption Standard
January 2nd, 2001
An interview with Sun Labs' Whit Diffie and Susan Landau on the
subject of the new AES encryption standard. Whit is one of the
industry's "encryption gurus" and recently received the Marconi
award (with Martin Hellman) for developing Public Key encryption. He
is also often called to speak before Congress and the White House as
an encryption expert.
http://www.linuxsecurity.com/articles/cryptography_article-2213.html
* Secure Communication with GnuPG on Linux
January 1st, 2001
GnuPG is a tool for secure communication and data storage. It can be
used to encrypt data and to create digital signatures. GnuPG is a
complete and free replacement for PGP. Because it does not use the
patented IDEA algorithm, it can be used without any restrictions.
GnuPG uses public-key cryptography so that users may communicate
securely.
http://www.linuxsecurity.com/articles/cryptography_article-2209.html
+-------------------------+
| Vendors/Tools/Products: |
+-------------------------+
* A Roundtable on BSD, Security, and Quality
January 7th, 2001
Contributing Editor Jack Woehr moderated a roundtable at the recent
USENIX Security Symposium 2000. The participants, Theo deRaadt, Todd
Miller, Angelos Keromytis, and Werner Losh, discussed several topics,
including the evolving distinction between Linux and BSD and the
notion that reliability and security are achieved through
simplicity.
http://www.linuxsecurity.com/articles/forums_article-2249.html
* Snort 1.7 Released
January 6th, 2001
Snort 1.7 has finally been released! Snort is an open source
network intrusion detection system, capable of performing real-time
traffic analysis and packet logging on IP networks. It can
perform protocol analysis, content searching/matching and can be
used to detect a variety of attacks and probes, such as buffer
overflows, stealth port scans, CGI attacks, SMB probes, OS
fingerprinting attempts, and much more. Snort uses a flexible
rules language to describe traffic that it should collect or pass,
as well as a detection engine that utilizes a modular plugin
architecture.
http://www.linuxsecurity.com/articles/intrusion_detection_article-2245.html
* Updated Secure Programming for Linux and Unix HOWTO
January 3rd, 2001
David Wheeler has made major modifications to his HOWTO. "Version
2.70 released, adding a significant amount of additional material,
such as a significant expansion of the discussion of cross-site
malicious content, HTML/URI filtering, and handling temporary files.
http://www.linuxsecurity.com/articles/documentation_article-2226.html
* Security Statement from GTK+ Team
January 3rd, 2001
Below is a statement from Ownen Taylor of the GTK+ development team
in regards to the recent GTK_MODULES security issue raised on
BUGTRAQ. "In the opinion of the GTK+ team, the only correct way to
write a setuid program with a graphical user interface is to have a
setuid backend that communicates with the non-setuid graphical user
interface via a mechanism such as a pipe and that considers the input
it receives to be untrusted."
http://www.linuxsecurity.com/articles/projects_article-2224.html
+------------------------+
| General News: |
+------------------------+
* When to say "no access"
January 5th, 2001
In the rush to adopt e-commerce, businesses are looking at network
security from a perspective that requires both technology and an
intuitive sense of how and where to allow access to information.
Network security is no longer a matter of putting in the best
firewalls, or having the most up-to-date anti-virus software,
intrusion detectors or encryption
http://www.linuxsecurity.com/articles/network_security_article-2242.html
* How to cover your shopping footprints
January 5th, 2001
Shopping on the Internet is like signing up for a supermarket saver
card or getting that extra 10 percent discount when you sign up for
a retail store's credit card. You get some immediate savings, but
you are also involuntarily subscribing to junk mail.
http://www.linuxsecurity.com/articles/privacy_article-2241.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-requestlinuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]