+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 22nd, 2002 Volume 3, Number 16n |
| |
| Editorial Team: Dave Wreski davelinuxsecurity.com |
| Benjamin Thomas benlinuxsecurity.com |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Build a Flexible
VPN with FreeS/WAN and Linux," "Linux VPN Masquerade HOWTO," "Hacking
Through the Wireless Jungle," and "Uncrackable encryption: It's no longer
just sci-fi."

** FREE Apache SSL Guide from Thawte **
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

 -> http://www.gothawte.com/rd252.html

This week, advisories were released for libsafe, imp, syncache/syncookies,
squid, webalizer, xpilot, and demarc. The vendors include Debian,
FreeBSD, and Mandrake.

http://www.linuxsecurity.com/articles/forums_article-4837.html

Find technical and managerial positions available worldwide. Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
 
 
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+
 

* Evasion tool puts Snort's nose out of joint
April 17th, 2002

The darling of the intrusion detection system (IDS) industry had its nose
put out of joint yesterday when a security developer released an evasion
tool capable of undermining it. Open source development Snort has been
heralded as one of the most flexible IDS offerings, comparing well with
alternative commercial products.

http://www.linuxsecurity.com/articles/intrusion_detection_article-4822.html

+------------------------+
| Network Security News: |
+------------------------+
 
* Hacking Through the Wireless Jungle
April 20th, 2002

With a WLAN card and a sniffer, it is not difficult for a hacker to find a
company's wireless network from a position outside the building.

http://www.linuxsecurity.com/articles/network_security_article-4846.html

* New tool helps hackers evade detection
April 19th, 2002

A new tool for manipulating packets of data that travel over the Internet
could allow attackers to camouflage malicious programs just enough to
bypass many intrusion-detection systems and firewalls.

http://www.linuxsecurity.com/articles/hackscracks_article-4841.html

* Build a Flexible VPN with FreeS/WAN and Linux, Part 2
April 19th, 2002

Part One of this article discussed the advantages of FreeS/WAN, a
Linux-based VPN package that allows even older Pentiums to be pressed into
service as flexible VPN servers and offered an overview of how to build a
test-bed network.

http://www.linuxsecurity.com/articles/network_security_article-4840.html

* Build a Flexible VPN with FreeS/WAN and Linux
April 18th, 2002

FreeS/WAN is an ideal solution for the overworked, harassed network admin
who needs to bring together branch offices, telecommuters, and road
warriors from anywhere over the Internet, and it does it all for the price
of the hardware, with requirements that are surprisingly low.

http://www.linuxsecurity.com/articles/network_security_article-4831.html

* Linux VPN Masquerade HOWTO
April 16th, 2002

How to configure a Linux firewall to masquerade IPsec- and PPTP-based
Virtual Private Network traffic, allowing you to establish a VPN
connection without losing the security and flexibility of your Linux
firewall's internet connection and allowing you to make available a VPN
server that does not have a registered internet IP address.

http://www.linuxsecurity.com/articles/documentation_article-4806.html

+------------------------+
| Cryptography: |
+------------------------+

* Uncrackable encryption: It's no longer just sci-fi
April 19th, 2002

Imagine, if you will, a means of delivering encryption keys that is so
secure that it's impossible to break because doing so would violate the
laws of physics. In other words, the delivery method is so secure, it's
protected by the very fabric of the universe.

http://www.linuxsecurity.com/articles/cryptography_article-4836.html

* Crypto-Gram April 15th, 2002
April 16th, 2002

The National Science Foundation will begin testing electronic signature
technology next month that could remove the last impediment to its
paperless proposal process.

http://www.linuxsecurity.com/articles/cryptography_article-4808.html

+------------------------+
| Vendor/Products: |
+------------------------+

* Announcement of OpenSSL 0.9.6d and 0.9.7 Release Plan and Schedule
April 17th, 2002

The National Science Foundation will begin testing electronic signature
technology next month that could remove the last impediment to its
paperless proposal process.

http://www.linuxsecurity.com/articles/cryptography_article-4823.html

+------------------------+
| General: |
+------------------------+

* White House cyber czar describes next phase of Internet plan
April 19th, 2002

Speaking before a conference of hundreds of federal technology personnel
and industry officials Wednesday morning, Richard Clarke, President Bush's
point man on national cybersecurity, outlined the next phase in the
controversial plan to build an impenetrable information network for the
federal government, known as Govnet

http://www.linuxsecurity.com/articles/government_article-4838.html

* Carnivore's New Leash on Life?
April 18th, 2002

A graduate student at Dartmouth College wants to tame the FBI's Carnivore
surveillance system. Alex Iliev has proposed a way to force anyone who
wants to monitor e-mail or Web browsing to follow the rules -- and not
snoop on private data that should be off-limits. Iliev's system relies on
technology, not Congress or federal judges, to keep Carnivore on a very
short leash.

http://www.linuxsecurity.com/articles/privacy_article-4829.html

* A Proposed Architecture and Roadmap
April 15th, 2002

This document describes a proposed strategy for addressing security within
a Web service environment. It defines a comprehensive Web service security
model that supports, integrates and unifies several popular security
models, mechanisms, and technologies (including both symmetric and public
key technologies) in a way that enables a variety of systems to securely
interoperate in a platform- and language-neutral manner.

http://www.linuxsecurity.com/articles/network_security_article-4804.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com

     To unsubscribe email newsletter-requestlinuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]