+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 14th, 2002 Volume 3, Number 40n |
| |
| Editorial Team: Dave Wreski davelinuxsecurity.com |
| Benjamin Thomas benlinuxsecurity.com |
+---------------------------------------------------------------------+
 
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Fingerprinting
Exploits In System And Application Log Files," "Stenographied File
Transfer Using Posix File Locks," "Security Tools in Linux Distributions,"
and "Ten Minute Firewall."

 ** ENCRYPTION + AUTHENTICATION = TRUST **
 You may think people will regard your business as trustworthy
 because you've got a 128-bit encryption certificate, but encryption
 does not guarantee trust. Thawte believes in rigorous authentication.
 
   Download our FREE Authentication Guide:
   http://www.gothawte.com/rd406.html

BOOK REVIEW: Honeypots: Tracking Hackers
Tracking Hackers by Lance Spitzner is fantastically written. The detailed
definitions and descriptions make it a great book even for the honeypot
novice to understand. It grabs your attention right from the very
beginning, holds it to the end and leaves you wanting more.

 http://www.linuxsecurity.com/feature_stories/feature_story-121.html

Linux Security Week:
This week, advisories were released for tomcat, tkmail, htmail, fetchmail,
buzilla, libkvm, Konqueror, talkd, sendmail, pic, libc, rouge, apache,
hylafax, php, tcpdump, gv, and nss_ldap. The vendors include Conectiva,
Debian, EnGarde, NetBSD, OpenBSD, Red Hat, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-5891.html

+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-------------
+---------------------+

* Sendmail Trojan Looks Familiar
October 11th, 2002

The Trojan horse discovered in a distribution of the Sendmail open-source
e-mail server has striking similarities to a backdoor planted in OpenSSH
last summer, according to security experts who've analyzed the code. But
missteps in the alerting process may have given the culprits a chance to
cover their tracks.

http://www.linuxsecurity.com/articles/hackscracks_article-5902.html

* Design For Security Up Front
October 11th, 2002

Of the five basic phases--initiation, development, implementation,
maintenance, and decommissioning/disposal--often the need for security
isn't realized until the implementation phase, and security measures not
added until the maintenance phase. Even so, fixing many other system
vulnerabilities is simply an afterthought, addressed with patches, service
packs, or emergency hot fixes.

http://www.linuxsecurity.com/articles/security_sources_article-5892.html

* Footprints in the Sand, Part One. Fingerprinting Exploits In System
And Application Log Files
October 11th, 2002

Forensic analysts and incident response engineers are armed with a slew of
open source and commercial forensic toolsets to attempt to understand and
analyze break-ins they did not witness. The most critical component of
forensic analysis is system log files.

http://www.linuxsecurity.com/articles/documentation_article-5894.html

* Chroot Jails Made Easy with the Jail Chroot ProjectRegister
October 11th, 2002

There are always difficult jobs to do as a GNU/Linux system administrator.
Sometimes the difficulty lies in finding out how to do a particular job,
not neccessarily the job itself. This can be particularly true in the open
source world where documentation can often take a back seat to
implementation.

http://www.linuxsecurity.com/articles/documentation_article-5903.html

* When Code Goes Wrong - Format String Exploition
October 10th, 2002

I will try to keep this article as short and as easy to understand as
possible so the average people would understand this concept. What is
Format String? Formatstring are the %d, %s, %u, %x, %p %n in your C
langauge that you use when using printf and something similar. How is it
vulernable?

http://www.linuxsecurity.com/articles/documentation_article-5882.html

* Stenographied File Transfer Using Posix File Locks
October 10th, 2002

Every computer system is insecure! Why? because by using any system
resources that are available to each process information can be leaked.
Say for example you can detect CPU usage remotely (possible by measuring
the time taken for a ping reply for example).

http://www.linuxsecurity.com/articles/documentation_article-5889.html

* Assessing Internet Security Risk, Part Five: Custom Web
Applications Continued
October 9th, 2002

This article is the fifth and final in a series that is designed to help
readers to assess the risk that their Internet-connected systems are
exposed to. In the first installment, we established the reasons for doing
a technical risk assessment.

http://www.linuxsecurity.com/articles/documentation_article-5871.html

* Introduction to Buffer Overflows
October 9th, 2002

Hello, here I am again, this time I'll let you know what is in fact buffer
overflow and how you can detect if some program is vulnerable to buffer
overflow exploits. This tutorial has C source code, so if you don't know C
you can have some problems in this tutorial, you also need to have some
notions on ASM and how to use gdb.

http://www.linuxsecurity.com/articles/documentation_article-5873.html

* Improve Linux Security
October 8th, 2002

Although Linux's native support for networking services is part of the
OS's appeal, these services can also create a security risk. Stop
unnecessary network services. One of the attractions of Linux is its
native support for a wide range of TCP/IP services, many of which are
configured to run by default.

http://www.linuxsecurity.com/articles/host_security_article-5862.html

* Security Tools in Linux Distributions, Part I
October 7th, 2002

With so many security tools available, it can be hard to know what to use.
Many users do not want to be bothered with downloading, learning and
configuring security software when so many other things need to be done.

http://www.linuxsecurity.com/articles/documentation_article-5848.html

* Inhospitable Hosts
October 7th, 2002

Intrusion prevention sounds cool. It's sexy. It's the action hero of the
infosecurity universe, smacking down the bad guys before they can get in
and hurt the assets your organization holds near and dear. But what is
it, really?

http://www.linuxsecurity.com/articles/intrusion_detection_article-5856.html

* Writing anti-IDS Shellcode
October 7th, 2002

In the last few weeks i had made an intensive study of Intrusion -
Detection Systems like snort. I found that several ways of escaping from
being detected while checking for vulnerable CGI's were already made by
RFP (rfpwiretrip.net).

http://www.linuxsecurity.com/articles/documentation_article-5847.html

+------------------------+
| Network Security News: |
+------------------------+

* A Security Nightmare: Wireless Security
October 13th, 2002

And after suffering through the Love Bugs and Code Reds of e-mail, the
growth of mobile wireless raises the question of whether businesses have
learned their lessons for this second round. So far, experts say, not
really. But the final test may still be a few years away.

http://www.linuxsecurity.com/articles/network_security_article-5904.html

* FreeS/WAN Weekly Summary: IPsec on the Zaurus and more
October 10th, 2002

Hackers start using 'side-channel' attacks Side-channel attacks are the
next big threat from hackers, according to the head of RSA Labs. Normal
attacks on code are conducted by looking at the unencrypted message and
the encrypted message and attempt to recover the encryption key

http://www.linuxsecurity.com/articles/cryptography_article-5890.html

* Firewalls - back to basics
October 9th, 2002

A firewall is software or hardware that sits between two networks --
typically, between your LAN and the Internet -- and allows some sorts of
network traffic through while preventing others. It works by rules that
you set, which define the sort of security you want.

http://www.linuxsecurity.com/articles/firewalls_article-5869.html

* Guide to Intrusion Prevention
October 9th, 2002

In addition to the host application tools discussed in this article, the
broad term "intrusion prevention" encompasses several other classes of
tools that protect hosts, Web applications and networks by actively
blocking malicious actions.

http://www.linuxsecurity.com/articles/intrusion_detection_article-5879.html

* Ten Minute Firewall
October 8th, 2002

Each major version of Linux has had a different firewalling software
suite. 2.0 kernels had ipfwadm, 2.2 had ipchains, and 2.4 has iptables.
(2.4 can support ipchains-style rules if you load the ipchains module.)
Each offers great improvements from its predecessors.

http://www.linuxsecurity.com/articles/documentation_article-5866.html

+------------------------+
| Vendors/Products: |
+------------------------+

* Snort 2.0 - Detection Revisited
October 11th, 2002

Sourcefire's commitment to delivering the most innovative and effective
intrusion management solutions continues with the latest contribution to
Snort 2.0 development. As part of Sourcefire's dedication to the Open
Source community, the company continually upgrades Snort with technologies
and enhancements developed for its commercial products.

http://www.linuxsecurity.com/articles/intrusion_detection_article-5899.html

* New threat forces cryptography rethink
October 10th, 2002

Hackers start using 'side-channel' attacks Side-channel attacks are the
next big threat from hackers, according to the head of RSA Labs. Normal
attacks on code are conducted by looking at the unencrypted message and
the encrypted message and attempt to recover the encryption key. But
side-channel attacks look at other information in an attempt to crack the
code, such as the time taken to perform an operation and how power
consumption changes. Bert Kaliski, head of RSA Labs, told vnunet.com that
these methods are forcing the industry to think again. "Side-channel
attacks are causing a fundamental rethink in the way we write encryption
software," he said. "As the methods used become automated, our job is
getting tougher."

http://www.linuxsecurity.com/articles/cryptography_article-5880.html

+------------------------+
| General News: |
+------------------------+

* Sun Exec Defends Open-Source Security
October 11th, 2002

Whitfield Diffie, the inventor of public key cryptography and now chief
security officer at Sun Microsystems, spoke out Tuesday in defense of the
security of open-source software. In a keynote address at the RSA
Conference here, Diffie defended open-source software against an attack
made earlier at the same conference by Microsoft's chief security officer,
Craig Mundie.

http://www.linuxsecurity.com/articles/security_sources_article-5895.html

* Security Tops List of Reasons Not to Deploy Web Services
October 11th, 2002

End-to-end security of web services forms the most significant barrier to
implementation by organizations, but this is not expected to hinder future
development.

http://www.linuxsecurity.com/articles/general_article-5898.html

* Is Linux Really More Secure Than Windows?
October 11th, 2002

Microsoft has organized a huge security program as a result of vocal
complaints from users, while the Linux effort is, in Eric Hemmendinger's
words, "less disciplined but more timely." Ramen, Slapper, Scalper and
Mighty may sound like Santa's new team of reindeer, but they are creatures
far lower down the evolutionary ladder -- and much less welcome.

http://www.linuxsecurity.com/articles/forums_article-5897.html

* The Great Security Self-Assessment Test
October 8th, 2002

As the laws governing the use of employee and customer data become ever
more complex, IT directors are having to spend more time creating legally
watertight privacy policies.

http://www.linuxsecurity.com/articles/privacy_article-5864.html

* NIST-NSA Team Readies Systems Security Guidance
October 8th, 2002

The National Information Assurance Partnership in the next month will
release two draft guides to create standards for systems security
certification and accreditation and for minimum security controls for IT>.

http://www.linuxsecurity.com/articles/government_article-5861.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com

     To unsubscribe email newsletter-requestlinuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]