Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Security Week, December 11th 2000

From: newsletter-admins () linuxsecurity com
Date: Mon, 11 Dec 2000 00:34:28 -0500
+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  December 11, 2000                         Volume 1, Number 32n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave () linuxsecurity com    |
|                   Benjamin Thomas         ben () linuxsecurity com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security
headlines.

In the news, a few articles were released concerning broadband
security.  Is your DSL/Cable connection safe?  A few of the articles
include, "Five ways to protect yourself," "Broadband opens a backdoor,"
and "Best Practices in Network Security."   Also, the next president
was urged to increase government computer security to prevent a
"digital Pearl Harbor."  It seems as though everyone is talking
about increasing security but not doing anything about it.  What
will it take?  Someone launching a large scale attack, or security
built into every product?  Come'on, its time to start! Most problems
that occur today can be prevented with a little patience and
education.  The next time you see a vendor advisory for a package
or OS that you use, please, do me a favor and not ignore it.
Security doesn't come easy, but its well worth the effort.

This week, advisories were released for tcsh, openssh, bash,
ghostscript, ncurses, diskcheck and pam.  The vendors include
Caldera, Conectiva, Immunix, and Red Hat.  It is critical that you
update all vulnerable packages to reduce the risk of being
compromised.

http://www.linuxsecurity.com/articles/forums_article-2079.html


=================================================================
FREE Apache SSL Guide from Thawte
Are you planning your Web Server Security? Click here to get a
FREE Thawte Apache SSL guide and find the answers to all your
Apache SSL security issues:
<http://www.thawte.com/ucgi/gothawte.cgi?a=n074917540018000>
=================================================================

HTML Version available:
<http://www.linuxsecurity.com/newsletter.html>


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]-----------------+
+---------------------+


* Five ways to protect yourself
December 6th, 2000

Since the inception of the Internet, being "hacked" was something
that  only large organizations had to concern  themselves with. A
couple years ago there was  little, if any, threat to the average
home user,  because early computers lacked hard drives and  were
seldom used for anything more than word  processing and playing
games.

http://www.linuxsecurity.com/articles/host_security_article-2069.html


* Security basics, Part 2
December 6th, 2000

Could you use a quick refresher course on binary numbers? Need an
expert to clarify hexadecimal and octal notation? This month in Unix
101,  Mo Budlong continues his three-part series on Unix security
with a closer  look at file attribute bits and modes.  While everyone
knows that computers are binary, not many  people understand the
numbering systems that represent the  binary numbers stored in
computers, or the notational conventions  used for displaying this
information.

http://www.linuxsecurity.com/articles/host_security_article-2065.html



+------------------------+
| Network Security News: |
+------------------------+

* Broadband Opens a Back Door
December 8th, 2000

As the number of DSL and cable modem users goes up, so does the
likelihood of online security breaches. Predictions of how many
people will be using DSL or cable modem connections to access the
Internet over the next few years vary wildly depending on the
research group, ranging from 11 million to 49 million by 2003.

http://www.linuxsecurity.com/articles/network_security_article-2081.html


* Distributed Pings Setting Off IDS
December 5th, 2000

Despite its relatively secure status when compared to some other
operating systems, Linux is still somewhat problematic to deal with,
especially as the userbase drifts more and more from experienced
technical hands to hobbyists and less experienced users out to try
something new. Considering the insecure way some distributions are
still shipped, and the pervasive and obnoxious presence of homo
scriptkiddeus on the net, there's a lot of room for simple, "out of
the  box" security solutions on Linux.

http://www.linuxsecurity.com/articles/firewalls_article-2064.html


* Best Practices in Network Security
December 5th, 2000

Here is a good paper that was published earlier this year.  It
provides an interesting perspective on network security.
"Information systems security. Computer and network security.
Internet security. It's a complex world, and growing more so every
day. With these changes, some truths and approaches to security
remain the same, while others are new and radically different.
Developing a sound security strategy involves keeping one eye on the
reality of Internet-speed changes in threats and technology, and the
other on the reality of the corporate environment. Purchasing
security devices is easy. "

http://www.linuxsecurity.com/articles/network_security_article-2062.html



+-------------------------+
| Vendors/Tools/Products: |
+-------------------------+

* Companies showcase online safety gadgets and software
December 6th, 2000

A handful of software companies are ringing online privacy bells as
the holiday season approaches, urging consumers to give themselves
the gift  of Internet anonymity before venturing online to shop.
Privacy companies were out in force Monday night for a mini tech fair
at the University of  California at Berkeley, showcasing wares that
included self-destructing email, pseudonym makers and data scramblers
to protect credit card information.

http://www.linuxsecurity.com/articles/privacy_article-2071.html


+------------------------+
| Cryptography News:     |
+------------------------+

* Encryption experts set to bust RIP rules
December 7th, 2000

The Regulation of Investigatory Powers (RIP) Act could be so much
waste paper if a groundbreaking UK encryption project succeeds.
Mathematician Peter Fairbrother has launched a project called
M-o-o-t, which would make it physically impossible to surrender
encryption keys - or for security services to track e-mails. Together
with an anonymous group of encryption specialists and civil liberties
activists, Fairbrother has launched a software project that aims to
ship its first product in time for the June 2001 activation date of
the RIP Act.

http://www.linuxsecurity.com/articles/cryptography_article-2074.html




+------------------------+
| General News:          |
+------------------------+

* Next president urged to boost government computer security
December 10th, 2000

The nation's top cyberspace official Friday called on the next
president to boost the government's computer security to prevent a
"digital Pearl Harbor."   "What this presidential election year
showed is that statistically improbable events can occur," Richard
Clarke of the National Security Council said at a Microsoft-organized
conference.

http://www.linuxsecurity.com/articles/government_article-2083.html


* The Case For Open Source
December 5th, 2000

This isn't a security article, but it does make a strong argument for
the open source movement. "At first glance, it seems ludicrous for a
software company to give away its source code-its most precious
commodity. In reality, the open-source development process, when
combined with the Web, offers significant advantages for entire
companies, independent software programmers, and users alike. Open
source is a development model where the source code for an
application or product is freely available for others to view,
modify, and redistribute.

http://www.linuxsecurity.com/articles/general_article-2063.html


* Does Attrition Foster Web Defacements?
December 4th, 2000

A big topic on the Internet is web page defacements. The term
"defacement" or "web graffiti" refer to an incident when someone
gains unauthorized access and alters the index page of that
particular violated site. Usually the replaced index resembles the
childish ramblings of a ten year old, and sometimes this may actually
be the case. Sometimes there is a specific reason for the defacement,
some of the recent "causes" include Napster, DeCSS, Israel vs.
Palestine, etc. The reason that they may claim for the defacement is
really not the point of this story.

http://www.linuxsecurity.com/articles/hackscracks_article-2054.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: