Information Security News mailing list archives
Linux Security Week, December 11th 2000
From: newsletter-admins () linuxsecurity com
Date: Mon, 11 Dec 2000 00:34:28 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 11, 2000 Volume 1, Number 32n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. In the news, a few articles were released concerning broadband security. Is your DSL/Cable connection safe? A few of the articles include, "Five ways to protect yourself," "Broadband opens a backdoor," and "Best Practices in Network Security." Also, the next president was urged to increase government computer security to prevent a "digital Pearl Harbor." It seems as though everyone is talking about increasing security but not doing anything about it. What will it take? Someone launching a large scale attack, or security built into every product? Come'on, its time to start! Most problems that occur today can be prevented with a little patience and education. The next time you see a vendor advisory for a package or OS that you use, please, do me a favor and not ignore it. Security doesn't come easy, but its well worth the effort. This week, advisories were released for tcsh, openssh, bash, ghostscript, ncurses, diskcheck and pam. The vendors include Caldera, Conectiva, Immunix, and Red Hat. It is critical that you update all vulnerable packages to reduce the risk of being compromised. http://www.linuxsecurity.com/articles/forums_article-2079.html ================================================================= FREE Apache SSL Guide from Thawte Are you planning your Web Server Security? Click here to get a FREE Thawte Apache SSL guide and find the answers to all your Apache SSL security issues: <http://www.thawte.com/ucgi/gothawte.cgi?a=n074917540018000> ================================================================= HTML Version available: <http://www.linuxsecurity.com/newsletter.html> +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Five ways to protect yourself December 6th, 2000 Since the inception of the Internet, being "hacked" was something that only large organizations had to concern themselves with. A couple years ago there was little, if any, threat to the average home user, because early computers lacked hard drives and were seldom used for anything more than word processing and playing games. http://www.linuxsecurity.com/articles/host_security_article-2069.html * Security basics, Part 2 December 6th, 2000 Could you use a quick refresher course on binary numbers? Need an expert to clarify hexadecimal and octal notation? This month in Unix 101, Mo Budlong continues his three-part series on Unix security with a closer look at file attribute bits and modes. While everyone knows that computers are binary, not many people understand the numbering systems that represent the binary numbers stored in computers, or the notational conventions used for displaying this information. http://www.linuxsecurity.com/articles/host_security_article-2065.html +------------------------+ | Network Security News: | +------------------------+ * Broadband Opens a Back Door December 8th, 2000 As the number of DSL and cable modem users goes up, so does the likelihood of online security breaches. Predictions of how many people will be using DSL or cable modem connections to access the Internet over the next few years vary wildly depending on the research group, ranging from 11 million to 49 million by 2003. http://www.linuxsecurity.com/articles/network_security_article-2081.html * Distributed Pings Setting Off IDS December 5th, 2000 Despite its relatively secure status when compared to some other operating systems, Linux is still somewhat problematic to deal with, especially as the userbase drifts more and more from experienced technical hands to hobbyists and less experienced users out to try something new. Considering the insecure way some distributions are still shipped, and the pervasive and obnoxious presence of homo scriptkiddeus on the net, there's a lot of room for simple, "out of the box" security solutions on Linux. http://www.linuxsecurity.com/articles/firewalls_article-2064.html * Best Practices in Network Security December 5th, 2000 Here is a good paper that was published earlier this year. It provides an interesting perspective on network security. "Information systems security. Computer and network security. Internet security. It's a complex world, and growing more so every day. With these changes, some truths and approaches to security remain the same, while others are new and radically different. Developing a sound security strategy involves keeping one eye on the reality of Internet-speed changes in threats and technology, and the other on the reality of the corporate environment. Purchasing security devices is easy. " http://www.linuxsecurity.com/articles/network_security_article-2062.html +-------------------------+ | Vendors/Tools/Products: | +-------------------------+ * Companies showcase online safety gadgets and software December 6th, 2000 A handful of software companies are ringing online privacy bells as the holiday season approaches, urging consumers to give themselves the gift of Internet anonymity before venturing online to shop. Privacy companies were out in force Monday night for a mini tech fair at the University of California at Berkeley, showcasing wares that included self-destructing email, pseudonym makers and data scramblers to protect credit card information. http://www.linuxsecurity.com/articles/privacy_article-2071.html +------------------------+ | Cryptography News: | +------------------------+ * Encryption experts set to bust RIP rules December 7th, 2000 The Regulation of Investigatory Powers (RIP) Act could be so much waste paper if a groundbreaking UK encryption project succeeds. Mathematician Peter Fairbrother has launched a project called M-o-o-t, which would make it physically impossible to surrender encryption keys - or for security services to track e-mails. Together with an anonymous group of encryption specialists and civil liberties activists, Fairbrother has launched a software project that aims to ship its first product in time for the June 2001 activation date of the RIP Act. http://www.linuxsecurity.com/articles/cryptography_article-2074.html +------------------------+ | General News: | +------------------------+ * Next president urged to boost government computer security December 10th, 2000 The nation's top cyberspace official Friday called on the next president to boost the government's computer security to prevent a "digital Pearl Harbor." "What this presidential election year showed is that statistically improbable events can occur," Richard Clarke of the National Security Council said at a Microsoft-organized conference. http://www.linuxsecurity.com/articles/government_article-2083.html * The Case For Open Source December 5th, 2000 This isn't a security article, but it does make a strong argument for the open source movement. "At first glance, it seems ludicrous for a software company to give away its source code-its most precious commodity. In reality, the open-source development process, when combined with the Web, offers significant advantages for entire companies, independent software programmers, and users alike. Open source is a development model where the source code for an application or product is freely available for others to view, modify, and redistribute. http://www.linuxsecurity.com/articles/general_article-2063.html * Does Attrition Foster Web Defacements? December 4th, 2000 A big topic on the Internet is web page defacements. The term "defacement" or "web graffiti" refer to an incident when someone gains unauthorized access and alters the index page of that particular violated site. Usually the replaced index resembles the childish ramblings of a ten year old, and sometimes this may actually be the case. Sometimes there is a specific reason for the defacement, some of the recent "causes" include Napster, DeCSS, Israel vs. Palestine, etc. The reason that they may claim for the defacement is really not the point of this story. http://www.linuxsecurity.com/articles/hackscracks_article-2054.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week, December 11th 2000 newsletter-admins (Dec 11)