Information Security News mailing list archives
Linux Security Week - March 26th 2001
From: newsletter-admins () linuxsecurity com
Date: Mon, 26 Mar 2001 12:01:27 -0500
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | March 26th, 2001 Volume 2, Number 13n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, a few of the good articles include "Passive Analysis of SSH Secure Shell) Traffic," "Understanding stealth scans: Forewarned is forearmed," "Realisic Expectations for Intrusion Detection Systems," and "A Brief Comparison of Email Encryption Protocols" This week, advisories were released for slrn, cups, mutt, icecast, imap, sgml-tools, and licq. The vendors include Conectiva, Mandrake, and Trusix. Although this week has been slow, if you are using any of these distributions, please take the necessary time to patch your system. http://www.linuxsecurity.com/articles/forums_article-2731.html Are you sick and tired of having to apply system updates week after week? Why not use a distribution specifically for built for security, but still maintaining maximum usability and flexibility. Guardian Digital, Inc. (our parent company), has announced that EnGarde Secure Linux will be made publicly available March 30th, 2001. We invite you visit EnGarde's website for details. http://www.engardelinux.org HTML Version available: http://www.linuxsecurity.com/newsletter.html +---------------------+ | Host Security News: | <<-----[ Articles This Week ]-----------------+ +---------------------+ * Passive Analysis of SSH (Secure Shell) Traffic March 19th, 2001 EnGarde is the next generation in Linux security providing a complete suite of e-business services, intrusion alert capabilities, improved authentication and access control utilizing strong cryptography, and complete SSL secure Web-based administration capabilities. http://www.linuxsecurity.com/articles/projects_article-2700.html +------------------------+ | Network Security News: | +------------------------+ * Understanding stealth scans: Forewarned is forearmed March 22nd, 2001 This week's column is a basic primer on scanning: what it is, why it's done, and the wonderful world of "secret handshakes" and stealth scans. Scanning a system, or a network, is normally done in order to find out what services are available. But remember, there are two groups who do it regularly. http://www.linuxsecurity.com/articles/network_security_article-2723.html * Realisic Expectations for Intrusion Detection Systems March 20th, 2001 Intrusion detection forms an increasingly important segment of the security technology market. While intrusion detection systems were, until recently, both expensive and difficult to maintain, they have become more affordable. With the arrival of less expensive off-the-shelf solutions, IDSs are becoming a more common feature of security regimens. http://www.linuxsecurity.com/articles/intrusion_detection_article-2710.html * Honeynet Project Forensic Challenge Results March 20th, 2001 EnGarde is the next generation in Linux security providing a complete suite of e-business services, intrusion alert capabilities, improved authentication and access control utilizing strong cryptography, and complete SSL secure Web-based administration capabilities. http://www.linuxsecurity.com/articles/projects_article-2708.html +------------------------+ | Cryptography News: | +------------------------+ * A Brief Comparison of Email Encryption Protocols March 24th, 2001 This document briefly reviews and compares five major email encryption protocols under consideration: MOSS, MSP, PGP, PGP/MIME, and S/MIME. Each is capable of adequate security, but also suffers from the lack of good implementation, in the context of transparent email encryption. http://www.linuxsecurity.com/articles/cryptography_article-2740.html * Flaw reported in popular e-mail encryption program March 21st, 2001 Two cryptologists announced Tuesday that they had found a flaw in the most widely used program for sending encrypted, or coded, e-mail messages. If confirmed, the flaw would allow a determined adversary to obtain secret codes used by senders of encrypted e-mail. http://www.linuxsecurity.com/articles/cryptography_article-2719.html +------------------------+ | Vendors/Products: | +------------------------+ * Apache Insecurity Reveals Directory Contents March 23rd, 2001 In this column, we look at buffer overflows in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, and imapd; format string vulnerabilities in icecast, mutt, Half-Life Dedicated Server, and cfengine; temporary-file problems in the SGML-Tools package and Mesa; and problems with Apache, several FTP daemons, a Solaris SNMP agent, vBulletin, FTPFS, and Ikonboard. http://www.linuxsecurity.com/articles/vendors_products_article-2706.html * Uncovering the secrets of SE Linux: Part 2 March 21st, 2001 In an uncharacteristic move, the U.S. National Security Agency (NSA) recently released a security-enhanced version of Linux -- code and all -- to the open source community. Part 2 of this developerWorks exclusive delves deeper into the code, dissecting how the security_av is computed and examining how other SE Linux security features are invoked. http://www.linuxsecurity.com/articles/projects_article-2722.html * Turnkey Linux package eases VPN installation March 19th, 2001 Network professionals will be able to more easily set up and configure Linux-based VPNs in branch offices with software, services and hardware from OpenReach and Penguin Computing. OpenReach and Penguin announced last week a turnkey Linux VPN package consisting of OpenReach software and services, and Penguin PCs. http://www.linuxsecurity.com/articles/network_security_article-2737.html +------------------------+ | General News: | +------------------------+ * NSA's Rice Calls For Joint Web Security Effort March 23rd, 2001 The protection of the American infrastructure is an important part of the agenda of the National Security Council, according to President Bush's National Security Advisor, Condoleezza Rice. Speaking to industry and government leaders at the Partnership for Critical Infrastructure of the US Chamber of Commerce annual meeting in Washington on Thursday, Rice said, "Today, the cyber economy is the economy. http://www.linuxsecurity.com/articles/government_article-2739.html * Bulletin: 'Dangerous' Linux worm in the wild March 23rd, 2001 A dangerous worm is spreading across the Internet and infecting Linux servers running vulnerable domain name software, the SANS Institute warned this morning. Called Lion, the worm steals passwords, installs and hides other hacking tools on infected systems, and then uses those systems to seek other servers to attack, SANS said. http://www.linuxsecurity.com/articles/network_security_article-2736.html * Developers call for web security standard March 22nd, 2001 A group of security developers has called for an industry standard for internet security testing. The group, called Ideahamster, which includes a mixture of security experts and developers, has suggested that the introduction of such a standard would make it easier for users to judge security products. http://www.linuxsecurity.com/articles/projects_article-2730.html * Privacy's Price March 20th, 2001 The potential for abuse - advertisers, for instance, could soon pinpoint cell-phone users and beam them messages based on their shopping habits - has prompted Congress to consider a series of bills that, taken together, would dramatically restrict retailers, financial firms, health insurers and schools from sharing customer information. http://www.linuxsecurity.com/articles/privacy_article-2713.html * The hacking hobbyist March 19th, 2001 Jeff Baker hacks into corporate computer networks for fun - period. Baker, a 24-year-old systems programmer, is part of a group of computer experts who spend their free time trying to figure out potential Internet security threats to large networks. Over the last year, Baker's hobby has led him to technology security lapses at E*Trade, the Charles Schwab brokerage concern, Wells Fargo bank and the Critical Path e-mail service. http://www.linuxsecurity.com/articles/hackscracks_article-2702.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Security Week - March 26th 2001 newsletter-admins (Mar 26)