+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 11th, 2004 Volume 5, Number 40n |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin D. Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Secure E-Mail
and Public Key Cryptography: Together At Last," "Nessus Network Auditing,"
and "The Twenty Most Critical Internet Security Vulnerabilities."
----
The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
----
LINUX ADVISORY WATCH:
This week, advisories were released for syscons, shareutils, netpbm,
kdelibs, PHP, samba, kernel, XFree86, samba, getmail, zlib, mozilla, and
squid. The distributors include Debian, Slackware, SuSE, Trustix, and
Turbolinux.
http://www.linuxsecurity.com/articles/forums_article-10045.html
AIDE and CHKROOTKIT
Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.
http://www.linuxsecurity.com/feature_stories/feature_story-173.html
----
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
----
The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* Secure E-Mail and Public Key Cryptography: Together At Last?
October 6th, 2004
With its ability to authenticate, digitally sign, and encrypt messages,
public key cryptography seems like a natural fit for protecting e-mail:
With one solution, you can ensure the integrity of the content and prove
the identity of the sender. But public key cryptography is akin to peace
in the Middle East--everyone agrees it's a good idea, but the associated
complexities can derail implementation.
http://www.linuxsecurity.com/articles/cryptography_article-10021.html
* Anti-virus program detects GNU Public Licence
October 6th, 2004
POPULAR OPEN SOURCE virus scanner Clamav has been hastily updated this
morning to remove a 'false positive': the scanner was detecting the GNU
Public Licence as a virus. Thousands of Open Source programs, including
Clamav itself, include a copy of this licence, and since it is a plain
text file it is incapable of containing a virus.
http://www.linuxsecurity.com/articles/vendors_products_article-10035.html
* Role-based Windows subsets will compete more directly with Linux
October 5th, 2004
Microsoft is developing versions of its Windows operating system with only
a subset of the Windows code base, designed for specific server tasks, in
a move that could reduce maintenance costs for customers and create
products that are less vulnerable to attack.
http://www.linuxsecurity.com/articles/vendors_products_article-10013.html
+------------------------+
| Network Security News: |
+------------------------+
* Nessus Network Auditing
October 8th, 2004
Syngress Publishing, Inc., today announced the publication of "Nessus
Network Auditing" (ISBN: 1-931836-08-6), co-authored by Nessus Project
Founder Renaud Deraison and a team of leading Nessus developers.
http://www.linuxsecurity.com/articles/documentation_article-10046.html
+------------------------+
| General Security News: |
+------------------------+
* The Twenty Most Critical Internet Security Vulnerabilities
October 8th, 2004
The vast majority of worms and other successful cyber attacks are made
possible by vulnerabilities in a small number of common operating system
services. Attackers are opportunistic.
http://www.linuxsecurity.com/articles/projects_article-10047.html
* Indian government outsources Linux security to New Jersey firm
October 8th, 2004
Indian Space Research Organization (ISRO) headquarters. And, according to
Guardian Digital spokesperson Nicole Pearson, ISRO made the first contact.
were originally looking for a secure mail server," says Pearson, who noted
that ISRO found Guardian Digital through its online presence, not because
of a sales call or other direct marketing efforts.
http://www.linuxsecurity.com/articles/vendors_products_article-10048.html
* Vendors sharpen vulnerability-assessment tools
October 7th, 2004
A pair of vulnerability-assessment and remediation tool vendors are
separately upgrading their products so that customers more easily can
prioritize which networked systems need to be fixed.
http://www.linuxsecurity.com/articles/network_security_article-10037.html
* A Seven-Step Plan For Protecting Corporate Data
October 7th, 2004
A pharmaceutical researcher develops a new product formula, recording his
work in an electronic notebook. The company e-mails the new formula to its
contract manufacturers and must assure that they don't mistakenly revert
to older, out-of-date formulas.
http://www.linuxsecurity.com/articles/security_sources_article-10044.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/
