Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Linux Security Week - November 1st 2004

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Linux Security Week - November 1st 2004
Date: Wed, 3 Nov 2004 06:56:30 -0600 (CST) 
+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  November 1st, 2004                        Volume 5, Number 43n     |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@linuxsecurity.com    |
|                   Benjamin D. Thomas      ben@linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Linux More
Secure than Windows says Study," "Firewall Security Tips," and "Common
Sense About Passwords."

----


The Perfect Productivity Tools <<


WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05

----

LINUX ADVISORY WATCH:
This week, advisories were released for mozilla, zlib, kernel, glib2,
MySQL, Gaim, MIT, Netatalk, socat, mpg123, rssh, xpdf, gpdf, cups,
kdegraphics, squid, and libtiff. The distributors include Conectiva,
Fedora, Gentoo, Mandrake, Red Hat, Slackware, and SuSE.

http://www.linuxsecurity.com/articles/forums_article-10147.html

-----

Mass deploying Osiris

Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system.  A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people.  The communication is all done over an encrypted
communication channel.

http://www.linuxsecurity.com/feature_stories/feature_story-175.html

---------------------------------------------------------------------

AIDE and CHKROOTKIT

Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.

http://www.linuxsecurity.com/feature_stories/feature_story-173.html

------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------+
| Host Security News: | <<-----[ Articles This Week ]----------
+---------------------+

* Hole in Linux kernel
October 28th, 2004

Leading Linux distributor Suse has uncovered a security hole in the linux
2.6 kernel. It is claimed that this vulnerability can be used to shut down
a system running 2.6-based software remotely. Bad news, indeed.

http://www.linuxsecurity.com/articles/host_security_article-10144.html


* Suse warns of hole in Linux kernel
October 27th, 2004

Linux distributor Suse has warned of one of the most serious security
holes to date in version 2.6 of the Linux kernel, which could allow
attackers to shut down a system running 2.6-based software.

http://www.linuxsecurity.com/articles/server_security_article-10140.html

* Linux more secure than Windows says study
October 27th, 2004

Another brown study in the Windows vs Linux security debate claims to
prove that the Mighty Vole fudged things when it claimed that its software
was more secure than Linux.  The study, compiled by tech journalist
Nicholas Petreley concludes that Microsoft's "Get The Facts" campaign does
not deal with the "real facts."

http://www.linuxsecurity.com/articles/general_article-10137.html


* Integer overflows  the next big threat
October 26th, 2004

THE NEXT big problem the IT security community faces is integer overflow
attacks, said Theo de Raadt, OpenBSD's project founder and leader.

According to him, the community currently can't see a clear method to
circumvent any future vulnerabilities that would arise from integer
overflows.

http://www.linuxsecurity.com/articles/security_sources_article-10134.html


+------------------------+
| Network Security News: |
+------------------------+

* Week 45: Firewall Security Tips
October 28th, 2004

In the limited space available here, I cannot possibly address how to
secure a firewall. Instead, I'll note the considerations that go into
doing so and point you to some useful resources. CNSS Instruction No.
4009, revised May 2003, National Information Assurance (IA) Glossary
defines a firewall as a "system designed to defend against unauthorized
access to or from a private network."

http://www.linuxsecurity.com/articles/firewalls_article-10146.html


* Computer Security 101
October 26th, 2004

With Lesson 8 we begin to enter the home stretch in the 10-part Computer
Security 101 Series. The object of Computer Security 101 is to provide an
introduction for new or novice users to the technology, terminology and
acronyms commonly used with computers and networks. Understanding these
things better will hopefully help people understand what, how and why they
need to secure their computers as well.

http://www.linuxsecurity.com/articles/documentation_article-10133.html


+------------------------+
| General Security News: |
+------------------------+

* Linux users: welcome to the world of malware
October 29th, 2004

Linux users are often smug about the state of their computer security,
rightly criticizing Windows for its numerous security holes, but
overlooking their own vulnerabilities.  Now it's their turn to suffer.

http://www.linuxsecurity.com/articles/server_security_article-10151.html


* Common Sense About Passwords
October 29th, 2004

Passwords are a pain, but new thinking about passwords and some new tools
make it possible to make passwords easier to manage and more effective.

Passwords are expensive for IT staff to manage.

http://www.linuxsecurity.com/articles/host_security_article-10149.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Linux Security Week - November 1st 2004, InfoSec News <=
Previous by Date:  [ISN] Assessing Network Security, InfoSec News
Next by Date:  [ISN] Russian Denies Authoring "SoBig" Worm, InfoSec News
Previous by Thread:  [ISN] Assessing Network Security, InfoSec News
Next by Thread:  [ISN] Russian Denies Authoring "SoBig" Worm, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]