Security News > 2002 > April > Linux Security Week - April 29th 2002
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 29th, 2002 Volume 3, Number 17n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Cracking the Cracking," "Setting up a FreeBSD firewall with an IPSec uplink," "Security is poor because vendors are not held responsible," and "Wireless LAN Security: A Short History." ** FREE Apache SSL Guide from Thawte ** Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. -> http://www.gothawte.com/rd252.html This week, advisories were released for the FreeBSD kernel, webalizer, sudo, PHPprojekt, ethereal, icecast, and squid. The vendors include Caldera, Conectiva, Debian, EnGarde, FreeBSD, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-4877.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Multiple vulnerabilities in stack smashing protection technologies April 24th, 2002 As if IT managers didn't have enough security headaches, the rise of Web site-based intrusions has risen over the last year, with aggressive cookies and pop-up-spawned spyware leading the charge. Products like the Gator password manager utility are reported to include a Web-user monitoring component, which may even cause Web browsers to crash or behave erratically. http://www.linuxsecurity.com/articles/server_security_article-4869.html * Cracking the Cracking April 24th, 2002 Learning about the ins and outs of computer forensics technology and the law make four recent releases worth investigating. Computer-based crime has given rise to a new type of evidence gathering-or forensics-and a new breed of investigator. But computer forensics is still a young discipline, and almost no one today has been trained purely as a computer forensic analyst. http://www.linuxsecurity.com/articles/documentation_article-4866.html * Using GnuPG April 23rd, 2002 GnuPG, the GNU Privacy Guard, is the open source equivalent to PGP, or Pretty Good Privacy, which has been available for Windows, DOS, and some other operating systems for many years. It has all the same features, based on the OpenPGP standard. The uses for GnuPG (or GPG) are varied: It can be used to encrypt email messages and files, or to digitally sign email messages and files. http://www.linuxsecurity.com/articles/cryptography_article-4858.html * Apache and SSL April 22nd, 2002 Secure Sockets Layer (SSL), developed by Netscape Communications, and Transport Layer Security (TLS), the open-standard replacement for SSL from the Internet Engineering Task Force, are the two protocols that add encryption and authentication to TCP/IP. http://www.linuxsecurity.com/articles/cryptography_article-4854.html +------------------------+ | Network Security News: | +------------------------+ * Wireless Lans can be secure April 26th, 2002 In the 1994 film Renaissance Man, Danny DeVito describes Military Intelligence as an oxymoron. Who would have thought that eight years later many would be making the same criticism of wireless security? At the heart of the problem is the slow rate at which most corporate security policies and solutions actually develop, and the way that 'mobile' is viewed within businesses. http://www.linuxsecurity.com/articles/network_security_article-4880.html * Setting up a FreeBSD firewall with an IPSec uplink April 25th, 2002 Though this article mainly deals with problems inherent to wireless networks, the principals apply equally well to wired networks. Also, though FreeBSD is the OS referenced, this may work equally well with other flavors of BSD . The version of FreeBSD used was 4.5-release. http://www.linuxsecurity.com/articles/network_security_article-4873.html * ipsec_tunnel: An IPsec tunnel implementation for Linux April 25th, 2002 I started this project because I was using a number of IPIP tunnels to connect a number of private networks over the Internet, and I needed encryption for a few resons. Above all I wanted to be able to use standard protocols such as FTP and NFS without having to worry about cleartext passwords and snooping. http://www.linuxsecurity.com/articles/cryptography_article-4870.html * Security is poor because vendors are not held responsible April 25th, 2002 Network security is not a technological problem; it's a business problem. The only way to address it is to focus on business motivations. To improve the security of their products, companies - both vendors and users - must care; for companies to care, the problem must affect stock price. The way to make this happen is to start enforcing liabilities. http://www.linuxsecurity.com/articles/vendors_products_article-4874.html * Wireless LAN Security: A Short History April 22nd, 2002 If you're holding back on an 802.11 deployment because of security concerns, you're not alone. Research indicates that the perceived insecurity of wireless networks is a major inhibitor to further market growth. This short history of the security issues in wireless networks should help shed some light on the problem. http://www.linuxsecurity.com/articles/network_security_article-4849.html +------------------------+ | Cryptography: | +------------------------+ * Keeping e-mail encryption alive April 22nd, 2002 Phil Zimmermann knows a thing or two about adversity. His invention for encrypting e-mail, Pretty Good Privacy, was so good that the government considered it munitions subject to tough export controls. Prosecutors threatened him with criminal charges when others leaked it overseas. http://www.linuxsecurity.com/articles/cryptography_article-4852.html +------------------------+ | Vendor/Products: | +------------------------+ * More Cross site Scripting in PHPNuke April 24th, 2002 The European Commission has unveiled new proposals that could send Internet hackers and spreaders of computer viruses to jail for years. Industry and security experts welcomed the proposals, but said more needed to be done to get companies, cautious of bad publicity, to report Internet attacks and to boost law enforcement resources in the fight against cybercrime http://www.linuxsecurity.com/articles/hackscracks_article-4864.html +------------------------+ | General: | +------------------------+ * Training the cyberwar troops April 26th, 2002 Systems administrator David Riebrandt's first hint that intruders had hacked the military network came from telltale electronic footprints. From the logs--electronic records of the information passed on the network--it quickly became evident that a server with gate-keeping control over different parts of the system was getting downright chatty with a foreign computer via the Internet. http://www.linuxsecurity.com/articles/network_security_article-4884.html * Worries Of Cyberattacks On U.S. Are Aired April 26th, 2002 U.S. officials warned yesterday that the Chinese military may be searching for ways to attack defense and civilian computer networks in the United States and Taiwan. But they said intelligence analysts have concluded that China so far lacks the ability to cause much disruption. http://www.linuxsecurity.com/articles/hackscracks_article-4879.html * Honeynet looks to sting hackers April 22nd, 2002 A group of 30 computer security researchers who set up inexpensive "fake" networks to observe how hackers behave as they break into them are finding out about new software vulnerabilities and warning the public. http://www.linuxsecurity.com/articles/hackscracks_article-4850.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.