Security News > 2002 > August > Linux Security Week - August 26th 2002
+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 26th, 2002 Volume 3, Number 33n | | | | Editorial Team: Dave Wreski dave () linuxsecurity com | | Benjamin Thomas ben () linuxsecurity com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Introduction to Autorooters: Crackers Working Smarter, Not Harder," "Defining Virtual Honeynets," "A New AES Standard For Wireless," and "Exploring Diffie-Hellman Encryption." ** FREE Apache SSL Guide from Thawte Certification ** Do your online customers demand the best available protection of their personal information? Thawte's guide explains how to give this to your customers by implementing SSL on your Apache Web Server. FREE Thawte Apache Guide: http://www.gothawte.com/rd361.html FEATURE: PHP Secure Installation As we know the vulnerabilities in PHP are increasing day by day there comes the need to secure the PHP installation to the highest level. Due to its popularity and its wide usage most of the developers and the administrators will be in trouble if they don't take appropriate steps on security issues during the installation. http://www.linuxsecurity.com/feature_stories/feature_story-117.html * Developing with open standards? * Demanding High Performance? This week, advisories were released for krb5, fam, konqueror, libpng, phpmail, mantis, bugzilla, Red Hat kernel, kdelibs, and unixware. The vendors include Caldera, Debian, and Red Hat. http://www.linuxsecurity.com/articles/forums_article-5563.html Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request () linuxsecurity com with "subscribe" as the subject. Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Introduction to Autorooters: Crackers Working Smarter, Not Harder August 22nd, 2002 Efficiency and automation: one can argue that they are two of the most valuable by-products of any technology. There is little doubt that the electronic tools of today allow us to get more done in less time. We use software to eliminate tedious work, reduce man-hours, and sift through mounds of data in seconds. http://www.linuxsecurity.com/articles/server_security_article-5557.html * Wrapping Up DJBDNS August 21st, 2002 Welcome to the home stretch, my last [2] ITworld article on installing DJBDNS. I'll cover two things here. First, I'll show you how to 'import' your existing BIND zones into tinydns data format so you don't need to convert those files by hand. Lastly, I'll show you how to start up the axfrdns server, which will allow DNS secondaries running BIND to mirror your DNS zones. http://www.linuxsecurity.com/articles/server_security_article-5549.html * Linux Security Modules: General Security Support for the Linux Kernel August 20th, 2002 The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win acceptance into mainstream operating systems due in part to a lack of consensus within the security community on the right solution. http://www.linuxsecurity.com/articles/security_sources_article-5546.html * Making [Privacy] Work August 20th, 2002 The privacy policy is written and posted on a company's Web site. The 2002 privacy-policy notice, a complicated statement required of financial-services companies under the Gramm-Leach-Bliley Act, is in the mail. Top executives and perhaps even the board of directors have reviewed the policy to make sure it will protect the company's good name. http://www.linuxsecurity.com/articles/privacy_article-5544.html +------------------------+ | Network Security News: | +------------------------+ * Hacking Techniques: War Dialing August 22nd, 2002 The term war dialing involves the exploitation of an organization's telephone, dial, and private branch exchange (PBX) systems to penetrate internal network and computing resources. After introducing and exploring the different forms war dialing attacks can take and some tools used to execute such attacks, the article examines measures that can be taken to prevent such an attack. http://www.linuxsecurity.com/articles/network_security_article-5560.html * Know Your Enemy: Defining Virtual Honeynets August 20th, 2002 Honeynets are one type of honeypot. A honeypot is a resource who's value is in being probed, attacked or compromised. A Honeynet is a high-interaction honeypot, meaning it provides real operating systems for attackers to interact with. http://www.linuxsecurity.com/articles/intrusion_detection_article-5548.html +------------------------+ | Cryptography: | +------------------------+ * A New AES Standard For Wireless August 21st, 2002 Wireless has been on the mind of NIST officials for some time. Understanding the inherent risk of unsecure wireless networks ripe for the picking using such easy-to-install programs like NetStumbler, the agency put out a call in July asking for recommendations to counter unauthorized users hacking into a wireless network, to include airborne traffic. http://www.linuxsecurity.com/articles/cryptography_article-5552.html * August Crypto-Gram August 19th, 2002 This month's Crypto-Gram contains information about Palladium and the TCPA, The Doghouse: Cedium, Featured Counterpane Research, License to Hack, Counterpane News, Arming Airline Pilots, and even some Comments from Readers. Bruce Schneier's Crypto-Gram is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. http://www.linuxsecurity.com/articles/cryptography_article-5539.html * PGP Is Back! August 19th, 2002 Phil Zimmermann's PGP is back in the hands of an independent company, after Network Associates agreed to sell the technology it mothballed back in March to a start-up specially created to market PGP. http://www.linuxsecurity.com/articles/vendors_products_article-5540.html +------------------------+ | General: | +------------------------+ * You're Only as Good as Your Password August 23rd, 2002 Warren Leggett had just spent the long July 4 weekend golfing with his brother-in-law near Portland, Ore. Early the following Monday morning, his relaxing holiday ended abruptly. The chief information officer of Niku Corp. (NIKU ), a small Silicon Valley software company, found himself plunged into a shocking case of alleged corporate espionage -- one that raises troubling questions about the security of company information in the Internet Age. http://www.linuxsecurity.com/articles/host_security_article-5569.html * Bush's Cyber-Security Plan Targets E-Mail August 23rd, 2002 In an effort to bolster the nation's cyber-security, the Bush administration has plans to create a centralized facility for collecting and examining security-related e-mail and data and will push private network operators to expand their own data gathering, according to an unreleased draft of the plan. http://www.linuxsecurity.com/articles/government_article-5568.html * The Seven Deadly Security Sins August 22nd, 2002 When it comes to computer break-ins and breaches, there are plenty of ways to place blame, but some security Relevant Products/Services from IBM missteps are more common than others -- and most of them fall into the category of often-overlooked basics. http://www.linuxsecurity.com/articles/security_sources_article-5559.html * Spam Fighters Shouldn't Tread On The Innocent August 22nd, 2002 Wanting to see spammers put out of business, however, doesn't mean I want to see innocent folks harmed in the process. But the vigilantes seem to be taking over the town -- and the results are often unfair, sometimes grotesque. http://www.linuxsecurity.com/articles/forums_article-5558.html * Security Policies: Only As Good As The Audit August 21st, 2002 If you think you have a sound IT policy because your administrators clamor about the continual need to update security patches, you might want to think again. One way to answer all these crucial questions and gauge true security preparedness is to undertake an IT security policy audit. http://www.linuxsecurity.com/articles/network_security_article-5553.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.