AOH :: ISN-1385.HTM

Linux Security Week - September 12th 2005




Linux Security Week - September 12th 2005
Linux Security Week - September 12th 2005



+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  September 12th, 2005                       Volume 6, Number 38n    |
|                                                                     |
| Editorial Team: Dave Wreski dave@linuxsecurity.com | 
| Benjamin D. Thomas ben@linuxsecurity.com | 
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Security
moves back into top 5 IT priorities," "Popular policies: keeping storage
secure," and "The Mobility Threat."

---

## Master of Science in Information Security ##

Earn your Master of Science in Information Security online from Norwich
University. Designated a "Center of Excellence", the program offers a
solid education in the management of information assurance, and the
unique case study method melds theory into practice.  Using today's
e-Learning technology, you can earn this esteemed degree, without
disrupting your career or home life.

LEARN MORE:
http://www.msia.norwich.edu/linux_en 

---

LINUX ADVISORY WATCH

This week, advisories were released for proftpd, sqwebmail, polygen,
affix, zsync, phpgroupware, webcalendar, pcre3, ntp, cvs, kdelibs,
evince, openmotif, cman, gnbd-kernel, dlm-kernel, lockdev, perl,
termcap, ckermit, kdegraphics, squid, pam, setup, tar, openssh,
tzdata, httpd, mplayer, and phpldapadmin. The distributors include
Debian, Fedora, Gentoo, and Red Hat.

http://www.linuxsecurity.com/content/view/120342/150/ 

---

Hacks From Pax: PHP Web Application Security
By: Pax Dickinson

Today on Hacks From Pax we'll be discussing PHP web application
security. PHP is a great language for rapidly developing web
applications, and is very friendly to beginning programmers, but
some of its design can make it difficult to write web apps that
are properly secure. We'll discuss some of the main security
"gotchas" when developing PHP web applications, from proper
user input sanitization to avoiding SQL injection
vulnerabilities.

http://www.linuxsecurity.com/content/view/120043/49/ 

---

Network Server Monitoring With Nmap

Portscanning, for the uninitiated, involves sending connection requests
to a remote host to determine what ports are open for connections and
possibly what services they are exporting. Portscanning is the first step
a hacker will take when attempting to penetrate your system, so you should
be preemptively scanning your own servers and networks to discover
vulnerabilities before someone unfriendly gets there first.

http://www.linuxsecurity.com/content/view/119864/150/ 

---

>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf 


+---------------------+
| Security News:      | <<-----[ Articles This Week ]----------
+---------------------+

* IptablesWeb v.1.0
  8th, September, 2005

IptablesWeb is a free software (under GPL licence): it makes possible
to inspect iptables logs by using a web browser.
It's a plugin-based multilanguage software written in PHP using 3
free php classes.

http://www.linuxsecurity.com/content/view/120297 


* Creating info society: Broadband and info security
  6th, September, 2005

The explosion of spamming, hoaxes and cyber attacks has highlighted
just how vulnerable users are to security breaches and the steps they
need to take to protect themselves. While both dial-up and broadband
connections can be affected by such security breaches, an always-on
broadband connection is undoubtedly an easier target. This is because
the always-on nature of a broadband connection means that attacks and
hacking can happen around the clock, raising the stakes by comparison
with a computer that is only on for short periods. Luckily, there are
many tools available to make broadband connections secure and
attractive to users and potential users.

http://www.linuxsecurity.com/content/view/120310 


* Big debate over small packets
  8th, September, 2005

Fernando Gont is nothing if not tenacious.  Earlier this year, the
Argentinian researcher highlighted several attacks that could disrupt
network connections using the Internet control message protocol, or
ICMP, and proposed four changes to the structure and handling of
network-data packets that would essentially eliminate the risk.

http://www.linuxsecurity.com/content/view/120329 


* Cisco Issues Fixes for Vulnerable Web Routers
  8th, September, 2005

Cisco alerted its customers Wednesday about a serious security flaw
in many of its Internet routers, which serve as key intersections in
channeling Web and e-mail traffic from point to point.	Cisco Systems
Inc., based in San Jose, Calif., warned that attackers could use the
flaw to seize control over specified vulnerable routers.not most
routers currently in use.

http://www.linuxsecurity.com/content/view/120333 


*  MS wrong on security claims: Red Hat
  6th, September, 2005

Red Hat is accusing Microsoft of getting its facts wrong in its
latest attack on Linux security.
In an update on security at Microsoft's recent world-wide partner
conference, the company's security head Mike Nash took aim at Linux
to single out Red Hat.

http://www.linuxsecurity.com/content/view/120309 


* OpenSSH update fixes recent vulnerabilities
  5th, September, 2005

The first fix prevents "GatewayPorts" from being "incorrectly
activated for dynamic ('-D') port forwardings when no listen address
was explicitly specified," according to the changelog.

http://www.linuxsecurity.com/content/view/120299 


* Red Hat Unveils IT Courses
  7th, September, 2005

Red Hat, the world's leading provider of open source solutions to the
Enterprise, announced the addition of Institute of Advanced Computing
Management (IACM) to their Authorised Training Partner Network, which
extends across India, Nepal, Bangladesh, Sri Lanka and Pakistan. Red
Hat's complete range of Training and Certification programs will now
be available at IACM.

http://www.linuxsecurity.com/content/view/120320 * Security moves back into top 5 IT priorities 7th, September, 2005 With Labor Day weekend quickly vanishing into a memory, the team has just finished compiling this month's IT priorities data. The big news is that what happened last month with security is now pretty much undone. It is back in the top 5 list, just barely edging out IT management for the fifth position (it was in fourth back in July). Software infrastructure and hardware upgrades also swapped positions and are in second and third respectively. As usual, wired and wireless projects are up on top as organizations buy into data and voice network convergence and install wireless networking equipment. Overall, things are looking good. According to the US Commerce Department, in Q2 2005, businesses spent 17.3% more on computers and peripheral equipment than they did in Q2 2004. http://www.linuxsecurity.com/content/view/120321 * Email security - what are the issues? 8th, September, 2005 As email becomes more prevalent in the market, the importance">href="http://www.net-security.org/article.php?id=816">importance of email security becomes more significant. In particular, the security implications associated with the management of email storage, policy enforcement, auditing, archiving and data recovery. http://www.linuxsecurity.com/content/view/120331 * Popular policies: keeping storage secure 9th, September, 2005 Secure storage of data has always been essential for any organisation, of whatever size. In the past this involved accurate filing of paper records, and then keeping the physical archive secure . whether it was simply locking a filing cabinet, or guarding an entire building. http://www.linuxsecurity.com/content/view/120345 * The Mobility Threat 5th, September, 2005 We live in an era where mobile devices are being used by all levels of society. Today, it is fairly common to see a CEO or a school kid carrying a PDA or mobile phone. According to a survey by Infocomm Authority of Singapore (IDA), the penetration rate of mobile phones in Singapore has grown to 91 percent in 2004. Sophisticated PDA phones and other mobile devices such as the Blackberry are actually miniaturised PCs and they have become ubiquitous. http://www.linuxsecurity.com/content/view/120300 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org

Site design & layout copyright © 1986-2014 CodeGods