Fw: [ISN] Linux Security Week - September 17th 2001
Jason
Jason.Gruber at btinternet.com
Wed Sep 19 11:39:31 EDT 2001
----- Original Message -----
From: "InfoSec News" <isn at c4i.org>
To: <isn at attrition.org>
Sent: Tuesday, September 18, 2001 9:04 AM
Subject: [ISN] Linux Security Week - September 17th 2001
> +---------------------------------------------------------------------+
> | LinuxSecurity.com Weekly Newsletter |
> | September 17th, 2001 Volume 2, Number 37n |
> | |
> | Editorial Team: Dave Wreski dave at linuxsecurity.com |
> | Benjamin Thomas ben at linuxsecurity.com |
> +---------------------------------------------------------------------+
>
> Thank you for reading the LinuxSecurity.com weekly security newsletter.
> The purpose of this document is to provide our readers with a quick
> summary of each week's most relevant Linux security headlines.
>
> This week, perhaps the most interesting security articles include "Public
> Key Infrastructure Overview," "GPG: the Best Free Crypto You Aren't
> Using," and "Information Warfare: How to Survive Cyber Attacks." As you
> might expect, many cryptography articles were released in response to the
> tragedy. If you are interested in the crypto debate, I invite you read
> what is available.
>
> ## It has been a tragic week. Our own Dave Wreski writes, "Today's events
> mark more than a display of courage by Americans, an effort to exact
> retribution on those who committed this senseless act, and how this
> country will be changed as a result. It directly impacts us all on an
> international scale as individual architects of the global Internet."
>
> Special: International Security, Privacy and Solidarity
> http://www.linuxsecurity.com/feature_stories/feature_story-92.html
>
> This week, advisories were released for fetchmail, sendmail, xinetd,
> bugzilla, apache-contrib, uucp, and xloadimage. The vendors include
> Caldera, Conectiva, Red Hat, and SuSE.
>
> http://www.linuxsecurity.com/articles/forums_article-3667.html
>
>
> +---------------------+
> | Host Security News: | <<-----[ Articles This Week ]-------------
> +---------------------+
>
>
> * UnderLinux Interviews Elias Levy
> September 12th, 2001
>
> Josue writes, "The underlinux brazilian site has an interesting interview
> with one of the most important security experts in the world. Aleph1 the
> bugtraq moderator answer some questions about de present and the future of
> computers security.
>
> http://www.linuxsecurity.com/articles/forums_article-3657.html
>
>
> * GPG: the Best Free Crypto You Aren't Using, Part I of II
> September 11th, 2001
>
> Ten years after Phil Zimmermann released PGP v.1.0 (Pretty Good Privacy),
> PGP has evolved from an underground tool for paranoiacs to the gold
> standard, even an internet standard, for e-mail encryption. GnuPG, the GNU
> Privacy Guard, is a 100% free alternative to commercial PGP and is
> included in most Linux distributions.
>
> http://www.linuxsecurity.com/articles/cryptography_article-3649.html
>
>
>
> +------------------------+
> | Network Security News: |
> +------------------------+
>
>
> * SSL toolkit flaw poses risk
> September 14th, 2001
>
> A vulnerability has been discovered in versions of software development
> toolkits from RSA Security, which could allow an attacker to bypass SSL
> client authentication. In a security notice on the issue, RSA said the
> vulnerability meant that hackers "might potentially gain access to data
> intended only for authorised users".
>
> http://www.linuxsecurity.com/articles/cryptography_article-3671.html
>
>
> * Automatic patching: Will it make the world safe from worms?
> September 13th, 2001
>
> Worms and viruses often target specific vulnerabilities in common
> software. But what if the terms were reversed? Rather than attacking the
> vulnerability of software for malicious purposes, what if the worm or
> virus actually attempted to secure the software by applying a patch? Like
> it or not, it is already happening.
>
>
http://www.linuxsecurity.com/articles/intrusion_detection_article-3643.html
>
>
>
> * Information Warfare: How to Survive Cyber Attacks
> September 11th, 2001
>
> As an information security professional, I take an extreme interest in
> information warfare, as it is closely connected to the infosec field.
> Thus, I was excited to read Information Warfare: How to Survive Cyber
> Attacks, and see what it offered from the information security point of
> view.
>
> http://www.linuxsecurity.com/articles/documentation_article-3650.html
>
>
> * Public Key Infrastructure Overview
> September 11th, 2001
>
> Public key cryptography supports security mechanisms such as
> confidentiality, integrity, authentication, and non-repudiation. However,
> to successfully implement these security mechanisms, you must carefully
> plan an infrastructure to manage them. A public key infrastructure (PKI)
> is a foundation on which other applications, system, and network security
> components are built.
>
> http://www.linuxsecurity.com/articles/cryptography_article-3651.html
>
>
> * Stealth encoding bypasses IDS protection
> September 10th, 2001
>
> Cisco's Intrusion Detection System (IDS)is not the only technology that
> fails to protect ISS Web servers against stealth unicode attacks. An
> advisory by eEye Digital Security, reports that network and server sensors
> from ISS, Dragon Sensor 4.x, Snort (prior to version 1.8.1) and components
> of Cisco Secure IDS are affected by the issue. Symantec and Network
> Associates have stated that their products are not vulnerable.
>
>
> http://www.linuxsecurity.com/articles/network_security_article-3662.html
>
>
> +------------------------+
> | Cryptography News: |
> +------------------------+
>
> * Senator calls for encryption crackdown
> September 15th, 2001
>
> The horror of Tuesday's coordinated attacks on the commercial and military
> centers of America has prompted the U.S. Congress to call for a global ban
> on "uncrackable" encryption products.
>
> http://www.linuxsecurity.com/articles/cryptography_article-3672.html
>
>
> * Crypto-Gram September 15
> September 15th, 2001
>
> In this month's crypto-gram, Bruce Schneier talks about the events of
> September 11, and how it may affect our liberties, the NSA's Dual Counter
> Mode, and general news. "Unfortunately, the quickest and easy way to
> satisfy those demands is by decreasing liberties.
>
> http://www.linuxsecurity.com/articles/cryptography_article-3673.html
>
>
> * NSA begins crypto upgrade
> September 10th, 2001
>
> The National Security Agency is beginning a 15-year, multibillion-dollar
> effort to modernize the nation's cryptographic systems, which are rapidly
> growing obsolete and vulnerable. Cryptographic systems encode messages
> and include such tools as secure telephones, tactical radios and smart
> cards.
>
> http://www.linuxsecurity.com/articles/government_article-3640.html
>
>
>
> +------------------------+
> | Vendors/Products: |
> +------------------------+
>
> * Biometrics: Just in a James Bond Flick? Not Anymore!
> September 12th, 2001
>
> The word 'Biometry' basically comprises of two words : bio + metry. The
> word 'bio' refers to life or a living being and the word 'metry' refers to
> 'measurement'. So 'Biometric' can be summed up as: the science of
> measurement of physical attributes(unique) to a living being (for
> authentication /authorization.)
>
> http://www.linuxsecurity.com/articles/projects_article-3656.html
>
>
> * PGP bolsters security package
> September 10th, 2001
>
> PGP Security will unveil this week at NetWorld+Interop 2001 in Atlanta an
> easier-to-use version of its CyberCop network vulnerability-assessment
> tool that will help customers more quickly find and fix security
> weaknesses in PCs, servers, switches and firewalls.
>
> http://www.linuxsecurity.com/articles/cryptography_article-3641.html
>
>
>
> +------------------------+
> | General Security News: |
> +------------------------+
>
> * This is how we know Echelon exists
> September 14th, 2001
>
> The European Parliament published its report into the Echelon spying
> system last week in which it concluded it did exist, was against the law
> and that the UK had a lot of explaining to do.
>
> http://www.linuxsecurity.com/articles/government_article-3669.html
>
>
> * Hackers Discuss Retaliatory Cyberstrikes
> September 13th, 2001
>
> Although the U.S. government has yet to publicly identify suspects in
> Tuesday's terrorist attacks on America, some hackers are already plotting
> counterstrikes against Islamic Web sites, according to postings in
> Internet newsgroups. So far, the impact of the planned retaliatory
> hacking has been limited.
>
> http://www.linuxsecurity.com/articles/hackscracks_article-3666.html
>
>
> * Report: Echelon engaged months in advance of attack
> September 13th, 2001
>
> The U.S. National Security Agency engaged the so-called Echelon
> communications monitoring network, following on warnings of possible
> terrorist attacks, as long as three months ago, the Frankfurter Allgemeine
> Zeitung newspaper reported.
>
> http://www.linuxsecurity.com/articles/privacy_article-3665.html
>
> ------------------------------------------------------------------------
> Distributed by: Guardian Digital, Inc. LinuxSecurity.com
>
> To unsubscribe email newsletter-request at linuxsecurity.com
> with "unsubscribe" in the subject of the message.
> ------------------------------------------------------------------------
>
>
>
> -
> ISN is currently hosted by Attrition.org
>
> To unsubscribe email majordomo at attrition.org with 'unsubscribe isn' in the
BODY
> of the mail.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list