Source: Linux.com
"What? You said you don't have security on your network? Gasp! Well, that's what we're here to talk about. We're going to share some reasons why you want security on your box along with a few pointers on how to secure your network. We're not going to go into great detail (that's for later articles). Our aim is to make you more aware of why you need to secure your network and then point you in the right direction."
Source: Security News Portal - SNPortal
Engarde Secure Linux has released three security updates: one to its Apache package, one to xinetd, and one to address the local DoS and root compromise recently identified in the Linux kernel.
Date: Fri, 19 Oct 2001 12:16:02 -0400 (EDT)
From: EnGarde Secure Linux
Subject: [ESA-20011019-01] Two apache vulnerabilities
"As reported on Bugtraq, there is a local root exploit in the Linux kernel involving the ptrace call. In addition, it is possible to create a Denial of Service attack in the kernel by creating a number of symlinks."
A new hacking tool is being actively used by attackers hoping to take remote control of unpatched Unix-based systems, security experts warned today. While the attack tools exploit a relatively old bug for which patches were issued months ago, Temmingh reports that one individual was asking for unspecified financial compensation for sharing the script - a development which he views as ominous.
Source: Security News Portal - SNPortal
Kevin Poulsen, writing for SecurityFocus.com reports that "Hackers have developed a trick for pilfering DSL account names and passwords right from subscriber's routers, a technique that provides hackers with untraceable Internet access, and potentially exposes subscriber email to interception.
Source: Security News Portal - SNPortal
Summary
Two major security vulnerabilities have been confirmed in Outlook Express version 6. One is new to this version - the ability to execute scripted code even on plain text messages, the other is an old one - concealed attachment.
Details Vulnerable systems:
Outlook Express version 6.0
Source: Security News Portal - SNPortal
As businesses continue putting their infrastructure jewels online via Web-enabled e-commerce sites, the importance of security and privacy becomes increasingly critical. A crucial way of addressing this need to protect the company Web site is to conduct a security vulnerability assessment (SVA)--a security audit or ethical penetration test, as an SVA is also known.
Since the September 11th attacks on the World Trade Center, a debate has come
about arguing the merits of cracking Afghani and affiliated group websites by
supporters of the United States. Almost instantaneously, US citizens armed
with PC's began attacking infrastructure relating to Afghani-supported groups,
only to be rebuked by the NIPC
(National Infrastructure Protection Center,) which said that "Those
individuals who believe they are doing a service to this nation by engaging in
Source: Security News Portal - SNPortal.
There are a number of relatively inexpensive steps that can be taken to fight the bio-terrorism war that is currently being waged through the US mail. The issue is one of containing possible contaminants and minimising the potential for damage. "Nothing can prevent the possibility of a terrorist hell-bent on forwarding a suspicious substance in the mail," says John Puskar, P.E., principal of CEC Consultants.
Security experts have warned that the secure computer network planned by the US Government could be undermined by careless users.
The Bush administration, newly focused on security since the 11 September attacks, wants to create a network, called Govnet, to provide protected data and voice communications.
Richard Clarke, recently named special advisor to the president for cyberspace security, is behind the new initiative and believes it to be vital to future, critical, government operations.
