Linux Security Week: July 28th, 2008
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| July 28th, 2008 Volume 9, Number 31 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Network
Security Toolkit Distribution Aids Network Security Administrators,"
"Encrypt The System Manually Upon Installation," and "Critical Security
Issues Found in the Spring Framework."
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Security Features of Firefox 3.0
--------------------------------
Lets take a look at the security features of the newly released Firefox
3.0. Since it's release on Tuesday I have been testing it out to see
how the new security enhancements work and help in increase user
browsing security. One of the exciting improvements for me was how
Firefox handles SSL secured web sites while browsing the Internet.
There are also many other security features that this article will look
at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
http://www.linuxsecurity.com/content/view/138972
---
Review: The Book of Wireless
----------------------------
"The Book of Wireless" by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of
Wireless networks today anyone with a computer should at least know the
basics of wireless. Also, with the wireless networking, users need to
know how to protect themselves from wireless networking attacks.
http://www.linuxsecurity.com/content/view/136167
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.19 (Version 3.0, Release 19). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/136174
* Linux Tool Speeds up Computer Forensics for Cops (Jul 25)
---------------------------------------------------------
Australian university students have developed a Linux-based data
forensics tool to help police churn through a growing backlog of
computer-related criminal investigations. The tool was developed by
students from Edith Cowan University's School of Computing and
Information Sciences and will help the Western Australian Police
Computer Crime Squad process their forensic investigations. Called
Simple (for Simple Image Preview Live Environment), the software
allows investigators to view and acquire forensic data at the scene
of the crime without compromising the integrity of data as it is
collected.
There are tons of Linux forensics LiveCD distributions available, but
what is your favorite?
http://www.linuxsecurity.com/content/view/140253
* Mozilla Fixes Nine Flaws in Thunderbird (Jul 25)
------------------------------------------------
Mozilla Messaging patched nine security vulnerabilities in
Thunderbird Wednesday, the first time it's plugged holes in the
e-mail software since early May. The bug patched in Thunderbird
Wednesday that was fixed in Firefox last week was in the browser
rendering engine's CSSValue array data structure. According to
Mozilla, the vulnerability could be used by hackers to force a crash,
and from there, run malicious code. Several other just-patched
Thunderbird vulnerabilities could also be used by attackers to
execute code remotely.
Are you in a rush to update your installation of Thunderbird with
news that nine security vulnerabilities were found and patched on
Wednesday?
http://www.linuxsecurity.com/content/view/140252
* Network Security Toolkit Distribution Aids Network Security Administrators (Jul 24)
-----------------------------------------------------------------------------------
Network Security Toolkit is one of many live CD Linux distributions
focusing on network monitoring, analysis, and security. NST was
designed to give network security administrators easy access to a
comprehensive set of open source network applications, many of which
are among the top 100 security tools recommended by insecure.org.
NST's latest version, 1.8.0, was released last month. You can
download NST as a live CD ISO or as a VMware virtual machine from the
author's site.
Have you ever used a Live CD which is designed to be used for network
monitoring? If so, do you have any favorites? This article likes at
one Live CD distro called "Network Security Toolkit".
http://www.linuxsecurity.com/content/view/140239
* HOWTO: Encrypt The System Manually Upon Installation (Jul 23)
-------------------------------------------------------------
Another howto by me concerning encryption. However this one will be
pretty intense on graphics. I have a step-by-step guide on how to do
a manual full encryption of the system. Due to a bug current in the
ubuntu installation, you cannot encrypt the swap partition directly
during the manual install. The install will just hang. Here's a link
to the bug report: https://bugs.launchpad.net/ubuntu/+bug/231451
This article is a step by step guide to do a full encryption of a
Linux system. The author provides snapshots in showing you how to do
this.
http://www.linuxsecurity.com/content/view/140192
* Security is No Secret (Jul 22)
------------------------------
NSA takes its Flask architecture to the open-source community to
offer an inexpensive route to trusted systems.Architecture created by
the National Security Agency and expanded with help from the
open-source community will save the Defense Department and
intelligence agencies millions in hardware costs. With Flask, "we can
guarantee that high-integrity data can't be corrupted by
untrustworthy entities or that sensitive data doesn't leak to
untrustworthy entities," said Stephen Smalley, one of the chief
developers of Flask at NSA. The best part is that the technology
requires no specialized hardware or operating system.
What do you think about the Flask architecture? This article looks at
this security architecture and how SELinux came about from it and
it's impact on open source security.
http://www.linuxsecurity.com/content/view/140071
* Security Guide for VMware ESX: Helpful But Has Holes (Jul 22)
-------------------------------------------------------------
With security becoming ever more important, I've been reviewing the
various guides available to harden the VMware Virtual Infrastructure.
So far the results have been disappointing, though I've looked at the
CISecurity VMware ESX Benchmark and the VMware VI3 Hardening
Guidelines. Now for the US Government's Defense Information Systems
Agency's Security Technical Implementation Guide (STIG)-a
long-awaited document that all levels of the U.S. government will
follow to harden and protect their VMware VI3 installations.
At first look at VM security you might think it's just like securing
any hardware install OS. However, VM security come with it's own set
of challenges. This likes at the security issues with hardening
VMware ESX.
http://www.linuxsecurity.com/content/view/140067
* Gibraltar Firewall 2.6 Launched (Jul 21)
----------------------------------------
Gibraltar Firewall 2.6, a Linux firewall distribution based on
Debian, was launched yesterday as announced by Rene Mayrhofer. This
will be the last release that will use the Linux kernel 2.4, as the
next Gibraltar editions will use the 2.6 kernel. Among other things,
this edition of Gibraltar offers improved traffic shaping performance
(the iptables marking rules were re-ordered and the pre-defined
traffic classes were improved), and allows SSL Explorer plugins to be
installed.
Have you ever used the Gibraltar Firewall? Gibraltar provides the
user with a web interface for setting up their firewall. Now it's
available for the Linux 2.6 kernel. Also in this release they added
full WLAN access point functionality.
http://www.linuxsecurity.com/content/view/140066
* Critical Security Issues Found in the Spring Framework (Jul 21)
---------------------------------------------------------------
A recent security assessment of an application by Ounce Labs has
resulted in the discovery of two vulnerabilities that can affect Java
Web applications that use the Spring Framework. Spring has been
downloaded more than 5 million times to date, which means the
security vulnerabilities identified could affect countless companies
that use this framework."One of the problems is there's no default
checking to make sure the users are only submitting fields that are
visible in the form," Berg said. "That means someone can submit
additional data in a request and put it into the Java bean."
"The vulnerabilities are not flaws [in the framework]. The issue is
developers not understanding the complexity of the framework they're
using." Ryan Berg Chief scientist, co-founder, Ounce Labs. So is this
a security flaw in the framework or how developers are using it?
http://www.linuxsecurity.com/content/view/140062
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
