Linux Security Week: July 28th, 2008

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| July 28th, 2008                                  Volume 9, Number 31 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, perhaps the most interesting articles include "Network
Security Toolkit Distribution Aids Network Security Administrators,"
"Encrypt The System Manually Upon Installation," and "Critical Security
Issues Found in the Spring Framework."

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Security Features of Firefox 3.0
--------------------------------
Lets take a look at the security features of the newly released Firefox
3.0. Since it's release on Tuesday I have been testing it out to see
how the new security enhancements work and help in increase user
browsing security.  One of the exciting improvements for me was how
Firefox handles SSL secured web sites while browsing the Internet.
There are also many other security features that this article will look
at. For example, improved plugin and addon security.

Read on for more security features of Firefox 3.0.

http://www.linuxsecurity.com/content/view/138972

---

Review: The Book of Wireless
----------------------------
"The Book of Wireless" by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of
Wireless networks today anyone with a computer should at least know the
basics of wireless. Also, with the wireless networking, users need to
know how to protect themselves from wireless networking attacks.

http://www.linuxsecurity.com/content/view/136167

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------+
| Security News:      | <<-----[ Articles This Week ]----------
+---------------------+

* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.19 (Version 3.0, Release 19).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/136174

* Linux Tool Speeds up Computer Forensics for Cops (Jul 25)
  ---------------------------------------------------------
  Australian university students have developed a Linux-based data
  forensics tool to help police churn through a growing backlog of
  computer-related criminal investigations. The tool was developed by
  students from Edith Cowan University's School of Computing and
  Information Sciences and will help the Western Australian Police
  Computer Crime Squad process their forensic investigations. Called
  Simple (for Simple Image Preview Live Environment), the software
  allows investigators to view and acquire forensic data at the scene
  of the crime without compromising the integrity of data as it is
  collected.

  There are tons of Linux forensics LiveCD distributions available, but
  what is your favorite?

  http://www.linuxsecurity.com/content/view/140253

* Mozilla Fixes Nine Flaws in Thunderbird (Jul 25)
  ------------------------------------------------
  Mozilla Messaging patched nine security vulnerabilities in
  Thunderbird Wednesday, the first time it's plugged holes in the
  e-mail software since early May. The bug patched in Thunderbird
  Wednesday that was fixed in Firefox last week was in the browser
  rendering engine's CSSValue array data structure. According to
  Mozilla, the vulnerability could be used by hackers to force a crash,
  and from there, run malicious code. Several other just-patched
  Thunderbird vulnerabilities could also be used by attackers to
  execute code remotely.

  Are you in a rush to update your installation of Thunderbird with
  news that nine security vulnerabilities were found and patched on
  Wednesday?

  http://www.linuxsecurity.com/content/view/140252

* Network Security Toolkit Distribution Aids Network Security Administrators (Jul 24)
  -----------------------------------------------------------------------------------
  Network Security Toolkit is one of many live CD Linux distributions
  focusing on network monitoring, analysis, and security. NST was
  designed to give network security administrators easy access to a
  comprehensive set of open source network applications, many of which
  are among the top 100 security tools recommended by insecure.org.
  NST's latest version, 1.8.0, was released last month. You can
  download NST as a live CD ISO or as a VMware virtual machine from the
  author's site.

  Have you ever used a Live CD which is designed to be used for network
  monitoring? If so, do you have any favorites? This article likes at
  one Live CD distro called "Network Security Toolkit".

  http://www.linuxsecurity.com/content/view/140239

* HOWTO: Encrypt The System Manually Upon Installation (Jul 23)
  -------------------------------------------------------------
  Another howto by me concerning encryption. However this one will be
  pretty intense on graphics. I have a step-by-step guide on how to do
  a manual full encryption of the system. Due to a bug current in the
  ubuntu installation, you cannot encrypt the swap partition directly
  during the manual install. The install will just hang. Here's a link
  to the bug report: https://bugs.launchpad.net/ubuntu/+bug/231451

  This article is a step by step guide to do a full encryption of a
  Linux system. The author provides snapshots in showing you how to do
  this.

  http://www.linuxsecurity.com/content/view/140192

* Security is No Secret (Jul 22)
  ------------------------------
  NSA takes its Flask architecture to the open-source community to
  offer an inexpensive route to trusted systems.Architecture created by
  the National Security Agency and expanded with help from the
  open-source community will save the Defense Department and
  intelligence agencies millions in hardware costs. With Flask, "we can
  guarantee that high-integrity data can't be corrupted by
  untrustworthy entities or that sensitive data doesn't leak to
  untrustworthy entities," said Stephen Smalley, one of the chief
  developers of Flask at NSA. The best part is that the technology
  requires no specialized hardware or operating system.

  What do you think about the Flask architecture? This article looks at
  this security architecture and how SELinux came about from it and
  it's impact on open source security.

  http://www.linuxsecurity.com/content/view/140071

* Security Guide for VMware ESX: Helpful But Has Holes (Jul 22)
  -------------------------------------------------------------
  With security becoming ever more important, I've been reviewing the
  various guides available to harden the VMware Virtual Infrastructure.
  So far the results have been disappointing, though I've looked at the
  CISecurity VMware ESX Benchmark and the VMware VI3 Hardening
  Guidelines. Now for the US Government's Defense Information Systems
  Agency's Security Technical Implementation Guide (STIG)-a
  long-awaited document that all levels of the U.S. government will
  follow to harden and protect their VMware VI3 installations.

  At first look at VM security you might think it's just like securing
  any hardware install OS. However, VM security come with it's own set
  of challenges. This likes at the security issues with hardening
  VMware ESX.

  http://www.linuxsecurity.com/content/view/140067

* Gibraltar Firewall 2.6 Launched (Jul 21)
  ----------------------------------------
  Gibraltar Firewall 2.6, a Linux firewall distribution based on
  Debian, was launched yesterday as announced by Rene Mayrhofer. This
  will be the last release that will use the Linux kernel 2.4, as the
  next Gibraltar editions will use the 2.6 kernel. Among other things,
  this edition of Gibraltar offers improved traffic shaping performance
  (the iptables marking rules were re-ordered and the pre-defined
  traffic classes were improved), and allows SSL Explorer plugins to be
  installed.

  Have you ever used the Gibraltar Firewall? Gibraltar provides the
  user with a web interface for setting up their firewall. Now it's
  available for the Linux 2.6 kernel. Also in this release they added
  full WLAN access point functionality.

  http://www.linuxsecurity.com/content/view/140066

* Critical Security Issues Found in the Spring Framework (Jul 21)
  ---------------------------------------------------------------
  A recent security assessment of an application by Ounce Labs has
  resulted in the discovery of two vulnerabilities that can affect Java
  Web applications that use the Spring Framework. Spring has been
  downloaded more than 5 million times to date, which means the
  security vulnerabilities identified could affect countless companies
  that use this framework."One of the problems is there's no default
  checking to make sure the users are only submitting fields that are
  visible in the form," Berg said. "That means someone can submit
  additional data in a request and put it into the Java bean."

  "The vulnerabilities are not flaws [in the framework]. The issue is
  developers not understanding the complexity of the framework they're
  using." Ryan Berg Chief scientist, co-founder, Ounce Labs. So is this
  a security flaw in the framework or how developers are using it?

  http://www.linuxsecurity.com/content/view/140062

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux