general linux info

Subject: general linux info
From: Bryce (
Date: Tue Sep 26 2000 - 21:39:44 MDT

i came across this, and i thought that maybe you guys could use this
info... i know later on i will.


| Weekly Newsletter |
| September 11, 2000 Volume 1, Number 19n |
| |
| Editorial Team: Dave Wreski |
| Benjamin Thomas |

Thank you for reading the weekly security
newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security

This week, several interesting articles appeared surrounding the
Carnivore issue. A group of developers from Network ICE released
their own open-source version, Altivore. The purpose of it is
to "allow ISPs to respond to court ordered e-mail surveillance
without FBI help, thus allowing them to be self-regulated
instead of government regulated." Also, a group of Universities
were unwilling to review Carnivore because of the FBI's list of
strict requirements and restrictions given to researchers.

Another hot issue this week was RSA's decision to release their
algorithm into the public domain early. Some were skeptical, but
others believe that this is for the good of the community.

Our sponsor this week is WebTrends. Their Security Analyzer has the
most vulnerability tests available for Red Hat & VA Linux. It uses
advanced agent-based technology, enabling you to scan your Linux
servers from your Windows NT/2000 console and protect them against
potential threats. Now with over 1,000 tests available.

HTML Version available:

| Host Security news: | <<-----[ Articles This Week ]-----------------+

* Help & How-To: Two SuSE Linux Apache Vulnerabilities Identified
September 8th, 2000

One vulnerability allows a malicious user to read passwords and
discern network structure while the other allows a malicious user
to create or browse file directories on a Web server. Both
vulnerabilities provide a malicious user with access to sensitive
data on a Web server running Apache 1.3.9 (Apache 1.3.12 in SuSE
6.4). Apache is the default Web server in SuSE Linux.

* An Introduction to Unix Permissions
September 8th, 2000

This Part 1 of a two part article discusses the basics of unix
filesystem permissions. "Unix uses three base permissions: read
(r), write (w), and execute (x). To view the permissions of the root
directory on your FreeBSD system, use the ls command with the l
(show long listing) and a (show all files)

* Using Postfix: A basic guide on configuring and installing
September 6th, 2000

If it's speed and security you're looking for, Postfix is a very
nominal choice for a MTA. The MTA uses multiple layers of defense to
protect the local system against intruders, as well as having the
ability to run in a chroot jail.

* Booting without all the extras
September 6th, 2000

A default Linux distro boots with a lot of services that you probably
don't need. The Geek shows you how to turn off those extras and
provides tips on tuning a Linux system for every situation. Now,
there are a couple of ways you can remove a service. The first is to
remove the software package that runs the service.

* Firewalls - Common Configuration Problems
September 5th, 2000

There are many common configuration problems with firewalls, ranging
in severity and scope. By far the most common problems relate to what
should be blocked or allowed. This is often problematic because needs
change; you may need to allow video-streaming, for example, and
unless done properly, the addition of new firewall rules can
seriously undermine the security provided by a firewall.

| Network Security news: |

* Amateur Fortress Building in Linux
September 8th, 2000

Here's a pretty good introductory article on Linux security. It
discusses configuring TCPserver as a replacement for inetd, Dan
Bernstein and the crypto code that he's contributed to the community,
and explanations of the security implications of many of the common
network services.

* Authentication: Patterns of Trust
September 7th, 2000

There are plenty of options for user authentication, but none is a
"one-size-fits-all" solution. With so many available technologies,
how do you select the right one for your organization's needs?
Systems architects sometimes get stuck on security planning, because
it's hard to choose among all the competing products and

* Unix, Linux computers vulnerable to damaging new attacks
September 7th, 2000

Security experts have uncovered a new class of vulnerabilities in
Unix and Linux systems that let attackers take full control of
computers. These "format string" vulnerabilities started surfacing
about two months ago, said Elias Levy, a moderator of the Bugtraq
computer security mailing list. Some of them have lurked for years in
basic Unix programs, but security experts only now have begun to find
and fix them.

* null_session's TCP/IP for kids
September 5th, 2000

A nice intro to TCP/IP. "This file was written to take the kids who
are still stuck in the "1 n33d s0m3 w4r3z d00d!" mode and bring them
up to about the same level as your average system admin. That is to
say that this is a quick hit, usable as an introduction but NOT
intended for someone with experience in these matters (unless, of
course, you want to critique me)."

* How to perform a secure remote backup
September 4th, 2000

What do you do when your site is attacked or your system fails?
Backup, Avi Rubin argues, is the most reliable way to ensure that
what you've lost can be recovered. Here he takes a look at protecting
your backup and recommends some products that can help.

| Cryptography news: |

* RSA Algorithm Released: Update
September 8th, 2000

The release of the algorithm is a good thing because you can now
create cryptographic software using one RSA implementation and
distribute it worldwide without having to license anything from RSA.
 This is good news because you can, for example, download OpenSSL
and OpenSSH Solaris 8.0 packages I created and use them now. I never
 bothered to compile them against RSAREF, so you would have had to
wait another two weeks to download them.

* RSA Security's Crypto May Spur More Competitive PKI Tools
September 8th, 2000

RSA's competitors' reactions to the expiration are mixed. Baltimore
Technologies Inc. responded with its own announcement of new
products and initiatives. It's eliminating its runtime licensing
for its PKI development suite KeyTools and will switch to a flat
fee, and it's also offering a free KeyTools Lite, which includes
cryptographic and digital certificate functions, including
communication with a certificate authority or a Lightweight
Directory Access Protocol directory.

* Open RSA: The Patent Expires
September 8th, 2000

The end of the patent means that companies who want to use the RSA
encryption algorithm in the United States no longer have to license
it from the firm, RSA Security. The patent hasn't extended to
products sold outside the United States, because the algorithm was
published in 1977 before the Massachusetts Institute of Technology
applied for its patent

* GPG vs. PGP?
September 7th, 2000

What are the relative merits and drawbacks of using Gnu Privacy Guard
vs. Network Associates' PGP. I am not referring to the fact that GPG
doesn't use any restricted implemtations or algorithems; or that GPG
was not affected by the recent PGP hole; but other more everyday

* Zimmermann responds to PGP flap
September 5th, 2000

Phil Zimmermann, the creator of Pretty Good Privacy (PGP), responds
to the recent flaw discovered in Network Associates implementation
of the Additional Decryption Key (ADK) feature. This is a key escrow
 account that allows a responsible third-party to gain access to
encrypted messages when the original key is lost. Many believe the
feature is the result of a government conspiracy. Here's the
explanation of the problem and rebuttal to the conspiracy argument
sent by Zimmermann to Senior Editor Ellen Messmer

| Vendor/Product/Tools news: |

* Solar Designer's 2.2.17 Kernel Patch
September 10th, 2000

Solar's kernel security enhancement patch is now available for the
recently-released 2.2.17 Linux kernel. "This patch is a collection of
security-related features for the Linux kernel, all configurable via
the new 'Security options' configuration section

* Network ICE Releases Open-source Carnivore
September 8th, 2000

Network ICE is disclosing the source code to a new e-mail sniffing
program called "Altivore." This software provides a potential
alternative to ISPs who do not want to install the FBI's secretive
black-box known as "Carnivore." Altivore will allow ISPs to respond
to court ordered e-mail surveillance without FBI help, thus allowing
them to be self-regulated instead of government regulated.

* "Web Security Is Our Bag, Baby"
September 7th, 2000

In response to the skyrocketing number of security breaches, vicious
virus attacks and severe financial losses plaguing North America's
digital economy, CRYPTOCard Corp., leaders in strong user
authentication (SUA) systems, has launched CRYPTOAdmin 5.0.

* Linux Internet security tool
September 6th, 2000

Security firms Intrusion and Check Point Software will this month
launch a sub-L1300 Linux-based Internet security appliance. The
small device is aimed at medium-sized firms and branch offices, and
will have Check Point's VPN-1/FireWall-1 security software
preinstalled. It will also be available as a managed service.

| General news: |

* Researchers refuse Carnivore review
September 8th, 2000

Five groups of researchers have bowed out of the competition to
evaluate the so-called Carnivore Internet surveillance system. And
that likely will dash Justice Department hopes that a major
university would validate its controversial eavesdropping device,
participants said Tuesday.

* RSA Security Releases RSA Encryption Algorithm into Public Domain
September 6th, 2000

RSA Security Inc. today announced it has released the RSA public
key encryption algorithm into the public domain, allowing anyone to
create products that incorporate their own implementation of the
algorithm. This means that RSA Security has waived its rights to
enforce the patent for any development activities that include the
RSA algorithm occurring after September 6, 2000.

* Universities unwilling to review FBI's 'Carnivore' system
September 6th, 2000

Academic institutions will likely pass up the chance to audit the
federal government's Internet monitoring system, citing strict
controls that would prevent an independent review, researchers said
Wednesday. Known as "Carnivore," the FBI's e-mail monitoring system
has drawn fire from electronic freedom activists who see it as an
excessive intrusion on individual privacy.

* Can open source save the day?
September 5th, 2000

Because the new inter-component security flaws differ so
substantially from more traditional holes, a different sort of
programmer is likely to find them. Open source allows the widest
variety of coders to search the source for the flaws that they know
best. This can only improve security.


Distributed by: Guardian Digital, Inc.

     To unsubscribe email
         with "unsubscribe" in the subject of the message.

ISN is hosted by

To unsubscribe email with a message body of

This archive was generated by hypermail 2a24 : Tue Sep 26 2000 - 21:44:30 MDT