+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 3, 2000 Volume 1, Number 10 | | | | Editorial Team: Dave Wreski dave@linuxsecurity.com | | Benjamin Thomas ben@linuxsecurity.com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines and system advisories. This week, several other vendors released patches for the wu-ftp vulnerability. If you're not already familiar with this problem, it exists in wu-ftpd's handling of the SITE EXEC command. The default configuration of wu-ftpd is vulnerable to remote users gaining root access. Also, SuSE released a kernel update to fix the capabilities problem in 2.2.x < 2.2.16. In the news, the article "Securing Your Web Pages with Apache," provides helpful information for users who wish to implement Apache's access control methods. It covers authentication, authorisation, IP restriction, labeling, inheritance, and other methods. If you have any outstanding questions regarding Apache's security model, this may be just the article for you. Our feature this week, "Simple Commands for Intrusion Detection," by Benjamin Thomas, explains how the use the Linux commands: w, who finger, last, ps, and ifconfig as a first step toward intrusion detection. Although this feature is targeted toward security newbies, seasoned security gurus may find it helpful. http://www.linuxsecurity.com/feature_stories/feature_story-56.html Our interview this week, "Pull the Plug," is with Brian Gemberling. He is the creator of PullthePlug.com, a project that offers multiple Linux, BSD, and CISCO systems to the public for exploration. In the interview, Brian is questioned about techniques used to secure his network, and methods other people have tried/used to compromise his systems. http://www.linuxsecurity.com/feature_stories/feature_story-50.html Our sponsor this week is WebTrends. Their Security Analyzer has the most vulnerability tests available for Red Hat & VA Linux. It uses advanced agent-based technology, enabling you to scan your Linux servers from your Windows NT/2000 console and protect them against potential threats. Now with over 1,000 tests available. http://www.webtrends.com/redirect/linuxsecurity1.htm HTML Version Available: http://www.linuxsecurity.com/articles/forums_article-1023.html --------------------- Advisories This Week: --------------------- * Debian: dhcp remote root exploit June 28th, 2000 The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in replies sent from a dhcp server. This means that a malicious dhcp server can execute commands on the client with root privilages. http://www.linuxsecurity.com/advisories/advisory_documents/debian_advisory-505.html * Slackware: wu-ftpd update June 28th, 2000 A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine. They have also provided a seperate patch package for users who have already installed Slackware 7.1 and just want the new FTP daemon. http://www.linuxsecurity.com/advisories/advisory_documents/slackware_advisory-506.html * SuSE: Updated wu-ftpd package June 27th, 2000 The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command. An remote attacker could execute arbitrary machine code as root on a FTP server using wu-ftpd. They recommend using our audited 2.4er version of wu-ftpd. http://www.linuxsecurity.com/advisories/advisory_documents/suse_advisory-503.html * SuSE: Kernel update June 27th, 2000 The implementation of the capability feature of the kernel 2.2.x < 2.2.16 is faulty. This bug allows an local adversary to exploit certain setuid applications to increase his/her privileges. http://www.linuxsecurity.com/advisories/advisory_documents/suse_advisory-504.html * RedHat: UPDATE: Kernel update available June 26th, 2000 This new kernel release fixes a security hole that could affect any setuid program on the system. In addition, several accumulated fixes are included. http://www.linuxsecurity.com/advisories/advisory_documents/redhat_advisory-502.html ----------------------- Top Articles This Week: ----------------------- Network Security News: --------------------- * Disabling Telnet and FTP at College. June 30th, 2000 Florence Olsen writes: A computer-privacy expert warned colleges Sunday against continuing to use two popular Internet tools -- Telnet and File Transfer Protocol -- because they offer easy routes for unauthorized people to gain access to personal data on campus networks. http://www.linuxsecurity.com/articles/host_security_article-1010.html * Securing Your Web Pages with Apache June 29th, 2000 This article discusses the various security mechanisms for apache. "... But what's all this noise about 'discretionary' and 'mandatory,' you ask? Put simply, discretionary control (DAC) mechanisms check the validity of the credentials given them at the discretion of the user, and mandatory access controls (MAC) validate aspects that the user cannot control. http://www.linuxsecurity.com/articles/server_security_article-1000.html * Understanding a Blackhat June 28th, 2000 Wired News reporter Chris Oakes has interviewed some scientists who observed all kinds of hackers in their natural habitats, and he has a few thoughts about all this cracker/hacker, spy vs. spy business. http://www.linuxsecurity.com/articles/network_security_article-988.html * Hacker attacks welcomed June 27th, 2000 Openhack is an evolution of last year's interactive Hackpcweek.com test, in which we pitted Linux and the Apache Web server against Microsoft Corp.'s Windows NT and Internet Information Server 4 to see how each would fare in a hostile Internet environment. http://www.linuxsecurity.com/articles/host_security_article-979.html * How to Protect Your Network June 26th, 2000 ParaProtect, a network security portal in Alexandria, Va., reports that 90% of the security breaches its technicians work on are based on attacks from within. Here 's a list of tips culled from industry analysts, security experts, corporate executives and agents of the U.S. Secret Service. http://www.linuxsecurity.com/articles/network_security_article-971.html Host Security News: ------------------ * Securing Apache for AllCommerce June 29th, 2000 Tips on securing apache for use with virtual hosts. "There is no best way to do this except to be paranoid about every detail, pay attention to security alerts and trust no one. Fortunately, Apache has some recommendations. Here is how to put them in practice for AllCommerce. The basic procedure is to start by nailing *everything* down to the most secure configuration. http://www.linuxsecurity.com/articles/server_security_article-1004.html * Cracked! Part 6: Talking with the Enemy June 28th, 2000 Soon after rebuilding the system I started talking to someone on IRC that identified themselves as the person that had cracked our system. He was connecting from the same places that the cracker had been coming from and seemed to know things that only the cracker would have known, so I decided to take him at face value. http://www.linuxsecurity.com/articles/projects_article-983.html * Post Installation: Is it secure out of the box? June 26th, 2000 Unfortunately, the most popular of Linux distributions are those with insecure out-of-the-box setups. One of the defining features of Linux is its customizability, and that can make it more secure. But, improperly configured, Linux can be notoriously insecure. http://www.linuxsecurity.com/articles/host_security_article-968.html * Knowing when someone is knocking on your door. June 26th, 2000 Lance E. Spitzner tells us how you can protect yourself by detecting intrusion attempts and then covers what you can do about them. This article will discuss how you can protect yourself by detecting these intrusion attempts. I will then cover what you can do when you discover these attempts. http://www.linuxsecurity.com/articles/intrusion_detection_article-966.html Cryptography News: ----------------- * Certificate Revocation: When Not To Trust June 29th, 2000 Installing and managing a PKI (public key infrastructure) have far-reaching implications in an enterprise. A PKI by itself offers no value until it is paired with applications and services designed to leverage its functionality. Briefly, a PKI needs to issue digital certificates to individuals and organizations, manage the certificates during their life cycles and publish information about the certificates to directories. In this article, we'll explain managing and applying certificate revocation. http://www.linuxsecurity.com/articles/cryptography_article-997.html Vendor/Product/Tools News: ------------------------- * Time May Be Right For Biometrics June 30th, 2000 The world of James Bond may be inching toward reality. A new generation of biometric devices -- gadgets that identify you by scanning your face, fingerprint, or voice, have a distinctly futuristic look and feel, but have yet to make much of a wave in the market. http://www.linuxsecurity.com/articles/cryptography_article-1012.html * Trustix Secure Linux 1.1 June 30th, 2000 Trustix AS, the leader in eBusiness Systems Management Solution for Linux, announces the release of Trustix Secure Linux 1.1, the preferred Linux distribution for eCommerce applications. Trustix Secure Linux 1.1 is primarily a maintenance release, however the new release does have some new features. http://www.linuxsecurity.com/articles/vendors_products_article-1017.html * TheLinuxStore.com Pairs with LinuxSolve Inc. to Resell Industry's First Secure Server Appliances June 29th, 2000 Under the terms of the agreement, TheLinuxStore.com obtains the rights to market, promote and resell LinuxSolve's line of Linux-based server applications, running firewalls/gateways, email, file, print and web server applications all managed via its browser-based tools through mid-2001. http://www.linuxsecurity.com/articles/vendors_products_article-999.html * Check Point readies Secure Virtual Network June 28th, 2000 Check Point Software Technologies is set for Phase II of its Secure Virtual Network (SVN) architecture for e-business application security, claiming it has advanced its SVN architecture to provide a common security backbone for e-business applications, such as SAP, Oracle, Citrix, and Broadvision. http://www.linuxsecurity.com/articles/vendors_products_article-987.html * Secure messaging Hailed June 27th, 2000 CRITICAL PATH HAS detailed a suite of secure messaging services designed to help enterprises protect information assets such as engineering drawings, financial documents, and legal agreements transferred over the Internet. http://www.linuxsecurity.com/articles/vendors_products_article-977.html General News: ------------- * Do privacy policies really protect you? June 30th, 2000 Every e-commerce site seems to have a "privacy policy" these days--but American advocates of strong, European-style privacy laws say that weak policies may be worse than no policies at all. http://www.linuxsecurity.com/articles/general_article-1008.html * Survey - Cybercrime Concern Outweighs Precautions June 29th, 2000 Consumers and tech professionals are plenty concerned about being victimized by cybercrime, but only a fraction of them use firewalls on their personal computers, according to a survey by online security provider Symantec Corp. Eighty-seven percent of consumers and nearly 95 percent of technology professionals use anti-virus software to protect their computer from damaging viruses but leave themselves vulnerable to hacker attacks and theft of financial data, the survey said. http://www.linuxsecurity.com/articles/general_article-1003.html * Attacks Put Security Pros On the Most-Wanted List June 26th, 2000 Talk about job security. Network-security specialists are in high demand these days, especially given the recent denial-of-service attacks on high-profile Web sites. Secure systems and networks capable of withstanding the use and abuse from outside and inside an organization are the goal of businesses, as heterogeneous networks link remote staff to headquarters, the business to customers and everyone to the Internet. http://www.linuxsecurity.com/articles/general_article-974.html * The Motives and Psychology of the Black-hat Community June 26th, 2000 This paper is a continuation of the Know Your Enemy series. This series is dedicated to learning the tools and tactics of the black-hat community. Unlike the previous papers which focused purely on the "what" and "how" of the black-hat community, specifically the technical tools, their use and implementation, this paper explores the motivation and psychology of the black-hat community, in their very own words. http://www.linuxsecurity.com/articles/intrusion_detection_article-975.html * Securing dot-com June 26th, 2000 This article includes information from the recent SANS report, discussion of what can be done about this problems, and more. "Security problems are growing more numerous as knowledge and the number of Internet-connected systems grow. The number of reported security problems registered a sharp uptick last year, according to Computer Emergency Response Team statistics. http://www.linuxsecurity.com/articles/network_security_article-970.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------