July 2007 Security Report: Email Threats, Web Tools, And Defense
Accelerate your career with a Master in Information Assurance from Norwich - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study offers you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.
Security on your mind?
Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Securing an SSL VPN with one-time Passcodes and Mutual Authentication | ||
2nd, July, 2007
"SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC." Thanks to WIFI networks it take a little more to secure your VPN. Mutual authentication can help by validating a user to a site and the site is validated to the user. Why do this? Because this will protect against the man-in-the-middle attack. Is is the only way or is there other ways like using a LDAP server to preform the same thing. |
||
| JavaScript Web Application Security Testing Tool | ||
3rd, July, 2007
"Selenium tests run directly in a browser, just as real users do.". How well does software do at auditing Web application for security vulnerabilities? Most times the only way to check for some security flaws is to look at the source code. I wonder if these types of software report back with lots of false-negatives for the developers to sort through. |
||
| FreeBSD Setting up Firewall using IPFW | ||
5th, July, 2007
Have you heard about IPfirewall? One service that should be protected by a firewall is a web server. "You do not need to compile IPFW into the FreeBSD kernel unless you want NAT function enabled. " So it's not very hard to set up a FreeBSD firewall and with this articles user's should have a more secure operating system. |
||
| Vendors Admit More Cooperation Needed on Security | ||
30th, June, 2007
"The security chiefs of several large infrastructure and software vendors said they are doing all they can do to embed security into their products, but they agreed that more work must be done to improve security between their platforms." How well does the open source community spread security issues? Does Redhat and Novel work together to improve security? One of the best ways to improve security is to have all players share their patches to fix vulnerabilities fast. |
||
| Email Worms Rarer in 2007, Says Vendor | ||
6th, July, 2007
"Email worms, not long ago the scourge of the Internet, have declined sharply in 2007, a security company has revealed." What do think caused this? Maybe it's because email anti-virus software is catching them. Or maybe attackers are just using other methods more then using Email worms. However, I believe spreading attacks via email is one of the most effective ways attackers affect their users. |
||
| Six Ways to Fight Back Against Botnets | ||
6th, July, 2007
Automation is one of the many angels to put on your shoulders in a software development environment - you want to make all those tedious repetitive tasks as easy as can be. However, automation can be used against you in the form of botnets - groups of zombified hosts that wander the net and spam-bite everyone. They know no discrimination in who they spam and it costs you time, bandwith, and your sanity. Read on for some immediate remedies to the situation so your box won't end up like an extra in the 'Thriller' video (ok maybe not). |
||
| An Invisible Abomination | ||
3rd, July, 2007
You pay for your broadband modem, you pay the ISP to keep delivering your service, and what do you get in return? They spy, monitor, and insert ads into your web pages for good measure. Apparently a certain vendor (lets call them NebuAd) has been selling devices to ISPs to do precisely that. Your privacy is exchanged for traffic habits, you preferences, and custom tailored ads for you. Whatever happened to just 'um, no?' |
||
| New Storm Worm Attack Turns to Web | ||
4th, July, 2007
"Spammers have switched their tactics with the latest "storm worm" run in hopes of getting more of the malicious messages delivered into company inboxes." This attack is one example of a social engineering attack. How effective are these attacks? I feel that these attacks are effective but I don't see why users of the internet don't be more careful. We all know the risks of opening unknown emails but users still do. Is this because of the lack on knowledge or just laziness? |
||
