General Esm W900
This week, perhaps the most interesting articles include "Dual Password Encryption with EncFS," "Snort: Open Source Network Intrusion Prevention," and "Web Application Attack and Audit Framework."

Hakin9 Magazine - Hacking, IT Security and More Subscribe today and get 10% off! Covers all things hackers need including techniques about breaking into computer systems, defense and protection methods. A great new magazine that'll be sure to keep you on the cutting edge. Want to learn more about the magazine?

Get 10% the regular subscription price if you sign up by the end of June!


LinuxSecurity.com Feature Extras:

Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.

Security on your mind?

Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.

Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


FreeBSD Project Integrates Support for the Camellia Block Cipher
9th, June, 2007

The Camellia Block Cipher is a new encryption algorithm which was developed by NTT and has been specified in several Internet RFCs as well as being one of the approved encryption methods to be used by the European Union.

Developers on the FreeBSD project worked with researchers from NTT to integrate their code, under a BSD license, into the CURRENT branch of FreeBSD, which will become the 7.0 release in the near future.

news/cryptography/freebsd-project-integrates-support-for-the-camellia-block-cipher
Dual Password Encryption with EncFS
15th, June, 2007

This article is a step-by-step guide to using two passwords with EncFS. The primary password is required and may be used to secure all data; the secondary password is optional and may be stored on USB stick or other removable media and used to secure more sensitive data. EncFS can also be combined with block device encryption for maximum security

news/cryptography/dual-password-encryption-with-encfs
Firefox Flaws Raise Mozilla Security Doubts
12th, June, 2007

The Mozilla Foundation said last week it has patched several serious security flaws in the popular Firefox browser, bugs that also affect the SeaMonkey browser and the Thunderbird e-mail application.

The bugs could allow an attacker to take over a system, as well as less serious exploits such as spoofing or security bypass, Mozilla said.

news/network-security/firefox-flaws-raise-mozilla-security-doubts
Snort: Open Source Network Intrusion Prevention
13th, June, 2007

A few years ago, when we spoke of network intrusion security systems, we spoke of IDS (Intrusion Detection System) appliances. Recently, as the emphasis has shifted from detection to prevention, IDS has become IPS (Intrusion Prevention Systems). The compelling force behind this change is the same one that has thrust an open source software company named SourceFire to the front of the Network Intrusion Prevention System Appliances market sector; that is, a fast changing threat environment.

news/network-security/snort-open-source-network-intrusion-prevention
Using RBL and DCC for Spam Protection
16th, June, 2007

I run a Postfix-based mail server that services a few hundred users with an average load of a couple of thousand legitimate messages a day -- but thanks to spam, the actual load on the server is much higher. I use Realtime Blackhole Lists (RBL) and Distributed Checksum Clearinghouse (DCC) clients on Postfix and SpamAssassin to reduce the impact of spam.

news/network-security/using-rbl-and-dcc-for-spam-protection
Web Application Attack and Audit Framework
13th, June, 2007

w3af, is a Web Application Attack and Audit Framework. It is extended using plugins; the framework and the plugins are fully written in python. Each plugin will add a functionality like xss detection or sql injection exploitation.

news/security-projects/web-application-attack-and-audit-framework
OpenOffice worm hits Mac, Linux and Windows
11th, June, 2007

Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.

news/hackscracks/openoffice-worm-hits-mac-linux-and-windows
OpenOffice Worm Hits Mac, Linux and Windows
12th, June, 2007

Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec.

The advisory said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux, and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources".

news/hackscracks/openoffice-worm-hits-mac-linux-and-windows