General Esm W900
This week, perhaps the most interesting articles include Is Security Software Becoming a Security Risk, Dan Walsh from SELinux, and Scalable Public Key Infrastructure for both OpenSWAN and OpenVPN.

Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.

In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.


LinuxSecurity.com Feature Extras:

Master's Student: Social Engineering is not just a definition! - We are happy to announce a new addition to the Linux Security Contributing Team: Gian G. Spicuzza. Currently a Graduate Student pursuing a Masters Degree in Computer Security (MSIA), Gian is a certified Linux/Unix administrator, the lead developer for the OSCAR-Backup System (at Sourceforge.com) and has experience in a variety of CSO, Management and consulting positions.

His first topic is a quick foray into the world and psychology of Social Engineering:

All the security in the world isn't going to stop one of your employees or coworkers from giving up information. Just how easy is it?

Craig never worked for Linda's company, nor did he call from IT. Craig was an unethical hacker who just gained unauthorized access to her account. Why? Because a phone call is simple.

Read on to see just how easy businesses can be exploited.

Review: Linux Firewalls - Security is at the forefront of everyone's mind and a firewall can be an integral part of your Linux defense. But is Michael's Rash's "Linux Firewalls," the newest release from NoStarchPress, up for the challenge? Eckie S. here at Linuxsecurity.com gives you the low-down on this newest addition to the Linux security resource library and how it's one of the best ways to crack down on attacks to your Linux network.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


EnGarde Secure Community v3.0.17 Now Available (Oct 9)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.17 (Version 3.0, Release 17). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.

Is Security Software Becoming a Security Risk? (Nov 23)

Is the software we're using to protect ourselves from online attacks becoming a liability?

That's what Thierry Zoller believes. For the past two years, the security engineer for n.runs has taken a close look at the way antivirus software inspects email traffic, and he thinks companies that try to improve security by checking data with more than one antivirus engine may actually be making things worse. Why? Because bugs in the "parser" software used to examine different file formats can easily be exploited by attackers, so increasing your use of antivirus software increases the chances that you could be successfully attacked.

What do you think about the state of security software? Is security software doing enough in preventing attacks?

Developer Interview: Dan Walsh from SELinux (Nov 21)

Fedora takes a some time and interviews Dan Walsh, one of the project leads on SELinux development. They ask him a couple questions about SELinux, open source and what he's been doing at Red Hat:

We all appreciate that when we turn on our Linux systems they're pretty secure. Thanks to continuing improvements to SELinux, it is increasingly easy for users to take advantage of this powerful security tool. Read on to find an interview with Daniel Walsh, the principal developer of SELinux in Fedora from Red Hat, where he tells us more about what SELinux does and how it's improved in Fedora 8. Also included are some screenshots which show-off the new policy creation GUI.

Ubuntu Server: Good Concept, Flawed Execution (Nov 20)

Is Ubuntu Security what is claims to be? Some say yes, some say no. Carla Schroeder from Enterprise Networking Planet chimes in on server versus desktop kernel issues, and gives Ubuntu Server a whirl. What are the differences between versions? How does it handle package management, LAMP Stack and Iptable set-up? What about AppArmor?

AppArmor is supposed to be the "real world" alternative to SELinux. Unfortunately there is nothing included that explains the default AppArmor configuration, or how to modify it.

Also:

Some users might have an expectation that Ubuntu Server will be all shiny and easy like Ubuntu Desktop. It's not