Test

Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.

In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.


LinuxSecurity.com Feature Extras:

Never Installed a Firewall on Ubuntu? Try Firestarter - When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing.

Read on for more information on Firestarter.

Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


EnGarde Secure Community 3.0.21 Now Available (Oct 7)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.21 (Version 3.0, Release 21). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.

Automatically mount Encrypted Filesystems at Login With pam_mount (Nov 7)

The pam_mount project lets you unlock an encrypted filesystem automatically when you log in. The same password used to log in is used as the key to unlock the encrypted filesystem, so you only need to type it once. Using this method, you can easily share a laptop and have only a single user's home directory unlocked and mounted when he logs in. And pam_mount can mount any filesystem, not just encrypted filesystems, so you can use it, for example, with an NFS share that you are interested in but which you might not like to leave mounted when you are not logged in.

Did you ever wanted to know how to mount an encrypted filesystem automatically? This article will show you how.

news/cryptography/automatically-mount-encrypted-filesystems-at-login-with-pammount
Wi-Fi Linux Network Bug Found, Fixed (Nov 6)

These days, most of us can use our Wi-Fi cards on Linux using native drivers. Some of us, though, are still stuck with using Windows drivers on Linux. This kludge is usually done by using the Windows driver with NDISwrapper. Unfortunately, it's recently been discovered that there's a crack in the kludge.

Do you think this bug is capable enough to crash a system? Read on for more information.

Firefox 3.1 will Have a Private Browsing Mode (Nov 6)

Mozilla is adding a private browser feature to its forthcoming Firefox 3.1 release. Private browsing aims to help users make sure their Web browsing doesn't leave traces on their computers, said the function's developer, Ehsan Akhgari. Akhgari said. "Private browsing is only about making sure that Firefox doesn't store any data which can be used to trace your online activities -- no more, no less."

Will you be using the new private browser mode that will be included in Firefox 3.1? Check out this article to learn more about it.

news/network-security/firefox-31-will-have-a-private-browsing-mode
Rreally Simple Keyless Steganography For Linux (Nov 5)

Today we're going to take a look at a topic that most people are probably familiar with to one degree or another. To use the dictionary definition, steganography is the art of "hiding a secret message within a larger one in such a way that others can not discern the presence or contents of the hidden message."

I find steganography to be an interesting part of computer security. It's not as popular as encryptions but it does have some uses. This article discusses the basics of this technology.

Solving Privacy Issues in Ubuntu 8.10 Intrepid Ibex (Nov 4)

One of the new features in Ubuntu 8.10 is the ability to create an encrypted directory for content you do not want others to access. Oh, by the way, did you know that anyone can read your files that are in your home directory?

Do you want to know how you can protect the privacy of your data on Ubuntu 8.10? Check out this article which tells you alternative ways to do this including a cryptographic filesystem package.

news/privacy/solving-privacy-issues-in-ubuntu-810-intrepid-ibex
Portrait: Metasploit godfather H.D. Moore (Nov 4)

The Metasploit Project develops a set of security tools to create and execute exploit code on remote computers. Some people say Metasploit makes the job easier for black hat hackers who attack networks looking for vulnerabilities to take advantage of; others says the tool helps network security administrators do a better job of finding and repairing weaknesses before the bad guys get to them. H.D. Moore, the 20-something creator of the Metasploit Project, says it all depends on your perspective.

Have you ever used Metasploit? This article looks at the creator of Metasploit H.D. Moore and how he started this project.

Be Aware of SOA Application Security Issues (Nov 3)

"Extensible Markup Language (XML), Web services, and service-oriented architecture (SOA) are the latest craze in the software development world. These buzzwords burn particularly bright in large enterprises with hundreds or thousands of systems that were developed independently. If these disparate systems can be made to work together using open standards, a tremendous amount of time, money, and frustration can be saved. Whether or not we are on the verge of a new era in software, the goal alone is enough to make security people cringe. It might be easy to glue System A and System B together, but will the combination be secure?

Have you ever used or developed a SOA application? If so, you might be interested in this article that talks about some security concerns with it.

news/network-security/be-aware-of-soa-application-security-issues
Parallel SSH Execution and a Single Shell to Control Them All (Oct 31)

Many people use SSH to log in to remote machines, copy files around, and perform general system administration. If you want to increase your productivity with SSH, you can try a tool that lets you run commands on more than one remote machine at the same time. Parallel ssh, Cluster SSH, and ClusterIt let you specify commands in a single terminal window and send them to a collection of remote machines where they can be executed.

Do you want to increase your productivity with SSH? Check out this article on 3 parallel SSH tools which let you run commands on multiple machines at the same time.

news/network-security/parallel-ssh-execution-and-a-single-shell-to-control-them-all
SQLmap 0.6.1 - Automatic SQL Injection Tool (Oct 31)

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.

Have you ever used any security tools for detecting SQL injection attack. This article discusses some of the features of sqlmap.