Ethical Hacking and Malware Insights: September 2007 Trends
Sep 10, 2007
•
Anthony Pell
3 - 6 min read
Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.
In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.
LinuxSecurity.com Feature Extras:
Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Review: Securing VoIP Networks | ||
5th, September, 2007
With the proliferation of VoIP networks and a substantial amount of FUD (Fear, Uncertainty and Doubt) that surrounds the process of implementing security on these networks, this book couldn't have arrived on the shelves at a better time. |
||
| Nmap explained from an Ethical Hacker's View | ||
4th, September, 2007
Nmap (Network MAPper) is a network scanner written by Gordon Lyon. It is a free and open source tool and is available at insecure.org with versions for Windows and Linux and is ubiquitous in its use. Nmap can be (and is) used to for instance, scan for open ports on a remote server, to detect the OS run on the server, what all services are running on the remote server and so on. In the hands of a ethical hacker Nmap can be used for helping to audit a network but it's also used by attackers. So this brings up the question is software like Nmap ethical? news/network-security/nmap-explained-from-an-ethical-hackers-view |
||
| RenaissanceCore IDS Seeks to take Intrusion Detection to the Next Level | ||
5th, September, 2007
This open source company attempts to bring their open source IDS solutions to the table. The article provides a personal insight into the beginnings and directions of the project, bringing out an interesting point of the catch-22 of open source projects: no community -> no credibility -> no community. Sure one of the biggest concerns with the IDS are false positives - however, which IDS doesn't have that concern? Why not check out the article and see if you would want to contribute to the community there. Better yet, do you have any ideas of how to get out of the catch-22? |
||
| Financially Motivated Malware Thrives | ||
7th, September, 2007
There are now people who create programs that make it easier for other people to create programs that make money. Don't worry, you read that right. This article reports on the business of making commercial malware / spamming software. For just around $200, you yourself can have programs that exploit Firefox, Internet Explorer, and Quicktime in an effort to spread your spam as quickly and easily as possible. There are now concentrated efforts in coding these shiny, plug and play spam generators. Have we gotten to the point of "if you can't beat 'em, join 'em"? |
||
| Storm Worm Spoils Labor Day For Some | ||
6th, September, 2007
Musicians are constantly reinventing themselves in an attempt to "keep up with the times" - noone wants to be that oldies band / artist. Malware and worms do the same, this time through emailing sensationalist headlines that are too juicy to not click on. Read on for a quick overview of how worms have no vacations as well as an interesting point about these new attacks trends - they keep up with our time to stay relevant. Even the message bodies are conformed to 2007! |
||
| Is SE Linux only for Linux? | ||
6th, September, 2007
Another example of SE Linux access controls on a non-Linux platform is the MAC framework in the TrustedBSD project. This implements SE Linux access controls on top of FreeBSD. From reading the documentation it seems that the amount of changes required to the SE Linux code base for implementation on TrustedBSD was significantly smaller than the changes required for Darwin. I was surprised to see that other Unix based operating systems are porting SELinux for example, the OpenBSD project. Since SELinux is implementing in both kernel space and user space I would think there would be a lot of core changes to SELinux to make it work on other operating systems. |
||
| Explore the Updated SLIDE and SETools | ||
7th, September, 2007
Tresys have released new versions of SLIDE (announcement) and SETools (announcement). The new SLIDE release (v1.2) includes a network configuration GUI, usability improvements and bugfixes, while the new version of SETools (v3.3.1) is a minor bugfix release. I have recently tested out SLIDE a SELinux development plug-in for Eclipse. I found that the plug-in gives the user at lot of information about the policy which is being developed on. After using it I have been thinking about doing all myy SELinux development on SLIDE instead of vi. What tools do you use for your policy hacking? |
||
PREVIOUS
NEXT
