[ Thanks to Benjamin
D. Thomas for this link. ]
“Greetings, issue number 5 is already here! We would like to
take a moment to thank our readers for all of your support. The
response has been tremendous for both our newsletter and website,
LinuxSecurity.com If you have any suggestions regarding the
website, newsletter, or anything else, please let us know! We are
here to serve the open-source community; your voice should be
heard.“
“In the news, a few good articles were released. A few of my
favorites included, Cracked! Part 4: The Sniffer, The Shell Game,
and Who’s Sniffing Your Network?.’ ‘Cracked’ and ‘Who’s Sniffing
your network’ both are written about the use of packet sniffers.
While both take different approaches to explain this topic, they
are interesting to read. The Shell Game explains the rational for
SSH and using encrypted communications. Take a moment to treat
yourself to these three articles.”
“Last week, the major topic of concern was The Top 10 System
Security Threats released by SANS. Articles such as FBI, DOJ issue
list of worst Internet threats and IT, Company Execs Add To
Security Holes spawned from SANS’ initial release. The top 10
threats include: connecting systems to the Internet before
hardening them, connecting test systems to the Internet with
default accounts/passwords, failing to update systems when security
holes are found, using telnet and other unencrypted protocols for
managing systems, giving passwords over the phone or changing user
passwords in response to telephone or personal requests when the
requester is not authenticated, failing to maintain and test
backups, running unnecessary services, (especially ftpd telnetd
finger rpc), implementing firewalls with rules that don’t stop
malicious or dangerous traffic (incoming or outgoing), failing to
implement or update virus-detection software, and failing to
educate users on what to look for and what to do when they see a
potential security problem.”