Archive for April, 2001
FreeBSD FreeBSD-SA-01:33: globbing vulnerability in ftpd
Thursday, April 19th, 2001Security Flaw with Linux 2.4 Kernel and IPTables
Thursday, April 19th, 2001Tempest Security Advisory:
Security Flaw with Linux 2.4 Kernel and IPTables [via Slashdot]
Security Advisory - #01/2001
Security flaw in Linux 2.4 IPTables using FTP PORT
Author: Cristiano Lincoln Mattos, CISSP, SSCP
Release date: 16 April 2001
Platforms: Linux Kernel 2.4.x
Impact: If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing “related” connections (almost 100% do), he can insert entries into the firewall’s connection tables…
Anti-Hacking premiums 25% higher for Win NT
Wednesday, April 18th, 2001The Register: Anti-Hacking premiums 25% higher for Win NT
United States v. Hubbell: Encryption and the Discovery of Documents
Monday, April 16th, 2001United States v. Hubbell: Encryption and the Discovery of Documents. University of Richmond Apr 16 2001 3:50AM ET [Computer security news]
Techies Learn to Go It Alone
Monday, April 16th, 2001Techies Learn to Go It Alone. Rensselaer Polytechnic Institute receives a $1 million donation to pump up entrepreneurship at the university. Also: Black colleges assess their information technology goals…. [Wired News]
SecurityPortal: Ask Buffy - ports; log search tools, DNS - UDP or TCP
Friday, April 13th, 2001From SecurityPortal: Ask Buffy - ports; log search tools, DNS - UDP or TCP [via Linux Today]:
Log Tool
We have all these NT 4.0 logs, but it there a tool that can help sift through information and present it with meaning? With regard to security, I just want to get to the information that I need. I need to get to this information quickly. Do you have any suggestions?
Kevin M Moker
This is a subject for which there is a ton of information available. There is an excellent FAQ available at:
http://www.heysoft.de/nt/eventlog/faq.htm
And an entire book on the subject available from O’Reilly:
http://www.oreilly.com/catalog/winlog/
As for actual products that will monitor your log files and respond to events, there are several dozen solutions; for example:
http://www.sql-server-performance.com/event_log_monitor.asp
http://www.ipsentry.com/dlfiles/addins/ipsevmon.htm
You can also export NT event logs, using a variety of products, to UNIX syslog machines and use your favorite syslog monitoring tool.
Buffy (
"mailto:buffy@securityportal.com">buffy@securityportal.com
)
Security for Web Database Applications
Friday, April 13th, 2001Security for Web Database Applications. You know you want to protect yourself, and your database. Here’s how. [WebReview.com]
Why UDDI Will Succeed, Quietly
Friday, April 13th, 2001Brent Sleeper: Why UDDI Will Succeed, Quietly. [Scripting News]
Server-side scripting languages: PHP, Perl, Java servlets — Which one’s right for you?
Thursday, April 12th, 2001IBM DeveloperWorks: Server-side scripting languages: PHP, Perl, Java servlets — Which one’s right for you? Erik Zoltán (erik@zoltan.org), Advanced Systems Engineer, EDS [IBM DeveloperWorks]
