Security Linux News for Apr 17, 2000
sendmail.net: Q&A: Wietse Venema (Apr 17, 2000, 23:24)
"Venema's name has since become synonymous with security in the
minds of sysadmins worldwide, thanks to his work on SATAN, TCP
Wrapper, and a host of other tools to keep the scriptkiddies at
bay. This work hasn't gone unnoticed."
ZDNet UK: Sendmail shrink-wraps open source (Apr 17, 2000, 21:00)
"The Sendmail Switch 8.10 family features 128-bit mail
encryption; central control over multiple Sendmail servers, and
content management APIs."
PRNewswire: Network Magazine Announces 13th Annual Product of the Year Awards (Apr 17, 2000, 17:38)
Red Hat 6.1 named product of the year in Server OS category.
The Register: Microsoft mole spills beans on weenies (Apr 17, 2000, 16:55)
"A mole working at Microsoft in Redmond has described in detail
the process that culminated in a FrontPage security bug that
unfolded its wings and started occupying hectares of column inches
Technocrat.net: Open Source Critique Criticized [Bruce Perens' Rebuttal] (Apr 17, 2000, 16:43)
"The Gauntlet firewall published by Trusted Information Systems
was not an Open Source program. It's what we call 'disclosed
source-code', and that's very important because that difference
means that nobody had much reason to read it or work on it."
RootPrompt.org: Digital Certificates & Encryption (Apr 17, 2000, 14:23)
"...someone who's determined can intercept and eavesdrop on your
private conversations or credit card exchanges. Worse still, they
might replace your information with their own and send it back on
its way. Encryption & Digital Certificates... Used together...
protect your data as it travels over the Internet."
SecurityFocus.com: Wide Open Source - Is Open Source really more secure than closed? (Apr 17, 2000, 08:07)
"But there have been plenty of security vulnerabilities in Open
Source Software that were discovered, not by peer review, but by
black hats. Some security holes aren't discovered by the good guys
until an attacker's tools are found."
Security Portal: Weekly Linux Security Roundup - 2000/04/10 to 2000/04/16 (Apr 17, 2000, 03:25)
"Vendors are still playing catch up, Red Hat and Mandrake
finally released patches for the gpm root hack, but apart from that
not a whole has happened."
Washington Post: Microsoft Coding Tweaks Netscape (Apr 17, 2000, 00:06)
"As Microsoft learned when it finally got a chance to examine
the surprising wrinkle in its software, however, the supposed back
door had security measures built in. It works only if the system
administrator has given the user explicit permission. A back door,
perhaps, but one that still requires a key."