Security Linux News for Apr 21, 2000
InfoWorld: Maryland may be first to enact UCITA (Apr 21, 2000, 23:48)
"Although Maryland is the second state to approve UCITA, it may
be the first state to legally enact the measure, according to a
spokeswoman at the governor's office."
Suse Security Announcement: imwheel is not vulnerable [in SuSE Linux] (Apr 21, 2000, 21:24)
"Please note that a local root vulnerability has been found in
the imwheel package, however: SuSE Linux is not affected."
Red Hat Security Advisory: imwheel buffer overflow (Apr 21, 2000, 21:19)
"A vulnerability exists in the imwheel package where local users
can execute arbitrary commands as root."
PC Week: Vulnerability discovered in Netscape Navigator (Apr 21, 2000, 20:05)
"The exploit allows malicious site operators to bypass security
protocols that prohibit them from reading that file."
ApacheWeek: Issue 195: 21st April 2000 (Apr 21, 2000, 19:12)
This issue includes: Report from RSA Security Europe Conference,
In the news, Apache status and O'Reilly Network Survey. Read it
O'Reilly Network: CYA for System Administrators; Things to keep in mind in our litigious society (Apr 21, 2000, 17:58)
"...it's a good idea to make sure that your role and your
responsibilities are fully specified. By "fully specified" I...
mean that... your job description should be complete and list not
only the hardware and software you support, but what management
areas that role includes."
VNU Net: Turning up the heat on firewalls (Apr 21, 2000, 15:57)
"Generally, firewalls give better overall performance when
running on high-end Unix or Linux rather than Windows NT, because
Unix and Linux are able to better exploit the underlying hardware
Federal Computer Week: Free Linux software blocks hackers (Apr 21, 2000, 15:05)
"Certain electronic intruders will have to find a new way to
wreak havoc thanks to free Linux software released Thursday by
Lucent Technologies' Bell Labs."
VNU Net: Security hole found in Netscape (Apr 21, 2000, 08:28)
"The vulnerability is caused by a combination of technologies
that allows an unfriendly website operator to avoid the browser's
ComputerWorld: Update: Mafiaboy a copycat; attacks could have been stopped (Apr 21, 2000, 00:43)
"...another piece of the problem lies with the fact that
Internet service providers (ISPs) and other outfits that make up
the Internet backbone aren't using Ingress filtering, which
prevents packet spoofing. ... Ingress filtering can determine if a
packet was indeed sent from that location, and if its address is
spoofed, it's stopped at the router."