Security Linux News for Apr 27, 2000
Linux.com: Linux Network Device? (Apr 27, 2000, 18:58)
"A simple 486-based system with no more than 16MB of RAM and no
hard drive is capable of acting as a simple firewall and can
basically convert your one IP address from your service provider
into several, one for each computer you want to have Internet
ScienceDaily: Bell Labs Releases Free Linux Software That Foils Common Computer Security Attack (Apr 27, 2000, 18:00)
"Linux distributors Red Hat, Inc., Linux-Mandrake, Turobolinux
and Debian GNU/Linux are working with Bell Labs to incorporate
Lucent Libsafe into their software releases."
InfoWorld: Maryland Legislature caves to UCITA, but Iowa may offer a safe haven from law (Apr 27, 2000, 14:50)
"The possibility that any software inside the firewall could
have unknown self-help mechanisms raises enormous security issues.
Corporations and agencies that don't start asking vendors very
pointed questions will soon be guilty of a dereliction of
VNU Net: Managers flock to Linux startup (Apr 27, 2000, 13:48)
"We tried to find out why Linux wasn't penetrating the market,"
said Kaufman, adding that LinuxSolve's goal is to make the
operating system easy to use and secure."
LinuxLock.org: Interview with Kevin Sexton of Protectix (Apr 27, 2000, 13:07)
"...I think the most commonly overlooked is setup &
configuration with software maintenance a close second. Installing
Red Hat, for example on a new machine could be a disaster for the
security unaware. Many ports are open by default for ease of use
but at the expense of network integrity."
Red Hat Security Advisory: Piranha web GUI exposure [Updated] (Apr 27, 2000, 06:43)
"This is an updated release that disables Piranha's web GUI
interface unless the site administrator enables it explicitly."
Linux.com: Designed for Uncertainty (Apr 27, 2000, 03:23)
"Is there a double standard when it comes to reporting
Microsoft? In this situation, the Linux press, such as Slashdot,
are looking more like a sick imitation of what ZDNet used to be.
Why is it 'evil' when Microsoft FUDs Linux, but 'advocacy' when
Linux sites FUD Microsoft?"
PCFormat Daily: Linux back door slammed (Apr 27, 2000, 03:05)
"It makes a change to see a story about a gaping security hole
in a Linux package for a change, rather than in a Microsoft
product, and many Linux fans smell a rat for that very reason."
SecurityFocus.com: Multiple Linux Vendor 2.2.x Kernel IP Masquerading Vulnerabilities (Apr 27, 2000, 00:47)
"A serious vulnerability exists in the IP Masquerading code
present in, but not necessarily limited to, the 2.2.x Linux kernel.
Due to poor checking of connections in the kernel code, an attacker
can potentially rewrite the UDP masquerading entries, making it
possible for UDP packets to be routed back to the internal