Security Linux News for Jul 14, 2000
LinuxSecurity.com: Jay Beale and the Bastille Linux Project [Interview] (Jul 14, 2000, 19:46)
"We've been very successful so far - Bastille can stop almost
every single root grab vulnerability that I know of against Red Hat
6.x. In the case of the well-known BIND remote root vulnerability,
we had secured against that one before it was even discovered!"
MandrakeUser.org: SSH provides encrypted and authenticated network connections. [Tutorial] (Jul 14, 2000, 12:18)
"Enter SSH (Secure SHell). By using SSH, you encrypt the traffic
and you can make 'man-in-the-middle' attacks almost impossible. It
also protects you from DNS and IP spoofing. As a bonus, it offers
the possibility to compress the traffic and thus make transfers
faster. SSH is a very versatile tool: not only does it replace
telnet, you can also 'tunnel' services like ftp, pop and even ppp
LinuxPR: eWaddle offers Co-location and Webhosting Services.
(Jul 14, 2000, 12:05)
"eWaddle holds security in the highest regard and will provide a
secure service. eWaddle, the site where you report the news, is
offering co-location, webhosting and design services. All ewaddle
servers are Linux based and placed behind a Linux Firewall."
Caldera Systems Security Advisory: symlink attack on makewhatis script possible (Jul 14, 2000, 06:54)
"There is a problem in the way the makewhatis script, which is
run daily to rebuild the database used by the whatis(1) command,
handles temporary files. This can be exploited by local users to
corrupt arbitrary files on the system."
CNN/AP: U.S. Probation Office lets high-profile hacker Kevin Mitnick back online (Jul 14, 2000, 00:16)
"Among the jobs approved: writing for Steven Brill's online
magazine Contentville, speaking in Los Angeles on computer
security, consulting on computer security and consulting for a
computer-related television show."