Security Linux News for Jul 31, 2000
LinuxWorld: Illuminating shadow passwords - What the software is, how to get it, how to use it (Jul 31, 2000, 23:27)
"Why shadow passwords? Simply put, the shadow password scheme
addresses the major shortcoming of the original Unix
password-handling scheme, the fact that the password list was
stored as a world-readable file."
Linux.com: Freedom: What it Really Is (Jul 31, 2000, 22:55)
"When most people think that Linux is free, they perceive it to
be as in a gift; While it is certainly free in that respect, there
is something even more important about it. This is about the
difference between free speech, and free beer."
Red Hat Security Advisory: New netscape packages available to fix JPEG problem (Jul 31, 2000, 20:59)
"New netscape packages are available that fix a potential
overflow due to improper input verification in netscape's JPEG
processing code. It is recommended that users of netscape update to
the fixed packages."
LanSystems.com: Secure your box (Jul 31, 2000, 16:58)
"This article starts off a series of articles geared towards
securing your system. After being asked plenty of times "How can I
secure my system?" I figured it was time for a series like this
one. These articles are generally geared towards new users, but
might serve as a reference to the experienced too."
LinuxSecurity.com: Linux Security Week, July 31, 2000 (Jul 31, 2000, 08:59)
"This week, advisories for gpm, man, dhcp-client, Zope,
openldap, BitchX, pam, and nfs-utils were released. DHCP-client and
nfs-utils vulnerabilities can both theoretically be used to gain
remote root access."
Security Portal: How Do I Tighten Security on My System? (Jul 31, 2000, 08:54)
"Hardening" a system is the practice of making that system much
harder to crack. I like to think that this involves steps not only
to prevent break-ins, but also to detect them when they
Security Portal: Weekly Linux Security Digest 2000/07/24 to 2000/07/30 (Jul 31, 2000, 08:47)
"This does bring up the topic, however, of finding files and
directories with improper permissions. Generally speaking, a file
should only be writeable by the owner, very rarely the group, and
almost never any other. You can use find -perm to locate these
files and directories. The other problem is in Netscape - there is
a potential vulnerability in the jpg handling code."