Security Linux News for Oct 19, 2001
Red Hat Security Advisory: Updated diffutils packages available (Oct 19, 2001, 23:41)
"Updated diffutils packages are now available, fixing a
temporary file handling vulnerability in the sdiff program."
NewsForge: SSSCA gets a hearing Oct. 25 -- can it be stopped? (Oct 19, 2001, 18:17)
"While the Open Source community is acquainted with the
potential effects of this bill on freedom from government intrusion
on our private activities, many businesses that use Open Source
software, government agencies who sponsor Open Source projects, and
lawyers who specialize in technology issues either have not heard
of the bill, or do not understand its implications. Eben Moglen,
chief counsel for the Free Software Foundation, is succinct: 'SSSCA
is a deliberate attempt to destroy free software.'"
CNET News.com: Net security: An oxymoron (interview with Peter Neumann)
(Oct 19, 2001, 13:30)
"The open-source movement is not inherently guaranteed to come
up with secure software unless there is significant discipline in
the development, distribution, operation and administration of the
resulting systems. So it's important to realize that we have a lot
of weak links, all of which have to be addressed. The idea that
hiding the source code is going to solve the problem is utterly
O'Reilly: A Sysadmin's Security Basics
(Oct 19, 2001, 12:29)
"This article gives an overview of the basics necessary to
secure your network, including passwords, email attachments and
client settings, firewalls and DMZ's, securing insecure protocols,
wireless, and staying informed."
Red Hat Security Advisory: New kernel 2.4 packages are available (Oct 19, 2001, 04:24)
"A vulnerability has been found in the ptrace code of the kernel
(ptrace is the part that allows program debuggers to run) that
could be abused by local users to gain root privileges."
CNET News: Gartner Commentary: Hype is the real issue [MS "Bug Anarchy"] (Oct 19, 2001, 00:58)
"In truth, the responsibility for information security falls to
the entire IT community--software companies, security firms,
businesses and individuals. None should shoulder the whole blame
for security lapses. Rather, the efforts of all parties contribute
to a continuous process of improvement. The more widely
vulnerabilities become known, the more quickly they get fixed."