Security Linux News for Mar 01, 2000
security focus: Security Whitepaper: Seeds may already be sown for worse attacks (2000-03-01 18:28:10)
"Unfortunately, since subverted servers were used in the attack,
it's quite possible that the target servers may now be subverted as
Security Portal: Creating software packages for Linux - do's and don'ts. (2000-03-01 18:14:24)
"Unfortunately it seems that Linux software vendors are intent
on making the same mistakes made by other third party software
vendors for UNIX. ...the same problems occur over and over
Wired: U.S. Wants Less Web Anonymity (2000-03-01 17:54:31)
" 'A criminal using tools and other information easily available
over the Internet can operate in almost perfect anonymity'..."
NetworkWorld: NSA moves to defuse spy network controversy (2000-03-01 17:30:54)
"Echelon is NSA's Cold War-vintage global spying system, which
consists of a worldwide network of clandestine listening posts
capable of intercepting electronic communications such as e-mail,
telephone conversations, faxes, satellite transmissions, microwave
links and fiber-optic communications traffic."
Linuxcare: Arne W. Flones: Climbing Mount S.u.S.E. (2000-03-01 16:50:56)
"With Linux, as long as you keep up-to-date on security alerts
you may never need to do a full upgrade. In spite of this, I
upgrade my computers at least once a year since this provides me
the chance to stay current on new distribution features and
SuSE Security Announcement: Package: htdig < 3.1.5 (2000-03-01 16:45:33)
"htsearch, a CGI program which is part of htdig, doesn't do
proper checking on user input."
VNU Net: EC bans passing consumer data to the US (2000-03-01 16:07:35)
"As of today, UK businesses cannot begin passing consumer data
to states outside the European Union (EU) that lack adequate levels
of protection without the individual's permission."
ComputerWorld: Justice Dept. says new laws needed to track hackers (2000-03-01 14:38:08)
"...a hacker... attack may travel a serpentine route utilizing
multiple servers and carriers located in numerous states. But when
police and federal agents attempt to trace the attack, they must
apply for court orders in each jurisdiction..."
Wired: Free Crypto Offered to Schools (2000-03-01 06:11:01)
"SSH Communications Security plans to make its login encryption
software available to universities free of charge."
PC Week: Startup Silverback launches novel management service (2000-03-01 01:46:24)
"...an Intel-based hardware device at the customer site that
runs Linux, VPN (virtual private network) software, a database, a
Web server and a suite of management applications (including a
device discovery engine, an alerting and monitoring engine,
security scanning and performance monitoring software)."
ZDNet: DoS: Linux to the rescue [via Tripwire] (2000-03-01 01:12:32)
"Security mavens have long agreed that open-source security is
the best security. It's a pity that their bosses usually disagree.
E-Commerce Times: Diversinet Delivers Linux-Based Wireless E-Commerce Security (2000-03-01 00:54:07)
"The new SDK product will allow developers who work with Linux
and other UNIX environments to utilize Diversinet's Passport
Certificate Server, along with its Digital Permit Server..."