Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Oct 04, 2000

  • Red Hat Security Advisory: LPRng contains a critical string format bug (2000-10-04 20:41:42)
    "LPRng has a string format bug in the use_syslog function which could lead to root compromise."

  • Red Hat Security Advisory: lpr has a format string security bug, LPRng compat issues, and a race cond. (2000-10-04 20:36:31)
    "lpr has a format string security bug. It also mishandles any extension to the lpd communication protocol, and assumes that the instructions contained in the extension are a file it should try to print. It also has a race condition in the handling of queue interactions that can cause the queue to wedge."

  • Security Portal: Why We Don't Need Perfectly Secure Systems (2000-10-04 19:52:57)
    "Comments like "once an attacker has physical access, your security is useless" are wrong because no security measure will protect you 100% from all attacks."

  • LinuxPlanet: .comment: Are We Asking for It? (2000-10-04 15:52:24)
    "We've witnessed macros that run automatically -- how many billions of dollars did that cost? We've had the joys of HTML mail, which quickly got exploited by spammers as a way of verifying email addresses so that the recipient could become a more attractive spam target. We have had, though not seen widely (yet) exploits that run programs and macros attached to mail without the mail even being opened. We have cookies that tell people who don't identify themselves things about us that we do not give them permission to know, which at least one company has tried to sell."

  • Enterprise Linux Today: Do you know if your data is safe? (2000-10-04 08:06:38)
    "We need to begin thinking of security as a process rather than an event. We will never have 100% security, so what do we do?"