Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Oct 27, 2000

  • eWeek: Industry reaction to Microsoft hack: It will only get worse (2000-10-27 22:36:01)
    "The breach of Microsoft Corp.'s network and subsequent access to its source code represent to many the failure of that vendor's product design, the failure of enterprises to implement best practices and the failure to understand security as a risk-management proposition."

  • Red Hat Security Advisory: Updated nss_ldap packages are now available. (2000-10-27 20:41:05)
    "A race condition has been found in the nss_ldap package. On a system running nscd, a malicious user can cause the system to hang."

  • Red Hat Security Advisory: Updated Secure Web Server packages now available (2000-10-27 20:34:35)
    "Security bugs in versions of Apache prior to 1.3.14 also affect Secure Web Server. A new release which incorporates 1.3.14 is now available."

  • SuSE Security Announcement: ncurses (2000-10-27 20:19:45)
    "Insufficient boundary checking leads to a buffer overflow if a user supplies a specially drafted terminfo database file. If an ncurses-linked binary is installed setuid root, it is possible for a local attacker to exploit this hole and gain elevated privileges."

  • LinuxSecurity.com: Linux Advisory Watch, October 27, 2000 (2000-10-27 19:40:03)
    "This week, advisories were released for apache, gnupg, ping, ypbind, ypserve, mysql, cyrus-sal, curl, ppp-off, and xlockmore. The vendors include Immunix, Mandrake, Red Hat, and Slackware."

  • CNET News.com: Microsoft computer network hacked; WINE to benefit? (2000-10-27 14:09:32)
    "...it could provide aid to projects that are trying to reverse-engineer aspects of Windows. One example is a group called Wine working on technology that lets Windows programs run on Intel-based Linux systems."

  • Microsoft secrets 'safe' after hack attack (2000-10-27 11:21:38)
    "Microsoft's corporate network has been broken into by hackers, but the Redmond giant said source code for its most popular software was not compromised."

  • Security Portal: Auditing Code (2000-10-27 06:48:10)
    "However, an automated code audit is much better than no code audit, especially with a reasonably advanced tool such as ITS4, which will catch many of the common problems that have resulted in root exploits. The following is an interview with John Viega, author of ITS4."