Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Dec 25, 2000

  • Linux Magazine: System Security (Dec 25, 2000, 19:36)
    "Worse yet, the bad guys don't even have to exert much effort to attempt a break-in. There are lots of scanning and cracking tools available that know how to find and exploit known weaknesses on most computer systems."

  • Linux Month: Making Red Hat Secure (Dec 25, 2000, 16:39)
    "In this article I will explain how to make your Linux box secure by taking basic security measures. This article will enable anybody to tighten the security of a redhat Linux box."

  • BindView Research Report: Vulnerabilities in Operating-System Patch Distribution (Dec 25, 2000, 15:47)
    "For example, some Linux vendors provide a PGP signature for every package but do not provide a PGP signature for the downloadable boot-floppy image. Also, BSD Unix vendors typically provide some files that contain MD5 checksums of the operating-system distribution files, but the checksum file is not PGP signed."

  • Security Portal: Weekly Linux Security Digest 2000/12/18 to 2000/12/24 (Dec 25, 2000, 15:35)
    "Anyway, this week it's more of the same, which is really starting to get on my nerves. Can't programmers learn basic security fundamentals like how to create tmp files?"

  • Debian Security Advisory: two gpg problems (Dec 25, 2000, 05:27)
    "There is a problem in the way gpg checks detached signatures which can lead to false positives."

  • Linux Security Week - December 25th 2000 (Dec 25, 2000, 05:18)
    "Unfortunately, a large number of advisories were released this week. Many of you are taking time off for the holiday. We advise that you spend a little extra time ensuring that your systems are ready for a long stable weekend."

  • Debian Security Advisory: multiple stunnel vulnerabilities (Dec 25, 2000, 03:05)
    "Lez discovered a format string problem in stunnel (a tool to create Universal SSL tunnel for other network daemons). Brian Hatch responded by stating he was already preparing a new release with multiple security fixes."

  • Debian Security Advisory: dialog symlink attack (Dec 25, 2000, 03:00)
    "Matt Kraai reported that he found a problem in the way dialog creates lock-files: it did not create them safely which made it susceptible to a symlink attack."