Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Jun 06, 2001

  • SecurityPortal: A Matter of Trust: How Apache.org Was Compromised (2001-06-06 21:00:58)
    Kurt Seifried discusses how Apache.org was compromised, offering that part of a growing problem we face in computer security is trust: "The SSH protocol is used to secure these connections with strong encryption, which provides a tunnel between the two communicating machines. Furthermore, it is assumed that the end developer's machine is secure, and that there are no keystroke loggers running, or items like KeyGhost hooked up to the machine. Herein lies a problem. More and more people are using machines that are not always secure or should not be considered "trusted."

  • LinuxPlanet: .comment: My Semi-Annual Security Rant (2001-06-06 13:10:27)
    What do your politics have to do with your computer? For some, who question conventional wisdom and large institutions, the answer is an unashamed "everything." Going down a list of some of the worst recent privacy abuses, from weapon-sniffing scanners to the seemingly innocuous TiVO, Dennis E. Powell addresses the ironies inherent in a computing community intent on maintaining its firewalls while personal privacy vanishes. "Say hello to Big Brother," says Dennis.

  • Phil Zimmerman: PGP Marks 10th Anniversary (2001-06-06 02:55:05)
    June 5th is the 10th anniversary of PGP 1.0. This message from PGP's author, Phil Zimmerman, offers a look back at the creation and early history of his software, which helped bring strong cryptography to the public.

  • Red Hat Security Advisory: Updated ispell packages available for Red Hat Linux 5.2 and 6.2 (2001-06-06 00:26:43)
    "The ispell program uses mktemp() to open temporary files - this makes it vulnerable to symlink attacks. This version now uses mkstemp(), and also switches from gets() to fgets() in two locations dealing with user input. The patches for ispell are from OpenBSD."

  • Red Hat Security Advisory: Updated xinetd package available for Red Hat Linux 7 and 7.1 (2001-06-06 00:22:19)
    "Xinetd runs with umask 0 - this means that applications using the xinetd umask and not setting the permissions themselves (like swat from the samba package), will create world writable files."