Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Oct 19, 2001

  • Red Hat Security Advisory: Updated diffutils packages available (Oct 19, 2001, 23:41)
    "Updated diffutils packages are now available, fixing a temporary file handling vulnerability in the sdiff program."

  • NewsForge: SSSCA gets a hearing Oct. 25 -- can it be stopped? (Oct 19, 2001, 18:17)
    "While the Open Source community is acquainted with the potential effects of this bill on freedom from government intrusion on our private activities, many businesses that use Open Source software, government agencies who sponsor Open Source projects, and lawyers who specialize in technology issues either have not heard of the bill, or do not understand its implications. Eben Moglen, chief counsel for the Free Software Foundation, is succinct: 'SSSCA is a deliberate attempt to destroy free software.'"

  • CNET Net security: An oxymoron (interview with Peter Neumann) (Oct 19, 2001, 13:30)
    "The open-source movement is not inherently guaranteed to come up with secure software unless there is significant discipline in the development, distribution, operation and administration of the resulting systems. So it's important to realize that we have a lot of weak links, all of which have to be addressed. The idea that hiding the source code is going to solve the problem is utterly ridiculous."

  • O'Reilly: A Sysadmin's Security Basics (Oct 19, 2001, 12:29)
    "This article gives an overview of the basics necessary to secure your network, including passwords, email attachments and client settings, firewalls and DMZ's, securing insecure protocols, wireless, and staying informed."

  • Red Hat Security Advisory: New kernel 2.4 packages are available (Oct 19, 2001, 04:24)
    "A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges."

  • CNET News: Gartner Commentary: Hype is the real issue [MS "Bug Anarchy"] (Oct 19, 2001, 00:58)
    "In truth, the responsibility for information security falls to the entire IT community--software companies, security firms, businesses and individuals. None should shoulder the whole blame for security lapses. Rather, the efforts of all parties contribute to a continuous process of improvement. The more widely vulnerabilities become known, the more quickly they get fixed."