Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Nov 09, 2001

  • O'Reilly Network: Time and Tide Wait for No Protocol: The SSH Keystroke Timing Attack (2001-11-09 16:45:12)
    "Not surprisingly, this paper initiated a great deal of discussion among SSH users, developers, and the security community in general, especially in public forums such as Slashdot. In this article, I will summarize the issues involved, discuss the paper's methods and conclusions, and dispel some of the often-repeated misconceptions in the public's reaction to this research."

  • Troubleshooters.com: SSSCA's Bitter Harvest (2001-11-09 11:03:48)
    Steve Litt presents the nightmare SSSCA scenario: "What is the end result if SSSCA passes? It starts bleak, and gets bleaker. For starters, Linux is outlawed." Brain-drain and border-sneaking programmers follow.

  • Conectiva Linux Security Announcement - w3m (2001-11-09 07:50:37)
    "Ogasawara Satoshi and Kobayashi Shigehiro discovered a vulnerability[1] in a MIME header parsing routine. A malicious web server administrator could execute arbitrary code in the client machine by sending malformed MIME headers inside the server HTTP responses."

  • Red Hat Security Advisory: remote exploit possible in lpd (2001-11-09 07:47:27)
    The lpd printing daemon possess a flaw in the displayq code which makes a remote buffer overflow attack possible. Updated from an advisory issued last week: "The initial package released as a fix for this problem itself had a segfault issue, and would crash when listing remote printers. The broken package, lpr-0.50.1-1, has been replaced with a working fix."