“After two weeks of constant advisories, its comforting to
see the amount of activity die down. This week, various advisories
exists for the Document Template package, BRU Backup Utility,
Kerberos 5, and a bug on FreeBSD/Alpha systems that weakens its
encryption. Take time to Review your system for these packages and
update immediately if affected. Keep in mind that simply because
your vendor has not released an update that another vendor may have
does not mean your system is not vulnerable.“
“In the news, OpenBSD Announces its release of version 2.7,
Mimestar “Shoots Down Intruders” by releasing Version 3.0.7 of
SecureNet PRO, and the U.S. House gives its “OK” to the digital
signature bill.”
“This week a number of interesting papers were released. Some of
those include “Open Sources, Security by Default,” “Bruce
Schneier’s Crypto-Gram,” and “The Secrets of Snoop,” a paper
discussing the use of various sniffers. “Open Sources, Security by
Default” discusses actions taken by the OpenBSD team, and Theo De
Raadt, the founder of OpenBSD. With the release of OpenBSD 2.7, the
goal was to “remove most of the extraneous, unnecessary, and
insecure protocols from the OS, tightened up the default
configuration, and then hunt for bugs ruthlessly.” The Internet as
a whole would be a much more secure if other vendors would follow
this example.”