“An interesting week, some more advisories concerning the bug in
make and MySQL (people releasing fixed packages, nothing new).
The most interesting thing however was the announcement of
Medusa DS9, a security tool for Linux that allows you to control
access to various things. I haven’t tested it myself so I
don’t know how effective it is, but it doesn’t sound like snake oil
either. I also got around to catching up on some neglected tools,
‘Instructor 1.0’ was released, basically it hammers the CPU
with opcodes to see what makes it go boom.”
“Tip of the week:
Various problems with ASP and PHP include files have been found
(primarily that by requesting them you can get the contents of the
file, which can provide useful information to an attacker). Use
Apache’s access configuration to block access to these types of
files, for example to block access to *.inc files:
<Files ~ “.inc$”>
Order allow,deny
Deny from all
</Files>”
“You might also want to block access to files ending in ~’s,
i.e. the backup file that emacs creates (I know there’s more then a
few of these on my server):
<Files ~ “~$”>
Order allow,deny
Deny from all
</Files>”