“A very bad week for all concerned. Red Hat pulled a boner,
PostgreSQL stores passwords in plaintext, and someone posted a
nifty man page exploit for Red Hat 6.1 (time to upgrade!). Maybe we
should form an OpenSource security fund, every time a
programmer/etc pulls something stupid they have to give $50 to the
fund, which is then used to educate people about software security
(like programmers/etc.).”
“A problem mentioned a while ago (using FTP commands to get
internal clients to open up connections that an attacker could
“ride” back in, punching through most firewalls (and especially
Linux machines running ipmasq) like cottage cheese, should
hopefully be fixed in kernel 2.2.15.”
“Red Hat is not alone in making mistakes, SuSE made a few
booboos in one of the base packages (repeat after me:
“DOH!”)…”