Linux in the news
All in one big page
See also: last week's Security page.
NewsA new version of ssh 1.X has been released. The new version, ssh 1.2.27, has replaced the OSF1/C2 security support with the more complete SIA (Security Integration Architecture). In addition, a host of other fixes provided by a variety of sources have been included. This releases bodes fair to be more stable and secure as a result. For more information, check out the BugTraq announcement. RPM packages for the new version do not appear to have hit the usual sites as of yet.
Spying on the Spies is the title of this Wired News article, which talks about growing concern in Europe about the US National Security Agency activities. It even mentions that commercial software products, such as Lotus Notes and others, may contain backdoors "through which the NSA can gain access to an individual's personal information." True or not, it illustrates why governments should be concerned about the use of closed-source software, where such backdoors cannot not be found or corrected. Separately, as mentioned at the end of the article, it will be interesting to see if Europe's concerns about the NSA will generate a comparable interest internal to the U.S., where reports about NSA privacy violations and other activities have met with little concern over the past years.
Security ReportsEarly versions of ssh 2.0 hace a security vulnerability which can allow someone to bruteforce a login/password without any ip logging of the effort. This problem is fixed in versions 2.0.12 and newer, so if you are running ssh 2.0, make sure you have upgraded to the latest version. Most people are still running 1.2.X versions and are therefore not impacted. Check this website for more details [From BugTraq].
Although no official announcement was seen, Red Hat has updated their errata for Red Hat Linux 6.0 to include a fix for a problem with xscreensaver.
A security problem involving Netscape bookmarks has been reported.
Resourcesnidsbench is a network intrusion detection system test suite that has been released under a BSD license by Anzen Computing, in order to encourage the introduction of a more precise testing methology into intrusion detection.
SuperAnt has put out a Linux Security CD-ROM, containing tools and more to help you secure your system. Check out their announcement for more details.
EventsA Call for Participation has gone out for RAID'99, scheduled for September 7th through the 9th in West Lafayette, Indiana, USA. RAID'99 is jointly sponsored by the SANS Institute, the IBM Business Recovery Services and the Emergency Response Service. [From ISN]
Section Editor: Liz Coolbaugh
May 20, 1999