Linux in the news
All in one big page
See also: last week's Security page.
NewsPolice and intelligence agencies in Britain gained new power with the passage of legislation that will allow them to require the disclosure of encryption keys or other information needed to get access to encrypted material. Although the controversial topic of key escrow did not make it into this legislation, Hong Kong police are definitely calling for the introduction of key escrow policies.
Dan Farmer and Wietse Venema will be giving a one-day seminar entitled "Dan & Wietse's Computer Forensics Analysis Class", on August 6th in Yorktown Heights, NY, USA. This free class will focus on a series of case studies and examine the information left in the wake of a security incident, on disk, memory and elsewhere. They state, "This class will be given only once. It will not be repeated, and no recordings will be made." If you are anywhere near Yorktown Heights on August 6th, this is a not-to-be-missed opportunity. We wish we could be there as well.
Security ReportsChris Leishman reported a security problem with LPRng in this note. Patrick Powell responded with information on how to configure the security options in LPRng and a warning that running LPRng and any other print server SUID root is inherently insecure, due to the unreliability of the protocol used for authentication. If you are running LPRng, you will want to take a look at these posts.
Salvatore Sanfilippo reported a problem with cfingerd 1.3.2, for which Larry W. Cashdollar responded quickly with a patch, though deprecating the use of finger in general. Andreas Bogk agreed and recommend that people who insist on using finger take a look at dfingerd from David Lichteblau.
Netscape has acknowledge an SSL handshake bug in Netscape Enterprise Server that can be used to crash the server. They have made patches available.
UpdatesNo updates for Red Hat, SuSE, Slackware, Debian or Caldera have been posted since July 1st.
ResourcesComputer Security News Dailyis a nicely organized source of links to today's security-related press articles.
Pgp 6.5.1 has been announced.
A Beta 1 version of SecureCRT 3.0 has been released.
EventsComputer Security 99 has issued their Call-for-Participation for their event, scheduled for October 4th through the 8th, 1999, in Mexico City, Mexico.
Section Editor: Liz Coolbaugh
July 8, 1999
Secure Linux Projects Bastille Linux
Khaos Linux Secure Linux
Security List Archives
Firewall Wizards Archive
Red Hat Errata
Linux Security Audit Project