Linux in the news
All in one big page
See also: last week's Security page.
NewsDomain Name Piracy? A Senate bill has been introduced to address problems with domain name abuse, reports this CNN article. The primary focus seems to be on the registration of sites with the specific intent to capitalize on someone else's trademark or reputation, such as "attphonecards.net". However, the article mentioned the more general abuse of registering domains specifically for the purpose of reselling them as well.
"The legislation was sponsored by a bipartisan group that included Judiciary Chairman Orrin Hatch, Republican of Utah, who strongly criticized the practice of registering names in hopes of selling them.It is hard to see how such speculation can be stopped by legislation though. This bill apparently seeks to provide some exemption from liability for domain registries if they refuse to register a domain due to concerns about trademark infringement and to open the door to allow trademark owners to recover damages. Perhaps that will discourage some abusers, but it seems likely that speculation in namespaces will continue, mostly unabated. [From Computer Security News Daily]
Covering privacy-related legislation, but not specific to security issues, CNN also put together an overall report on Internet-related legislation, which is worth a look.
From Britain comes more concerns about the proposed Electronic Communications Bill. Apparently not only could failure to reveal your encryption keys result in a jail sentence, but complaining about it in public could as well. "Even discussing an investigation in public, such as complaining about alleged abuses of law enforcement to the media, may also be punishable by imprisonment, said Bowden.
CERT has issued an advisory regarding a security problem on Cobalt RaQ servers. If you are running one of these (Linux-based) systems, you probably want to pick up and install the update.
Netscape Enterprise Server's JHTML was the topic of this Bugtraq posting, examining possible problems with the built-in search engine, operational by default.
UpdatesRed Hat has announced an update for Squidwhich fixes the problem with the cachemgr.cgi script, mentioned in last week's Security Summary.
Debian has announced updated Samba packages, following recent mentions of Samba security problems.
Red Hat also updated their Samba announcement, mentioned last week. The new version includes notes about the post-uninstall script. Special install procedures for the updates are recommended.
ResourcesMason, the interactive firewall builder is preparing for the release of a new version. Testers are needed, particularly people working on distributions other than Red Hat 5.2/6.0 and architectures other than i386.
SARA, the Security Auditor's Research Assistant has announced version 2.0.6. It is based on SAINT and licensed under the GPL. Simultaneously, TARA, the Tiger Analytical Research Assistant version 2.2.6 was also announced. TARA is an upgrade to TAMU's 'tiger' program and scans a system for vulnerabilities. It has been tested on Red Hat 5.2, as well as other systems.
EventsWietse and Dan's Free Forensics class filled up within hours of its original announcement. This note from Wietse promises, though, that handouts from the class will be made available on the Web and beta versions of their tools will be made available both to attendees and to people who were unable to get into the class. More information on the class is available at http://www.porcupine.org/class1999/.
Section Editor: Liz Coolbaugh
August 5, 1999
Secure Linux Projects Bastille Linux
Khaos Linux Secure Linux
Security List Archives
Firewall Wizards Archive
Red Hat Errata
Comp Sec News Daily
Linux Security Audit Project