Linux in the news
All in one big page
See also: last week's Security page.
News and Editorials
What's in Windows XP?. Newsbytes reported a claim by an Al Qaeda suspect that saboteurs infiltrated Microsoft to plant "trojans, trapdoors, and bugs in Windows XP." This claim is difficult to believe, to say the least. Still, one wonders just how Microsoft would go about convincing its customers that Windows XP doesn't contain "trojans, trapdoors, and bugs" planted by Al Qaeda. A development process that allows flight simulators to be slipped into a spreadsheet product seems unlikely to be able to prevent more subtle insertions.
Companies selling closed source software are especially vulnerable to attacks like this one. Even groundless rumors can inflict real damage when you sell closed source software. Only when source code is available for public inspection can the public know what is fact and what is a cruel lie.
FBI reportedly seeks personal data without a warrant. The Daily Rotten has reported that the FBI has requested access to the Badtrans worm's pilfered data. Millions of victims of Badtrans had passwords and other personal data pilfered by a keystroke logger. The virus sent the stolen data back to a number of email addresses. One of the addresses was a free email account at IJustGotFired.com. IJustGotFired is owned by MonkeyBrains.
The rotten.com story states that last week the FBI contacted the owner of MonkeyBrains and requested a cloned copy of the password database and keylogged data sent to IJustGotFired.
The FBI wants indiscriminant [sic] access to the illegally extracted passwords and keystrokes of over two million people without so much as a warrant. Even with a warrant they would have to specify exactly what information they are after, on whom, and what they expect to find. Instead, they want it all and for no justifiable reason.
The Register described the request as a "surveillance bonanza" for the FBI.
Know Your Enemy: Honeynets (LinuxSecurity). LinuxSecurity.com is running a lengthy article on building honeynets. "Conceptually, Honeynets are a simple mechanism. We create a network similar to a fishbowl, where we can see everything that happens inside it. Similar to fish in a fishbowl, we can watch and monitor attackers in our network. Also just like a fishbowl, we can put almost anything in there we want. This controlled network, becomes our Honeynet. The captured activity teaches us the tools, tactics, and motives of the blackhat community."
December CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for December is out. Covered topics include national ID cards, SMTP banners, and forcing companies with bad security off the net. "This is where the legal system can step in. I like to see companies told that they have no business putting the security of others at risk. If a company's computers are so insecure that hackers routinely break in and use them as a launching pad for further attacks, get them off the Internet. If a company can't secure the personal information it is entrusted with, why should it be allowed to have that information?"
For those who are interested, here is a detailed description of this vulnerability from Global InterSec LLC. Expect glibc updates from most other distributors in the near future.
Mandrake security update to passwd. MandrakeSoft has issued an update to its passwd package. Evidently a PAM misconfiguration in Mandrake Linux 8.1 can prevent the use of MD5 passwords.
web scripts.The following web scripts were reported to contain vulnerabilities:
Proprietary products.The following proprietary products were reported to contain vulnerabilities:
Mailman cross-site scripting vulnerability. This vulnerability was first reported by LWN on December 13th.
This week's updates:
OpenSSH UseLogin vulnerability. This obscure vulnerability is not of concern to most sites. This problem first appeared in the December 6th LWN security page.
This week's updates:
Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
This week's updates:
ResourcesRecent SSH vulnerabilities is the topic of this CERT advisory on recent activity against secure shell daemons. "While these problems have been previously disclosed, we believe many system and network administrators may have overlooked one or more of these vulnerabilities. We are issuing this document primarily to encourage system and network administrators to check their systems, prior to the holiday break."
Email Security through Procmail version 1.131 was announced this week. This is a "collection of methods to sanitize e-mail, removing obvious exploit attempts and disabling the channels through which exploits are delivered. Facilities for detecting and blocking Trojan Horse exploits and worms are also provided."
Upcoming Security Events.
CodeCon Call for Papers. The Linux Journal is running the final CodeCon 2002 call for papers. This event will be held February 15 to 17 in San Francisco, and is intended to be "the premier event in 2002 for the P2P, cypherpunk and network/security application developer community." The CFP deadline is January 1, so time is running out.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to firstname.lastname@example.org.
Section Editor: Dennis Tenney
December 20, 2001
Security alerts archive
Engarde Secure Linux
NSA Security Enhanced
Linux Security Audit Project
Linux Security Module
Security List Archives
Firewall Wizards Archive
LinuxPPC Security Updates
Red Hat Errata
Yellow Dog Errata
Security mailing lists Caldera
Linux From Scratch
Security Software Archives
ZedZ.net (formerly replay.com)
Comp Sec News Daily