![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page All in one big page See also: last week's Security page. |
SecurityNewsThe Linux FreeS/WAN project has issued a press release covering their release of a free software package to support privacy through encrypted Internet communications. Built and released outside the United States, FreeS/WAN version 1.0is available for immediate download. It is based on the proposed standard Internet Protocol Security (IPSEC) proposals. " FreeS/WAN negotiates strong keys using Diffie-Hellman key agreement with 1024-bit keys, and encrypts each packet with 168-bit Triple-DES (3DES). A modern $500 PC can set up a tunnel in less than a second, and can encrypt 6 megabits of packets per second, easily handling the whole available bandwidth at the vast majority of Internet sites. In preliminary testing, FreeS/WAN interoperated with 3DES IPSEC products from OpenBSD, PGP, SSH, Cisco, Raptor, and Xedia. Since FreeS/WAN is distributed as source code, its innards are open to review by outside experts and sophisticated users, reducing the chance of undetected bugs or hidden security compromises."Break-ins based on ftp are on the rise, according to multiple sources, including this account of an automated attack which exploits ftp security holes. In addition, we've received additional confidential reports of break-ins which are ftp-based. If you are using anonymous ftp, please make sure you are using the latest version of the available software! Also check your configuration carefully. In particular, adding "no dirs" to the upload line of your ftpaccess file may help protect you against some attacks. Security ReportsaDSL routers are on the market, mentions David Brumley, in this post to Bugtraq. Along with them come a new bunch of hardware vendors to educate about security issues. In particular, David reports that the Flowpoint aDSL router sets no admin password. If you have an aDSL router, be sure to disable telnet access to your router's IP address.ResourcesThe Secure UNIX Programming FAQ is a work-in-progress by Thamer Al-Herbish, condensing information he has found on Bugtraq, comp.security.unix and more.comp.os.linux.security is a new newsgroup likely to be created soon, according to the positive ballot issue on its creation. Along with the FAQ, a mailing list for secure Unix programming has been created. The announcement describes the planned list and how to subscribe. Looking for good University programs for computer security? In response to this question, Crispin Cowan posted a good summary of web resources to find such programs, along with a plug for his own class, which sounds excellent. EventsEnabling Privacy in a Virtual World is the title of an upcoming symposium by the Smart Card Forum (SCF), an industry-based organization. It will be held May 12th in Washington, D.C. See their press release for more details [ISN].Section Editor: Liz Coolbaugh |
April 15, 1999 |
Copyright © 1999
Eklektix, Inc., all rights reserved
Next: Kernel