![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page All in one big page See also: last week's Security page. |
SecurityNewsComputerWorld covers the FreeS/Wan release. "...although IPSec is an effective security protocol, corporate information technology managers may want to wait until a vendor incorporates FreeS/WAN into a commercial release." A report from the Security Research Alliance's Crystal Ball Symposium, held last week, was written by Jim Reavis from SecurityPortal.com. The purpose of the symposium was to take a look at security issues over the next two to five years. Some interesting points come up. In particular, the failure of the Firewall to solve all our security problems was addressed. "It is now recognized that strong firewalls, authentication and crypto systems are the Maginot line of Internet Security. Security holes exist, either in the products themselves, or in the gaps created by company policy or social engineering. No matter how hard we try, no single system can be made impervious to attack, therefore we can trust no "1". What are needed are layered defenses and a distributed model of trust. It also gives an interesting example of a distributed model of trust in the Costa Rican voting project case study. This is a recommended read. Most of the recommendations from the Symposium are a ways off, but it will be interesting to see how the Linux community responds to the offered challenges. Will people agree that just fixing bugs and firewalling systems are not enough? What intrusion detection, quarantine and distributed models of trust are likely to come from within? It is soundly to be hoped that open source and free software solutions will be developed, so that we are not left dependent on commercial implementations. Spam from the Anti-Spam? This article from the Denver Post, Denver, CO, covers the amusing, and unexpected, results from a poll to collect information to promote anti-spam efforts. "A Miami concern called the Internet Polling Committee is inviting Netizens to vent their frustration about unsolicited, commercial e-mail -- a.k.a. spam -- by participating in a survey whose results will be sent to Congress, America Online and the national media. But in an ironic twist, the group is soliciting votes by sending ... unsolicited, commercial e-mail. " Security ReportsOpenLinux 2.2 has a problem with its coas package, as noted in this Caldera advisory. As a result, /etc/shadow may become world-readable. Upgrading to coas-1.0-8 is recommended. In the meantime, check the permission of your /etc/shadow file and set it to 600.All versions of OpenLinux need an updated bash package, according to this Caldera advisory. Privacy issues with ffingerd were reported on Bugtraq. You may want to check them out if you use this program. EventsThe Final Call-For-Papers for the CQRE [Secure] Congress & Exhibition is out. CQRE will be held November 30th through December 2nd, in Dusseldorf, Germany.Section Editor: Liz Coolbaugh |
April 29, 1999 |
Copyright © 1999
Eklektix, Inc., all rights reserved
Next: Kernel