Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page All in one big page See also: last week's Security page. |
SecurityNewsThis year marked the first time that the annual DefCon hacker convention became a mainstream media focus instead of an obscure event ignored in more "professional" circles.. The number of articles produced in reaction to the conference were prodigious. Clearly the congressional testimony of several well-known hackers earlier this year changed the tone of the media, always in search of a story people will actually read. Here are a few of the articles:
U.S. Attorney General Janet Reno testified against efforts to remove encryption export controls. Some comments and the full text of her testimony are available. Her concerns echo the standard concerns put forward by law enforcement professionals, but fail to understand that export controls are not actually limiting access to encryption. "The widespread use of encryption, however, will effectively eliminate these exceptions and prevent law enforcement, even with an order obtained from a court under procedures established by Congress, from obtaining information which may be critical to protecting public safety." Last week, we mentioned new legislation in Britain intended to give police and intelligence agencies more power, but implied that the legislation had already passed. Bruce Stephens pointed out that this is incorrect; the legislation has been proposed, but not passed. In fact, it is unlikely to pass in the current session. Here is a followup article which talks about why the Opposition Party is currently blocking the legislation. "Alan Duncan, Conservative Party IT spokesman, said on Thursday night his party would not agree to the legislation in its current form. It's "too long and too heavy for its purpose," he said, with 30 pages of complex text where there should be three." SecurityPortal has a nice overview article on internation encryption policies. "Most crypto friendly region in the world? Latin America". Security ReportsNetscape 4.6-0 does not correctly enforce "originating server" cookies when Javascript enabled, according to this note, posted to Bugtraq. This can cause a privacy violation when a user has chosen the setting "Only accept cookies originating from the same server as the page being viewed". In this case, third party ads not originating from the original HTML page should be automatically rejected, but instead are silently accepted. This can allow a third party to track your web movements through completely unrelated web sites. Netscape has not yet responded to this report.This report generated a couple of other postings, including this mention of a bug Netscape acknowledged, claimed was fixed in 4.51, but actually chose not to fix because of repercussions for Yahoo Mail. A patch to fix a problem with "Custom" memory configurations and the 2.0.37 kernel has been made available by Solar Designer. UpdatesNo security reports have been released by Caldera, Debian, Red Hat, Slackware or SuSE in the past week.EventsSANE 2000, the 2nd International SANE (System Administration and Networking) conference, has been announced. It will be held May 22nd through the 25th in Maastricht, The Netherlands.ToorCon, "San Diego, California's ONLY Comprehensive Computer Security Conference", has been announced. It will take place September 3rd-4th, 1999, in La Jolla, CA. Section Editor: Liz Coolbaugh |
July 15, 1999
|