[LWN Logo]
[LWN.net]

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page
All in one big page

See also: last week's Security page.

Security


News

Domain Name Piracy? A Senate bill has been introduced to address problems with domain name abuse, reports this CNN article. The primary focus seems to be on the registration of sites with the specific intent to capitalize on someone else's trademark or reputation, such as "attphonecards.net". However, the article mentioned the more general abuse of registering domains specifically for the purpose of reselling them as well.
"The legislation was sponsored by a bipartisan group that included Judiciary Chairman Orrin Hatch, Republican of Utah, who strongly criticized the practice of registering names in hopes of selling them.
It is hard to see how such speculation can be stopped by legislation though. This bill apparently seeks to provide some exemption from liability for domain registries if they refuse to register a domain due to concerns about trademark infringement and to open the door to allow trademark owners to recover damages. Perhaps that will discourage some abusers, but it seems likely that speculation in namespaces will continue, mostly unabated. [From Computer Security News Daily]

Covering privacy-related legislation, but not specific to security issues, CNN also put together an overall report on Internet-related legislation, which is worth a look.

From Britain comes more concerns about the proposed Electronic Communications Bill. Apparently not only could failure to reveal your encryption keys result in a jail sentence, but complaining about it in public could as well. "Even discussing an investigation in public, such as complaining about alleged abuses of law enforcement to the media, may also be punishable by imprisonment, said Bowden.

Security Reports

CERT has issued an advisory regarding a security problem on Cobalt RaQ servers. If you are running one of these (Linux-based) systems, you probably want to pick up and install the update.

Netscape Enterprise Server's JHTML was the topic of this Bugtraq posting, examining possible problems with the built-in search engine, operational by default.

Updates

Red Hat has announced an update for Squidwhich fixes the problem with the cachemgr.cgi script, mentioned in last week's Security Summary.

Debian has announced updated Samba packages, following recent mentions of Samba security problems.

Red Hat also updated their Samba announcement, mentioned last week. The new version includes notes about the post-uninstall script. Special install procedures for the updates are recommended.

Resources

Mason, the interactive firewall builder is preparing for the release of a new version. Testers are needed, particularly people working on distributions other than Red Hat 5.2/6.0 and architectures other than i386.

IP defragmentation, TCP stream assembly and TCP port scan detection are provided functions of the Libnids shared library. Source, sample applications and documentation are available for download.

AntiSniff Beta 2 has been announced. [From Security Focus]

SARA, the Security Auditor's Research Assistant has announced version 2.0.6. It is based on SAINT and licensed under the GPL. Simultaneously, TARA, the Tiger Analytical Research Assistant version 2.2.6 was also announced. TARA is an upgrade to TAMU's 'tiger' program and scans a system for vulnerabilities. It has been tested on Red Hat 5.2, as well as other systems.

Events

Wietse and Dan's Free Forensics class filled up within hours of its original announcement. This note from Wietse promises, though, that handouts from the class will be made available on the Web and beta versions of their tools will be made available both to attendees and to people who were unable to get into the class. More information on the class is available at http://www.porcupine.org/class1999/.

Section Editor: Liz Coolbaugh


August 5, 1999


Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Debian Alerts
Red Hat Errata
SuSE Announcements

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSEC
Security Focus
SecurityPortal

 

Next: Kernel

 
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds