BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement



Topic: Security

O'Reilly Network articles about this topic:

Confessions of a Recovering NetBSD Zealot (BSD DevCenter)
Charles M. Hannum is one of the founders of the NetBSD project. He recently posted to the NetBSD list that the project has "stagnated to the point of irrelevance" and gave suggestions for improvement. As you might expect, this provoked strong reactions. Federico Biancuzzi recently interviewed Hannum about the past, present, and potential future of NetBSD.

OpenBSD 3.9: Blob-Busters Interviewed (BSD DevCenter)
Every six months, the OpenBSD team releases a new version of their OS. OpenBSD 3.9 is here. Federico Biancuzzi recently interviewed the core developers about new features and improvements, as well as their principled stand against shipping binary-only blobs in place of actual drivers.

Inside NetBSD's CGD (BSD DevCenter)
Security-minded laptop users live in fear of theft, not only of their computer but also of their precious secret data. NetBSD's CGD project is a cryptographic virtual disk that can protect sensitive data while acting like a normal filesystem. Federico Biancuzzi recently interviewed its author, Roland Dowdeswell, on the goals and implementation of the system.

Building Detailed Network Reports with Netflow (BSD DevCenter)
You can trace every packet on your network from source to destination, if you really want to. Having all of this information is useless unless you can actually find what you need to know. Netflow not only helps record traffic information but also can help you report on just the types of packets you want. Michael W. Lucas demonstrates.

OpenBSD 3.8: Hackers of the Lost RAID (BSD DevCenter)
Every six months, the OpenBSD team releases a new version of their OS. It's time for OpenBSD 3.8. Federico Biancuzzi recently interviewed the core developers about new features and improvements, as well as ongoing struggles to find support from hardware vendors. Here's what to expect when you upgrade.

Using FreeBSD's ACLs (BSD DevCenter)
The standard Unix permissions scheme works fine if you have simple needs, but juggling groups and users can grow unwieldy very quickly. FreeBSD's Access Control Lists give you more control over who can access files and directories. Dru Lavigne explains how to enable, understand, and use them appropriately.

Building an OpenBSD Live CD (BSD DevCenter)
Linux isn't the only operating system that boots and runs off a CD. OpenBSD does as well. Kevin Lo uses his for didactic purposes, but this is a good example for taking your desktop or firewall along with you. Here's how to build and customize an OpenBSD installation on a CD.

OpenBSD 3.7: The Wizard of OS (SysAdmin DevCenter)
Has it been six months already? OpenBSD 3.7 is ready to go as you read this. Federico Biancuzzi discusses the release with several core developers, touching on subjects such as Wi-Fi support, improved package tools, and the shipped versions of popular projects including Apache httpd, X.org, and gcc.

Setting up a Secure Subversion Server (SysAdmin DevCenter)
You've finally persuaded your users to stop emailing documents back and forth when they need to collaborate, but you've had to recover three overridden versions on the shared network drive this week. Dru Lavigne has an answer; this month's FreeBSD Basics column demonstrates how to allow users to collaborate on documents with safe and secure version control provided by Subversion.

OpenBSD 3.6 Live (SysAdmin DevCenter)
Right on schedule, the OpenBSD team plans to release version 3.6 on November 1. Federico Biancuzzi recently interviewed several members of the core team about new features and changes in the code and the project.

Preventing Denial of Service Attacks (SysAdmin DevCenter)
If you have servers on the public Internet, you're likely vulnerable to external Denial of Service (DoS) attacks. (You may be vulnerable to accidental internal attacks, too.) Fortunately, you can limit their likelihood and severity. Avleen Vig discusses strategies for diagnosing and defending against DoS attacks.

Distributed Cfengine (SysAdmin DevCenter)
Automation is the most important skill an administrator can develop. Cfengine is great at automation and even supports distributed automation. Luke A. Kanies demonstrates how to distribute Cfengine rules to multiple machines.

OpenBSD PF Developer Interview, Part 2 (SysAdmin DevCenter)
With the release of OpenBSD 3.5, users and administrators gear up for new features. Federico Biancuzzi interviewed six leading OpenBSD developers responsible for PF, the powerful packet filter, on new features and goals. This is the second half of the interview.

Introducing Cfengine (SysAdmin DevCenter)
Automation is the most important skill an administrator can develop. Learning tools that make automation easier usually pay off greatly. Luke A. Kanies claims that Cfengine may be the most important tool in your toolbox and introduces its use and design.

OpenBSD PF Developer Interview (SysAdmin DevCenter)
On the eve of OpenBSD's 3.5 release, users and administrators gear up for new features. Federico Biancuzzi interviewed six leading OpenBSD developers responsible for PF, the powerful packet filter, on new features and goals.

Hiding Secrets with Steganography (BSD DevCenter)
Bad guys in the movies all keep their wall safes hidden behind paintings. Is there a metaphor in there for your sensitive files? Dru Lavigne explores steganography, or hiding secret messages in images or sounds, with the outguess and steghide utilities.

FreeBSD Jails (BSD DevCenter)
A common security breach involves exploiting one application to gain access to another. Keeping separate applications separate can limit the potential damage. Mike DeGraw-Bertsch explains how FreeBSD's jails can help secure necessary applications.

FreeBSD Access Control Lists (BSD DevCenter)
The Unix permissions model has worked for decades due to its flexible simplicity. It's not the only approach, though. FreeBSD 5.0 supports Access Control Lists, which allow for more flexible permissions. Daniel Harris explains what ACLs can make easier.

Changes in pf: Packet Filtering (BSD DevCenter)
OpenBSD's packet filter has really grown up. Since its introduction in OpenBSD 3.0, it's become an advanced tool for networking and security. In the third of four articles, Jacek Artymiak explores new options for packet filtering with pf in OpenBSD 3.2, after NAT and redirection have taken place.

DHCP on a Multi-Segment Network (BSD DevCenter)
Dru Lavigne previously covered DHCP and its terminology and setting up a simple DHCP server. On a larger network, subnets and relaying make things a little trickier. This week she explains how to configure DHCP for a large network.

Changes in pf: More on NAT (BSD DevCenter)
OpenBSD's packet filter has really grown up. Since its introduction in OpenBSD 3.0, it has become an advanced tool for networking and security. In the second of four articles, Jacek Artymiak presents a sample NAT and DMZ ruleset that is easily customized.

Configuring a DHCP Server (BSD DevCenter)
In her previous article, Dru Lavigne introduced DHCP and its terminology. This week, she explains how to configure a DHCP for a small and reasonably simple network.

Introducing DHCP (BSD DevCenter)
On all but the smallest TCP/IP network, it's handy to configure network information for computers automatically. That's what DHCP does. It's easy to act as a DHCP client, but configuring a server is a little trickier. Dru Lavigne introduces DHCP and explains what you need to know to setup a simple DHCP server.

File Integrity and Anti-DDoS Utilities (BSD DevCenter)
tripwire's not the only file integrity utility. Dru Lavigne explores aide and yafic, tools for making sure your system is clean of intrusion, and introduces utilities to detect DDoS programs.

Checking System Integrity with tripwire (BSD DevCenter)
In a secure system, everything has its place. If something's out of place, you'll know it. Dru Lavigne explains how tripwire, the file integrity utility, can monitor your system for anomalies.

Hackers Meet Soldiers (BSD DevCenter)
OpenBSD has a well-deserved reputation for fanatical security. Why is the U.S. military funding it? What do you get out of it? Cameron Laird and George Peter Staplin investigate.

Avoiding Trojans and Rootkits (BSD DevCenter)
It's a sad reality that connecting to the Internet puts your computer at risk. Of course, there are several ways to mitigate that risk. Dru Lavigne explains a few good habits to reduce the danger and introduces tripwire, an open source file integrity utility.

NAT with pf (BSD DevCenter)
OpenBSD's packet filter has really grown up. Since its introduction in OpenBSD 3.0, it has become an advanced tool for networking and security. In the first of four articles, Jacek Artymiak examines recent updates to pf. This week, he looks at Network Address Translation.

Creating Systrace Policies (BSD DevCenter)
The systrace project is spreading from Open and NetBSD to other free Unixes. Having introduced systrace in a previous column, Michael Lucas demonstrates how to write a systrace policy from scratch -- or use an existing one.

PAM (BSD DevCenter)
Last time, Dru Lavigne introduced one time passwords. Rather than an all-or-nothing approach, most free Unixes support several different authentication methods. This time, Dru explores PAM (Pluggable Authentication Modules), which allow you to govern how users log on and authenticate themselves.

chrooted ntpd in NetBSD (BSD DevCenter)
Recently, support was added to the NetBSD Operating System to run the Network Time Protocol Daemon (ntpd) under an unprivileged user ID in a chroot jail. In the second of two articles, Emmanuel Dreyfus explains the changes required to allow ntpd to do its magic while chrooted.

One-Time Passwords (BSD DevCenter)
You've replaced telnet with ssh. You've instituted password-checking utilities, and you rotate passwords monthly. Still feeling paranoid? Dru Lavigne's got the answer -- one time passwords. This alternate authentication method for FreeBSD means your security won't be jeopardized even if someone sniffs your password.

Securing Systems with chroot (BSD DevCenter)
Recently, support was added to the NetBSD Operating System to run the Network Time Protocol Daemon (ntpd) under an unprivileged user ID in a chroot jail. In the first of two articles, Emmanuel Dreyfus explains buffer overflows -- a typical Unix security flaw, then explains a chroot jail and the motivation for running a program in it.

Systrace Policies (BSD DevCenter)
NetBSD and OpenBSD have an interesting new system policy manager called systrace. With the proper policies, system administrators can control which system calls can be made and how. Michael Lucas explains how this works and how to understand -- and write -- a good policy file.

Patching OpenBSD (BSD DevCenter)
The nice thing about software is that you can patch it to fix problems. The tricky thing about software is that you have to patch it to fix problems. Your systems are only as secure as your patching strategy allows. Jacek Artymiak explains how to apply patches to your OpenBSD machines.

Cryptosystems: Debugging IPSec (BSD DevCenter)
You've learned about cryptosystems. You understand VPNs. You've installed IPSec. You'd like it to work. Take heart, Dru Lavigne's final installment of "Cryptosystems" explains how to debug IPSec.

Cryptosystems: Configuring IPSec (BSD DevCenter)
VPNs make it possible to have secure networks on top of the insecure public Internet. Having explained the concepts, Dru Lavigne's newest Cryptosystems article demonstrates how to configure IPSec.

Downloading Files from Behind the Firewall (BSD DevCenter)
Securing your network often means saying "no" to some user requests and "try this instead" to others. Instead of punching holes in your firewall, can you educate your users to use better tools? Jacek Artymiak describes effective downloading utilities, and strategies to promote them.

VPNs and IPSec Demystified (BSD DevCenter)
How do you allow remote users to access resources on your network securely over an insecure connection? With a VPN. Never fear, Dru Lavigne's latest Cryptosystems column explains the concepts and terminology behind the technology.

Cryptosystems: Configuring SSH (BSD DevCenter)
Cryptosystems are handy, but they're not for everyone right out of the box. In her second article on SSH, Dru Lavigne explores some of the more common configuration options for clients and servers.

TRUSTSECURE 2002 Report (BSD DevCenter)
TRUSTSECURE 2002, the Polish IT security conference, brought together some of the brightest minds in security today. Jacek Artymiak was there. In the latest installment of his Securing Small Networks with OpenBSD column, he summarizes the highlights and puts on his prediction hat.

The SSH Cryptosystem (BSD DevCenter)
OpenSSH encrypts sessions between two machines, making packet sniffing much more difficult. In the second of a series on Cryptosystems, Dru Lavigne explores the default configuration of OpenSSH on FreeBSD and demonstrates how to enable key pair encryption.

Cryptographic Terminology 101 (BSD DevCenter)
No matter how good your internal security, your data isn't safe if it's sent externally as plain text. To protect your sensitive information from prying eyes, you need cryptography. Dru Lavigne's latest column gives a crash course on this field's vital terminology.

Slapper Worm (Linux DevCenter)
Noel Davis looks at the Linux Slapper worm; a large set of vulnerabilities in NetBSD; and problems in libX11.so, OS X's nidump, DB4Web, joe, BRU Workstation, xbreaky, and Tru64/OSF1 version 3.x.

Securing Remote PF Firewall Logs (BSD DevCenter)
Jacek Artymiak shows us how to improve the security of remotely logged firewall logs and how to calculate how much storage space we need to keep a reasonable amount of logs for convenient analysis.

Securing FreeBSD (BSD DevCenter)
Dru Lavigne shows us several ways that we can increase the security level on a FreeBSD box.

Archiving PF Firewall Logs (BSD DevCenter)
Jacek Artymiak tackles automating the transfer of logs from the firewall to one of the workstations connected to the internal private network segment.

Securing Small Networks with OpenBSD, Part 5 (BSD DevCenter)
On a busy network, your firewall logs could quickly fill up your hard drive or be deleted by log file rotations. Jacek Artymiak shows how not to let this happen.

Securing Small Networks with OpenBSD, Part 4 (BSD DevCenter)
Jacek Artymiak covers pf log file analysis.

Securing Small Networks With OpenBSD, Part 3 (BSD DevCenter)
In the third installment of our series on OpenBSD networking, Jacek Artymiak examines pf rules and potential sendmail problems.

Securing Small Networks With OpenBSD, Part 2 (BSD DevCenter)
OpenBSD switched from using IPFilter as its default firewall to PF, or Packet Filter, as the new default. Jacek Artymiak explains how to make a smooth transition from ipf to pf.

IPSec Certificate Basics (BSD DevCenter)
Learn all of the basics necessary to use X.509 certificates for authentication in IPSec on a FreeBSD box.

Securing Small Networks with OpenBSD, Part 1 (BSD DevCenter)
Small networks are often more vulnerable than large ones because they lack the money to implement good security. Artymiak Jacek explains how to secure a small network on a tight budget.

IPsec Tunneling Between FreeBSD Hosts (BSD DevCenter)
IPSec encrypts data at the IP packet level, so insecure applications can be encrypted while travelling over the Internet. Mike DeGraw-Bertsch shows us how to set it up.

Firing up Firewalls (ONLamp.com)
A firewall is an important weapon in your defense against hackers. Chris Coleman helps you get started with all the tools needed to install a firewall.

PAM Modules (Linux DevCenter)
While most Pluggable Authentication Modules are designed for authentication, programmers have written ones to handle a host of other issues. Jennifer Vesperman introduces to some of the more useful modules available.

Introduction to PAM (Linux DevCenter)
Pluggable Authentication Modules provide a solution to the difficulties of user authentication. Jennifer Vesperman introduces PAM and helps you get started.

More Telnet Daemon Vulnerabilities (Linux DevCenter)
Noel Davis shows us buffer overflows in Linux telnet daemons, IBM AIX telnet daemons, the Kerberos 5 telnet daemon, Window Maker, and Solaris' xlock; temporary-file race conditions in AllCommerce and rcs2log; and vulnerabilities in ZyXEL Prestige 642R and 642R-I ADSL routers, groff, OpenLDAP, fetchmail, UnixWare Package Tools, docview, and ColdFusion Server 5.

Security Alerts: Linux IP Masquerading (Linux DevCenter)
Noel Davis shows us buffer overflows in xloadimage, ucd-snmp, Oracle dbsnmp, and xmcd's cda; and vulnerabilities in phpMyAdmin, wvdial, Slackware's man, Linux IP masquerading, and Slackware's locate.

IPFilter on OpenBSD (ONLamp.com)
IPFilter is a firewall widely used by BSD and Solaris. Mike DeGraw-Bertsch explains how to set it up on OpenBSD and explains a basic ruleset.

Linux Kernel Bug (Linux DevCenter)
Noel Davis shows us a bug in Linux Kernels newer than 2.4.3; a buffer overflow in Solaris' dtmail; vulnerabilities in CylantSecure, PHPLib, top, Apache, tar, Firewall-1, Arkeia backup software, and IRIX's netprint; and talks about the configuration of Cayman DSL routers.

Security Alerts: Remote Root Exploit in Telnet Daemon (Linux DevCenter)
Noel Davis shows us a root exploit in BSD derived telnet daemons; buffer overflows in xman, the Merrit and Lucent RADIUS servers, ypbind, the AIX libi18n Library, and tcpdump; temporary-file race conditions in lmail and tripwire; and vulnerabilities in SSH Secure Shell 3.0.0, Lotus Domino Server, IMP, SSLeay/OpenSSL, and squid.

Security Alerts: sudo root exploit (Linux DevCenter)
Noel Davis shows us buffer overflows in sudo, SuSE's dip, Scotty's ntping, and UnixWare's statd; a flaw in FreeBSD's rfork(); two vulnerabilities in Check Point's VPN-1/FireWall-1 firewall products; a new version of the rpm package manager; two vulnerabilities in Macromedia's ColdFusion Server; a minor Apache bug; a brute-force attack against SuSE's AXP Alpha xdm utility; and more on the cfingerd remote vulnerability.

Professional Paranoia: Secrets of Security Experts (ONLamp.com)
Michael Lucas tackles the question "How do I become a security professional?" and gives practical advice on how to be more security-conscious.

Security Alerts: PHP Weaknesses? (Linux DevCenter)
Noel Davis shows us a correction to the report on the AIX rsh buffer overflow; buffer overflows in Solaris' whodo, and UnixWare's su, uucp, and crontab packages, and xvt; temporary file symbolic link race condition vulnerabilities in Red Hat's LPRng, and Red Hat's crontab; problems in Poprelayd, PHP Safe mode, ePerl, 802.11b Access Points, Gnatsweb, SquirrelMail, and phpMyAdmin; and a paper on common PHP vulnerabilities.

Monitoring IPFW Logs (BSD DevCenter)
Dru Lavigne shows us how to monitor ipfw logs and more importantly how to deal with what we find.

SAMBA Remote Root Exploit (Linux DevCenter)
Noel Davis shows us buffer overflows in the GazTek HTTP Daemon, Solaris Printer Daemon, and w3m; a problem in default SAMBA installations that can be used to gain root access; and problems in Cisco 6400 NRP2, udirectory, Tarantella, Oracle 8i SQLNet, Formmail.pl, OS X directory permissions, and kdesu.

AIX Remote Root Exploit (Linux DevCenter)
Noel Davis shows us buffer overflows in AIX's rsh, the curses library, Red Hat Linux's XFree86 packages, xinetd, MDBMS, BestCrypt, and cfingerd; format-string vulnerabilities in Kaspersky AntiVirus, eXtremail, and the Solaris at command; a symbolic-link race condition in KTVision; and problems in pmpost, AIX's diagrpt, and iptables.

IPFW Logging (BSD DevCenter)
Firewalls can potentially block huge amounts of traffic. Dru Lavigne shows us how to fine-tune our firewall logs to reveal the traffic that concerns us most.

Remote Root Exploit in QPopper (Linux DevCenter)
Noel Davis shows us buffer overflows in the Solaris mail utility, Qpopper, and TIAtunnel; temporary-file race conditions in Imp, kmmodreg, and ispell; format-string vulnerabilities in GnuPG and exim; denial-of-service attacks against NetBSD and Fpf; and problems in OpenSSH, the Cisco Content Service Switch, and BestCrypt.

Proper Paranoia: Educating Your Co-Workers (ONLamp.com)
Michael Lucas runs a new security trainee through the gauntlet of patching live servers. He also shows how to instill a healthy attitude toward network security in those you work with by teaching them to be properly paranoid.

Apache.org Server Compromised (Linux DevCenter)
Noel Davis shows us the compromise of the Apache Software Foundation Server; buffer overflows in yppasswd, Qpopper, and mailtool; vulnerabilities in TWIG, webmin, and GnuPG; a new type of attack against sendmail; and discuss the use of the user nobody.

BSD Firewalls: Fine-Tuning Rulesets (BSD DevCenter)
Dru Lavigne helps us fine-tune our firewall rules. She uses DHCP as an example, steps through its requirements and shows how to implement the appropriate firewall rules.

Cheese Worm Plugs Hole Left by Lion Worm (Linux DevCenter)
Noel Davis shows us buffer overflows in man, DQS, Netscape Enterprise Web Publisher, and IRIX Embedded Support Partner; a temporary-file race condition in the ARCservIT Unix Client; problems in Zope, Cisco Content Service Switch, CUPS, i386 syscalls in Solaris x86, and the Logitech Wireless Desktop; and talks about Cheese the "friendly" worm.

Solaris Worm Attacks IIS Servers (Linux DevCenter)
Noel Davis shows us problems in vixie cron, Oracle ADI, EnGarde Secure Linux, and Samba 2.0.8; discuss the sadmind/IIS worm; and how to protect your system against worms and other attackers.

BSD Firewalls: IPFW Rulesets (BSD DevCenter)
Dru Lavigne explains how to create IPFW firewall rules.

Predictable Initial Sequence Numbers (Linux DevCenter)
Noel Davis shows us predictable initial sequence number attacks; a format string vulnerability in minicom; a buffer overflow in mailx; a new version of GnuPG; and problems in SAP R/3 demo, Bugzilla, and Red Hat Linux 7.1's mount package

Looking at the lpdw0rm Worm (Linux DevCenter)
Noel Davis shows us the lpdw0rm worm; an updated version of OpenSSL; buffer overflows in MIT Kerberos 5's FTP Daemon, and Mercury for NetWare's POP3 Daemon; a string format vulnerability in gftp; a symbolic link race condition in nedit's backup files; a temporary file race condition in rpmdrake; and problems in phpMyAdmin, Debian's zope packages, and the Tektronix PhaserLink 850's Web Server.

BSD Firewalls: IPFW (BSD DevCenter)
Building a firewall? Dru Lavigne gets you started with an IPFW firewall on FreeBSD.

BSD Firewalls: IPFW (BSD DevCenter)
Building a firewall? Dru Lavigne gets you started with an IPFW firewall on FreeBSD.

Sudo Contains Root Exploit (Linux DevCenter)
Noel Davis shows us buffer overflows in sudo, innfeed, and Cyberscheduler; symbolic link race conditions in Samba, VMware, exuberant-ctags, and nedit; and problems in Red Hat FTP iptables, mgetty, DCForum, Cyberscheduler, and sendfiled.

Scanning Your Network (BSD DevCenter)
Dru Lavigne shows us how to use nmap, a port scanning utility, to secure Unix servers and workstations.

FTP Buffer Overflows (Linux DevCenter)
Noel Davis shows us buffer overflows in FTP daemons, Oracle Application Server, Solaris ipcs, Solaris Xsun, and SCO OpenServers; temporary-file race conditions in pine and pico; format string bugs in HylaFAX and cfingerd; a bug that causes Netscape to execute JavaScript placed in a GIF comment; and problems in Midnight Commander, mkpasswd, Alcatel ADSL-Ethernet Bridges, and Interscan VirusWall.

A New Worm Targets Linux (Linux DevCenter)
Noel Davis shows us the Linux based Adore Worm; buffer overflows in xntpd and ntpd; and vulnerabilities in SharePlex, Ultimate Bulletin Board, Lucent/ORiNOCO Closed Network, Red Hat's OpenSSH, Cisco Content Services Switches, and IPFilter.

Lion Worm Continues Rampage (Linux DevCenter)
Noel Davis shows us the Lion worm; a race condition in the Linux kernel; buffer overflows in several SCO Unix utilities; a new version of MySQL that fixes a major security problem; vulnerabilities in some Cisco routers, switches, and concentrators; and problems with Raptor Firewall, CrazyWWWBoard, Solaris tip, and Pitbull LX.

Securing a PHP Installation (PHP DevCenter)
Darrell Brogdon shows us a few basic things that should be done to secure a PHP installation.

MySQL File Overwrite Vulnerability (Linux DevCenter)
Noel Davis shows us a buffer overflow in ASPSeek; a denial of service attack against timed; a new version of OpenSSH with many improvements; an attack against the private keys used by GnuPG; a race condition in the UFS and EXT2FS file systems; and problems with MySQL, VIM, FCheck, Solaris perfmon, Interchange, and Compaq's management software.

Apache Insecurity Reveals Directory Contents (Linux DevCenter)
Noel Davis discusses buffer overflows and format string vulnerabilities in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, imapd, mutt, and cfengine; temporary-file problems in the SGML-Tools package and Mesa; and problems with Apache, several FTP daemons, a Solaris SNMP agent, vBulletin, FTPFS, and Ikonboard.

Multi-Homed Server Vulnerabilities (Linux DevCenter)
This week: Buffer overflows in ircd, ePerl, MIT Kerberos 4 and 5, ascdc, and slrn; temporary file problems in MIT Kerberos 4 and 5, the GNU C Library, and Athena widgets; problems with proftpd under Debian, Midnight Commander, Cisco Aironet 340 Bridges, and man2html; and loopback devices and multi-homed routing.

Is Your Router Insecure? (Linux DevCenter)
Noel Davis shows us a problem in Cisco IOS that can be used to predict TCP sequence numbers in routers; problems in PHP-Nuke, Chili!Soft ASP, Nortel Networks Connectivity Extranet Switches, Joe, Veritas Cluster Server, and fcron; and a buffer overflow in mailx.

Java JDE Allows Unauthorized Commands (Linux DevCenter)
Noel Davis shows us a problem in Java that allows Java code to execute unauthorized commands; buffer overflows in CUPS and sudo; temporary file problems with StarOffice, MicroFocus COBOL, and CUPS; and vulnerabilities in pgp4pine, the Solaris LDAP PAM module, adcycle, and Zope.

MySQL Buffer Overflow; Secure PHP Coding (Linux DevCenter)
Noel Davis shows us buffer overflows in MySQL, analog, vixie cron, and Kerberos IV; problems with kicq, licq, and kaim; root exploits in NetBSD i386 kernels; and insecure coding with PHP and MySQL.

Securing BSD Daemons (BSD DevCenter)
Dru Lavigne shows us how to secure daemon processes by turning off the ones we don't use and using TCP wrappers to limit access.

Buffer-Overflow Problems in BIND (Linux DevCenter)
Buffer-overflow bugs are discovered in BIND, gnuserv, tinyProxy, and INN; developers report issues with ntop and LPRng.

Cracking Passwords to Enhance Security (BSD DevCenter)
Dru Lavigne shows us how to crack passwords and explains how it can help enhance system security.

Establishing Good Password Policies (BSD DevCenter)
Everyone knows secure passwords are important, but what makes a password secure? Dru Lavigne gives us some tips on creating secure passwords, and shows how to implement a password policy that requires users to create passwords securely.

PalmOS, Half-Life Server, and Ethereal Vulnerabilities (Linux DevCenter)
Problems this week include more symlink problems with catman and dialog, buffer overflows in oops, halflifeserver, and ethereal, key problems with gnupg, problems with PalmOS devices, and a prime example of amazing vulnerabilities in third-party software packages.

Security Alerts: SAMBA, pine, ircd, and More (Linux DevCenter)
Noel Davis summarizes recent open source and Unix security-related advisories. Problems this week include symlink problems with joe, pico, and samba, a buffer overflow in bftpd, and problems with pine.

Security Alerts: KTH Kerberos, Red Hat PAM, and More (Linux DevCenter)
Noel Davis summarizes open source and Unix exploits. Problems this week include local and remote root exploits in KTH Kerberos, buffer overflows in Red Hat's PAM, a discussion of security problems with web-based applications, and an example of one of these security problems in phpGroupWare.

Security Alerts: Twig, Midnight Commander, and More (Linux DevCenter)
Noel Davis summarizes published open source and Unix exploits. Problems this week include arbitrary code execution in Twig, new symlink attacks, a hidden control code attack on Midnight Commander, and a LANGUAGE attack on glibc.

Wiki Python (Python DevCenter)
MoinMoin and ZWiki, two Python-related projects, provide collaborative environments for Web communities.

Security Alerts: Koules Local Root Exploit And More. (Linux DevCenter)
This week's exploits include a local root compromise in Koules 1.4, a buffer overflow in modutilities, and various problems with Alladin Ghostscript.

Security Alerts: Vixie cron Exploit and More (Linux DevCenter)
This week's column includes exploits reported for Vixie cron, OpenSSH, tcsh, and more.

Security Alerts: OpenBSD Non-exploit and More (Linux DevCenter)
Noel Davis reviews the published exploits from Unix and open source. This week's Insecurities column includes a satirical non-exploit against OpenBSD

An Overview of OpenBSD Security (BSD DevCenter)
David Jorm explains the default security features implemented by OpenBSD and why they are important to Internet enabled computers.


Other documents about this topic:

Below are other references available on the web for this topic. Since other sites may change their links, please if you find any that may need to be updated.

Building an ATM Firewall
[Source: Daemon News]



Sponsored by: