Slashdot Mirror

← Back to Stories (view on slashdot.org)

SecurityFocus Linux Focus Area

Posted by CmdrTaco on from the stuff-to-read dept.

WebJunky writes: "SecurityFocus.com has opened a Linux security focus area. It has an opening letter from Bruce Perens and some interesting articles, especially one on installing IPsec under Linux. It also has some tutorials on installing Apache and BIND securely. " Cool stuff, course most of us just stick to bugtraq anyway ;)

63 comments

  1. easy instal for Linux by roman_mir · · Score: 2

    Why not? Let's have interactive video tutorials about setting up things (Macromedia comes to mind, do they support Linux?). Have documents to teach administrators or newbies etc.

    Hmmm but who will instal the installer?

    --
    You can't handle the truth.
  2. Bugs are only part 1 by toofast · · Score: 5

    I think this article will be a good eye-opener for many who seem to think that securing a system means checking the bug lists and applying the appropriate patches, or by throwing in a buzz-word Firewall. Although that is an excellent start, You can see the big difference with NT and OpenBSD.

    NT has a decent security model. But Microsoft's goals with NT is functionality, not security. So with file permission defaults such as Everyone: FULL CONTROL and Exchange KM Server Admin passwords being "Password", it's not hard to see that M$ wants Admins to have an easy job. Everything works, but it ain't secure. Although one can configure NT to be secure, it will take many hours of work and tests.

    On the other side of the spectrum, consider OpenBSD. Paranoid? Obviously. Everything's off, users have no access to anything, users can't su unless they're allowed. Here, security is well taken care of, but the admin's big job here is opening up the system so users can get some functionality.

    Then put Linux in the middle. A relatively secure OS, with (as most distros) almost all daemons running without even asking for them. Shut off sendmail, wu-ftpd, httpd, etc, and boom, magnitudes more security.

    Then consider the admin who uses the root account straight through telnet. One co-worker I knew does this on a regular basis, then brags that he's never been cracked!!! Patching bugs is the easy part...

    1. Re:Bugs are only part 1 by IntlHarvester · · Score: 3

      Actually, the default security on NT 4.0 is loose because they need to account for braindead Windows 95 programs that think they can write all over the filesystem and the registry.

      Win2000 supposedly fixes this by being tight enough to refuse to run poorly written Win95 programs when running as a member of the "Users" group. Unfortunately, certain popular programs (errh, Office 97) won't run for "Users".

      Even today, software is being developed that is not compatible with NT's multi-user security model (ERRRHHMM, Mozilla -- go vote for bug 6464), even when a Unix port is designed correctly.

      So, it looks like that NT Admins will need to go on granting local "Power User" or "Administrator" authority to their users, negating any security advantages of NT's design.
      --

      --
      Business. Numbers. Money. People. Computer World.
  3. Meaningless (to most) by mplex · · Score: 2


    This is only the default setup. Just because by default windows is setup unsecure, it doesnt mean it is an unsecure os. The same applies to openbsd, if the admin knows what they are doing, then they will be able to choose the level of security needed. If they really don't know what to do, then thats their own fault. All of your fixes could be done in about 2 minutes by someone who has a clue as to what is going on.

    1. Re:Meaningless (to most) by Zurk · · Score: 1

      Are you really saying windows is a secure OS ? Do you know what a friggin pain it is to install windows NT with a read only program file directory or a read only winnt directory ? I took *two weeks* to tune an NT system enough so that applications could load from read only directories (why the hell does EVERY damn application want to write to its installed directory ??). Windows 95/98 dont even have the notion of security so forget about those pieces of utter shit. I've had to repatch *every* NT system multiple times over the course of a few months because m$hit releases such utter crap. Plus their security fixes take forever. if you think windoze is secure, get yourself a good shrink...or try adminning some windoze systems at least once over a period of time.

    2. Re:Meaningless (to most) by randombit · · Score: 2

      Just because by default windows is setup unsecure, it doesnt mean it is an unsecure os.

      First off, I'll assume you mean NT/2000 by Windows (vs 3.x/95/98/Millenium/CE/whatever), as otherwise you're just totally insane. But it seems to me that it's a lot harder to lock down an NT box than a similiar Linux box (I haven't used *BSD/Solaris/Other enough to comment on them). Yes, NT can be made secure (easy, drop all packets coming from all hosts (or only allow from certain hosts)) - and in fact I know people with machines set up like that. But setting up a sane security policy seems damned hard in NT. Admittadly I don't use it that often and haven't had much experience with it, but I found *nix permissions, tcpd, etc much more 'logical' than NT's setup, even back when I was just starting *nix administration. Part of the problem may be lack of good documentation - I think you can get docs for MS online but c'mon, where are the HOWTOs (or NT equivalent therof)?

      OTOH, a Linux distro like say Redhat is fairly easy to secure. Install any updates. Remove r* and telnet, install SSH. Set up Tripwire and a log analyzer and run them from cron. At this point you're probably OK.

    3. Re:Meaningless (to most) by platypus · · Score: 1

      Yes, NT can be made secure (easy, drop all packets coming from all hosts (or only allow from certain hosts)) - and in fact I know people with machines set up like that.
      Pardon my ignorance, but can you do that in NT, even portwise - or do you have to use a firewall.

    4. Re:Meaningless (to most) by Anonymous Coward · · Score: 2

      you just dont install a network adapter driver. its that simple.

    5. Re:Meaningless (to most) by randombit · · Score: 1

      Pardon my ignorance, but can you do that in NT, even portwise - or do you have to use a firewall.

      Well, I'm not exactly the kind of person you want to ask for NT security, but I'm pretty sure it's possible. Though maybe not in Workstation (never really looked)? Most of the serious NT users I know run Server - maybe it comes with some firewalling capability? I should hope so, anyway...

      And of course you can always unplug the network. Hey - then you have a C2 system. :P

    6. Re:Meaningless (to most) by X · · Score: 3

      NT does allow you to filter out incomming IP packets. Of course, the NT IP stack has been so insecure that a lot of software firewall makers replace it with their own stack.

      NT2000 could fix a lot of this though. I haven't used it.

      --
      sigs are a waste of space
    7. Re:Meaningless (to most) by flawed · · Score: 1

      I think it is possible, though I never used it.
      It is a bit hidden down in the network settings dialogs, however.

      I guess it works like this:
      (I don't have an english NT, so bear with my translation, please.)
      - network properties
      - TCP/IP properties
      - options on "IP address" pane
      - check "activate security"
      - list the allowed ports.

      I guess you can do it only interface-based,
      not source-address-based, though.

      HTH

    8. Re:Meaningless (to most) by nchip · · Score: 1

      Well why is it then that Windows is advertisized to be easy to set up working without tuning? Heck, most Windows Tech Support teams advice not to poke around with the settings of a factory installed windows system.

      --
      signatures pending - ansa@kos.to - (dont mail there)
  4. actually... I like it by b0sst0ne · · Score: 3

    Yeah, for hardcore geeks that have been messing with Linux for years, bugtraq is just fine. However, some people... including me... could benefit from a centralized location of all sorts of information related to security instead of relying on posts and threads that you could have missed months ago.

    I say, what's wrong with another useful tool :)

    1. Re:actually... I like it by Trepidity · · Score: 2

      Not to mention that bugtraq is hosted by SecurityFocus anyway =P

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    2. Re:actually... I like it by b0sst0ne · · Score: 1

      Heh... I was thinking that too... but I wasn't sure and didn't want to be flamed :)


    3. Re:actually... I like it by Anonymous Coward · · Score: 1

      I've found http://www.linuxsecurity.com pretty useful.

  5. A good thing by razvedchik · · Score: 1

    I've always like Perens's writings. I feel that he brings a voice of reason to a crazy, rapidly-churning linux community.

    As long as he keeps to the same line where security is concerned, this will be one of my favorite sites to check.

    Maybe it's because I'm a security nut and my view is slanted toward anybody who preaches security.

    I feel that as Linux usage grows, there will be more of a demand for "secondary" considerations. Instead of trying to convince people that Linux is the way to go, there will be a high demand for support for these new users. This comes in the form of specialized tech support and special interest forums. That's just where I see us going in the next year.

    --
    I do what the voices on my console tell me to do.
    1. Re:A good thing by Bruce+Perens · · Score: 2
      Thanks! In this case I'm the author of an editorial rather than a regular contributor to the site. Their policies seem pretty good, though, and I think the site will be an asset to Linux.

      Thanks

      Bruce

      --
      Bruce Perens.
  6. Of Course.... by keepper · · Score: 1

    Hate to be the devils advocate....
    But the reason it has it's own section is because of all the linux related bugs that pop up on
    bugtraq. Before i get flamed, just subscribe to Bugtrag and you will see am not lying

    Most Linux distributions, specially redhat, ship such a patch job of a distribution, it's quite
    Pathetic
    Why they choose not to follow the approach that has made the BSD's less bug prone, it's beyond me
    I still Eric think Raymond was wrong about a Bazzar versus cathedral dev model
    The cathedral model does not make software bug prone, closed source dev does

    well, until so, i will continue to laugh at the gnu su man page... and will continue to Use FreeBSD


    FreeBSD.... The Choice of those who know how to choose ;)

    1. Re:Of Course.... by keepper · · Score: 1

      Yeah, that's why i log in , unlike you.
      Suuure... go back to your cave boy

    2. Re:Of Course.... by keepper · · Score: 1

      Left in the dust to what.....
      ?
      HEH

    3. Re:Of Course.... by ostiguy · · Score: 2

      I am a BSD user (Open on my firewall, Free on my laptop), but I think someone ought to note that just today there was a FreeBSD ports exploit on bugtraq. Sure, a user may or may not have elected to install that port, but nonetheless, drop the holier that thou attitude and help others out on security issues.

      Christ, if we spent as much time worrying about security as we did about OS holy wars, we'd be soooooo much better off.

      matt

  7. Re:The secret of life by br4dh4x0r · · Score: 1

    I'd like to point out that the correct sequence is:

    Up, Up, Down, Down, Left, Right, Left, Right, B, A, B, A, Start.

    Hit select between the last A and Start if you want to use the Konami Code for a 2 player game.

    Amateur.

    love,
    br4dh4x0r

  8. Font Size Hurts! by waldoj · · Score: 2

    OK, so I must be on a bitching bent today, but I've got to vent about this off-topic annoyance. (I'm posting at 1 instead of 2...that's an acknowledgement that I have a problem, at least, right?)

    SecurityFocus's Linux section has fonts that are so small as to be completely unreadable on my Mac. Worse yet, they defined these teeny (sub SIZE=1 in HTML) fonts using CSS. Fonts that are defined in CSS can't be changed via prefs in IE or NS, for no good reason.

    Now, I'm not some old fuddy-duddy. I like size 1 Georgia and Geneva just as much as the next guy, if not more so. I just wish people would look at their site in a few different browsers. I bet it's got really great info, too. I just can't see it!

    I'll go home and see how it looks in M14 on X; maybe it's a bit more legible. I certainly hope so.

    -Waldo

    1. Re:Font Size Hurts! by Another+MacHack · · Score: 1

      I had that trouble with mac IE4.x, but you might try iCab for the mac. IE5 is supposed to fix it too.

    2. Re:Font Size Hurts! by not+Bruce+Perens · · Score: 1

      Solaris on Sun, actually. But if knee-jerk reactions make you happy, go right ahead...

    3. Re:Font Size Hurts! by seppy · · Score: 1

      Go to preferences -> fonts and turn on use my default fonts, override dynamic fonts. You are right, that hurt like a sonovabitch viewing with my intel linux box. And I've even gone through and done the X fonts deuglification and I recommend anyone who hasn't already to do so to by viewing http://www.linuxdoc.org and finding the appropriate HOWTO, or MINI-HOWTO I forget which.

      --

      Brian Seppanen

      Minister of Information and Propaganda
      Area 54 The Secret Government Disco Labs Provo

    4. Re:Font Size Hurts! by pivo · · Score: 1

      Knee-jerk reactions are the only reasonable reactions to jerks like yourself.

    5. Re:Font Size Hurts! by not+Bruce+Perens · · Score: 1

      Clever twist of phrase. Pick it out yourself?
      Wonderful. My moment of mirth has marked me like a Paris fire hydrant, marked me for the warm, wet ire of Apple fans.
      Away with you, away...

    6. Re:Font Size Hurts! by artg · · Score: 1

      Wish they'd ditch the frames, too - Half the screen lost to toolbars and title doesn't leave much room for readable text.

  9. Viruses by chazR · · Score: 3

    Bruce Perens' comment about viruses -"no doubt Linux is in for some viruses and security problems." - willprobably bring hoots of derision from the underinformed.

    Linux has at least two major vulnerabilities to viruses. The first doesn't affect Linux directly, but is still embarrasing. If you run Linux as a file server for Win32 machines, and a (usually macro) virus gets a decent foothold in the network, you rely on the Win32 virus checkers to fix it. But they can't (easily) clean it from the file server. The Linux boxes can quite happily continue serving infected files to clean Win32 boxes. Whoops. I believe that we need a native Linux virus checker built as close to the file system as you dare.

    The other problem is with binary-only kernel modules that allow connections from userland. Another post today about 'run anywhere' device drivers has exactly this architecture. Unless the supplier of the binary has done a *perfect* security job, there is a possibility that a virus-writer could exploit the binary module to do almost anything to the kernel.

    The main protection that Linux has had so far from viruses is the culture of Unix. A Unix programmer good enough to write a virus would spend their time doing something useful. This will change. If even a tiny proportion of the trolls/mp3 warez lusers on this board learn some programming, we could all be in for a difficult time.

    Share and Enjoy.

    1. Re:Viruses by randombit · · Score: 1

      The first doesn't affect Linux directly, but is still embarrasing. If you run Linux as a file server for Win32 machines, and a (usually macro) virus gets a decent foothold in the network, you rely on the Win32 virus checkers to fix it. But they can't (easily) clean it from the file server. The Linux boxes can quite happily continue serving infected files to clean Win32 boxes.

      I'd agree with you that it's embarrasing, but it should be embarrasing to a large company that shall remain nameless that decided putting a full programming language into their document format was a good idea, not to any Linux user or vendor. But your idea seems reasonable - maybe some sort of plugin for Samba (I'm not sure if the architecture exists for something like that in Samba tho). I certainly wouldn't build it into the filesystem or the kernel, that's just nuts. Especially as something like that is bound to be a proprietary product.

      The other problem is with binary-only kernel modules that allow connections from userland.

      Good thing binary-only drivers are generally not used.

      If even a tiny proportion of the trolls/mp3 warez lusers on this board learn some programming, we could all be in for a difficult time.

      I'm really not that concerned. I won't bother with the usual arguments about users and permissions, the fact that a virus must exploit a root-shell getting vulnerability in order to do it's thing right, etc, as I'm sure you heard them before. And there is a fairly fast upgrade cycle among most OSS using people (ie, upgrade to the newest RH every 6 months, whatever). So there is a fairly limited window in order to get infected and spread it to others. Also most software comes from a few places (Distro FTP sites, rufus, metalab, tsx-11, etc), rather than (like the doze world) warez getting passed around on CD-Rs and suchlike.

    2. Re:Viruses by prizog · · Score: 2

      >>If even a tiny proportion of the trolls/mp3 warez lusers on this board learn some programming, we could all be in for a difficult time. <<

      Wow! That's pretty offensive - lumping everyone who does or advocates anything illegal or stupid into one big fat label. I am not a troll, although I have been called one (stupid moderators have no sense of humor :). I am not a luser. I do not need any illegally shared software. But I do have a good number of mp3s - whenever I buy a new CD, I make mp3s of it. To imply my willingness to share them has something to do with my desire write something that will fuck up your system, is offensive in the extreme.

      For the record, RMS has stated that he shares his music - are you going to accuse him of being a virus author?

      Fucknut.

      --
      Become a FSF associate member before the low #s are used
    3. Re:Viruses by prizog · · Score: 1

      Wow, advocating against stereotyping earns me a flamebait? The only possible flamebait thing about that was the one line at the end, and I stand by that. The commen which I responded to was a highly moderated load prejudiced crap. I don't think that arguing against stereotyping deserves this.

      --
      Become a FSF associate member before the low #s are used
    4. Re:Viruses by Roundeye · · Score: 3
      Linux has at least two major vulnerabilities to viruses. The first doesn't affect Linux directly, but is still embarrasing. If you run Linux as a file server for Win32 machines, and a (usually macro) virus gets a decent foothold in the network, you rely on the Win32 virus checkers to fix it. But they can't (easily) clean it from the file server. The Linux boxes can quite happily continue serving infected files to clean Win32 boxes. Whoops. I believe that we need a native Linux virus checker built as close to the file system as you dare.

      Maybe I'm misunderstanding you, but when I use Linux as a file server (Samba), and there is a virus which has infected files being served from the fileserver, I launch a scanner on the Windoze client's mounted network drive and it detects, cleans, disinfects just as if the drive were a Windoze drive. Windoze thinks the Linux share is a Windows network drive, scanner (Norton, NA, etc.) is perfectly willing to scan it, and viruses are detected and removed.

      Of course the client doing the scanning has to have sufficient privilege to do the scanning and disinfecting, but I consider this a feature above and beyond what is allowed by NT. On my shares I generally use Linux file permissions to lock down binaries, so the luser who can munge his own files to his heart's content can read and run shared .exe's, but not write to them, even on the same share.

      --
      "Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
    5. Re:Viruses by IntlHarvester · · Score: 1

      Win32 server virus scanners run a service that scan files as they are written to disk.

      I've heard that such products exist for Linux, but I can't name one off the top of my head.
      --

      --
      Business. Numbers. Money. People. Computer World.
    6. Re:Viruses by powerlord · · Score: 1
      For the record, RMS has stated that he shares his music - are you going to accuse him of being a virus author?

      Actually, considering the effects of the GNU GPL and some people feelings that its 'viral' in nature, accusing him of being a virus author isn't exactly far fetched.

      :)

      --
      This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  10. security focus banner ads by mattc · · Score: 1
    That quarter-page banner ad frame sure is annoying! It's like peeking through a keyhole to read an article.

    I understand and appreciate the fact that banner ads allow a web site to stay in business, but having banner ads that can't be scrolled out of sight is extremely tasteless.

    1. Re:security focus banner ads by Anonymous Coward · · Score: 1

      Time to add some config options to Mozilla:

      [X] Disable animated GIFs
      [X] Disable auto-refresh

  11. Re:easy *install* for Linux by not+Bruce+Perens · · Score: 1

    Video? Bleech! I don't want to download for six hours (and that's on a cable modem :) to see some tech support person (or worse, Eric Raymond or one of the egocentric /. maintenance types) give me bad advice.

    I'd much rather wait 10 seconds for a web page with inline screenshots. Same content, much faster, no looking at ESR. Better, no?

  12. Macromedia Linux Support by talonyx · · Score: 2
    They support linux to some extent... the Flash plugin (and Shockwave too, I think) are available from their website.

    I use the Linux version of the flash player all the time because my job requires me to view Flash animations.

    I don't know if they plan on making a Linux version of the Flash creator, or any other apps, but we may see something like that in the future.

    1. Re:Macromedia Linux Support by JonK · · Score: 1

      Well, Macromedia have released the Flash File Format SDK: now it's up to the Open Source advocates to build the authoring tool...
      --
      Cheers

      --
      Cheers

      Jon
  13. Re:The secret of life by not+Bruce+Perens · · Score: 1

    Someone playing archaic video games. Loser.

  14. Security: It's the admin, stupid! by Spamizbad · · Score: 2

    If your box is patched for all publicly known exploits, and security holes, that means very little. There are A LOT of "underground" Security exploits crackers use. This is for ALL operating systems, not just Linux and NT. Another problem that plagues linux is lazy admins. Most Linux users aren't willing to take 15 minutes out of there days time and remove those unneeded services out of inetd.conf, and their rc scripts. The same thing goes with admins. The Linux community has its own little "MCSE" type thing going. "Oh, I can install Linux so I guess im qualified to admin a 4 node Xeon Web/SQL server cluster". Or they say "I've been using Linux for 3 years, I'm experencied". When allthough they may know the Linux ins and outs well. They know JACK about security. Linux community needs to crack down hard on security (excuse the pun). Quite a few people poke fun at NT but I say Linux and NT are equal, atleast NT admins have enough common sense NOT TO RUN WEB, DNS, FTP, SMTP, IMAP, TELNET, SUN*, ETC ETC ON A BOX THAT IS ONLY FUNCTIONING AS AN INTERNET GATEWAY! And as far as *BSD users go. There is quite a knowledge base with them, BUT you have to beat it out of them. I find it very hard to talk with BSD users about security, they don't have that "share of ideas" the Linux community has. So common, secure up those boxen! :)

    1. Re:Security: It's the admin, stupid! by platypus · · Score: 1

      ...atleast NT admins have enough common sense NOT TO RUN WEB, DNS, FTP, SMTP, IMAP, TELNET, SUN*, ETC ETC ON A BOX THAT IS ONLY FUNCTIONING AS AN INTERNET GATEWAY!
      This ones easy.

      There ain't simply no hardware which could stand such a loaded NT, that's the reason why it doesn't happen.

      SCNR, ;-)

    2. Re:Security: It's the admin, stupid! by Anonymous Coward · · Score: 1

      If BSD user's don't talk about security, then how do you explain the existence of OpenBSD? I don't think it just magically appeared one day...

    3. Re:Security: It's the admin, stupid! by Knightmare · · Score: 1

      I don't know where you live but around here I have not yet met a linux sysadmin that is stupid enough to leave all those services running... You can't blame an OS for its users being stupid. If an OS comes with alot of services running and the sysadmin in charge of the system isn't smart enough to set the system up right you can't blame the OS... blame the sysadmin. There is no excuse no matter what OS for a firewall to be setup like you just described it.

    4. Re:Security: It's the admin, stupid! by binner · · Score: 1

      Just a note to /.ers reading this thread: If you truly are interested in securing your linux box (or getting a grasp on security fundamentals in linux anyway), I recommend 'Maximum Linux Security'. It covers everything that you need to get a jump on security. I got my copy at the Library of Computer and Information Services online bookclub. It is definitely worth every penny!

      Cheers.

      -binner

      --
      Say what you mean, mean what you say! But please know what #$@% you are talking about!
  15. Mandrake 7.0 by sdriver · · Score: 3

    For those who are very concerned with Security you should take a look at Mandrake. Depending on the "type" of install you do you can have up to 5 different security levels. The worst being "Welcome crackers" to the top "Paranoid". The Paranoid level is so paranoid that each part of the server is broken into groups and required specific access grants (via users being part of multable groups)for almost everything.. ie cdrom/floppy/sound/different exaeute permisions (/bin /sbin /usr/bin /usr/sbin etc), X, telnet ftp etc... and services are secured very nicly. But what really takes the cake is the logging. Just sitting on IRC I was able to watch my system be scanned, atempted ftp/telnet/ssh etc... Anyway there is alot involved in what Mandrake does for security and I couldn't even begin to give them a "good plug" for ther product... try it for yourself! :)

  16. It's good that we have options by cerulean · · Score: 1
    I agree, I think-- the more ways out there for people to become security conscious the better.

    As someone without the most experience, I like knowing that I have a range of choices when it comes to security. If I want to be paranoid, I can use OpenBSD, and learn to set up the extra stuff I want. If I want to have more fun, I can use linux and learn to turn off the junk I don't wank. And if I just want to screw around and put up with the occasional crash, I can use Windows, and avoid doing anything patently stupid.

    Hopefully though, security will start to become the default in more places than OpenBSD. It will be interesting to see what happens with respect to computer security over the next few years; as more people get connected to broadband and the net in general, will a similar increase in compromised systems force people to worry about it more? or will the level of computerized mischief remain low enough that only the semi-paranoid put security as their first design priority?

    --
    -------------------- the list is long. dirac angestung gesept
  17. Re:The secret of life by Spy · · Score: 1

    Games like Contra, Life Force, Super C... and you call him a loser?!?! Sombody needs to pick up a controller and re-discover what it is truly all about.

  18. securityfocus site - more content, less html fluff by poopie · · Score: 4

    every time I visit this site, I swear to never return.

    Their site has so much unnecessary formatting and takes so long to load. Obviously they're not interested in attracting unix sysadmins, or mobile users using a mobile browser.

    I recommend http://packetstorm.securify.com - they still have a medium amt. of html fluff, but at least it works in lynx.

  19. Securityfocus Banner Ads - HowTo by fsck · · Score: 3

    1) Go to securityfocus.com.. go make dinner and watch a sitcom, this fucker takes forever to load up with its dancing refreshing ads.
    2) Find the shit you actually want to look at and right click, Open frame in a new window.
    3) Close original Netscape thus killing the three ring circus that is securityfocus.com, denying them the ability to spam your brain to death with thier useless drivel. Assuming that closing Netscape didn't cause Netscape to bus error and close all Netscape windows, you can read what you want in peace. This works well with the bugtraq archive.

    Whoever designed that site is a raging alcoholic, I think.

    --

    Lars - ...I could always phone Linus when I had a problem.
  20. How to tell if you're running a vulnerable BIND by Admiral+Burrito · · Score: 3

    Check your named directory and see if there is a subdirectory named "ADMROCKS". If it's there then you are running a vulnerable BIND and have been owned. If it's not there then you are probably safe.

    Really. It's that bad.

    (If you don't know, "ADMROCKS" is the footprint left by a popular BIND exploit.)

  21. Re:The secret of life by b0sst0ne · · Score: 1

    heh... I stand corrected... however, we used select since the dorm chums were helping us save the Earth :) That and Baseball Simulator 2.000

  22. Re:The secret of life by not+Bruce+Perens · · Score: 1

    Yawn. Give me Quake anyday. But to discover "what it is truly all about", I usually turn off the monitor and go outside.

  23. Re:easy *install* for Linux by nconway · · Score: 2
    He means the Shockwave (Flash?) web movies that come bundled with many Macromedia products, including Dreamweaver and Flash.

    There is text, and when you click the 'start' button, the cursur on the screenshot does something, and you see what happens - i.e. if it is a documentation page on writing 'helloworld.c', it would show the user opening the IDE, starting a project / loading a file / whatever, typing in the code, going to the 'compile' IDE option, and executing the executable (for arguments sake, of course).

    It's a pretty good idea for certain applications. For 99% of traditional UNIX stuff, it's dumb (err, how is that useful if I want to configure Apache?). But for stuff like GUI design tools (the GIMP, video editors, etc), it could be pretty neat (for newbies at least).

    Macromedia bundles the movies with the product (as a direct part of the documentation), so you don't have to download them.

  24. securityfocus == bugtraq by walmass · · Score: 2
    Cool stuff, course most of us just stick to bugtraq anyway ;)

    Hmm. Did you know that bugtraq has been part of securityfocus.com for a while now? Or were you just trying to be buzzward compliant?

  25. Re:Viruses (and why they will come in time) by JayBonci · · Score: 2

    Linux has not yet met the "seedy" software market, and has not yet done anything to expose itself to viruses. This will come when Linux finally accepts the inevitability of large scale closed source software on their machines. The linux community will eventually have to unravel into a user base if it is to be successful.

    Well there are two debates in that last statement, and ill get to them both.

    First. Linux has to accept Closed Source for this to happen. There is going to be no way that applications are going to make it to the penguin without this.. and when they do.. there are going to be the people who are going to not want to pay for them.
    Boom.. viruses will come that way

    Second, the linux community is a fairly clean one, with people out there to help and promote the OS. Windows, is just a bunch of people using the easiest software. What if linux overthrows Windows? Its gonna trade places. Malicious code is going to go from the hands of the bored to the machines of the unwitting. RIght now the community is actively involved with the good of the community, and there are very few people "forced" into using the software.

    It will come with the degradation of the user base, if linux gets to that point. Linux cant sell without marketing to the masses.. the same masses that will bring troubles to this group.

    It almost seems like linux does better with MS around... food for thought

    --jay

  26. SecurityFocus: Security Audit for Linux by Taco+Cowboy · · Score: 1



    I think Linux is due for an official, top to bottom security audit.

    Do you think so?

    --
    Muchas Gracias, Señor Edward Snowden !
  27. Re:easy instal for Linux (not feasible) by JayBonci · · Score: 1

    How feasible is that? Everyone does something different with their systems... some people are huge fans of shell scripts.. are you going to write them in perl, or python? Do you want to script? Do you want to re-code your daemons? How do you want to use your groups? Tuning X anyone *shudder* Not something that is particularly the easiest thing to explain to anyone

    Linux is too diverse for even an interactive tutorial to truely give it justice. And it would be difficult with all the distros in mind.

    Besides how marketable is that. Linux right now is only used by those in the know. And they all like "man" better anyway....

    --jay

  28. PAM is your firend! (was Re:Of Course....) by eddieb · · Score: 2

    > well, until so, i will continue to laugh at the gnu su man page...

    Just patch su with to support PAM, add the apporpriate line to the /etc/pan.d/su file
    and presto! Wheel support!

    Some distros (RedHat, Debian) have PAM support compiled in but you still have to edit your PAM config files.

  29. How to make SecurityFocus the least bit usable? by whuppy · · Score: 1

    Argh! I can't even get the page to load, let alone get to a point where "Open in new window" will work!

    Of all people, SecurityFocus should understand that there is no way I'm turning off my Proxomitron to look at their site.

    I can't even read it with Lynx! After about a minute of waiting for a reply, I get an "unexpected network read error", and Lynx exits! Who ever heard of a web site crashing Lynx, for Bob's sake?!? Double and triple argh!!!

    Seriously: Any and all suggestions appreciated. I want to be able to read SecurityFocus, is that so wrong?

    (Does anybody else think that SecurityFocus might just be a huge honeypot infected with all sorts of browser vulnerability exploits? Naah, me neither.)

    --
    whuppy enjoys smelling like diesel fuel