I think the fact that the Sendmail server was broken into and serving trojaned copies of the source certainly does reflect badly on Sendmail's security. If they can't secure their distribution machine, how well can they code umpteen years of crappy code?
Of course, in spite of the OpenSSH bugs, I'd use them any day before the ssh.com code.
I got both Hacking Linux Exposed 2nd edition and Real world Linux Security 2nd Edition this year, and hacking Linux Exposed is infinitely better. Most of the new things in RWLS seem to be to make it as good as HEL 1st edition, but they fail to live up. If you want to read good case studies about linux, the ones in HLE are great command-line stuff. THe ones in RWLS are ages old - -the coocoo's egg stuff isa great story, but the guy who was there wrote all about it in much better style than RWLS can do.
WHat I noticed about the new editions of both books is that HLE took out stuff that's no longer relevant and/or put it online instead, while RWLS just added (often repetitive) stuff. You get a much better bang for your buck with hacking linux.
Also, hacking linux is donating any money they make from sales to the EFF. See their site for more info.
Slashdot Mirror
into and serving trojaned copies of the source
certainly does reflect badly on Sendmail's security.
If they can't secure their distribution machine,
how well can they code umpteen years of crappy code?
Of course, in spite of the OpenSSH bugs, I'd use them any day before the ssh.com code.
WHat I noticed about the new editions of both books is that HLE took out stuff that's no longer relevant and/or put it online instead, while RWLS just added (often repetitive) stuff. You get a much better bang for your buck with hacking linux.
Also, hacking linux is donating any money they make from sales to the EFF. See their site for more info.