|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 08 Feb 2001 18:31:43
To : All
Subject : URL: http://lwn.net/2001/0208/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Linux History
[11]Letters
[12]All in one big page
See also: [13]last week's Security page.
Security FAQs
[14]SuSE
[15]Linux Security HOWTO
Security
News and Editorials
Privacy issues with HTML-based email. The Privacy Foundation has
issued [16]an advisory regarding potential security problems with
HTML-based email containing Javascript code. When read by mail clients
such as Netscape 6, Outlook or Outlook Express, javascript code
included in a message can be used to silently report back to the
original sender information such as to whom the message is forwarded
or what additions are made to a forwarded message, potentially
revealing sensitive information.
[17]This message from the politechbot.com mailing list provides a good
summary of the issues involved, as well as links crediting the source
of the security report. They sum it up pretty well, "Friends don't
send friends HTML email".
Note that not all HTML mail readers are affected. Some turn off
Javascript by default while others automatically strip Javascript from
messages before displaying them. Now is a good time to determine how
your mail client handles such messages.
ISC to close access to Bind security info?. Last week's reported
security vulnerabilities in both bind 4 and bind 8 were followed this
week by plans from ISC (the company who has been developing bind 9) to
create a new "bind-members" forum for the discussion and dissemination
of security information related to bind. Membership in this forum
would be strictly limited, a nondisclosure agreement would be
required, and a fee would be charged. Theo de Raadt forwarded (to
Bugtraq) a copy of [18]an email message from Paul Vixie at ISC that
discusses the proposal. As you might expect, a large amount of furor
and discussion resulted.
Kurt Seifreid at SecurityPortal.com followed up on this issue with ISC
and others. [19]His article includes a brief email interview with Paul
Vixie, who commented:
An important point to make, if you're going to write about this, is
that nothing ISC has historically done will stop. The code is still
completely redistributable under the Berkeley-style license (which,
unlike the GPL, allows vendors to distribute binaries based on
modified sources without sharing those source modifications with
ISC or anybody else). CERT will still be ISC's channel for
announcing security bugs to the community. Patches will still be
accepted from the community, and published to the community. The
ONLY thing bind-members will do is ADD SOMETHING NEW.
The commentary in the article from Linux-Mandrake, Immunix OS, and
others, though, is still uniformly negative towards this move.
From our perspective, though we sympathize with ISC's need to develop
a revenue stream based on this Open Source product, their suggested
model strongly resembles the X Consortium model (which Paul Vixie
references). We consider that a failed model. In spite of the
inclusion of non-profit members without a fee, the X Consortium
eventually bogged down in corporate politics, failing to deliver
quality development upgrades and leaving a vacuum that the XFree86
group has happily stepped in to fill. In a similar manner, the
bind-members group could result in timely information about potential
security problems not getting out, or one vendor's fixes being delayed
because fixes from other vendors were not yet available. Given the
wide-spread use of bind across the Internet, this is a cause for much
concern.
If ISC is, indeed, planning on offering services to vendors that are
in addition to what it already offers on public mailing lists, they
should certainly be able to require a fee for that service. However,
the need for a non-disclosure agreement along with that fee has not
been demonstrated.
For more coverage on this issue, check out our editorial on this
week's [20]front page.
NSA attempting to design crack-proof computer (ZDNet). ZDNet looks at
how VMWare and the National Security Agency have [21]teamed up to make
a more secure PC. "Called "NetTop," VMware's answer would turn each
computer into a number of virtual PCs running on a Linux computer that
would sit on each worker's desk. The security system would erect
supposedly impenetrable, but virtual, walls between public data and
more sensitive information on the same computer. "
Note that VMWare on Linux was considered an avenue for this
development while VMWare on Windows NT, etc., was not. Why? Because
Linux provides the source code and Windows does not. NSA understands
that they need the source code to be available to build a trusted
system.
NSA is therefore making a strong stand in support of Open Source, but
not necessarily in support of Free Software. The article also
discusses their plans to use commercial off-the-shelf software.
Hopefully, closed source proprietary software will not be used while
manipulating secure data ... otherwise, their exclusion of Microsoft's
operating system will be meaningless. (Thanks to Richard Storey)
Security of the WEP algorithm. Nikita Borisov, Ian Goldberg, and David
Wagner have posted a [22]whitepaper describing vulnerabilities they
see in the Wired Equivalent Privacy (WEP) algorithm, part of the
802.11 standard. The potential for passive and active attacks to
decrypt traffic are described, as well as one to inject new traffic.
"Our analysis suggests that all of these attacks are practical to
mount using only inexpensive off-the-shelf equipment. We recommend
that anyone using an 802.11 wireless network not rely on WEP for
security, and employ other security measures to protect their wireless
network."
Security Reports
SSH1 brute force password vulnerability. A [23]potential vulnerability
in SSH1 was reported this week involving the ability to brute force
passwords due to the manner in which failed passwords are logged. A
patch against ssh-1.2.30 is provided.
SSH protocol 1.5 key session recovery vulnerability. A second SSH
problem was reported this week, this time with the SSH protocol 1.5.
[24]This advisory describes the vulnerability, which can allow the
session key for an exchange to be captured and then used to decrypt
session packets. ssh-1 "up to" ssh-1.2.31 is reportedly vulnerable,
presumably meaning that ssh-1.2.31 is also affected. ssh-2.4.0 and
later is not impacted because the server key is regenerated for every
connection. SSH.com deprecates the use of SSH1.
OpenSSH "up to" 2.3.0 is also vulnerable. A patch has been introduced
into the OpenSSH source tree. Updated versions of OpenSSH and portable
OpenSSH (for non-OpenBSD systems) have not yet been announced;
presumably they'll be made available soon.
Linux kernel 2.4.1 denial-of-service vulnerability. A
[25]denial-of-service vulnerability has been reported in the Linux
2.4.1 kernel code. A patch for the problem is available and will be
merged into the next prepatch for Linux 2.4.2. Distribution updates
for the problem are unlikely to be seen, since most distributions have
not yet begun shipping the new stable kernel series.
XEmacs/gnuserv execution of arbitrary code. gnuserv is a client/server
package included with XEmacs, but also available as a standalone
package. Via gnuserv's support for MIT-MAGIC-COOKIE authentication, it
can be exploited remotely to execute arbitrary code. gnuserv 3.12.1
resolves the problem and is included with XEmacs 21.1.14. Check
BugTraq ID [26]2333 for more details.
* [27]Linux-Mandrake
* [28]Red Hat
* [29]Red Hat Powertools
CUPS denial-of-service vulnerability. This is the second time we've
seen reports of security problems in CUPS which appear to originate
from Linux-Mandrake (e.g., no previous reports were seen on BugTraq or
elsewhere). This time, a denial-of-service problem was reported that
can be triggered via an extra-long input line. In addition, however,
the Linux-Mandrake update apparently also includes other
security-auditing steps, such as the replacement of sprintf calls with
snprintf, strcpy with strncpy, etc., to better protect against other
potential buffer overflows.
* [30]Linux-Mandrake
* [31]Linux-Mandrake, problems with packages shipped with their
first update.
man -l format string vulnerability. A [32]format string vulnerability
in the man command was reported in its processing of the "-l" command
line option. Note that not all versions of man provide the "-l"
option. Only Debian and SuSE are reported to be affected, with varying
results, due to varying permissions on the man binary. SuSE has
confirmed the problem and promised an update soon. A bug report has
been filed with Debian.
Multiple vulnerabilities in ProFTPD. Three vulnerabilities in ProFTPD
have been reported to BugTraq in the past month, according to [33]this
advisory from the ProFTPD development team. The vulnerabilities
include a size memory leak, a USER memory link and format string
vulnerabilities (links to the original reports are provided through
the advisory). ProFTPD 1.2.0rc3 has now been released with fixes for
all the above problems.
* [34]Cobalt, unofficial package updates
Sporadic reports of nmap crashing bind 9.1.0. Reports have been posted
to BugTraq describing reproducible crashes of bind 9.1.0 caused by
nmap. On the other hand, each of those reports has been followed by
anecdotal evidence that 9.1.0 does not crash on all platforms and
setups. So far, no one has pinpointed the cause of the crash in the
9.1.0 source code, so while there is a potential denial-of-service
problem, it has not yet been confirmed.
Infobot perl-based IRC bot remote execution of arbitrary command. A
security problem has been reported with the [35]Infobot perl-based IRC
bot which could be exploited to run arbitrary files under the IRC bot
user id. Disabling fortran math in the configuration file and
restarting is a workaround for the vulnerability. No patch or update
has been reported yet.
cgi-bin scripts.
The following cgi-bin scripts were reported to contain
vulnerabilities:
* [36]qDecoder, part of the CrazyWWWBoard web-based bulletin board
system, is reported to contain a remotely-exploitable buffer
overflow. A patch for the problem has been provided.
* [37]iWeb Hyperseek 2000 is reported to contain a directory
transversal vulnerability. No fixes have been posted as of yet.
* A directory transversal problem was also reported in the
[38]GGoAhead WebServer, primarily a Windows product, but also
available for Linux.
Commercial products.
The following commercial products were reported to contain
vulnerabilities:
* [39]ChiliSoft ASP for Linux and other operating systems is
reported to contain a problem with the inherited security mode, in
which the group value for virtual domains is not properly
inherited. ChiliSoft indicated that the problem should be fixed in
Chili!Soft ASP 3.6, due out this quarter.
* Two problems were reported in the Cisco Content Services (CSS)
Switches, including a [40]Denial-of-Service vulnerability and a
[41]directory transversal vulnerability. Upgrades to fix the
denial-of-service are available, but no solution to the directory
transversal problem has yet been seen.
Updates
Multiple vulnerabilities in bind 8.2.2 and bind 4. Check the
[42]February 1st LWN Security Summary for the initial reports. Bind
8.2.3 contains fixes for the problems with 8.2.2. Bind 4 fixes are
also available, but an upgrade to bind 8 or even bind 9 is generally
considered a preferable approach.
This week's updates:
* [43]LinuxPPC
* [44]FreeBSD
* [45]Cobalt bind 8.2.3 (for the RaQ2 only)
* [46]Cobalt bind 4 (for the Qube1, RaQ1 and Qube2)
Previous updates:
* [47]Caldera Systems (February 1st)
* [48]Conectiva (February 1st)
* [49]Debian (February 1st)
* [50]Linux-Mandrake (February 1st)
* [51]Immunix (February 1st)
* [52]Red Hat (February 1st)
* [53]Slackware (February 1st)
* [54]SuSE (February 1st)
* [55]Trustix (February 1st)
* [56]Yellow Dog Linux (February 1st)
MySQL buffer overflow.
Check the [57]January 25th LWN Security Summary or BugTraq ID [58]2262
for the original reports. This can be exploited remotely to gain
access to the system under the uid of the mysql server. MySQL 3.23.31
and earlier are affected. MySQL 3.23.32 fixes the problem.
This week's updates:
* [59]Linux-Mandrake, updated advisory
Previous reports:
* [60]Debian (January 25th)
* [61]Linux-Mandrake, including new PHP packages (January 25th)
* [62]Red Hat (January 25th)
* [63]Red Hat, new PHP packages (January 25th)
* [64]Conectiva (February 2nd)
* [65]FreeBSD (February 2nd)
kdesu password sniffing vulnerability. The KDE "kdesu" utility has a
vulnerability that can allow a local user to steal passwords; see the
[66]January 25 LWN Security Section for the initial report.
This week's updates:
* [67]Linux-Mandrake (February 2nd)
Previous updates:
* [68]Conectiva (February 2nd)
* [69]SuSE (February 2nd)
* [70]Caldera Systems (January 25th).
Multiple glibc vulnerabilities. Multiple glibc vulnerabilities have
been reported in recent weeks in glibc. Since glibc updates generally
address all the problems, rather than one specific problem, we are
combining the update report for them. For the original reports, check
the January 18th, 2001, LWN Security Report under the topics
"[71]glibc RESOLV_HOST_CONF preload vulnerability" and "[72]glibc
local write/ld.so.cache preload vulnerability".
This week's updates:
* [73]Conectiva
* [74]Immunix, updated packages (the originally released updates did
not fix the problem)
Previous updates:
* [75]Red Hat (January 18th)
* [76]Slackware (January 18th)
* [77]Debian, 2.2 not vulnerable, testing and devel trees are
(January 18th)
* [78]Red Hat (January 18th)
* [79]Immunix (January 25th)
* [80]Linux-Mandrake (January 25th)
* [81]Trustix (January 25th)
* [82]Caldera (February 2nd)
* [83]SuSE (February 2nd)
exmh symlink vulnerability.
Check the [84]January 18th LWN Security Summary for the initial
report.
This week's updates:
* [85]Linux-Mandrake (January 25th, but missed in previous reports)
Previous updates:
* [86]Debian (February 2nd)
* [87]FreeBSD (February 2nd)
Resources
William Stearns [88]announced the latest version of his [89]ramenfind
script, for detecting and removing the Ramen worm.
Osvaldo J. Filho posted a [90]small patch to syslog which will log
version requests for bind, helpful for noticing probes for the latest
bind vulnerabilities.
Events
Upcoming security events.
Date Event Location
February 13-15, 2001. [91]PKC 2001 Cheju Island, Korea.
February 19-22, 2001. [92]Financial Cryptography 2001 Grand Cayman,
BWI.
February 19-22, 2001. [93]VPN Con San Jose, CA, USA.
February 24-March 1, 2001. [94]InfoSec World 2001 Orlando, FL, USA.
March 3-6, 2001. [95]EICAR and Anti-Malware Conference Munich,
Germany.
March 27-28, 2001. [96]eSecurity Boston, MA, USA.
March 30-April 1, 2001. [97]@LANta.CON Doraville, GA, USA.
April 6-8, 2001. [98]Rubi Con 2001 Detroit, MI, USA.
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [99]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [100]lwn@lwn.net.
Section Editor: [101]Liz Coolbaugh
February 8, 2001
[102]Click Here
Secure Linux Projects [103]Bastille Linux
[104]Immunix
[105]Nexus
[106]SLinux [107]NSA Security-Enhanced
[108]Trustix
Security List Archives
[109]Bugtraq Archive
[110]Firewall Wizards Archive
[111]ISN Archive
Distribution-specific links
[112]Caldera Advisories
[113]Conectiva Updates
[114]Debian Alerts
[115]Kondara Advisories
[116]Esware Alerts
[117]LinuxPPC Security Updates
[118]Mandrake Updates
[119]Red Hat Errata
[120]SuSE Announcements
[121]Yellow Dog Errata
BSD-specific links
[122]BSDi
[123]FreeBSD
[124]NetBSD
[125]OpenBSD
Security mailing lists [126]Caldera
[127]Cobalt
[128]Conectiva
[129]Debian
[130]Esware
[131]FreeBSD
[132]Kondara
[133]LASER5
[134]Linux From Scratch
[135]Linux-Mandrake
[136]NetBSD
[137]OpenBSD
[138]Red Hat
[139]Slackware
[140]Stampede
[141]SuSE
[142]Trustix
[143]turboLinux
[144]Yellow Dog
Security Software Archives
[145]munitions
[146]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[147]CERT
[148]CIAC
[149]Comp Sec News Daily
[150]Crypto-GRAM
[151]LinuxLock.org
[152]Linux Security Audit Project
[153]LinuxSecurity.com
[154]OpenSSH
[155]OpenSEC
[156]Security Focus
[157]SecurityPortal
[158]Next: Kernel
[159]Eklektix, Inc. Linux powered! Copyright Л 2001 [160]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0208/
4. http://lwn.net/2001/0208/kernel.php3
5. http://lwn.net/2001/0208/dists.php3
6. http://lwn.net/2001/0208/devel.php3
7. http://lwn.net/2001/0208/commerce.php3
8. http://lwn.net/2001/0208/press.php3
9. http://lwn.net/2001/0208/announce.php3
10. http://lwn.net/2001/0208/history.php3
11. http://lwn.net/2001/0208/letters.php3
12. http://lwn.net/2001/0208/bigpage.php3
13. http://lwn.net/2001/0201/security.php3
14. http://www.susesecurity.com/faq/
15. http://www.linuxdoc.org/HOWTO/Security-HOWTO.html
16. http://www.privacyfoundation.org/advisories/advemailwiretap.html
17. http://lwn.net/2001/0208/a/htmlprivacy.php3
18. http://lwn.net/2001/0208/a/bind-closure.php3
19. http://www.securityportal.com/articles/chargingforsecurity20010201.html
20. http://lwn.net/2001/0208//index.php3
21. http://www.zdnet.com/zdnn/stories/news/0,4586,2681205,00.html
22. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
23. http://lwn.net/2001/0208/a/ssh1logging.php3
24. http://lwn.net/2001/0208/a/sshprotocol1.5.php3
25. http://lwn.net/2001/0208/kernel.php3#DatagramBug
26. http://www.securityfocus.com/bid/2333
27. http://lwn.net/2001/0208/a/lm-xemacs.php3
28. http://lwn.net/2001/0208/a/rh-xemacs.php3
29. http://lwn.net/2001/0208/a/rhp-xemacs.php3
30. http://lwn.net/2001/0208/a/lm-cups.php3
31. http://lwn.net/2001/0208/a/lm-cups-update.php3
32. http://www.securityfocus.com/bid/2327
33. http://lwn.net/2001/0208/a/sec-proftpd.php3
34. http://lwn.net/2001/0208/a/cb-proftpd.php3
35. http://lwn.net/2001/0208/a/sec-infobot.php3
36. http://www.securityfocus.com/bid/2329
37. http://www.securityfocus.com/bid/2314
38. http://www.securityfocus.com/bid/2334
39. http://lwn.net/2001/0208/a/sec-chilisoft.php3
40. http://www.securityfocus.com/bid/2330
41. http://www.securityfocus.com/bid/2331
42. http://lwn.net/2001/0201/security.php3
43. http://linuxppc.org/security/advisories/LPPCSA-2001-003-1.php3
44. http://lwn.net/2001/0208/a/fb-bind-01-18.php3
45. http://lwn.net/2001/0208/a/cbraq-bind.php3
46. http://lwn.net/2001/0208/a/cbqube-bind.php3
47. http://lwn.net/2001/0201/a/cald-bind.php3
48. http://lwn.net/2001/0201/a/con-bind.php3
49. http://lwn.net/2001/0201/a/deb-bind.php3
50. http://lwn.net/2001/0201/a/lm-bind.php3
51. http://lwn.net/2001/0201/a/immunix-bind.php3
52. http://lwn.net/2001/0201/a/rh-bind.php3
53. http://lwn.net/2001/0201/a/sl-bind.php3
54. http://lwn.net/2001/0201/a/su-bind.php3
55. http://lwn.net/2001/0201/a/trustix-bind.php3
56. http://lwn.net/2001/0201/a/yd-bind.php3
57. http://lwn.net/2001/0125/security.php3#mysql
58. http://www.securityfocus.com/bid/2262
59. http://lwn.net/2001/0208/a/lm-2001-014-1.php3
60. http://lwn.net/2001/0125/a/deb-mysql.php3
61. http://lwn.net/2001/0125/a/lm-mysql.php3
62. http://lwn.net/2001/0125/a/rh-RHSA-2001-003-07.php3
63. http://lwn.net/2001/0125/a/HSA-2000-136-10.php3
64. http://lwn.net/2001/0201/a/con-CLA-2001-375.php3
65. http://lwn.net/2001/0201/a/fb-mysql.php3
66. http://lwn.net/2001/0125/security.php3#kdesu
67. http://lwn.net/2001/0208/a/lm-2001-018.php3
68. http://lwn.net/2001/0201/a/con-kdesu.php3
69. http://lwn.net/2001/0201/a/su-kdesu.php3
70. http://lwn.net/2001/0125/a/cal-CSSA-2001-005.0.php3
71. http://lwn.net/2001/0118/security.php3#glibc5
72. http://lwn.net/2001/0118/security.php3#glibc6
73. http://lwn.net/2001/0208/a/con-glibc.php3
74. http://lwn.net/2001/0208/a/im-glibc-2001-62-001-01.php3
75. http://lwn.net/2001/0118/a/rh-glibc-2001001-5.php3
76. http://lwn.net/2001/0118/a/slware-glibc-2001001-5.php3
77. http://www.debian.org/News/weekly/2001/3/mail#1
78. http://lwn.net/2001/0118/a/rh.2001-02-03.php3
79. http://lwn.net/2001/0125/a/im-2000-70-029-01.php3
80. http://lwn.net/2001/0125/a/lm-2001-012.php3
81. http://lwn.net/2001/0125/a/trustix-0122.php3
82. http://lwn.net/2001/0201/a/cal-CSSA-2001-007.0.php3
83. http://lwn.net/2001/0201/a/suse-SuSE-SA-2001-01.php3
84. http://lwn.net/2001/0118/security.php3#exmh
85. http://lwn.net/2001/0208/a/lm-2001-015.php3
86. http://lwn.net/2001/0201/a/deb-DSA-022-1.php3
87. http://lwn.net/2001/0201/a/fb-exmh.php3
88. http://lwn.net/2001/0208/a/ramenfindannounce.php3
89. http://lwn.net/2001/0208/a/ramenfind.v0.3
90. http://lwn.net/2001/0208/a/bindsyslog.php3
91. http://caislab.icu.ac.kr/pkc01/
92. http://fc01.ai/
93. http://www.vpncon.com/2001events/spring/spring2001index.htm
94. http://www.misti.com/conference_show.asp?id=OS01
95. http://conference.eicar.org/
96. http://www.intmedgrp.com/security/sec01bs/overview.html
97. http://www.atlantacon.org/
98. http://www.rubi-con.org/
99. http://securityfocus.com/calendar
100. mailto:lwn@lwn.net
101. mailto:lwn@lwn.net
102. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
103. http://bastille-linux.sourceforge.net/
104. http://www.immunix.org/
105. http://Nexus-Project.net/
106. http://www.slinux.org/
107. http://www.nsa.gov/selinux/
108. http://www.trustix.com/
109. http://www.securityfocus.com/bugtraq/archive/
110. http://www.nfr.net/firewall-wizards/
111. http://www.jammed.com/Lists/ISN/
112. http://www.calderasystems.com/support/security/
113. http://www.conectiva.com.br/atualizacoes/
114. http://www.debian.org/security/
115. http://www.kondara.org/errata/k12-security.html
116. http://www.esware.com/actualizaciones.html
117. http://linuxppc.org/security/advisories/
118. http://www.linux-mandrake.com/en/fupdates.php3
119. http://www.redhat.com/support/errata/index.html
120. http://www.suse.de/security/index.html
121. http://www.yellowdoglinux.com/resources/errata.shtml
122. http://www.BSDI.COM/services/support/patches/
123. http://www.freebsd.org/security/security.html
124. http://www.NetBSD.ORG/Security/
125. http://www.openbsd.org/security.html
126. http://www.calderasystems.com/support/forums/announce.html
127. http://www.cobalt.com/support/resources/usergroups.html
128. http://distro.conectiva.com.br/atualizacoes/
129. http://www.debian.org/MailingLists/subscribe
130. http://www.esware.com/lista_correo.html
131. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
132. http://www.kondara.org/mailinglist.html.en
133. http://l5web.laser5.co.jp/ml/ml.html
134. http://www.linuxfromscratch.org/services/mailinglistinfo.php
135. http://www.linux-mandrake.com/en/flists.php3
136. http://www.netbsd.org/MailingLists/
137. http://www.openbsd.org/mail.html
138. http://www.redhat.com/mailing-lists/
139. http://www.slackware.com/lists/
140. http://www.stampede.org/mailinglists.php3
141. http://www.suse.com/en/support/mailinglists/index.html
142. http://www.trustix.net/support/
143. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
144. http://lists.yellowdoglinux.com/ydl_updates.shtml
145. http://munitions.vipul.net/
146. http://www.zedz.net/
147. http://www.cert.org/nav/alerts.html
148. http://ciac.llnl.gov/ciac/
149. http://www.MountainWave.com/
150. http://www.counterpane.com/crypto-gram.html
151. http://linuxlock.org/
152. http://lsap.org/
153. http://linuxsecurity.com/
154. http://www.openssh.com/
155. http://www.opensec.net/
156. http://www.securityfocus.com/
157. http://www.securityportal.com/
158. http://lwn.net/2001/0208/kernel.php3
159. http://www.eklektix.com/
160. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0208/security.php3 |
Sergey Lentsov |
08 Feb 2001 18:31:43 |
|
|
