This may be of interest since many PPC systems are RedHat based. If you're on the net for extensive lengths of time, or running a server, there is a worm out there exploiting two well-known security flaws in applications set up during the default installation of Red Hat Linux software. It replaces your index.html files with a nice page saying "Hackers Looooooooove Noodles!"

Full story .

Note by AArthur: LinuxPPC nor YDL have wuftp in the default collections of packages (they instead include proftpd), so you shouldn't have to worry. Debian has wu-ftpd in it's archive, but it's highly recommended that you use proftp. In short, if you are on a PowerPC box, you don't have to worry -- unless you have purposely compiled an old version of wuftpd from source, or have installed extra non-offical packages.

LinuxJournal has an interesting article about , Microsoft and Linux. It discusses the similarities of the cars of the 1950s and 1960s, why safety became a issue in th 1970s and how glitz, not quality lead to the decline of the once great american auto industies.

Do you use yup or apt-get or something similar on the your PowerPC machine? All auto upgrading software has security issues, (including interviews from both the Debian and RedHat teams).

The May edition of the Crypto-Gram newsletter is . This month's edition addresses "Computer Security - Will We Ever Learn?", the ILOVEYOU virus, and many other security related topics.

posted a nice step-by-step on securing your home box from those script kiddies out there. I'm republishing it here with his permission. Some does not quite apply to PPC, but there is still a lot of good info.

Thanks Donald!

has written up several articles on buffer overflow exploits on the PowerPC. contains introductory info on buffer exploits and PowerPC assembly. takes a look at writing an exploit for PowerPC Linux. Finally, details some known PowerPC Linux and Mac OS X exploits.

This guide is out of date. Please see instead. Don't like ads? You can use to block those ads with a blank image, a broken image or a "Blocked by Junk Buster". One of the best features of this program is it is networkable, you can use it to proxy/filter out all of the ads from your network. It has many other security/privacy related features. Below is a introduction on Junkbuster.

Netscape has announced there is a bug in all versions of Navigator and Communicator up to the current 4.7x versions, but not Mozilla or the beta of Navigator 6.

The bug essentially allows an unsigned Java applet to run on your system, such as Brown Orifice, which makes all files available in your current directory. Blah blah blah... the temporary fix is disable Java until a fix is posted.

Story is

More information on

Several security holes were recently discovered. Currently Debian-PPC has updates to mailx and perl. apt-get update;apt-get upgrade should install these. Yellow Dog Linux also has updates to mailx, perl, and umb scheme. You can find these . No updates or patches for LinuxPPC or SuSE have yet been announced.

RootPrompt has an excellent , to secure down your machine. It assumes you are running Debian GNU/Linux and Linux 2.2, however most of the stuff applys for other distros and the newer Linux 2.4 kernel. It's certainly good advice for people to take a look at.

Summary: In this three-part series, you will learn to install and configure a Linux server and firewall. Part 1 covers the selection and installation of a secure Linux distribution. Part 2 will cover the reassignment of services provided by the old firewall that the authors replaced. And Part 3 covers the actual process of installing the firewall itself. This week, the authors detail the process of installing Trustix, a secured Linux distribution, onto their new firewall server. (2,500 words)

This article is part two of a three-part series on configuring a secured Linux firewall and server. In this installment we set up replacements on the new server -- wolf.example.com -- for the services which the former firewall and server -- plains.example.com -- provided. (As in our previous article, names and IP addresses have been changed to protect the innocent.)

Date: Thu, 8 Feb 2001 18:02:33 -0500
From: BindView Security Advisory advisory+ssh1crc@BOS.BINDVIEW.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: BindView advisory: sshd remote root (bug in deattack.c)

Remote vulnerability in SSH daemon crc32 compensation attack detector

Read more about it .
LinuxPPC has posted a update .

If you run Apache on your machine, you may have noticed some strange entries that look like 211.62.35.46 - - [02/Aug/2001:11:01:05 -0400] "GET /default.ida?NNN (part removed) 0078%u0000%u00=a HTTP/1.0" 400 252. These are caused by the Code Red worm looking to exploit a buffer overflow on Microsoft Windows NT boxes running the Microsoft Internet Information Service. They shouldn't pose any security risk to Apache users nor PowerPC Linux users, and the volume typically is low enough not use too many server resources (the IP addresses in 24.*.*.* and 6*.*.*.* range are getting hit hardest) -- most machines have gotten hit less then 100 times in the past 24 hours -- barely noticable.

There is a nice article on from last week that provides an introduction to network security. If you are new to Linux, and want to learn about network security, it is a good way to get started. You can find the article .

There is an on slashdot.org today that sums up several security exploits that currently exist under Linux. The root exploit can be fixed immediately without upgrading your kernel by running chmod 000 /usr/bin/newgrp as root on your system. I expect that there will be new vendor supplied kernels from YDL, MDK, SuSE, if not already. You can obtain the latest kernel source from as well as patches for 2.2.19. If you are running 2.4, you should probably to upgrade to 2.4.12. If you are running newer PPC hardware, you may want to use .

is among the most popular FTP servers you'll find for Linux and is the default FTP daemon installed by many distributions.

An important vulnerability can give any FTP user full access to the whole machine the daemon is hosted on. Additionally, a security warning had been issued too early, leaving many linux vendors without a security patch for their userbase, leaving thousands of servers unprotected.

If you run an FTP server using wu-ftpd, you should upgrade as soon as possible, patches by the major vendors are available by now.

"If the attack is coming from a single source or even a small number of sources, blocking those sources is a simple matter. However, stopping a DoS attack is not always simple. Often, it's quite the opposite, because in some types of attacks, spoofing or otherwise faking the source address is possible. In addition, the spoofed source address may be random. The end result is that traffic coming from a single attacking host appears to be coming from hundreds, thousands, even millions of different hosts. Blocking these individual random spoofed hosts is futile since the attack will continue using other spoofed source addresses. "

Read this to learn how to avoid downtimes caused by DoS attacks.

The latest advisories are now available. This weeks include mailman, htdig, xsane, openSSH, kerberos, libgtop and glibc. , and users will want to take a look.

Yesterday, this on WinInformant resulted in a knee-jerk reaction from the . Which resulted in somewhat misguided response from Paul Thurrott. Comments like Linux being more secure than Windows is impossible just shouldn't go without some kind of educated response. So I have responded, my response can be read by clicking on more below.

Sys Admin has an interesting about halted Firewalls. It is about having a Firewall run in runlevel 0, thus while the machine should actually shut down. Having removed all process space and file systems, there will be no way for any attacker to gain access to the system. This is because there is a complete lack of process space, and there are no drives mounted.

have a good article about laying the foundation of a secure Linux system. You can read their article which discusses partitioning, runtime services, scanners, logging, intrusion detection, encryption and firewalls. It has a section on LILO which is x86 specific, and PowerPC users can ignore.

Earlier today issued an advisory regarding SNMP (simple network management protocol). The advisory can be found . It is recommended you implement ingress filtering for all snmp ports on snmp enabled devices, including internal unauthorized hosts. The vulnerabilities are in the SNMPv1 protocol itself, and span multiple vendors. You can find errata . RedHat have not yet made fixes available, but when they do you can rebuild from source rpm for PowerPC. RedHat may issue a PowerPC fix.

RedHat have issued against zlib 1.1.3, you can also find the CERT advisory . zlib is a compression library that is used by a wide variety of applications. This can be exploited remotely, but only if your application can be accessed by a remote attacker and uses zlib. Since most applications are dynamically linked against zlib, updating zlib to 1.1.4 should fix most problems, if you have a statically linked application, you will need to recompile or install an updated RPM. OpenSSH appears to be vulnerable to the attack.

A security advisory for OpenSSH has been posted along with links to patches. All versions with AFS/Kerberos token passing compiled in are vulnerable. Patch 'em if you've got 'em folks.

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. This new release has a lot of features beyond OpenPGP which will be included in a soon to be published RFC2440 successor. Download links and the rather huge changelog can be found .

has posted a about a vulnerability in the linux kernel's netfilter NAT implimentation (iptables). Provided is both a for 2.4.19-pre6 as well as a temporary workaround.

has posted a great primer article on securing Linux. Well worth the read for both the newbie and the more advanced system administration types. Some of the things they cover are obvious, some are not so obvious. Read the article .

IDG.net has a small comprehensive on Linux Firewalls. Above all it has some good links to get basic information about how Netfilter/IPTables work and on how you can configure them.

OpenSSH 3.3 has been released. It is available from the mirrors listed at . OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.

3.4 was released (yes another release this week). This closes a known vulnerability. See for more details. Update 'em if you got 'em.

The popular IRC client had a backdoor implanted into the version from their ftp servers. See to find out if you're affected. Update 'em if you got them folks.

With the emergance of Linux onto more and more dektops daily, you can be sure to expect one thing will happen in the near future, virii. Too many idle hands and too many people coming from virus infested OSes (like M$) plant's ideas in their heads. is a good primer and well worth the read.

walks through the in's and out's of the new M$ proposed strategy. My favorite quote it 'Critics say Redmond's new security initiative will imprison users. But why would Bill Gates want to do that?'. Draw your own conclusions. It's not Linux but it's a very important part of the future of computing if this happens.

warns of a buffer overflow in glibc that needs to be patched. Gentoo users can do the following: emerge --clean rsync ; emerge glibc ; emerge clean. For users of other distros watch your distros page as fixes should be forthcoming.

An message posted on the OpenSSL announce mailing list shows that the are OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable. Get your updates

Hot off the presses, a vulnerability has been found in pppd. See the details and the fix here. Fix them if you've got them. Has anyone besides me noticed that either a) a lot of sloppy coding is happening, or b) people are just starting to really test out this stuff for security issues now? There have been an awful lot of security updates lately.

have several interesting articles this week, among those are "Filtering E-Mail with Postfix and Procmail", "Monitor Linux routers and firewalls with MRTG" and "Assessing Internet Security Risk". You can read more .

There is an integer overflow present in the function distributed as part of the XDR library. This effects the GNU C library (glibc) with sunrpc. You can read the CERT advisory . MacOS X can be patched with a recent upgrade according to Apple. There are no signs of updates on YDL's site. If you run Debian, you can check for effected packages .

The EU is very active in supporting Open Source development by providing financial aids to European projects of interest, like OpenEvidence that was approved to be realized by a consortium of technology providers and users from 4 countries: Belgium, France, Italy and Estonia.
In this contest C&A is very proud to announce its OpenEvidence participation, integrating its Time Stamping technology, to this 'evidence creation and validation system' of electronic documents and activities.

The technology developed by the project can be used as basic building blocks to support such services as non-repudiation of electronic business transactions, property right protection and notarisation.
Implementations and demonstration services using the protocols defined in RFC 3029 (DVCS) and RFC 3161 (TSP) will be provided as initial activity.
A version of time stamping service can be also be tested on the .

To learn more about OpenEvidence:

DesktopLinux.com guest author David Scribner has penned an introducing new users to GnuPG on GNU/Linux (and UNIX) systems. Scribner focuses on how this powerful encryption package can play a vital role in personal and business communications by increasing security.

DesktopLinux.com guest author David Scribner has penned an article introducing new users to GnuPG on GNU/Linux (and UNIX) systems. In , Scribner continues his tutorial on using this powerful encryption package.