Wednesday, August 13, 2003|
FSF FTP Site Cracked, Looking for MD5 Sums
from the two-scoops-of-paranoia dept. landley writes "The Free Software Foundation's FTP site at ftp.gnu.org has been "compromised", and they don't seem to have full backups. They've yanked a bunch of recent packages (and their whole alpha.gnu.org ftp site), and when I asked about it they responded 'Our FTP server was compromised, yes. We are beginning to find good MD5sums for files which have not yet been restored, and they will be available again Real Soon Now. If you can provide MD5sums for any of the files listed in MISSING-FILES, it would be very much appreciated.' " Update the FSF has a statement on the FTP site explaining the matter. [Slashdot] Oops, looks like it ain't only MSFT and its users that log on doing patching. I noticed this today when I went to grab a copy of GNATS to do a little problem tracking. 2:37:33 PM  comment []
|
FSF FTP Site Cracked, Looking for MD5 Sums
|
SCO pulls Sequent's Unix license. The company terminates its Unix System V software contract with the IBM subsidiary, potentially curtailing Sequent's ability to market its Unix-based Dynix/ptx operating system. [CNET News.com] Important in the announcement is that SCO finally sorta identifies code that was taken from SysV and put into Linux 2.4 and 2.5. I'm sure from the brief description the kernel folks can figure out what SCO is talking about and remove it. 1:42:07 PM comment []
|
|
Latest MS Worm hits law schools - what can teknoids do? The MSBlaster/LOVESAN worm appears to have been quite wide spread at a number of law schools including Emory, American, University of New Mexico, and University of Alabama. Other law schools including Pepperdine and Rutgers-Camden reported no infections. The security update for the RPC vulnerablility was issued by Microsoft on July 16, 2003. It had been speculated in the press over the past few eeeks that this vulnerability would be exploited, probably sooner rather than later. So, one wonders: why were any law schools infected? Were IT staffs unaware of the issue? Was everyone on vacation? Was the seriousness of the threat underestimated? Didn't we learn from Slammer? Of course there are no easy answers here. Maintaining hundreds of PCs on a network with 3 warm bodies is, at best, a daunting task. Staying current with the barrage of patches and updates from MSFT is not easy. Sifting the upgrades to DirectX from patches to core OS is a pain. We all need help. Ideally, teknoids would be the place to turn. The list is an excellent resource for spreading this sort of information. Indeed word of W32/mimail appeared on the list within hours (if not minutes) of its discovery in the wild, helping alert us all to the threat. Info on the patch that would prevent MSBlaster appeared on the list on July 17. The www.teknoids.net website offers an important backup to the list (especially when the list is down). Info about the RPC vulnerability first appeared there as a headline in the CERT anounce box on July 31. Here's the question: what can teknoids do to help you avoid/deal with situations like this in the future? There is a community around the teknoids list and we should be able to help support each other. Do we need to make a bigger deal about security issues? Would security checklists help? How about some sort of 'best practices' guide? What we really need is to hear from the community on this, talk about what happened and what can be done to keep it from happening in the future. 9:43:00 AM comment []
|
|
EFF Coordinates Fight Against DirecTV
from the always-need-another-website dept. wumarkus420 writes "In response to recent lawsuits filed by DirecTV against purchasers of smartcard equipment, the EFF and Stanford Law School Center for Internet and Society have announced a new site devoted to the legal fight against DirecTV's aggressions. Hopefully, this new site will provide innocent consumers that have been threatened under the veil of the DMCA with professional legal advice and information." [Slashdot] Good deal. This is certainly another case of heavy handed corporate extortion. DirectTV should be able to shut down pirates and prosecute as necessary, but threatening lawsuits against folks who simply bought a piece of equipment w/o any other evidence of piracy is out of line. 8:56:30 AM comment []
|
Last update: 9/2/2003; 11:13:52 AM .
