From SecurityFocus: “The squid package can be configured to send out emails to
the administrator when updates occur. However, when the email is
created, files in the /tmp directory are created insecurely and the
pre-existance of files is not queried.”

At SecurityFocus: “During execution of the program, files are created in the /tmp
directory. However, these files are created in an insecure manner,
which makes it possible to guess the filename of a future /tmp file. This
makes it possible for a user with malicious motives to create a number
of symbolic links in the /tmp directory, and potentially append to or
overwrite system files that are write-accessible to the UID executing
mgetty, normally root.”

From SecurityFocus: “The problem occurs in the creation of /tmp files by linuxconf. The
vpop3d program, which is part of the linuxconf package, creates /tmp
files in an insecure manner under some circumstances. This could
result in guessing of the filename of a future /tmp file, and the creation
of a symbolic link to a file writable by the user executing linuxconf,
which is normally root. A user with malicious motives could use this
vulnerability to potentially overwrite or append to system files.”

Distributed denial of service attacks are threatenig to put an end to the Internet’s last commercial-free zone. The Register’s Thomas C. Greene takes a closer look at the problem and its ramifications at SecurityFocus: “

“A problem has been discovered in the Apache httpd distributed with
the Immunix Linux distribution, a distribution based off the RedHat Linux
distribution. Apache programs htdigest and htpasswd are used to offer
advanced features to users of the web server. However, these two
helper programs insecurely create files in the /tmp directory, which
could allow for /tmp file guessing. This makes it possible for a user with
malicious motives to symblink attack files writable by the UID of the
Apache process.” Discussion and patches at SecurityFocus.

“At its Cadillac luxury display, the automaker features a Palm handheld computer that beams informational leaflets into consumers’ compatible devices. Show-goers receive the material–16K of data ranging from specifications on the 2001 Cadillac DeVille to the newest onboard navigation systems–in an application for handhelds.” From CNET News.com.

Anonymous Reader writes “Tip Of The Week: Finding open files with ‘lsof.’ Have you ever tried to unmount a filesystem and received that annoying “umount: /dir: device is busy” error message? Need to know who’s accessing the files so you can boot ’em off? hehe. Well, in this week’s tip, we’ll talk about the very helpful utility ‘lsof’, which should help alleviate your stress. Read the fill tip at http://www.linuxlookup.com/html/main/totw.html“

Newsweek via MSNBC reports on recent relaxation of government encryption regulations after a long, uphill fight by privacy activists and crypto advocates. “On one side of the battle were relative nobodies: computer hackers, academics and wonky civil libertarians. On the other were some of the most powerful people in the world: spies, generals and even presidents. Guess who won.”

From CNET News.com: “What do NASA, the Communications Workers of America and Palminfocenter.com have in common? Their Web sites were all defaced at different times last year by a hacker using a security weakness in Windows NT, the precursor to
Microsoft’s Windows 2000 server software.”

From MaximumLinux: “Microsoft’s biggest competitor isn’t Oracle, Sun, Palm, Yahoo! or AOL. Instead, Microsoft CEO Steve Ballmer
explained, it’s the lil OS that could (and does), Linux.”