The following message was just send out over BUGTRAQ. In it Ivan Arce
of CODE SDI discloses a security vulnerability that affects almost all
UNIX systems, including Linux. The vulnerability can normally only be exploited locally, but there are
some instances where it may be possible to exploit it remotely via
TELNET. The problem is the result of a new class of vulnerabilities
that were discussed on BUGTRAQ during the last few months. This
type of vulnerabilities are being termed “format string” vulnerabilities. The advisory is at LWN.net.

America Online must make a formal promise to provide open access to its high-speed cable lines, or the Federal Trade Commission will seek to block the company’s merger with Time Warner, the Washington Post is reporting in its Monday edition. One version of the story is at Inter@ctive Week.

Phil Zimmermann, the creator of Pretty Good Privacy (PGP), responds to the recent flaw discovered in Network Associates implementation of the Additional Decryption Key feature. This is a key escrow account that allows a responsible third-party to gain access to encrypted messages when the original key is lost. The story is at Network World Fusion

A Slashdot discussion examines the differences between Linux and Windows 2000.

IBM has unveiled a range of super-fast, high-capacity tape drives – using a new open standard. Big Blue is the first to adopt LTO (Linear Tape-Open) Ultrium technology, developed by a consortium involving IBM and its bitter storage rivals, Seagate and Hewlett-Packard.
IBM said the main market was Unix, NT and mid-range alternatives. IBM’s AS400 and RS6000, and various Unix flavours from HP and Sun were also supported, and Linux would be accommodated soon. The story is at Austrialian IT.

Medium-sized firms are the target for a Linux-based Net security appliance, to be released by security firms Intrusion and Check Point Software this month. The small device is aimed at medium-sized firms and branch offices, and will have Check Point’s VPN-1/FireWall-1 security software preinstalled. It will also be available as a managed service, reports IT Week.

A format string bug was recently discovered in screen which can be used
to gain elevated privilages if screen is setuid. Debian 2.1 (slink) did
ship screen setuid and the exploit can be used to gain root privilages.
In Debian 2.2 (potato) screen is not setuid, and is not vulnerable to a
root exploit. screen is, however, setgid utmp in Debian 2.2 (potato) and
we recommend upgrading. The advisory is at LWN.net.

The last two weeks saw 28 patches go into the tree, from 17 different developers, reports the AbiWord Weekly News.

Olinux.com.br has an interview with SourceForge developer Quentin Cregan. (Disclosure: SourceForge and NewsForge are both owned by VA Linux.)

Inter@ctive Week speaks about how groupware applications vendors like Lotus are trying to make their products compatible with wireless PDA and digital-enabled cell phone, and the trouble they are having with WAP.