Posted at Help-Net Security: “There is a vulnerability in how Cisco routers are handling CDP. By sending a large
amount of CDP neighbor announcements it is possible to consume all available router’s
memory. That will cause a crash or some other abnormal behavior. This vulnerability is
assigned a Cisco bug ID CSCdu09909. You can see details of it if you have a valid
CCO account.”

RIAA can huff and puff and will probably blow Napster down, but that hasn’t stopped the public from trading music and other multimedia files on the network. A technology research company says that the use of file trading services other than Napster has risen by 492 percent since March of this year. Top two spots in the latest survey went to Napster alternatives Morpheus and the Kazaa Media Desktop; both companies are currently the latest to be sued by RIAA. Full Reuters report (at CNET News.com).

In more informative Linux news from the mainstream press, we learn that Texas Instruments will make its OMAP wireless platform Linux-friendly. That means upcoming 3G wireless devices from Nokia, Ericsson, Sony, and other developers could create penguin-powered consumer handsets. Texas Instruments says that Linux, what with its ease of use, reliability, and flexibility, make it a perfect match for its OMAP 3G architecture. 3G is the next-generation wireless protocol, designed to bring full-motion streaming video and other multimedia goodies to telephone handsets and other gadgets, sooner or later. Read the full story at ZDNet.

ZDNet UK happened to notice that Linux kernel 2.4.11 was released today, and decided to write about it. The new kernel, notes the article, includes major improvements to networking and USB features, “as well as updates throughout” which we suppose references the technical stuff found in the changelog.

From an advisory posted at LinuxSecurity.com: “ISS X-Force reported an overflow in BSD’s lineprinter daemon shipped with
the lprold package in SuSE Linux. Due to missing bounds checks in the
lockfile processing function, internal buffers may overflow. Bounds checks
have been added to fix that problem.
Additionally the SuSE Security Team uncovered other security related bugs
in lpd while analyzing lpd source after receiving the X-Force advisory.
These bugs allows users on machines listed in /etc/hosts.lpd or
/etc/hosts.equiv to chown any file on the system running lpd to any user.
In order to trigger any of the fixed bugs (including the overflow) the
attackers machine must be listed in one of these two access-files and the
attacker usually needs root on these machines due to the privileged-port
requirement.”

Red Hat wants you to send in your opinion of the Security Standards and Certification Act (SSSCA), the proposed legislation that would make it illegal to own or sell computers without government-approved technology that would thwart redistribution of copyrighted material, even if the copying of that material complied with current U.S. fair use rules. Follow the link to read more about what the SSSCA could mean to computing and its impact on the Open Source communities, then let Red Hat know how you feel.

Augustus writes “LinuxHardware.org, as a follow-up to their AMD Athlon XP Review, has asked a couple of questions of GCC developer Jan Hubicka concerning the Athlon XP and SSE abilities of GCC: “Wondering what kind of speed increase we could expect from recompiling applications with Athlon XP/SSE support we went directly to the source, Jan Hubicka, of the GCC development team…””

ZDNET: “XP this. XP that. Please, no more. The next version of Windows isn’t even officially available until
the end of this month, and we’re already sick of those two letters. Though it is reportedly just a coincidence, the
latest to hop on the XP bandwagon is AMD, which is rebranding the newest version of its Athlon processor, to be
announced today, in an increasingly desperate bid to keep pace with archrival Intel.”

CNET: “Steve Ballmer, outspoken president and chief executive of
Microsoft, dismissed rival Sun Microsystems’ efforts to compete with his
company’s Passport identity service as “craziness” built on a “weak
foundation.”

ZDNET: “Bell Labs researchers say they’ve jumped a significant hurdle in the continuing development of cell phone
technology: allowing a caller to use the same phone anywhere in the world.

So-called global roaming is virtually impossible today because wireless carriers use different types of phone networks
that can’t communicate with one another and require their own specially made phones. Business people traveling
overseas often carry different cell phones because carriers on each continent use different networks.”