Reported at SecurityFocus: “In a development that exposes grave risks of news manipulation in a time of crisis, a hacker demonstrated Tuesday that he could rewrite the text of Yahoo! News articles at will, apparently using nothing more than a web browser and an easily-obtained Internet address.

Yahoo! News, which learned of the hack from SecurityFocus, says it has closed the security hole that allowed 20-year-old hacker Adrian Lamo to access the portal’s web-based production tools Tuesday morning, and modify an August 23rd news story about Dmitry Sklyarov, a Russian computer programmer facing federal criminal charges under the controversial Digital Millennium Copyright Act (DMCA).”

FreeBSD 4.4-RELEASE is available for download. Read the official announcement, check out the changelog, then make your way to the nearest mirror site for downloading.

The source for Starship Traders is now available. From the announcement, posted at Librenix: “The long-running free multiuser online strategy game, Starship Traders1, has long had both a telnet interface and a www interface. In March of 2001 an OpenGL-compatible graphical client was released to run under Linux. It was developed using portable graphics libraries so that Mac, Unix, and a Windows versions could easily be created. Time passed, and no Unix, Mac, or Windows versions were released.

In fact, the lazy developer (me) still hasn’t even gotten access to a Windows PC with the Mesa3D libraries and a C compiler, much less a Mac, a Solaris box, etc. Therefore, this initial release will be of interest only to Linux users — and to programmers capable of porting an OpenGL program to other environments. The code should be easily portable to other operating systems although big-endian hardware architectures may present problems.”

From the Mandrake Linux Web site: “We are happy to announce the availability of Mandrake Linux 8.1 Release Candidate. There have been many improvements since the Beta 1 thanks to the precious help of the Open Source community. Still, room remains for your contribution. This Release Candidate is your last opportunity to test and contribute to the development of Mandrake Linux 8.1.”

Klaus Stärk interviews Charles Samuels on Noatun, KDE’s multimedia player. Samuels talks about the origins of the Noatun project, its relation to KDE, and the future of Open Source multimedia applications. Posted at the Dot.

Computer Graphics World covers the ever-increasing role of the Linux operating system and related Open Source, Free Software, and commercial applications in film and television entertainment: “Film animators are now using Linux versions of Alias|Wavefront’s Maya, No thing Real’s Shake, Side Effects’ Houdini, and Pixar’s RenderMan-the leading commercial applications for animation, compositing, special effects, and rendering. Internally, the studios have ported millions of lines of proprietary code to Linux and are writing more. How did Linux go from a hobby to a professional graphics environment?”

Mono, an Open Source implementation of the .NET development framework, has released version 0.7. Check out the announcement to see what’s been added, changed, or repaired, then download the latest and greatest.

Code Red checks in, but can’t check out. Wired News reports on LaBrea, a new Open Source “tarpit” designed to thwart worms and other attacks — by grabbing on to an attacker’s connection and not letting go. Any worms trapped in LaBrea’s tarpit are then unable to move along to infect other computers, forcing attackers to shut down their programs or computers to escape its grip. LaBrea was created by Tom Liston in response to frustrating encounters with Code Red. In implementing his own program, some offenders have been stuck in Liston’s tarpit for over a week.

From Net-Security.org: “If you 1) are using keypairs and ~/.ssh/authorized_keys2
to enable remote execution of commands via OpenSSH’s sshd
and 2) have sshd configured to provide sftp service via
the sftp-server subsystem, then clients who have access
with “restricted” keypairs can gain additional access on
the server side. In most cases, sftp can be used to evade
the authorized_keys2 command= and other restrictions
(i.e., obtaining the regular shell access that the server
was configured to deny them). It appears that both
OpenSSH 2.9 (the official OpenBSD code) and OpenSSH 2.9p2
(the official “portable” code for other systems) by
default *do* have the sftp subsystem enabled, and their
users would be vulnerable if they set up restricted
keypairs.”

From PRNewswire: Novell, Inc., a leader
in eBusiness solutions and Net services software, today announced availability
of the Novell Native File Access Pack, which gives users of Windows,
Macintosh, UNIX and Linux desktop operating systems access to storage on
Novell NetWare servers without any Novell software on their workstations.
Managed through Novell eDirectory, Novell Native File Access Pack lets
users of these disparate systems access NetWare storage right out of the box
using standard Internet protocols and the networking features included in each
operating system, giving organizations a unified network that is less complex,
faster and more secure.