July 18, 2001, 9:40 pm
Red Hat Security Advisory: Updated openssl packages available
Versions of OpenSSL prior to 0.9.6a suffer from potential security
problems. These include potential leakage of information after SSL
version 3 key exchanges, imperfect distribution of random numbers used
when generating signatures, honoring of sensitive environment variables
in library functions in setuid or setgid applications, and not taking
precautions to counter effects of potential hardware glitches when
generating digital signatures.
A flaw has also been found in the pseudo-random number generator used
in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team has
released a patch which corrects this problem.
[Linux Today]
July 18, 2001, 7:17 am
Review of EnGarde Secure Linux by Guardian Digital.
July 16, 2001, 6:35 am
Groupe Bull: JOnAS open source EJB implementation;
Part of ObjectWeb, a European open source middleware repository.
July 13, 2001, 12:41 pm
UIWEB:
Critical thinking part 1: planning for design in web or software projects.
Good design requires planning. The stage must be set for designers to thrive and do their thing.
Critical thinking part 2: idea generation for teams of designers and engineers.
How do you manage ideas and bring them to fruition? This essay describes one approach to generating and manage the process.
Critical thinking part 3: project management.
It’s true that design specifications are difficult to write, and that good ideas are fleeting and rare, but until the design is in it’s final form, it’s far from finished. Much can happen between the moment the designer finishes the expression of the idea, and when the development team has finished building it.
[via Tomalak’s Realm]
July 13, 2001, 11:04 am
“IBM research announced that it developed a wireless security auditor running on a Compaq iPAQ with Linux. The pictures on the IBM web page are much more revealing than the press release. Apparently the auditor can handle GPS input (correlate access points with GPS coordinates?) and associate with access points on demand.” The main product webpage has more information about the capabilities, and notes that IBM hasn’t decided yet whether to release it as a commercial product or a free tool.
[via Slashdot]
July 13, 2001, 10:07 am
Radius 2.1.va.1 (Default). Remote Authentication Dial In User Service [freshmeat.net]
July 12, 2001, 10:25 pm
Wireless Networks Lure Hackers. ZDNet Jul 12 2001 4:33PM ET
More WEP weaknesses
[via Moreover Computer security news]
July 12, 2001, 7:18 pm
RHexLib Control Software on SourceForge. The RHexLib Control Software developed for the RHex hexapod robot is now available for download from Source Forge. The software features a real-time static scheduler, low-level motion control
tools, a state-machine based design, and runs on both Linux and QNX. RHexLib is free software released under the BSD license. [robots.net]
July 12, 2001, 9:05 am
ZDNet – U.S. military backs open-source security. Continuing its support of open-source operating systems, the U.S. Department of Defense granted $1.2 million to a community project aimed at adding advanced security features to FreeBSD, an open-source variant of Unix. [Privacy Digest]
