security is a barrel of fun

To: tclug-list@listserv.real-time.com
Subject: security is a barrel of fun
From: Ben Kochie <ben@intexp.com>
Date: Tue, 30 Jun 1998 22:09:17 -0500 (CDT)


i have just spent the night doing security bug fixes on a mail/dns server,
some of the things i have had to fix

Qualcomm Qpopper, MAJOR security risk.. our system was root-exploited
because of this pop3 server, use some other kind of pop3 server.

ssh, there are supposedly some problems.. upgrade to 1.2.25

sendmail. wow.. a bug in sendmail? :)

linux security is one of the bigest issues out there today.. it's almost
necessary to watch the bugtraq mailing list, and other advisory lists more
than once a day, to find/fix all the problems.. 

one thing i did was replace my libc, and the crypt function.. (for libc5,
not glibc2)  i am currently using a crypt written by mike pery, it's
really well done, and VERY hard to break.. normal password crackers don't
work at all, and it's very hard to make a cracker work with this method.

you can get info at http://www.linuxos.org/ in the software area

Follow-Ups:
- Re: [TCLUG:479] security is a barrel of fun
  - From: Jon Schewe <jpschewe@usa.net>
- Re: [TCLUG:479] security is a barrel of fun
  - From: Bob Tanner <tanner@real-time.com>

Prev by Date: Re: [TCLUG:477] kernel-2.0.34.spec
Next by Date: kernel compile problem on RH 5.0
Prev by thread: Re: [TCLUG:480] kernel compile problem on RH 5.0
Next by thread: Re: [TCLUG:479] security is a barrel of fun
Index(es):
- Date
- Thread