Forgot your password?
typodupeerror
Security

+ - Openwall Linux 3.0: no SUIDs, anti log spoofing-> 2

Submitted by solardiz
solardiz (817136) writes "Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source."
Link to Original Source

Comment: Re:I wonder... (Score 1) 1172

by gatekeep (#30046710) Attached to: Glenn Beck Loses Dispute Over Parody Domain
Nope, it's available :) $ whois didglennbeckrapeandmurderayounggirlin1991.com [Querying whois.verisign-grs.com] [whois.verisign-grs.com] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net/ for detailed information. No match for domain "DIDGLENNBECKRAPEANDMURDERAYOUNGGIRLIN1991.COM". >>> Last update of whois database: Tue, 10 Nov 2009 16:15:08 UTC

Comment: Re:A nice piece of work (Score 1) 300

by gatekeep (#26269619) Attached to: CCC Create a Rogue CA Certificate

"The weakest trusted CA in the world compromises the entire public key infrastructure."

That's a slight overstatement. It compromises the entire public key infrastructure for which that CA is the root of trust.

If you removed all MD5-enabled CAs from your trusted roots list, you remove the potential of being fooled by a forged cert. Certs issued by other CAs, unaffected by the brute-force MD5 collisons, remain as trustworthy as they ever were.

Granted, for most people the chain of trust ties back to the default CAs that ship with their browser, and if any of those CAs is vulnerable, your faith in any cert validated as 'trusted' by your browser goes down, and most people don't bother looking at what CA issued the cert so long as their browser deems it trustworthy, but it's a little more nuanced that 'compromises the entire PKI infrastructure.'

I suspect browser patches will be out soon, removing trust for affected CAs entirely, not trusting them past a certain date, or at least giving warnings when MD5 signature verification is found along the chain of trust.

Television

+ - TiVo 3 & HD to get TiVoToGo and Multi-Room Vie->

Submitted by
MBCook
MBCook writes "A post on the TiVo Community Forum by TiVoPony this morning confirmed that the Series 3 and TiVoHD boxes will receive a software update (planned for November) allowing both Multi-Room Viewing and TiVoToGo. The update will also contain a feature letting you move videos from your PC to your TiVo so you can watch them on your TV, unofficially named TiVoToComeBack."
Link to Original Source

What the scientists have in their briefcases is terrifying. -- Nikita Khruschev

Working...