Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Softpanorama, July-September 1998; v.10. No. 3 (0a2) Compiled by N.Bezroukov

Softpanorama Security News


Vulnerabities

Free Tools

Commersial Tools

Viruses

Security Policy and Social Issues        Etc

Vulnerabities

Attention: This section should not be considered as an authoritative source of vulnerabilities. Selection of material is arbitrary and strongly dependent on the author current research interests.

see also


Free Tools

Tinyproxy

tinyproxy 1.1 is a lightweight HTTP proxy designed to do the job with a minimum of system resource use. It's ideal for small networks where a larger HTTP proxy such as squid might be overkill or a security risk. This simplicity also makes tinyproxy an ideal candidate for customization - it takes very little time to read and understand the tinyproxy source, and thus you can start adding your own desired features on short order.

Version 1.1 offers the following new features over 1.0d: Remote proxy monitoring, load management (tinyproxy can be configured to stop accepting new connections after the load reaches a certain point), and a variety of general source cleanups.

Nessus 980914

Nessus is a free, open-sourced and easy-to-use security auditing tool for Linux, BSD and some other systems. It is multithreaded and plugin based, and has a nice X11 interface. The current version performs 89 security checks against the remote networks.

The actual changes of this version are listed on the download page.

Saint 1.3.1

SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. Features include scanning through a firewall, Updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and improved HTML interface.

karpski 0.101

Karpski is a project that started with the intention of being a simple network mapper and misuse detector. It has since turned into a decent threaded Ethernet-only sniffer with a X-based Gtk interface. It is fairly configurable in terms of ethernet protocols it can support. Version 0.101 only contains bugfixes. This should hopefully compile on the development gtk+'s and should also compile (better) on more recent Slackware systems.

KSniff snapshot

KSniff is a packet sniffer/analyzer developed for the KDE project which supports plugins written in TCL.

mod_ssl 2.0.12-1.3.2

mod_ssl provides strong cryptography for Apache via Netscape's Secure Socket Layer (SSL) through the free SSL implementation library SSLeay from Eric A. Young and Tim Hudson. The mod_ssl package was created by Ralf S. Engelschall. This product includes software developed by Ben Laurie for use in the Apache-SSL HTTP server project.

This is one more maintainance release of the stable 2.0 branch. It mainly fixes RSAref-related build problems (librsaref not found) and session cache related runtime problems (segfault of ssl_gcache process).


Commercial Tools

Tool that defines, maintains and enforces corporate messaging security policies regarding privacy, authentication, content screening and delivery.

A tool to be unveiled next week by Vanguard Security Technologies Ltd. Mailguardian Enterprise screens a message's content, subject headers and attachments for specific words and phrases that a corporation deems unacceptable. It supports standard encryption, digital signature and management algorithms, and a feature called RegisteredM@il that authenticates receipts for the delivery of electronic documents, officials said.

The Vanguard tool is controlled centrally by the Mailguardian Manager, which runs on Windows NT and requires an SMTP-based messaging server. The Mailguardian Agent runs on Windows 95, Windows 98 and Windows NT. A third component, Mailguardian Partner, is free of charge and secures communications between a corporation and its business partners, officials said. Unlike other server-based security applications, Mailguardian is easier to implement and prevents traffic bottlenecks, Vanguard officials said. Prices for Mailguardian, which is due to ship in November, start at $2,495 for 25 users. Vanguard Security, of Haifa, is at www.vguard.com. Software.com, of Lexington, Mass., is at www.software.com.

See Israeli startup to show off e-mail security software at Internet World


Security Policy and Social Issues

Insiders are the main threat

Omega Engineering learned firsthand the dangers of the disgruntled employee after a logic bomb wiped out all of its research, development, and production programs in one fell swoop. (The tape backup also was destroyed.) In January, charges were filed against 31-year-old Timothy Lloyd, an Omega programmer, for placing the bomb on the network, which detonated 10 days after his termination.

Omega's costs will likely exceed $10 million as engineers and designers rewrite designs and recode programs in what Jim Ferguson, an Omega representative, says will be "an ongoing process for several years." Omega, headquartered in Stamford, Conn., is a privately held company that manufactures measuring devices for agencies such as NASA and the U.S. Navy.

Proper vigilance or paranoia?

 

Source: InfoWorld


Viruses

Macro viruses are in decline -- more mergers and acqisitions in AV industry -- Network Associates bought Dr.Solomon; Symantec bought IBM Antivirus

Recently Network Associates (of McAfee fame) bought Dr.Solomon in a stock swap deal for an estimated $640 million.

The hidden agenda is that it is difficult to AV vendor to survive now, unless it has a monopoly in a local market. File viruses are now quite rare. Macro viruses became a prevalent type of computer viruses,  but they are also in danger, as Office 97 provides some (limited) virus protection and disinfection during conversion of old Word Basic to VBA.

It's a diffecult time for anti-virus vendiors and additional mergers are emminent. Symantec called Network Associates' acquisition of Dr.Solomon a reaction to his company's purchase of IBM's antivirus line (last month, Symantec announced it will buy IBM's line of antivirus products.)


Random Findings

Robert Morris (who wrote Internet Worm) last week became a millionaire

He founded Viaweb and after last week's $49 million takeover of Cambridge's Viaweb by Yahoo! own more than a millon (on paper).  Viaweb officials say that the name Viaweb, and its popular Viaweb Store, will disappear.

See http://nytsyn.com/IMDS%7CLatest_Columns%7Cread%7C/home/content/users/imds/feeds/nytsyn/1998/06/15/cndin/9251-0249-pat_nytimes%7C/home/content/users/imds/feeds/nytsyn/1998/06/15/cndin/9255-0253-pat_nytimes%7C/home/content/users/imds/feeds/nytsyn/1998/06/15/cndin/9240-0236-pat_nytimes%7C%7C

for addtional details


Bell Labs Bell Labs Researcher Finds Flaw in Widely Used Encryption Standard


Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2020 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Created: May 16, 1997; Last modified: March 12, 2019