The Snort attack signature detection engine used in the Viper Intrusion Detection system has been found to contain a serious vulnerability that can lead to compromise of the device running it. The security problem affects the initial test release of the Viper and as such, the downloads for the current test release have been disabled until a fix it put in place. More information is available on the Snort homepage at www.snort.org.

As to the level of threat that this poses anyone testing Viper, it is serious but nothing to panic over. Viper does not bind an IP to its external interface and is therefor very hard to detect. Viper does not provide a means of connecting directly to the IDS sensor from the sniffer interface.

It is still recommended that anyone testing Viper on a production network disconnect the senor from any network segments that may be reachable from the Internet.

Build 359 of the Wolverine Firewall and VPN server is now available for download from the subscription channels and update sites. This build fixes numerous bugs in the installer, includes updated IPSEC support, updated documentation, and a new setup interview system that performs better user input validation and adds several additional options to the initial configuration process

The initial, alpha release of the Viper IDS sensor software is available from the download area and the subscription channels. This release is intended to log all of its alert data to a remote MySQL database and does not yet contain Wolverine integration support. The necessary database structure is provided in the /docs directory of the CD and can be used with the ACID IDS web frontend.

Apearently someone thought that the Coyote Linux web site would be a good place to put up some anti-war material this morning. The top 2 news items were replaced with a message of "stop this war" and a picture of somebody's hand in the form of a "peace" sign. However good intentioned this may have been, it has caused this site to become a little less interactive.

In retrospect, the choice of PHP-Nuke was probably not the best idea for the Coyote Linux site's content management engine. I have paid close attention to the security announcements and have hand wedged the security patches for PHP-Nuke into the mass amount of changes that I have worked into the PHP-Nuke back-end code. However, something obviously slipped by.

For the time being, I have removed the comment capabilities for polls and news items, disabled much of the account preferences module, and will be spending the next week or so auditing the remaining code for any of my sites that use PHP-Nuke. While PHP-Nuke has freed up a considerable chunk of time by easing the administration tasks of getting new content up on my web sites, it has been a real source of worry for me due to security problems. While this has been the first time that I have had any trouble with the site, it is very likely that I may end up redesigning the site from scratch again.