- Details
- Written by: Coyote Linux
- Category: Historical Site News
- Hits: 21
The Viper IDS Sensor is available for download again after being taken offline for security reasons. The attack signature detection engine (snort) has been upgraded to fix the security flaw discovered in previous releases.
- Details
- Written by: Coyote Linux
- Category: Historical Site News
- Hits: 24
The Wolverine Firewall and VPN server version 1.1 build 360 is available from the update server. This build has been released to deal with a security vulnerability recently discovered in the PPTP daemon (PoPToP). An installation CD for this version is not being created at this time as the 1.2 release is due out very shortly and will replace both the 1.0 and 1.1 versions of Wolverine. The PPTP flaw affects all versions of Wolverine prior to 1.1.360. Version 1.0 is being removed from the download areas as it is no longer being actively supported. If your firewall does not have the PPTP services enabled, it is not affected by this vulnerability.
- Details
- Written by: Coyote Linux
- Category: Historical Site News
- Hits: 22
The Snort attack signature detection engine used in the Viper Intrusion Detection system has been found to contain a serious vulnerability that can lead to compromise of the device running it. The security problem affects the initial test release of the Viper and as such, the downloads for the current test release have been disabled until a fix it put in place. More information is available on the Snort homepage at www.snort.org.
As to the level of threat that this poses anyone testing Viper, it is serious but nothing to panic over. Viper does not bind an IP to its external interface and is therefor very hard to detect. Viper does not provide a means of connecting directly to the IDS sensor from the sniffer interface.
It is still recommended that anyone testing Viper on a production network disconnect the senor from any network segments that may be reachable from the Internet.
- Details
- Written by: Coyote Linux
- Category: Historical Site News
- Hits: 21
Apearently someone thought that the Coyote Linux web site would be a good place to put up some anti-war material this morning. The top 2 news items were replaced with a message of "stop this war" and a picture of somebody's hand in the form of a "peace" sign. However good intentioned this may have been, it has caused this site to become a little less interactive.
In retrospect, the choice of PHP-Nuke was probably not the best idea for the Coyote Linux site's content management engine. I have paid close attention to the security announcements and have hand wedged the security patches for PHP-Nuke into the mass amount of changes that I have worked into the PHP-Nuke back-end code. However, something obviously slipped by.
For the time being, I have removed the comment capabilities for polls and news items, disabled much of the account preferences module, and will be spending the next week or so auditing the remaining code for any of my sites that use PHP-Nuke. While PHP-Nuke has freed up a considerable chunk of time by easing the administration tasks of getting new content up on my web sites, it has been a real source of worry for me due to security problems. While this has been the first time that I have had any trouble with the site, it is very likely that I may end up redesigning the site from scratch again.
- Details
- Written by: Coyote Linux
- Category: Historical Site News
- Hits: 20
The initial, alpha release of the Viper IDS sensor software is available from the download area and the subscription channels. This release is intended to log all of its alert data to a remote MySQL database and does not yet contain Wolverine integration support. The necessary database structure is provided in the /docs directory of the CD and can be used with the ACID IDS web frontend.