version 1.190, 2001/05/31 19:28:48 |
version 1.191, 2001/06/01 21:17:28 |
|
|
<h2>May, 2001</h2> |
<h2>May, 2001</h2> |
|
|
<li><font color=#009000><strong> |
<li><font color=#009000><strong> |
<a href="http://securityportal.com/closet/closet20010405.html?&_ref=36874758"> |
|
Abandon hope all ye who enter here</a> |
<a href="http://false.net/ipfilter/2001_05/0332.html">Re: IPFilter 3.4 update. </a>, |
Security Portal, April 05, 2001 |
Darren Reed, IPFilter mailing list archive, May 19, 2001<br> |
|
|
|
<a href="http://lwn.net/2001/0524/#ipfilter">BSD is not free software?</a>, |
|
LWN weekly news, May 24, 2001<br> |
|
|
|
<a href="http://www.bsdtoday.com/2001/May/News489.html">IP Filter License change?</a>, |
|
Jeremy C. Reed, BSD Today, May 24, 2001<br> |
|
|
|
<a href="http://www.deadly.org">Changes in IPFilter license to affect OpenBSD?</a>, |
|
Dengue, OpenBSD Journal, May 27, 2001<br> |
|
|
|
<a href="http://securityportal.com/articles/ipf20010528.html">IPF: Free no more?</a>, |
|
Kurt Seifried, Security Portal, May 28, 2001 <br> |
|
|
|
<a href="http://slashdot.org/article.pl?sid=01/05/28/1225224&mode=thread">IPF License Change: Redistribution Not Allowed</a>, |
|
Timothy, Slashdot, May 28, 2001<br> |
|
|
|
<a href="http://slashdot.org/article.pl?sid=01/05/28/0610252&mode=thread">Changes in IPFilter License</a>, |
|
Hemos, Slashdot, May 28, 2001 <br> |
|
|
|
<a href="http://www.deadly.org">IPF removed from OpenBSD</a>, |
|
Dengue, OpenBSD Journal, May 30, 2001<br> |
|
|
|
<a href="http://linuxtoday.com/news_story.php3?ltsn=2001-05-30-001-20-NW-BD">IPFilter Comes Out of OpenBSD CVS</a>, |
|
Theo de Raadt, Linux Today, May 30, 2001<br> |
|
|
|
<a href="http://news.cnet.com/news/0-1003-200-6119988.html">Open-source spat spurs software change</a>, |
|
Stephen Shankland, CNET.com - Tech News, May 30, 2001<br> |
|
|
|
<a href="http://lwn.net/2001/0531/a/ipfilter-gone.php3">ipf (more)</a>, |
|
Theo de Raadt, LWN weekly news, May 31, 2001<br> |
|
|
|
<a href="http://lwn.net/2001/0601/">IP Filter licensing followup.</a>, |
|
LWN weekly news, Jun 01, 2001<br> |
|
|
</strong></font><br> |
</strong></font><br> |
|
Many articles and discussions follow after Darren Reed clarified the license of his |
|
<a href="http://coombs.anu.edu.au/~avalon/ip-filter.html">IP Filter</a> software.<br> |
|
Because IPF is not <a href="http://www.opensource.org">Open Source</a> and does not qualify for |
|
<a href="goals.html">OpenBSD licence rules</a>, IPF was removed from future release, |
|
and will be replaced with a free alternative. |
|
<p> |
|
|
Kurt Seifried interviews Elias Levy, a.k.a. Aleph1 from BugTraq, who |
<li><font color=#009000><strong> |
states that <em>"efforts like the one from the OpenBSD project |
<a href="http://www.zdnet.com/zdnn/stories/news/0,4586,5082320,00.html"> |
<strong>are a must</strong>"</em> and then goes further to say |
Flaw found in common Internet standard</a>, |
that <em>"systems that have gone through a source code security |
ZDNet News, May 3, 2001 |
audit should include a mandatory tag that says <strong>Lasciate ogne |
</strong></font><br> |
speranza, voi ch'intrate</strong>"</em>.<br> |
Robert Lemos talks about the <a href="http://www.cert.org">CERT</a> |
Through the interview he also gives a very interesting note on other |
<a href="http://www.cert.org/advisories/CA-2001-09.html">warning</a> concerning the Initial Sequence Numbers |
complex security models implemented to existing systems, and how |
(ISN), which could be used to hijack TCP connections of several OS's, but not so |
incorrect implementation or configuration of such models results in |
with OpenBSD. |
vulnerabilities. Security through simplicity... doesn't this sound |
|
familiar? |
|
<p> |
<p> |
|
|
|
|
<h2>April, 2001</h2> |
<h2>April, 2001</h2> |
|
|
<li><font color=#009000><strong> |
<li><font color=#009000><strong> |
|
|
Windows 9x, ME and 2000, Solaris, Linux and the BSD family.<br> |
Windows 9x, ME and 2000, Solaris, Linux and the BSD family.<br> |
Good scoring for OpenBSD, we're nearly safe up to 2.8, and |
Good scoring for OpenBSD, we're nearly safe up to 2.8, and |
completely safe from 2.9 on. |
completely safe from 2.9 on. |
|
<p> |
|
|
|
|
|
<li><font color=#009000><strong> |
|
<a href="http://securityportal.com/closet/closet20010405.html?&_ref=36874758"> |
|
Abandon hope all ye who enter here</a> |
|
Security Portal, April 05, 2001 |
|
</strong></font><br> |
|
|
|
Kurt Seifried interviews Elias Levy, a.k.a. Aleph1 from BugTraq, who |
|
states that <em>"efforts like the one from the OpenBSD project |
|
<strong>are a must</strong>"</em> and then goes further to say |
|
that <em>"systems that have gone through a source code security |
|
audit should include a mandatory tag that says <strong>Lasciate ogne |
|
speranza, voi ch'intrate</strong>"</em>.<br> |
|
Through the interview he also gives a very interesting note on other |
|
complex security models implemented to existing systems, and how |
|
incorrect implementation or configuration of such models results in |
|
vulnerabilities. Security through simplicity... doesn't this sound |
|
familiar? |
<p> |
<p> |
|
|
<h2>March, 2001</h2> |
<h2>March, 2001</h2> |