************************************************************** Net Happenings - From Educational CyberPlayGround ************************************************************** Samba flaw threatens Linux file servers The Samba Team has released a patch for a security flaw which would allow an attacker to gain root access to a Samba server connected to the Internet. Samba is a popular application for sharing Windows files over Unix-type systems. The vulnerability has already been exploited against several servers. The flaw is in the Linux, FreeBSD, and Solaris versions of Samba. The flaw was discovered by Digital Defense, who inadvertently posted a Perl script to exploit the vulnerability in their advisory. This flaw is unrelated to another flaw that Samba released a patch for on March 17, 2003. http://news.com.com/2100-1002-995834.html Security firm regrets Samba disclosure Digital Defense, a cybersecurity firm based in San Antonio, Texas, has apologized for publishing code to exploit a recently discovered vulnerability in Samba, a utility for sharing Windows files over Unix-based systems. Digital Defense states that management did not approve the release, and that the company "has taken aggressive procedural and policy measures to reduce the likelihood of a similar recurrence." One of the analysts, Eric Parker, has been up-front about his role in the matter, and explained that his team made the decision since the vulnerability had already been exploited. Andrew Tridgell, author of Samba, and joint head of the Samba team was outraged--Digital Defense sent a draft advisory without the exploit to the Samba Team for approval, then published it with the exploit. http://news.com.com/2100-1002-995939.html ************************************************************************** Educational CyberPlayGround links to Technology <http://www.edu-cyberpg.com/Technology/Home_TECHNOLOGY.html> Find Information on Security for Teachers, Administrators, Ed. Tech, and Classroom Resources ************************************************************************** <>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<> EDUCATIONAL CYBERPLAYGROUND http://www.edu-cyberpg.com <>~~~~~<>~~~~~<>~~~~~<>~~~~~<> Net Happenings,K12 Newsletters, Network Newsletters, New-list http://www.edu-cyberpg.com/Community/index.html HOT LIST OF SCHOOLS ONLINE http://www.edu-cyberpg.com/Schools/default.asp EDUCATION VENDOR DIRECTORY http://www.edu-cyberpg.com/TheMall/Home_TheMall.asp SERVICES http://www.edu-cyberpg.com/PS/Home_Products.html <>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>