30 Jul 2002 (updated 30 Jul 2002 at 13:27 UTC)
»
Not too much to say, but I haven't written for a long time. Guess what, I got married June 29th (no online pictures currently, move along...). It has brought a lot of changes, but all for good (YMMV).
I did three interesting things on the same month: getting married, ascending, and submitting an entry to the Honeynet challenge (after all the ork wI didn't win though :( )
OTOH, I will hopefully get Internet access at home soon, and probably would be able to fix the huge number of bugs
I currently have open (help is appreciated :)
I do have, however, an almost finished 3.0.1 release of Tiger
which should fix a lot of Solaris issues (hopefully cleaning the code and making it easier to port and spot issues too).
One of the reasons I'm testing it in a non-free platform is to check out how easier would be to port to other platforms (and hopefully document it soon). I promised the guys at
LinuxSecurity an article about Tiger (which will hopefully also draw some attention to the new developments I included). I have only a draft written but I expect to have it finished by the end of the month...
If time permits I should test also the latest pre-release of Bastille (pre BETA 2.0) in Debian, but I haven't setup a proper environment to work (and not mess up with my environment). I'm looking at bochs and
plex86 to make it (instead of using vmware). I learnt about (and tested) them while writting an article (in Spanish, not yet online, sorry) featuring Emulators for linux.
Funny, I just read mjcox entry after writting mine and found out that he's working trying to have a full CVE mapping of RedHat's advisories.
Just recently, on the debian-security mailing list Phillip Hofmeister asked if there was some way to retrieve stats easily regarding security.
Well, it's not easy IMHO, but I did so (manually) for Debian
some time ago (on december last year) and answered this same question in a section of the Securing Debian Manual.
However, I have recently automated the way DSAs get published on the web (here) and there are automatic ways to link DSAs to many security databases.
(It's all in the web source code at the secrity template, see a DSA sample
here).
It should be pretty easy to automate references now (but they have to be kept uptodate).
There needs to be, in any case, a way to automatically link all the security databases like
Bugtraq, CERT,
CVE, ICAT.
That's one of my pet projects, I will try to have an automated tool working Very Soon Now (tm)....