very bad news
On Tue, 13 May 2008 14:06:39 +0200, Florian Weimer [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1571-1 [EMAIL PROTECTED]
exploit this vulnerability
against our site:
http://filippo.io/Heartbleed/#noflag.org.uk
https://www.ssllabs.com/ssltest/analyze.html?d=noflag.org.uk
What could be going on here?
Thanks in advance for all your help,
Daniel
Salvatore Bonaccorso wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Thank you all for your help. Mod_spdy has a statically-linked vulnerable
version of OpenSSL. After the standard update we are no longer vulnerable.
Daniel
Estelmann, Christian wrote:
Your server talks spdy. Have you upgraded mod_spdy to 0.9.4.2
(linked to earlier)
difficult to understand and apply in this regard.
Daniel
Cédric Lemarchand wrote:
Please, honestly, do you know what every features in this list does,
how they could be benefit for you and in which way ?
Or did your choice will *only* be based on the number of
supported
On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote:
Several times (public and private) I tried to explain how the download
of APT (the binary itself) on an initial Debian install could be
compromised via MITM since it's over plaintext. Then the verification of
packages could simply be
On Mon, Jul 07, 2014 at 02:54:15PM -0400, Hans-Christoph Steiner wrote:
Do you have another idea for making it difficult for network observers to keep
track of the software people are using?
Well, you can always mirror the entire repository and configure
your server/desktop to use that
in the
knowledge that they would not be back in the office to deal with the problem
until August 25th. Such vacation mails would make my job alot easier.
IT is fortunate for the senders of such mails that I am not a malicious
individual.
Best regards,
Daniel
On 6 Aug 2014, at 09:49, Grond wrote
like needsrestart and
apt-listchanges, and a test suite for your applications to check if
they still work with the new packages and that every service is back to
normal afterwards.
Just sharing my thoughts about this.
- Daniel
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
uble? Contact [EMAIL PROTECTED]
Dan
/\ /----\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer__Carnegie Mellon University |
| [EMAIL PROTECTED] | |
On Tue, Oct 10, 2000 at 10:28:39PM -0400, Ben Pfaff wrote:
Daniel Jacobowitz [EMAIL PROTECTED] writes:
This was fixed a month or two before potato was released.
I've seen those too, on up-to-date woody, so I don't think it
really got fixed.
To clarify this, the logging of the message
trojan. Maybe a sub7 variant? There's a trojan
list on the web somewhere.
Dan
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer__Carnegie Mellon University
know about it, and
hopefully. 3.0.18 will be out soon.
Yep, so I've gathered. I'll do a new security upload when this
happens.
Dan
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux
(if any)?
I believe it is a matter of trust and of instant distribution; we can
provide uploads to everyone using the security site in a very limited
amount of time.
Dan
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002
, and there will
occasionally be things available there before in unstable. But fixes
also tend to go straight into unstable.
Dan
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer
ures.
Dan
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer__Carnegie Mellon University |
| [EMAIL PROTECTED] | | [EMAIL
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer__Carnegie Mellon University |
| [EMAIL PROTECTED] | | [EMAIL PROTECTED
On Tue, Dec 26, 2000 at 09:27:53PM +0200, Pavel Minev Penev wrote:
On Tue, Dec 26, 2000 at 05:27:07PM +0300, [EMAIL PROTECTED] wrote:
Of course plain md5 hashes are not very helpful. But we can keep MAC[1] for
binaries. Tampering with MAC database is useless.
...
[1] Message
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer__Carnegie Mellon University |
| [EMAIL PROTECTED] | | [EMAIL PROTECTED
me that this was a bug in the automatic
regeneration of the web pages; it should be fixed.
Dan
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer__Carnegie Mellon
ence slink any more...
Dan
/\ /\
| Daniel Jacobowitz|__|SCS Class of 2002 |
| Debian GNU/Linux Developer__Carnegie Mellon University |
| [EMAIL PROTECTED] | | [EMAIL
otice". Security fixes go into unstable and trickle into testing.
The principal, I think, is that we can throttle the packages being
allowed into testing for an easier release cycle.
Dan
/\ /\
| Daniel
When you clone mirrors you usually have to take some steps. Typically,
depending on your mirror, you need to break the mirror and clone each side
seperately. Someone told me this was because of drive signing or some other
thing, but I'm not sure if that's the truth.
From: Carel Fellinger
How exactly did you get hacked? Did you leave security wholes large enough
for a bus to drive through open? Open your inetd.conf file and # out
everything! The only thing you need open is port 22. Others will disagree,
but depending on what you server is used for, this should be your first
You know, Ghost 2001 supports the ext2 partition on certain versions of
Linux. It doesn't officially support Debian Linux, but I've cloned my
Debian laptop and my Debian desktop many times.
From: "Thor" [EMAIL PROTECTED]
To: "Zak Kipling" [EMAIL PROTECTED], [EMAIL PROTECTED]
CC: [EMAIL
+0100 (CET)
-BEGIN PGP SIGNED MESSAGE-
On Tue, 20 Feb 2001, Steve Rudd wrote:
Daniel Stark asked:
At 01:53 PM 2/20/01 -0800, you wrote:
How exactly did you get hacked? Did you leave security wholes large
enough for a bus to drive through open? Open your inetd.conf file and
#
out
files back in place. The javascripts are attached, take a peek and
see
if they fit the bill. If not, at least you still have the option to quickly
disable VBS scripting :)
-Original Message-----
From: Daniel Stark [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 21, 2001 9:12 AM
To: [EMAIL
Yes, you should be concerned. Now-a-days most people are using SSH for all
communication. It's really the way to go for remote access. Take a look at
openssh.com for some more information. Plus it's free, and we like free. ;)
From: Steve Rudd [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
I ssh from my Windows 2000 machine at work to my Debian machine at home.
You just need the proper client. There are free ones out there for Windows.
From: Adam Spickler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: how secure is mail and ftp and netscape/IE???
Date: Wed, 21 Feb 2001
too.
I'm fairly sure there's a lot more - you can access them through PAM
somehow, I think...
--
Daniel Jacobowitz Debian GNU/Linux Developer
Monta Vista Software Debian Security Team
"I am croutons!"
--
T
? Is there a
Nope, you're safe if you saw the % signs in your logs.
way to track down who
connected to rpc.statd?
Run a tcp logger, like ippl.
--
Daniel Jacobowitz Debian GNU/Linux Developer
Monta Vista Software Debian Security Team
.
--
Daniel Jacobowitz Debian GNU/Linux Developer
Monta Vista Software Debian Security Team
"I am croutons!"
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Tro
On Wed, Jun 13, 2001 at 10:57:08AM -0500, Steve Greenland wrote:
Tim, good fixups, a few C coding/style nitpicks:
On 12-Jun-01, 17:57 (CDT), Tim van Erven [EMAIL PROTECTED] wrote:
#include stdio.h
#include unistd.h /* For execlp */
#include stdlib.h /* For exit */
int main()
int
On Wed, Jun 13, 2001 at 02:02:10PM -0500, Steve Greenland wrote:
[snip]
I'd still argue that exit(_macro_) is better style than return from
main(), but I'm hard pressed to find a technical argument.
There's subtle difference between returning from main and calling exit.
Excelent explanation
On Monday 02 July 2001 18:25, you wrote:
ipmasquerading?
No, they have public ip's and I would like to keep this setting. The clients
config should not change at all.
Daniel
_
Daniel Faller
Fakultaet fuer Physik
Abt. Honerkamp
Albert-Ludwigs
Just a friendly Jedi Knight wrote:
On Fri, Jul 06, 2001 at 01:19:24PM +0300, Juha Jykk wrote:
I distrust allowing root logins from anywhere but local console(s)
or non-modem gettys i.e. from anywhere over the not-owned-by-me cable.
umm do You want to run in circles from one machine to
?! - Thank you!
Try running X -nolisten tcp.
HTH,
Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Aug 21, 2001 at 01:28:24PM -0700, Daniel Schepler wrote:
I've gotten logs several times that read something like
Aug 20 19:20:24 adsl-63-193-247-253 rpc.statd[330]: gethostbyname error for ^X
F7FFBF^XF7FFBF^YF7FFBF^YF7FFBF^ZF7FFBF^ZF7FF
BF^[F7FFBF^[F7FFBF%8x%8x%8x%8x%8x%8x%8x%8x%8x
with security
updates, or track unstable daily and hope maintainers are responsive.
We try to see that woody is in coherent shape just before release, but
we can't supply fixes for it on any more urgent basis. It moves too
fast.
--
Daniel Jacobowitz Carnegie Mellon
unsubscribe
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
also netstat -n -p -t --listening | grep :PORT
VD Hi,
VD On Sat, Oct 20, 2001 at 09:22:57PM -0700,
VD tony mancill [EMAIL PROTECTED] wrote:
On Sat, 20 Oct 2001, Marc Wilson wrote:
Adding or removing lines in /etc/services doesn't open or close
ipchains with something
like
/sbin/ipchains -s 0/0 -d MY_MACHINE_IP 111 -p tcp -j DENY -l
cya
Petre L. Daniel
Linux Administrator,Canad Systems Pitesti
http://www.cyber.ro email:[EMAIL PROTECTED]
phone: +4048220044,+4048206200
- -Mesaj original-
De la: J. Paul Bruns-Bielkowicz [mailto
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Heya,
I run a potato at home and i will set the computer at work
with potato as well.Since that will be a 24h internet connected
pc,i am wondering what are the 2.2 release 3 vulnerabilities for
the sistem installed from the cds without any
Heya,i got those lines often lately..Can anyone explain me every
little part of it?
If you can drop an url link too,it would be great..
Thank you.
Nov 30 16:16:28 brutus-gw kernel: Packet log: input DENY eth1 PROTO=6
210.86.20.213:1621
194.102.92.21:6000 L=48 S=0x00 I=52039 F=0x4000 T=102 SYN
How do I stop this from happening. Apparently my bud telented to port 25
and somehow sent mail from my root account. Any suggestions, white papers
or links? Id would like to block the telnet application all together, but I
dont think thats possible.
Thanks in advance,
Daniel
im a newbie so
dis be!
foo! hehehe later..
- Original Message -
From: Jamie Heilman [EMAIL PROTECTED]
To: Daniel Rychlik [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, December 14, 2001 6:33 PM
Subject: Re: Exim mail
Daniel Rychlik wrote:
How do I stop this from happening. Apparently my
- Original Message -
From: Thomas Hallaran [EMAIL PROTECTED]
To: Daniel Rychlik [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, December 14, 2001 6:53 PM
Subject: Re: Exim mail
spoofing mail:
telnet to port 25 on machine you want to spoof through.
1.Type 'mail from: [EMAIL
- Original Message -
From: Brian P. Flaherty [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, December 15, 2001 8:41 AM
Subject: Re: Exim mail
Daniel Rychlik [EMAIL PROTECTED] writes:
How do I stop this from happening. Apparently my bud telented to port
25
and somehow
- Original Message -
From: Bender, Jeff [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 17, 2001 12:08 PM
Subject: Problem with IPTables
I am having troubles with IPTables. My rules are having troubles with
handling -m state --state ESTABLISHED options. The error I
I was wandering if I edited my /etc/passwd file and
replaced all the /bin/sh to /bin/false , will that break anything?
What Im seeing is accounts like lp, games, uucp,
proxy, postgres, and a slew of others that I dont use.
Thanks in advance Debian Guruz!
Daniel
most of them are relics of software that you probably dont need,but be
carefully what account you erase.
better comment them out.you can put a /etc/NOSHELL instead of /bin/sh or
even /bin/false and they won't be able to login into the machine no more..
At 06:24 PM 12/27/01 -0600, Daniel
domains to server to the outside world, you just list the intranet
(NAT) interface in here.
forward only means that you will forward all request (and work ;]) to the
dns servers listed in forwarders.
--
BOFH excuse #57:
Groundskeepers stole the root password
Petre L. Daniel,System Administrator
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
What is this? I don't think anyone got in though, everything seems to be
fine.
I'm running woody and rpc.statd version 0.3.3
Yep. The fact that it was logged in this particular case means you're
fine.
--
Daniel Jacobowitz
Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
surprised to note that Debian, a distro with
~850 developers and a dedicated security team, is behind Slackware on
security issues.
d
--
Daniel Stone[EMAIL PROTECTED]
WARNING: The consumption of alcohol may make you think you have mystical
Kung Fu
.
Of course, if you're using unstable, fixes tend to appear quickly, but :
- tend to is not acceptable when security is concerned
- it may take a lot more time depending on your local mirror
--
Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
, it's that you have to disallow v1. A recent daemon allowing ssh1
connections is vulnerable.
--
Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Jan 22, 2002 at 01:11:18AM +0100, Christian Jaeger wrote:
This can be a real security hole, at least when you are not aware of
it (I have just discovered a working way to exploit it on one of my
machines).
And isn't that a bug in the package in question? :)
--
Daniel Jacobowitz
Hello ,
I've got 750k of this log daily
May 15 03:40:01 sm-msp-queue[16123]: STARTTLS=client, error: load verify locs
/etc/ssl/certs/, /etc/mail/ssl/sendmail-server.crt failed: 0
May 15 03:40:01 sm-msp-queue[16123]: STARTTLS=client, error: load verify locs
/etc/ssl/certs/,
makes a change not to have the un at the begining.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I can't remember where I found this program, but it should do what you want:
http://packetspike.net/~daniel/programs/sockstat.c
On Wednesday 09 October 2002 10:36 pm, Hantzley wrote:
Hi,
Is there a way to know to which process belong
Specifically, port 16001 is ESD (ESound) IIRC..
On Tue, 2002-10-15 at 10:55, Giacomo Mulas wrote:
On Tue, 15 Oct 2002, Jussi Ekholm wrote:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
port
I don't know if it's the catch on your problem, but it'll be interesting
reading noless;
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0037.html
On Wed, 2002-10-16 at 12:19, Simon Langhof wrote:
Hi
I noticed some (40 until now) strange entries in my Apache access.log. They started
would do the trick
-Daniel Lysfjord-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
,
klisa) packages, will start appearing on kde.org roughly Thursday
evening AEST (UTC+10). I've got exams until Thursday, so no sooner.
-d
--
Daniel Stone [EMAIL PROTECTED] [EMAIL PROTECTED]
Developer - http://kopete.kde.org, http://www.kde.org
msg07685/pgp0.pgp
, of their own
choosing.
--
Daniel Stone [EMAIL PROTECTED]
Developer, Trinity College, University of Melbourne
msg07781/pgp0.pgp
Description: PGP signature
in the bounce saying that this address has never existed, and
is being abused by spammers? If yes, _how_ should I do it?
I hope this is the right forum to ask...
Cheers,
Kjetil
--
Daniel J. Rychlik
Java/Perl Developer
http://daniel.rychlik.ws
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
listed there and bug them :)
There is always an iptables blacklist you can set up and block the
entire 24 (or 16, ouch) bit network if the admins do not take care of
the undesireables.
Regards,
--
Daniel J. Rychlik
Java/Perl Developer
http://daniel.rychlik.ws
--
To UNSUBSCRIBE, email
this for an
IDE cd burner?
I apologize in advance, I know this is a security mailing list...
--
Daniel J. Rychlik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
be compromised via the network:-)
http://www.samag.com/documents/s=1824/sam0201d/0201d.htm
Halted firewalls?
/Daniel
--
File not found. Should I fake it (y/n)?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Quoting Cristian Ionescu-Idbohrn [EMAIL PROTECTED]:
On Thu, 19 Dec 2002, Daniel Lysfjord wrote:
It seems like FileZilla[1] supports ftp-ssl..
[1]: http://sourceforge.net/projects/filezilla
What about lftp?
Depends: ..., libssl0.9.6, ...
From man lftp(1) :
lftp can handle
No, and it seems they've fixed their problem on their end.
I think it hurt them a lot worse (on bandwidth) than it hurt you :)
On Wed, 8 Jan 2003 19:21:45 +0100 (CET)
Cristian Ionescu-Idbohrn [EMAIL PROTECTED] wrote:
http://www.raycomm.com/techwhirl/magazine/technical/linux.html
Thats absolutely ridiculous.
I would file one at once, that should definitely not go unchecked, at least. I can
appreciate the motivation, but for my own sanity I'm too paranoid to a) accept strange
unknown files/connections or b) send out requests for such data. Especially
considering since
a script like the one described above or
maybe knows an allready existing application which could perform this
task? Thanks.
Hi Ivo,
Not a full solutiont, but try dsh maybe: Dancer Shell or Distributed
Shell, which can replicate commands via ssh on groups of
nodes/servers/etc...
HTH,
Daniel
access on
with the noexec switch, so they can only use binaries installed (and
allowed to them) on the system.
3. Kindly ask the users not to run '/lib/ld.so.1 /usr/bin/ssh' (or any
executable they upload to /home, /tmp, or wherever).
Daniel.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
Hi, does anyone know if its possible to setup
this:
Clients - NAT - Internet - NAT- Clients with
iptelephony without opening your NAT servers to the world.
Any software suggestions / tricks /
ideas?
--
Daniel
, and
they told me that it _might_ work when running freeswan on top of l2tp.
Didn't get me much further, though. If someone else manages to figure it
out, please let me know. :)
Regards,
Daniel.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
FileZilla ( http://sourceforge.net/projects/filezilla/ ) is a great FTP client
for Windows that support SSL..
Quoting [EMAIL PROTECTED]:
From:[EMAIL PROTECTED]
To: Dariush Pietrzak [EMAIL PROTECTED]
Subject: Re: recommendations for FTP server
Date:Sat, 21 Jun 2003 01:09:45
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
| A lightweight, efficient FTP server written from the ground up with
| security in mind.
Ahem.
I'm working on it.
Something is wrong with the PAM config...
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
_unstable_.
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
doesn't use PAM. This is
a bug in the Debian PAM configuration.
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
information's integrity.
Preventing successful denial-of-service attackes preserves the availability
or your information.
So how are those definitions invalid?
Daniel
--
Daniel Barclay
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
Quoting Tom White [EMAIL PROTECTED]:
Dear List,
I'm looking for a decent, secure, web based password changer for
user accounts. Something that I can install on a debian box with a
minimum amount of tweaking, and that isn't really any less secure than
a shell user changing their password
urgency between the version in testing and the version in
unstable.
Daniel.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
in the URLs at the end of the advisory. So the libxml1 package
on your system ought to be updated as well. Simply running apt-get
upgrade will likely do the right thing for you, by the way.
Regards,
Daniel.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
of dealing with
module loading issues, especially at boot time.
Daniel
--
Confidence comes not from always being right but from not fearing to be wrong.
-- Peter T. Mcintyre
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
.
For example, the firebird admin tool you were thinking of making suid -
does that allow running shell commands? If so, making it suid is the
equivalent of granting all users shell access as the firebird user.
Daniel
--
A drug is neither moral nor immoral--it's a chemical compound
other than identifying unusual
behaviour, or having an intrusion detection system in place before the
break-in.
Better to ask where the risks are, remove them, then rebuild the server
from scratch if you are not sure you are safe.
Regards,
Daniel
--
Regard all art critics as useless
, for Vassilii - you use the SpamCop blacklists. That is something
that I would be very nervous of. They have some pretty liberal policies
about what they accept, and their automatic tools are not that great at
filtering out innocent parties...
Daniel
--
You come for me now with a cake
be ideal...
Daniel
--
... Far down the vault a man was screaming. His fists were tightly clenched
and he was screaming out imprecations against the humming computers. There
was a hopeless rage in his eyes - rage and bitter, savage defiance.
-- Frank Bellknap, _It Was The Day
used; it would be interesting to see
if it actually managed to take off. :)
Daniel
--
Organization and method mean much, but contagious human characters mean more
in a university, where a few undisciplinables ... may be infinitely more
precious than a faculty full of orderly routinists
On 24 Jul 2004, [EMAIL PROTECTED] wrote:
Any package in Debian that will automatically run all /etc/init.d based
deamons in jail / chroot?
No, because it is not possible to provide a generic solution to running
daemons under a chroot, for a variety of reasons.
Regards,
Daniel
details of firewalling for you?
I sounds like you are pretty unsure on your feet here, and those tools
take a lot of the uncertainty out of building a firewall...
Regards,
Daniel
--
We can keep from a child all knowledge of earlier myths, but
we cannot take from him the need for mythology
components (end user systems) for security, and because I
can see no external review of the quality of their implementation.
If you really want them to look bad, grab papers where people have done
a security review of various VPN systems and ask for the same for the
WebEx system...
Daniel
of a bad password, etc.
Daniel
--
In protocol design, perfection has been reached not when there is nothing left
to add, but when there is nothing left to take away.
-- RFC 1925
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
to make a
cryptographic product or protocol more secure unless I had sufficient
background in the area to know the full implications of my recommended
actions.
Regards,
Daniel
--
If a joke is worth telling, it's worth telling once.
-- Ollie MacNoonan
--
To UNSUBSCRIBE, email to [EMAIL
On 25 Aug 2004, Matthew Palmer wrote:
On Tue, Aug 24, 2004 at 12:20:24PM -0400, Phillip Hofmeister wrote:
On Tue, 24 Aug 2004 at 10:50:38AM -0400, Daniel Pittman wrote:
Be aware that this sort of technique multi-encryption technique can
lead to significant exposures when applied to traditional
* mail clients under Unix are better written than to do that, but
between remotely exploitable issues with image rendering and the push
toward user friendly defaults there is no reason why this could not
happen.
Regards,
Daniel
--
Anyone who stops learning is old, whether at twenty
On 1 Sep 2004, s. keeling wrote:
Incoming from Daniel Pittman:
*Most* mail clients under Unix are better written than to do that, but
Even mutt (a terrific MUA) _can be told_ to automatically handle
MIME types for you, if you want. It just depends what's in your
/.mailcap, and that can
1 - 100 of 415 matches
Mail list logo