On Monday, 2002-01-14 at 23:20:21 -0400, Peter Cordes wrote:
On Mon, Jan 14, 2002 at 01:25:11PM -0500, Jeremy L. Gaddis wrote:
I recompressed it as a real PNG, and attached it to this mail, for your
viewing pleasure :) PNG gets 3.5 times better compression, probably because
this image only
I recall there being discussion a while back about packaging chroot
bind. I don't know whether or not anything came of it at all. There is
Debian being what it is, are there any reasons why the debian bind
package should not be chroot as the default instalation?
One thing that might be a
I'd agree with your comments. I being looking at
OpenBSD (for various reasons) and the default setup is
reasonable secure (there are still some things left on
, which supprised me). Not sure if Debian needs to go
as far as OpenBSD but I think that it is a good
referance base
Jon
--- Tarjei
On Tue, 2002-01-15 at 09:44, Florian Weimer wrote:
Adam Warner [EMAIL PROTECTED] writes:
http://www.linuxtoday.com/news_story.php3?ltsn=2002-01-14-002-20-SC-DB
Someone with better knowledge of all the facts might want to comment on
the claim that Debian is always the last to fix
On Mon, Jan 14, 2002 at 09:53:15AM -0500, Noah L. Meyerhans wrote:
On Mon, Jan 14, 2002 at 01:37:50PM +, Simon Huggins wrote:
So perhaps Debian security is only as good as the package maintainers?
I'm sure most maintainers do care and do investigate bugs I probably
just had a bad
On Tue, Jan 15, 2002 at 09:23:20AM +0100, Lupe Christoph wrote:
On Monday, 2002-01-14 at 23:20:21 -0400, Peter Cordes wrote:
On Mon, Jan 14, 2002 at 01:25:11PM -0500, Jeremy L. Gaddis wrote:
I recompressed it as a real PNG, and attached it to this mail, for your
viewing pleasure :) PNG
Title: Welcome to J.T. Sterlings
J.T. Sterlings Daily Specials - January 15, 2002Our Daily Specials change once every day at Midnight, Eastern Time.
You are subscribed to J.T. Sterlings Daily Special mailings.
Visit us at www.jtsterlings.com or click below to place your order.
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote:
I don't have any pratical experience with FreeSWAN at all, however, I have
statically compiled BIND 9 and placed it in a chroot jail on Debian. I
wonder if it would hard to packge a chroot'ed setup of BIND9 once it
completely
On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
I recall there being discussion a while back about packaging chroot
bind. I don't know whether or not anything came of it at all. There is
Debian being what it is, are there any reasons why the debian bind
package should not be
That would be great. I will accept patches anytime. Please don't
forget about writting it! (I will keep this mail, just as a reminder :)
Javi
On Mon, Jan 14, 2002 at 10:46:48AM -0500, Noah L. Meyerhans wrote:
I'd happily volunteer to write the whole chapter, but I don't
On Wed, 2002-01-16 at 01:07, Javier Fernández-Sanguino Peña wrote:
Already did it yesterday (except for th column with the data).
See
http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.3
Please consider removing any reference to the average amount of time in
the
Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes:
On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
I recall there being discussion a while back about packaging chroot
bind. I don't know whether or not anything came of it at all. There is
Debian being what it is, are
hi ya
i did an dist-upgrade update upgrade today... and saw sudo get update
before fixes to sudo was posted to bugtraq
c ya
alvin
On 15 Jan 2002, Adam Warner wrote:
On Tue, 2002-01-15 at 09:44, Florian Weimer wrote:
Adam Warner [EMAIL PROTECTED] writes:
also sprach Javier Fernández-Sanguino Peña [EMAIL PROTECTED] [2002.01.15.1316 +0100]:
Debian being what it is, are there any reasons why the debian bind
package should not be chroot as the default instalation?
RTFM. That is:
Previously Alvin Oga wrote:
i did an dist-upgrade update upgrade today... and saw sudo get update
before fixes to sudo was posted to bugtraq
Actually it was posted to bugtraq about 15 minutes before but you only
saw it later due to moderation :)
Wichert.
--
On Wed, Jan 16, 2002 at 01:42:50AM +1300, Adam Warner wrote:
...it took the Debian Security Team an average of 35 days to fix
security-related vulnerabilites.
An average based upon a very long tail is highly misleading. Please
quote the median time to fix a vulnerability instead.
It is not
Previously Colin Phipps wrote:
It is not misleading in this case, the tail is the _most_ important part
of the data. It doesn't matter if we patch every other hole in 10
minutes if we leave one open for months.
Both are interesting though.
Wichert.
--
Tarjei [EMAIL PROTECTED] writes:
Hmm. Here's a suggestion.
- This idea is based on the asumtion that espesially serversystems need
good security.
*All* installed boxes need adequate securing. Linux worms would not
propagate if it weren't for a critical mass of idiots running unpatched
Colin Phipps [EMAIL PROTECTED] writes:
On Wed, Jan 16, 2002 at 01:42:50AM +1300, Adam Warner wrote:
...it took the Debian Security Team an average of 35 days to fix
security-related vulnerabilites.
An average based upon a very long tail is highly misleading. Please
quote the median time
On Tue, Jan 15, 2002 at 01:52:47PM +, Colin Phipps wrote:
[...]
Furthermore I think the mean is exactly the right measure of this: from
the user point of view, the important figure is total exposure time,
i.e. sum of time between vulnerability discovery and patch (for
installed packages)
Previously Jean-Marc Boursot wrote:
Like the last postfix DoS? Am I wrong or there wasn't any bugtraq
report for that?
There was, Wietse announced it to bugtraq.
Wichert.
--
_
[EMAIL PROTECTED] This space
On Tue, Jan 15, 2002 at 02:04:38PM +, Tim Haynes wrote:
Colin Phipps [EMAIL PROTECTED] writes:
It is not misleading in this case, the tail is the _most_ important part
of the data. It doesn't matter if we patch every other hole in 10 minutes
if we leave one open for months.
Yes it
Title: °Ë»ö¿£Áø ¾ÆÀ̵ûµûµû
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
how many break-in attempts there are each day on my
simple home box which isn't even adverised anywhere,
as I only run a few services intended for friends and
family (apache, wu-ftpd, exim).
I
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Then there are more exotic stuff. High port UDP attampts,
connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
Now the logs
Hello all,
This is far from as serious an issue as some of the items on the list
right now,
but I thought I'd see if anyone has some input.
I'm running some synchronized machines, and I only want users to change
passwords on the master. So, I thought of writing a script to replace
password that
David Ehle [EMAIL PROTECTED] writes:
Hello all,
if you do:
ssh [EMAIL PROTECTED] password
What is `password'?
ssh will have you authenticate to host, and then bring up the password
change prompt
(current) UNIX password:
on the remote machine.
BUT when you start typing, the
Tim,
Yep that does it :) Thanks mucho!
I knew it was something VERY simple but my brain is just stir-fried
today and I couldn't think of it.
Thanks again.
David.
Tim Haynes wrote:
David Ehle [EMAIL PROTECTED] writes:
Hello all,
if you do:
ssh [EMAIL PROTECTED] password
What is
hi balaz
how much time and energy do you want to spend ???
- 1st passs..
- update your box regularly per debians security patches
- read debians security howto
http://www.debian.org/doc/manuals/securing-debian-howto
- 2nd pass...
- you;'re doing w/
-BEGIN PGP SIGNED MESSAGE-
When I do a 'netstat -l' I get (among a bunch of stuff that looks OK):
mail:# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign AddressState
udp0 0 *:32768 *:*
What
Jeff Teitel [EMAIL PROTECTED] writes:
When I do a 'netstat -l' I get (among a bunch of stuff that looks OK):
mail:# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign AddressState
udp0 0 *:32768 *:*
On Tue, Jan 15, 2002 at 03:45:59PM -0600, Jeff Teitel wrote:
mail:# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign AddressState
udp0 0 *:32768 *:*
What is this, and should I be worried?
Add
-BEGIN PGP SIGNED MESSAGE-
Noah L. Meyerhans wrote:
On Tue, Jan 15, 2002 at 03:45:59PM -0600, Jeff Teitel wrote:
mail:# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign AddressState
udp0 0 *:32768
(ȨÆäÀÌÁö ±¸°æÇϱâ) -- http://www.searchcorea.com
¡Ú`Å·Ä«,ÄýÄ«` ÀÚ½ÅÀÌ ¿øÇϽô ÀÌ»óÇüÀ» ã¾Æµå¸³´Ï´Ù¡Ú
¾È³çÇϼ¼¿ä.Á¦°¡ Á¤¸» ¿©¼ººÐ°ú ³²¼ººÐ²² ÁÁÀº¼Ò½Ä ¾Ë·Áµå¸±²²¿ä^^
³²¼ººÐÀ̳ª ¿©¼ººÐÀ̳ª ¿äÁò Å·Ä« ÄýÄ«¸¦ ¸¸³ª½Ã±â Èûµå½ÃÁÒ?
Á¦°¡ ÃßõÇØ µå¸®´Â »çÀÌÆ®¿¡ Çѹø °¡º¸¼¼¿ä.
ÀÌ È¸»ç´Â ÂøÇÑ
On Tue, Jan 15, 2002 at 02:34:47PM +, Colin Phipps wrote:
On Tue, Jan 15, 2002 at 02:04:38PM +, Tim Haynes wrote:
Colin Phipps [EMAIL PROTECTED] writes:
It is not misleading in this case, the tail is the _most_ important part
of the data. It doesn't matter if we patch every other
On Tuesday, 2002-01-15 at 13:07:12 +0100, Javier Fernández-Sanguino Peña wrote:
On Tue, Jan 15, 2002 at 09:23:20AM +0100, Lupe Christoph wrote:
I still think a table and graph would be a god addition to the security
FAQ, as an answer to the question How long does Debian take to
fix known
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 15. januar 2002 19:05
To: [EMAIL PROTECTED]
Subject: [??] ?? .
I tried to mail a report to [EMAIL PROTECTED], but there was no such
recipient.
I suggest that action is taken to get rid of all
On Tue, Jan 15, 2002 at 01:16:12PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
[snip]
Debian being what it is, are there any reasons why the
debian bind package should not be chroot as the default
instalation?
RTFM. That is:
On Monday, 2002-01-14 at 23:20:21 -0400, Peter Cordes wrote:
On Mon, Jan 14, 2002 at 01:25:11PM -0500, Jeremy L. Gaddis wrote:
I recompressed it as a real PNG, and attached it to this mail, for your
viewing pleasure :) PNG gets 3.5 times better compression, probably because
this image only
On Tue, 2002-01-15 at 09:44, Florian Weimer wrote:
Adam Warner [EMAIL PROTECTED] writes:
http://www.linuxtoday.com/news_story.php3?ltsn=2002-01-14-002-20-SC-DB
Someone with better knowledge of all the facts might want to comment on
the claim that Debian is always the last to fix
On Mon, Jan 14, 2002 at 09:53:15AM -0500, Noah L. Meyerhans wrote:
On Mon, Jan 14, 2002 at 01:37:50PM +, Simon Huggins wrote:
So perhaps Debian security is only as good as the package maintainers?
I'm sure most maintainers do care and do investigate bugs I probably
just had a bad
On Tue, Jan 15, 2002 at 09:23:20AM +0100, Lupe Christoph wrote:
On Monday, 2002-01-14 at 23:20:21 -0400, Peter Cordes wrote:
On Mon, Jan 14, 2002 at 01:25:11PM -0500, Jeremy L. Gaddis wrote:
I recompressed it as a real PNG, and attached it to this mail, for your
viewing pleasure :) PNG
Title: Welcome to J.T. Sterlings
J.T. Sterlings Daily Specials - January 15, 2002Our Daily Specials change once every day at Midnight, Eastern Time.
You are subscribed to J.T. Sterlings Daily Special mailings.
Visit us at www.jtsterlings.com or click below to place your order.
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote:
I don't have any pratical experience with FreeSWAN at all, however, I have
statically compiled BIND 9 and placed it in a chroot jail on Debian. I
wonder if it would hard to packge a chroot'ed setup of BIND9 once it
completely
On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
I recall there being discussion a while back about packaging chroot
bind. I don't know whether or not anything came of it at all. There is
Debian being what it is, are there any reasons why the debian bind
package should not be
That would be great. I will accept patches anytime. Please don't
forget about writting it! (I will keep this mail, just as a reminder :)
Javi
On Mon, Jan 14, 2002 at 10:46:48AM -0500, Noah L. Meyerhans wrote:
I'd happily volunteer to write the whole chapter, but I don't forsee
On Wed, 2002-01-16 at 01:07, Javier Fernández-Sanguino Peña wrote:
Already did it yesterday (except for th column with the data).
See
http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.3
Please consider removing any reference to the average amount of time in
the
Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes:
On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
I recall there being discussion a while back about packaging chroot
bind. I don't know whether or not anything came of it at all. There is
Debian being what it is, are
also sprach Javier Fernández-Sanguino Peña [EMAIL PROTECTED] [2002.01.15.1316
+0100]:
Debian being what it is, are there any reasons why the debian bind
package should not be chroot as the default instalation?
RTFM. That is:
Previously Alvin Oga wrote:
i did an dist-upgrade update upgrade today... and saw sudo get update
before fixes to sudo was posted to bugtraq
Actually it was posted to bugtraq about 15 minutes before but you only
saw it later due to moderation :)
Wichert.
--
hi ya wichert
true... i probably should have been clearer...
that i'm on the way end of the bugtraq list...
keep up the good work all ...
have fun
alvin
http://www.Linux-Sec.net ... hardening howtos ...
On Tue, 15 Jan 2002, Wichert Akkerman wrote:
Previously Alvin Oga wrote:
i did an
Hmm. Here's a suggestion.
- This idea is based on the asumtion that espesially serversystems need
good security.
1. Make a votingpage and anounce it on debian-users asking what are the
main servers people are running on their debian systems.
2. Go through the 10 highest and make sure they
On Wed, Jan 16, 2002 at 01:42:50AM +1300, Adam Warner wrote:
...it took the Debian Security Team an average of 35 days to fix
security-related vulnerabilites.
An average based upon a very long tail is highly misleading. Please
quote the median time to fix a vulnerability instead.
It is not
Previously Colin Phipps wrote:
It is not misleading in this case, the tail is the _most_ important part
of the data. It doesn't matter if we patch every other hole in 10
minutes if we leave one open for months.
Both are interesting though.
Wichert.
--
Tarjei [EMAIL PROTECTED] writes:
Hmm. Here's a suggestion.
- This idea is based on the asumtion that espesially serversystems need
good security.
*All* installed boxes need adequate securing. Linux worms would not
propagate if it weren't for a critical mass of idiots running unpatched
Colin Phipps [EMAIL PROTECTED] writes:
On Wed, Jan 16, 2002 at 01:42:50AM +1300, Adam Warner wrote:
...it took the Debian Security Team an average of 35 days to fix
security-related vulnerabilites.
An average based upon a very long tail is highly misleading. Please
quote the median time
Title: 검색엔진 아이따따따
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
how many break-in attempts there are each day on my
simple home box which isn't even adverised anywhere,
as I only run a few services intended for friends and
family (apache, wu-ftpd, exim).
I
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Then there are more exotic stuff. High port UDP attampts,
connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
Now the logs
Hello all,
This is far from as serious an issue as some of the items on the list
right now,
but I thought I'd see if anyone has some input.
I'm running some synchronized machines, and I only want users to change
passwords on the master. So, I thought of writing a script to replace
password that
Tim,
Yep that does it :) Thanks mucho!
I knew it was something VERY simple but my brain is just stir-fried
today and I couldn't think of it.
Thanks again.
David.
Tim Haynes wrote:
David Ehle [EMAIL PROTECTED] writes:
Hello all,
if you do:
ssh [EMAIL PROTECTED] password
What is
hi balaz
how much time and energy do you want to spend ???
- 1st passs..
- update your box regularly per debians security patches
- read debians security howto
http://www.debian.org/doc/manuals/securing-debian-howto
- 2nd pass...
- you;'re doing w/
-BEGIN PGP SIGNED MESSAGE-
When I do a 'netstat -l' I get (among a bunch of stuff that looks OK):
mail:# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign AddressState
udp0 0 *:32768 *:*
What
Jeff Teitel [EMAIL PROTECTED] writes:
When I do a 'netstat -l' I get (among a bunch of stuff that looks OK):
mail:# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign AddressState
udp0 0 *:32768 *:*
64 matches
Mail list logo