On Thu, 12 Aug 2004 03:38 pm, Lupe Christoph wrote:
On Thursday, 2004-08-12 at 14:26:44 +1000, Joshua Goodall wrote:
Therefore I see a need for a machine readable DSA format. I know
there's a defined format to the current header, but I'd like to
expand on that.
It will look something
On Thursday, 2004-08-12 at 17:25:32 +1000, Joshua Goodall wrote:
As I understand it, VuXML has a slightly different semantic. It
expresses that specified binary package versions will have a certain
vulnerability and implies they should be deinstalled or upgraded to
some version for which
* Josh Martin [EMAIL PROTECTED] [040810 10:08]:
Although this should never actually happen, if you set your environment
variable HOME to an extremely large string a buffer overflow will occur upon
connecting to a server using telnet. I was not able to overwrite 'eip'
but I have included a
On Thu, Aug 12, 2004 at 10:04:52AM +0200, Bernhard R. Link wrote:
I may be utterly confused, but that patch does look quite strange.
It may make it near to impossible to introduce code, but only reduces
the problem: strncpy will not '\0'-terminate the string, so that the
following
Hi
Although this question is a bit off topic, I think that this list is the
best audience to answer it.
For the company I'm working I had to write an apache module, that the
users do not have to enter their username password everytime they log
onto the intranet web server.
My solution is a
Hello,
here's my ¤0.02... note that I would not call myself a crypto expert
either.
On Thu, Aug 12, 2004 at 11:54:14AM +0200, Marcel Weber wrote:
My solution is a mod_perl module, that catches every request before the
authentication module and supplies the credentials automatically. This
*** French answer *** (english below)
Bonjour,
Ce message est envoy automatiquement suite au mail que vous avez
adress au service Abuse
Important,
Vous n'avez pas besoin de rpondre ce message maintenant.
Nous avons attribu le numro d'identification [rt-abuse.free.fr #681200]
votre
Hi
Richard Atterer wrote:
My solution is a mod_perl module, that catches every request before the
authentication module and supplies the credentials automatically. This
works with ANY apache authentication modules using basic authentication.
This strikes me as a weird solution. What's wrong with
[Lupe dropped from cc: as (I think was) requested]
On Thu, Aug 12, 2004 at 05:25:32PM +1000, Joshua Goodall wrote:
[snip good stuff]
These nits aside, I can probably use VuXML for my project, even if it
means extending the DTD. Thanks for pointing it out!
Hi Joshua!
I'm only too happy to
Hi all
Well, I figured out the problem, why my module hanged... It was a
programming fault... Well in that case, I do not need any md5 checksum
at all...
Problem solved
Thanks again for all precious input I got
Cheers
Marcel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Thu, Aug 12, 2004 at 01:56:53PM +0200, Marcel Weber wrote:
Richard Atterer wrote:
This strikes me as a weird solution. What's wrong with setting the
cookie lifetime higher, so that people only need to log in e.g. once a
day? Hmm, presumably the web application is closed-source or
Richard Atterer wrote:
On Thu, Aug 12, 2004 at 01:56:53PM +0200, Marcel Weber wrote:
No, it doesn't mean that. Current browsers will cache the password, AFAIK
until the end of the session by default, and forever if you enable the
option Remember this password or similar.
I know.
- No more
Hi, Phillip Hofmeister wrote:
If you wanted to
make a second version of GPG and place it in non-free, that would likely
be an acceptable option.
You don't need to make a second version of GPG; the IDEA module can be
loaded dynamically.
--
Matthias Urlichs
--
To UNSUBSCRIBE, email to
Regards,
John Long | Residential Technical Support | Esat BT | Tele: 1890 933 111
E: [EMAIL PROTECTED] | www.esatbt.com
Our commitment to customer satisfaction continues to be recognised by both
our customers and industry, with BT Global Services being short listed in
the 'Best Customer Care'
mail2web - Check your email from the web at
http://mail2web.com/ .
On Thu, 12 Aug 2004 at 03:35:29AM -0400, Matthias Urlichs wrote:
Hi, Phillip Hofmeister wrote:
If you wanted to
make a second version of GPG and place it in non-free, that would likely
be an acceptable option.
You don't need to make a second version of GPG; the IDEA module can be
Hi,
I'm interested in setting up an NTP server on a debian machine with security in mind,
but from my lookings at the official NTP server (www.ntp.org), the daemon which serves
time also updates the local clock, and hence has to have permission to do so.
I'm looking for a software package that
On Thu, Aug 12, 2004 at 10:40:14AM -0700, Adam Morley wrote:
Hi,
I'm interested in setting up an NTP server on a debian machine with security in
mind, but from my lookings at the official NTP server (www.ntp.org), the daemon
which serves time also updates the local clock, and hence has to
On Thu, Aug 12, 2004 at 10:40:14AM -0700, Adam Morley wrote:
I'm interested in setting up an NTP server on a debian machine with
security in mind, but from my lookings at the official NTP server
(www.ntp.org), the daemon which serves time also updates the local
clock, and hence has to have
Adam Morley wrote:
I'm looking for a software package that provides:
- An NTP server (to serve time to NTP clients) that I can run as a non-priveleged
user, chrooted.
Not sure if it fits your needs but the OpenBSD-guys recently released
OpenNTPD: http://www.openntpd.org/
--
To
On Thu, Aug 12, 2004 at 10:40:14AM -0700, Adam Morley wrote:
I'm looking for a software package that provides:
- An NTP server (to serve time to NTP clients) that I can run as a non-priveleged
user, chrooted.
- An NTP client, that will keep the clock of the computer doing the NTP
* Phillip Hofmeister:
You don't need to make a second version of GPG; the IDEA module can be
loaded dynamically.
Then the module would need to be in non-free.
non-us, I think.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Thu, 12 Aug 2004, Florian Weimer wrote:
You don't need to make a second version of GPG; the IDEA module can be
loaded dynamically.
Then the module would need to be in non-free.
non-us, I think.
non-free in non-us, actually. And maybe not even there, since the IDEA
patent is a problem
* Ian Beckwith:
On Sat, Aug 07, 2004 at 09:17:38PM +0200, Florian Weimer wrote:
Both PGP 5 and 6.5 have security issues which haven't been fixed
upstream (because there isn't any upstream anymore). There are some
pirated versions of 6.5.8 that incorporate fixes, but Debian certainly
* Henrique de Moraes Holschuh:
On Thu, 12 Aug 2004, Florian Weimer wrote:
You don't need to make a second version of GPG; the IDEA module can be
loaded dynamically.
Then the module would need to be in non-free.
non-us, I think.
non-free in non-us, actually.
Why non-free? The code is
On Thu, 12 Aug 2004, Florian Weimer wrote:
* Henrique de Moraes Holschuh:
On Thu, 12 Aug 2004, Florian Weimer wrote:
You don't need to make a second version of GPG; the IDEA module can be
loaded dynamically.
Then the module would need to be in non-free.
non-us, I think.
non-free
* Henrique de Moraes Holschuh:
Why non-free? The code is available under a DFSG-free copyright
license.
The one I have here isn't, but if you have one that is entirely DFSG-free,
that's much better.
An older version is available from:
Quoting Florian Weimer ([EMAIL PROTECTED]):
* Henrique de Moraes Holschuh:
Why non-free? The code is available under a DFSG-free copyright
license.
The one I have here isn't, but if you have one that is entirely DFSG-free,
that's much better.
An older version is available from:
Quoting Florian Weimer ([EMAIL PROTECTED]):
I once worked on an OpenPGP implementation vulnerability matrix, but
this topic isn't very interesting anymore. For me at least, there's
just GnuPG.
Just out of curiosity, are there now, or have there been in the past,
any _other_ implementations
* Rick Moen:
Quoting Florian Weimer ([EMAIL PROTECTED]):
I once worked on an OpenPGP implementation vulnerability matrix, but
this topic isn't very interesting anymore. For me at least, there's
just GnuPG.
Just out of curiosity, are there now, or have there been in the past,
any _other_
* Joshua Goodall:
I have several hundred debian instances to care for, and they are
monitored via Nagios. I would like to institute a regular test that
checks each box against a list of security advisories, without
running apt-get update several times a day on 300 boxes.
Therefore I see a
Dear Friend,
We will pay you $5,000 USD for the referral of a client that purchases an armored
bullet proof pasenger vehicle from Elite Armoring Corporation (
http://www.elitearmoring.com ), one of the largest manufacturers of bullet proof
passenger vehicles.
We can armor new 2004 Cadillac
32 matches
Mail list logo