On Mon, Jun 20, 2022 at 09:25:38AM -0700, Noah Meyerhans wrote:
> https://security-tracker.debian.org/tracker/source-package/imagemagick
>
> If you're processing data (images, videos, audio files, etc) from
> unknown sources, it's a really good idea to use sandboxing of some ki
On Mon, Jun 20, 2022 at 06:10:45PM +0200, Sebastian Rose wrote:
> >> how do you guys test all of the potential PNG/JPG potential malware
> >> payloads
>
> What's your use-case? As I'm not aware of an vector for GNU/Linux in
> normal everyday use¹, I guess you host files for Windows clients?
Can we please take this tinfoil hat lunacy somewhere else? There are
plenty of conspiracy theory forums out there. I'm sure you've got your
favorite, but this isn't one.
On Fri, May 13, 2022 at 08:15:52PM +0200, Elmar Stellnberger wrote:
> I mean Michael Lazin didn´t say anything bad, on the
On Thu, Jan 28, 2021 at 10:08:32AM -0800, Ramin Doe wrote:
> The signed metadata includes cryptographic checksums of the package
> contents. Thus, package contents can't be modified in storage on the
> mirror or in transit to your system without invalidating the checksum,
>
On Wed, Jan 27, 2021 at 10:23:44AM -0800, Ramin Doe wrote:
>This lead me to search for more answers online, where I have found an
>article that suggests that package metadata is verified, but that package
>contents are not.
>
>
On Wed, Oct 21, 2020 at 09:22:11PM +0300, Pavlos Ponos wrote:
>Thunderbird 1:78.3.1-2 accepted in unstable at 30/09/2020, 21 days passed
>since then, so i think it would be enough time to consider it ready for
>testing.
Normally it would be, but issues (release-critical bugs, test
On Wed, Oct 21, 2020 at 07:03:35PM +0300, Pavlos Ponos wrote:
>Apologies if this should be directed to another list, but I've already
>tried in 'debian-testing' with no luck, see [1]here.
>In Debian's package tracker I see that Thunderbird in stable through the
>security updates is
On Sat, Mar 07, 2020 at 08:22:59PM +1100, Russell Coker wrote:
> For subsystems that are complex and security critical (like Apache and Samba
> for example) you could have other packages providing check scripts that look
> for common configuration choices that might reduce security. Such
On Sat, Mar 07, 2020 at 11:46:54AM -0600, Jonathan Hutchins wrote:
> The only way to achieve real security is through knowledge. Pressing a
> shiny automated button is just going to implement what somebody else thinks
> is good for the system they assume you're running. Find the security
>
On Sat, Jan 06, 2018 at 05:10:10PM +0100, Davide Prina wrote:
> https://haveibeenpwned.com/
>
> that inform you if your credential have been compromised in data brench
> (only for public compromised data).
>
> I have try it with sub...@bugs.debian.org and this account result
> compromised!! for:
On Wed, Aug 30, 2017 at 08:49:44AM +0200, Guido Günther wrote:
> Hi gnupg maintainers, security team,
> attached debdiff addresses the above CVE for jessie. O.k. to upload to
> security-master?
debian-security@lists.debian.org is the public discussion list and isn't
necessarily monitored by the
On Tue, Mar 01, 2016 at 08:35:43PM +0100, Zack Piper wrote:
> > "someone take my email off the list or I will report it as harassment."
>
> Oh wow I forgot about this. They've tried unsubscribing in the past
> from other lists just to refuse to follow instructions' I imagine
> they're a troll.
On Tue, Feb 16, 2016 at 04:32:00PM +0100, Peter Ludikovsky wrote:
> A question to those more knowledgeable: we're using our own DNS
> servers for all lookups, and those do recursive lookup for any
> external addresses. Am I right to assume that Bind9 uses it's own
> implementation for DNS lookups?
On Mon, Jan 11, 2016 at 11:14:52AM -0500, Cindy-Sue Causey wrote:
> Just thinking out loud... that maybe the Announce list settings might
> need a quick once-over review depending on admin's intentions for it.
The ability to send mail to the debian-security-announce list is
restricted, and the
On Wed, Sep 09, 2015 at 01:24:05PM -0400, Justin R. Andrusk wrote:
> Was just wondering if there was any mentoring opportunities available on
> the Debian Security team.
Per https://www.debian.org/security/faq#contact you should be contacting
t...@security.debian.org to reach the security team.
On Sun, May 03, 2015 at 10:06:20PM +0530, bkpsusmitaa wrote:
I have added the lines. The issue is regarding non-availability of
security keys. Yes, it is about an old laptop that ran superbly in
lenny, but somewhat slower in squeeze,
The keys are available in the debian-archive-keyring
On Sat, Nov 01, 2014 at 04:21:53PM +, Jack wrote:
This mailing list is for security announcements. All Debian users are
encouraged to subscribe, so that they know about the latest threats and
updates.
Incorrect; you're thinking of debian-security-announce, which is
moderated and only used
On Sun, Jul 13, 2014 at 08:35:56AM +0900, Joel Rees wrote:
MD5 has been broken for a small number of applications. Its status is
questionable for the rest, but if we want to help break it completely,
let's get all the distros that insist on still using MD5 to use it,
not just for signing, but
On Jan 22, 2014 9:11 AM, Nico Angenon n...@creaweb.fr wrote:
Here is the ps aufx result... (a bit long)
(Please excuse any wonky formatting or glaring oversights, I'm on a mobile
device.)
You appear to be running an nfs server on this host. Try stopping the
nfs-kernel-server service and
On Sat, Jan 18, 2014 at 08:30:49PM +0100, Marco Saller wrote:
i am not sure if this question has been asked or answered yet, please do not
mind if i would ask it again.
Is it possible that the NSA or other services included investigative software
in some Debian packages?
It is absolutely
On Tue, Feb 05, 2013 at 10:45:39PM +, Jérémie Marguerie wrote:
You'll be scanned, many times a day, you'll also be bruteforced and
however not normal, this is just noise.
See also http://en.wikipedia.org/wiki/Internet_background_radiation
signature.asc
Description: Digital
On Thu, Nov 01, 2012 at 10:48:46PM +0900, Hideki Yamane wrote:
So I suggest switch from Exim to Postfix for default MTA.
This has been discussed in depth fairly recently on debian-devel.
http://lists.debian.org/debian-devel/2012/04/msg00719.html
The short answer, from my recollection of that
On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote:
I guess I already pointed out everything. I added the updating part to it.
* Use private not public keys with strong passwords
This doesn't make any sense at all. You need both private and public
keys for key-based authentication,
On Thu, Dec 29, 2011 at 11:30:27PM +0400, Taz wrote:
Anybody want's to check it out?
I can provide ssh access, if u will give me ssh key.
From the sound of things, we're not going to find much. It's clear that
the attackers have already cleaned up their tracks by editing auth.log,
etc. The
On Fri, Dec 16, 2011 at 09:34:40PM +0100, Marko Randjelovic wrote:
snip
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff98fbd270) = -1 ENOTTY
(Inappropriate ioctl for device)
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff98fbd3e0) = -1 ENOTTY
(Inappropriate ioctl for device)
snip
Those are
On Wed, Oct 05, 2011 at 09:15:18PM +0100, Bart Swedrowski wrote:
I have been forced to use switch from Debian to RedHat and clones
in my last job specifically because usual life time of a server was
3.5 - 4 years.
Same here. In my exerience, large sites typically use a 3-5 year
lifetime for
On Thu, Oct 06, 2011 at 12:33:39AM +0200, Poison Bit wrote:
In my experience: if a company does not perform operative system
upgrades, the company does not have more than 5 years and does not
understand how open source, and in special linux kernel, works.
I'm certain I can name several large
On Thu, Oct 06, 2011 at 12:15:45AM +0200, Sythos wrote:
And that's 2 years less for LTS ... especially in bigger Setup's
LTS-Support is mandatory so there (because there is no Debian LTS's)
Debian cannot be used due to the lack of Support. Instead - Redhat
or Ubuntu or any other
On Wed, Oct 05, 2011 at 03:20:08PM -0700, Noah Meyerhans wrote:
Debian's goal is to have an 18 month release cycle. stable becomes
oldstable when the next version is released, and oldstable is supported
for 1 year. That's 28 months. Where do you get the idea of 3 years of
direct support
On Thu, Oct 06, 2011 at 12:47:09AM +0200, Poison Bit wrote:
You can migrate data between service versions or environments, have
rollbacks, backups and etc.
Across a fleet of 15000 hosts? With no downtime? Without impacting the
schedule of whatever software you actually run on these
On Mon, Oct 25, 2010 at 05:16:51PM -0400, Brad Tilley wrote:
While experimenting with PCI DSS on a default Debian Linux system, I
found that when I comment out this line:
authrequiredpam_unix.so nullok_secure
in /etc/pam.d/common-auth, any account may ssh into the box by typing
On Thu, Jan 21, 2010 at 04:39:14PM +0100, Thiemo Nagel wrote:
having read your email concerning the termination of etch security
support, I'm looking for an upgrade path for our installation of ~100
machines.
Is it planned to start squeeze security support in time to allow a
direct 4.0
On Wed, Dec 16, 2009 at 05:59:13PM -0500,
whereislibertyandjust...@safe-mail.net wrote:
Whether I run 'strings' on the binary files or view with vim or gedit, here
is what is always seen inside the binaries:
__gmon_start__
_Jv_RegisterClasses
They're put there by gcc and are perfectly
On Thu, Oct 08, 2009 at 09:08:31AM +, Jörg Sommer wrote:
You need to make sure that the machine actually gets rebooted when
security updates are made.
I thought for security fixes in modules it's enough to update/replace
the module. Isn't it?
No. If the module is already loaded in
On Sun, Oct 04, 2009 at 11:44:52AM -0400, Thomas Krichel wrote:
this looks like a standard privilege escalation (not a rootkit). it
appears to be using one of the recent null pointer dereference kernel
vulnerabilities. your fricka machine is probably running one of the
unpatched kernels
On Thu, Jul 09, 2009 at 06:02:37PM +0200, Peter Jordan wrote:
If you have Kerberos, why would you use ssh keys? GSS-API is so much
nicer if you already have a Kerberos environment.
And how to login passwordless from outside the kerberos network?
There's no such thing as outside the
On Wed, Jul 08, 2009 at 02:03:57PM -0700, Roger Bumgarner wrote:
As far as I know, it does keys first then falls back to passwords. I'd
imagine PAM could help, but I'm not knowledgeable enough in regards to
that. I know you're only limited by your imagination when it comes to
PAM
On Wed, Jul 09, 2008 at 06:10:51PM +0200, Wolfgang Jeltsch wrote:
At this time, it is not possible to implement the recommended
countermeasures in the GNU libc stub resolver.
I don???t have bind9 installed. Am I affected by the libc stub resolver bug?
Yes. I suggest that you install
On Thu, May 15, 2008 at 11:08:58AM +0300, Mikko Rapeli wrote:
It would be also helpful to print the line as dokuwd.pl does.
Is there any repository with newer versions of ssh-vulnkey or dokuwd.pl ?
Try the Ubuntu version which contains a fixed ssh-vulnkey (
On Wed, May 14, 2008 at 10:39:10AM -0700, Harry Edmon wrote:
Are there any plans to issue the same openssl/openssh security fixes for
lenny has have been done for etch?
OpenSSL has already been fixed in lenny. The openssh package containing
ssh-vulkey should hit testing tomorrow at the
On Fri, May 09, 2008 at 05:54:40AM -0700, phobot wrote:
On May 7, 1:10 pm, martin f krafft [EMAIL PROTECTED] wrote:
use integrit/aide/tripwire
only useful with read-only media
OK, I don't get it if the media is read-only none can alter it so you
don't really need tripwire.
But if the
On Mon, May 05, 2008 at 02:57:34AM +0200, Peter Palfrader wrote:
On Mon, 05 May 2008, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
Apropos. Is there a way to get that information from a vmlinuz file on
disk? Without booting it, that is.
Interesting enough my
On Mon, Mar 10, 2008 at 01:36:46PM -0500, Filipus Klutiero wrote:
I reported #468765 about a questionable statement on www.debian.org. Frank
Lichtenheld wants this to be discussed.
This statement is in a security announcement. Martin Schulze confirmed that
he
wrote the statement. Does
On Mon, Mar 10, 2008 at 04:33:53PM -0400, Filipus Klutiero wrote:
Their public one, the one you referenced.
Argh. If I'm asking about a statement, that's because I read it. Obviously,
the author didn't bother checking whether he was right, which is why I'm
asking whether there are some
On Thu, Feb 21, 2008 at 01:16:33PM +0100, Thomas Hungenberg wrote:
I am a little bit surprised that - apart from small graphics errors
and some performance issues - the fglrx driver runs fine without
the kernel module.
I thought that starting x.org would fail if the kernel module is not
On Wed, Feb 13, 2008 at 06:23:16PM -0200, Martin Spinassi wrote:
I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and
build a new linux-image. But after installing an rebooting I still was
able to become root with this exploit:
http://milw0rm.com/exploits/5092
On Tue, Feb 12, 2008 at 04:09:00PM +0100, Nicolas Boullis wrote:
I think this package deserves an official upgrade.
It'll get one. The severity of the issue dictates that we release
kernel builds for the various architectures as soon as we get them,
rather than waiting until they're all
On Fri, Jan 11, 2008 at 01:24:28AM -0500, Thomas Bushnell BSG wrote:
If a security bug were found in the afs client-side package, which is
implemented as a kernel module, would the announcement not look just
like the one we saw for DSA 1458-1?
See for yourself:
On Fri, Jan 11, 2008 at 12:53:08PM -0500, Joey Hess wrote:
Noah Meyerhans wrote:
We mention all the binary packages in the advisory because they're the
versions that are going to be installed by apt* and people are going
to want checksums, file sizes, etc.
.. For no good reason, since
On Thu, Jan 10, 2008 at 05:29:18PM -0500, Thomas Bushnell BSG wrote:
This is not sufficient advice for how to upgrade. Merely installing a
new version of openafs-modules-source will not build it. Some form of
m-a invocation as well will be necessary.
Except that the security flaw is in the
On Thu, Jan 10, 2008 at 11:25:07PM -0500, Thomas Bushnell BSG wrote:
Except that the security flaw is in the fileserver, which does not
involve the kernel module at all and runs fine even without it
installed.
Surely. But then the security update shouldn't mention unaffected
packages!
On Sun, Jan 06, 2008 at 01:36:26PM -0600, William Twomey wrote:
I also disabled ipv6, which I was seeing a lot of from this host.
Probably not, unless you've knowingly configured IPv6 routing and all
that; you were probably seeing a lot of IPv4 mapped v6 addresses, which
look (in netstat) like
On Fri, Nov 23, 2007 at 11:10:09AM +0100, Alfio wrote:
(Reading database ... 360460 files and directories currently installed.)
Preparing to replace samba 3.0.24-6etch4 (using
samba_3.0.24-6etch5_i386.deb) ...
invoke-rc.d: dangling symlink: /etc/rc2.d/S91samba
dpkg: warning - old pre-removal
On Fri, Sep 21, 2007 at 04:24:38PM +0100, Steve Kemp wrote:
It seems at kdebase and fetchmailconf depencies are broken.
I don't see what the source of this is.
kdebase: Depends: kappfinder (= 4:3.5.5a.dfsg.1-6etch1) but
4:3.5.5a.dfsg.1-6 is installed.
kappfinder is a binary
On Fri, Sep 21, 2007 at 04:48:34PM +0100, Adam D. Barratt wrote:
I'm guessing the people reporting problems are i386 users.
kdebase: Depends: kappfinder (= 4:3.5.5a.dfsg.1-6etch1) but
4:3.5.5a.dfsg.1-6 is installed.
kappfinder is a binary coming from the kdebase package.
On Wed, May 16, 2007 at 09:39:56PM +0200, Thomas Korber wrote:
Moritz Muehlenhoff [EMAIL PROTECTED] writes:
Nice work on getting this out. Is sarge going to get an update, is it
even affected? I've looked into CVE-2007-2444, and
http://www.securityfocus.com/bid/23974/ says that the
On Tue, May 08, 2007 at 05:34:30PM -0400, Gerardo Curiel wrote:
El mar, 08-05-2007 a las 22:24 +0200, Thomas Hochstein escribi?:
Chris Adams schrieb:
Do you have a VNC server installed?
| But I do have vino-server running.
That's the problem, the same happened to me a couple of
On Tue, May 01, 2007 at 11:18:22AM -0700, Michael Leibowitz wrote:
The DSA incorrectly identifies etch as the unstable distribution.
Yeah, my fault. The web site will have it listed correctly, of course.
noah
signature.asc
Description: Digital signature
On Wed, Feb 07, 2007 at 04:38:30PM +0100, Holger Levsen wrote:
Lalala
WTF? At least you used a proper from:-header...
Could you *please* correct your errors (which are no problem per se) correct
in a professional way?
The errors have already been corrected:
On Sun, Nov 26, 2006 at 12:47:55AM +0100, Alexander Klauer wrote:
there has been a texinfo update for sarge available from
security.debian.org for a few days now. The changelog in the
source package says something about arbitrary code execution.
The GPG signature by Noah Meyerhans is good
On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
NB: although some are saying this is a local root exploit only, the
bulletin points out it can be exploited by visiting a malicious
webpage.
I've not scrutinised the claims closely, but it looks like a remote
vulnerability to me :-(
On Tue, Oct 10, 2006 at 09:22:43PM -0400, David Kennedy CISSP wrote:
signed by a key not included in
http://www.debian.org/security/keys.txt and not on the PGP.COM,
MIT.EDU or any other of several public key servers.
It's on pgp.mit.edu
On Wed, Sep 06, 2006 at 06:14:51PM +0200, Allard Hoeve wrote:
Please take note of:
http://www.openssl.org/news/secadv_20060905.txt
Acknowledged. A fix is already in the works.
noah
signature.asc
Description: Digital signature
On Tue, Aug 29, 2006 at 10:54:45PM +0200, Moritz Muehlenhoff wrote:
If there's anything special to do (e.g. kernel or glibc) we alredy add this
to the DSA text.
I don't think that's quite enough. I have a few hundred Debian
workstations for which I'm responsible, and it's difficult for me to
On Mon, Jul 17, 2006 at 06:13:28PM +0200, Moritz Muehlenhoff wrote:
This was an error on my side, it's already corrected on the web:
http://www.debian.org/security/2006/dsa-
Any idea why this DSA isn't linked to from
http://www.debian.org/security/ ? The document is there, but there's
On Wed, Apr 19, 2006 at 03:56:41PM -0600, Michael Loftis wrote:
Increasingly 2.6 is unsuitable for production use due to its huge amount of
change and lack of stable tree. There was a decision to do away with the
old split development/odd numbered development model sometime after about
On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
the service:
443/tcp open https
is used to protect the webmail service. it is meant to stop the email
passwords from being sniffed.
If you're concerned about passwords being sniffed, you better shut off
pop3 and imap, too
On Thu, Dec 15, 2005 at 06:46:02PM +0100, Florian Weimer wrote:
It may be nothing. The fact that it showed up as filterd in the nmap
output indicates that nmap didn't received a TCP RST packet back when it
tried to contact that port. That may mean you have iptables configured
to DROP
On Thu, Dec 15, 2005 at 10:19:48PM +, kevin bailey wrote:
good point - also the fact that the users stick their email passwords to
their monitors using postits!
Well, at least there's still *some* level of physical security there;
an attacker has to be at your user's desk to get the
On Wed, Nov 23, 2005 at 12:59:02PM +0100, Florian Weimer wrote:
Availability is typically considered one aspect of security (and
arguably the hardest one to get right in networked applications).
I tend to consider it the other way around. Security is a subset of
availability. Availability
On Wed, Nov 09, 2005 at 10:28:53AM -0500, Kevin B. McCarty wrote:
I received the following (see below) in an email from logcheck on my
home desktop running Sarge. Looks like an attempt to cause a buffer
overflow in rpc.statd. System logs don't include anything else that
looks suspicious.
On Thu, Oct 20, 2005 at 07:22:30AM -0400, Baxley, Dewayne (ISS Atlanta) wrote:
Please unscribe me from this list. Thanks!
Instructions for unsubscribing are included at the bottom of every
message posted to the list. Please follow them.
noah
signature.asc
Description: Digital signature
On Thu, Sep 29, 2005 at 09:50:34PM +0200, Arnaud Fontaine wrote:
Is it possible to have a warranty that the package in the mirror archive
hasn't be modified by someone else ? Maybe my question is stupid but i
wasn't able to find an answer on replicator website ;).
Is this really more
On Mon, Sep 19, 2005 at 09:18:29PM +0200, No?l K?the wrote:
anybody knows what's the problem with klecker/security.d.o?
The whole day I get timeouts but I could update xfree(woody)/xorg(sarge)
on some machine but I didn't find the DSA for it.
Any information about this?
See
On Mon, Sep 19, 2005 at 10:45:37PM +0200, Bartosz Fenski aka fEnIo wrote:
I wonder what else should I read to keep in touch with such important
information?
slashdot? ;)
signature.asc
Description: Digital signature
On Tue, Aug 02, 2005 at 10:09:13AM -0700, Thomas Bushnell BSG wrote:
IMHO, sloopy security support (by uploading new upstream versions) is
better than no security support.
Are you prepared to make sure all the packages that depend on mozilla
will have packages ready to enter at once?
On Tue, Aug 02, 2005 at 09:56:12PM +0200, Petter Reinholdtsen wrote:
[Noah Meyerhans]
How about actually maintaining them?
That's exactly what I think we should do.
Is this we as in you, or we as in someone else?
We as in all of us who have been suggesting that we allow e.g.
firefox
On Mon, Aug 01, 2005 at 04:57:31PM -0700, Thomas Bushnell BSG wrote:
IMHO, sloopy security support (by uploading new upstream versions) is
better than no security support.
Are you prepared to make sure all the packages that depend on mozilla
will have packages ready to enter at once?
Are
Most other OS vendors are willing to make updates for errata beyond
simple security updates. Often this means minor updates to software
packages like web browsers. I believe the community will be better able
to help us prepare e.g. bug-free firefox 1.0.5 packages than it will to
produce
On Mon, Jun 27, 2005 at 11:26:37AM -0700, Matt Zimmerman wrote:
The security team has always been a difficult one to expand. A strong level
of trust is necessary due to confidentiality issues, and security support is
a lot of (mostly boring and thankless) work. However, expanding it seems
On Mon, Jun 27, 2005 at 09:05:53PM +0200, martin f krafft wrote:
How much information can be disclosed about the inner workings of
the security team without damage?
Most, but not all, of the security team's work is rather routing and
very uninteresting. Often it is necessary to review code
On Thu, Jun 23, 2005 at 09:21:14AM +0200, anders alm wrote:
This has happened twice for me, first on an old mdk
dist, so i went paranoid and upgraded to debian, and a
few weeks ago my /root/.bash_history was empty again!
Can it be something other than a break in? The
partition /root lies on
On Thu, Mar 31, 2005 at 10:44:53PM -0600, Brad Sims wrote:
`less /var/log/auth.log|grep Failed|wc -l` shows 185 attempts to compromise
my machine since March 27th...
A similar command on the log server on a class B network (/16) shows
1482 such attempts in the past 19 hours or so. It's just a
On Tue, Mar 29, 2005 at 01:38:55PM +0100, Simon Heywood wrote:
Sorry, but this isn't correct. kernel 2.4.18-1 in woody is patched
against known vulnerability.
The security team have quietly stopped updating it, preferring to
concentrate on the Sarge kernels.
The security team does not
On Wed, Mar 30, 2005 at 07:16:31AM +1000, David Pastern wrote:
And this, in reality, is why Woody is so old. I cannot imagine any
other distro providing such an old kernel.
You've got cause and effect mixed up. Debian is not outdated *because*
we support ancient versions of software. We
On Mon, Mar 28, 2005 at 02:41:06PM -0500, Malcolm Ferguson wrote:
Machine was running Debian 3.0 and was behind a NAT box with ports
forwarded for SMTP, HTTP and SSH. It hadn't been rebooted for 430
days. I was using a 2.4 kernel with MPPE builtin.
If it had an uptime of 430 days, there
On Sat, Mar 19, 2005 at 01:35:06PM +0100, LeVA wrote:
Can someone please suggest me a secure ident daemon. I can not choose from
the
apt searched list.
What do you mean by secure? None of the ident daemons have any known
security vulnerabilities, per se, but the ident protocol itself has
On Wed, Oct 06, 2004 at 02:53:19PM +0100, Dale Amon wrote:
I've been running tripwire on a particular server
for some years and finally got annoyed at skimming through
the large reports, so I began an update... After 24 hours
I thought it was hung and killed it. I restarted it
with verbose
On Tue, Sep 28, 2004 at 11:15:09AM -0400, Alfie wrote:
Assuming the U.S. government doesn't freak out and stop it, IPSEC
encryption will soon(?) be used for all internet communication
That's the funniest thing I've read in a long time. Unless you mean
soon on an astronomical time scale, and
On Sun, Sep 19, 2004 at 02:42:08PM -0400, Dossy Shiobara wrote:
Other than blacklisting the IPs (which is a race I am going to
lose),
Why do you say that? I haven't seen this more than a few times a week
so I haven't bothered to do anything yet, but I'm very close to writing
a script
On Sun, Sep 19, 2004 at 09:53:23PM +0200, Bernd Eckenfels wrote:
You can either move your ssh to another port, that will greatly reduce the
distributed brute force attacks, or you can put a filter with port knocking
in front of it. Another option is to turn off password authentication,
On Sun, Sep 19, 2004 at 10:09:12PM +0200, martin f krafft wrote:
These scripts already exist. However, they require you to look
continuously. That's not an option. And it has to keep the admin in
the loop (and thus not be an automated blocker) because otherwise
you are open for
On Tue, Jul 27, 2004 at 01:42:19PM +0200, Christian Hammers wrote:
In my case, the frontend handles SSL connections. Its config file is
/etc/apache/ht-light.conf.
The backend instance uses the original filename /etc/apache/httpd.conf.
The frontend is already bound to port 443. The backend
On Tue, Jul 27, 2004 at 09:05:22AM -0700, Matt Zimmerman wrote:
It is unfortunate that this caused a problem for you, but it was not the
resul of the security update. The woody Apache packages have always worked
this way, and will modify /etc/apache/httpd.conf.
It is worth noting that as of
On Fri, Jul 09, 2004 at 10:53:01AM -0400, Robert Brockway wrote:
Are any hard stats available on how many Debian package upgrades have had
to be replaced because they broke something? I'm thinking the total number of
broken updates in 2.2 and 3.0 is 0 plus or minus 1 :)
It's definitely
On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote:
What are the recommended rbl's these days?
Best thing is ask on NANAE or exim-users or whatever your favourite MTA is.
Here's what I am using here RBL-wise:
rbl_domains = bl.spamcop.net/reject :
On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote:
What are the recommended rbl's these days?
Best thing is ask on NANAE or exim-users or whatever your favourite MTA is.
Here's what I am using here RBL-wise:
rbl_domains = bl.spamcop.net/reject :
On Thu, Jun 10, 2004 at 02:28:49PM +0100, Alex Owen wrote:
I ask as I'm commisioning a woody system and cannot upgrade to sarge till
July/August 2005 so I'll probably need a year of woody security updates.
I don't think you have much to worry about. The infrastructure is in
place and was used
On Thu, Jun 10, 2004 at 02:28:49PM +0100, Alex Owen wrote:
I ask as I'm commisioning a woody system and cannot upgrade to sarge till
July/August 2005 so I'll probably need a year of woody security updates.
I don't think you have much to worry about. The infrastructure is in
place and was used
On Mon, Apr 26, 2004 at 06:44:35PM +0200, LeVA wrote:
So when I'm getting a large amount of messages there is approx. 15-20
spamc/spamd running. I want to limit this to ~5. How can I do this. The
First of all, this is OT for debian-security. It should have gone to
debian-user. Second, RTFM.
1 - 100 of 160 matches
Mail list logo