/ Host does not resolve
http://www.vpnc.org/conformance.html404 Access denied, or file does not
exist
Can you please correct again?
Thanks,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic
/updates/main Packages
100 /var/lib/dpkg/status
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be|
| unsinkable. The designer had a speech impediment. He said: I have |
| thith
for the firewall, use port redirection to the DMZ for incoming
connections.
HTH,
Lupe Christoph
PS: If you have never used iptables, and you sound like it, give
fwbuilder a try. Even if you have, it might be useful because it
makes management of the rules easier.
--
| [EMAIL PROTECTED
]
Please read DSA-292-3 and DSA-296-1.
I suppose kdewallpapers is just updated to keep the version number in
sync with the rest of kdebase. Had you updated the other KDE packages
before?
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence
features.
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry Pratchett |
this then:
lsof | grep 2637562
And I find I started a sleep command that (never) feeds the sendmail
process:
sleep 27412 lupe1w FIFO0,5 2637562 pipe
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort
- Forwarded message from Michal Zalewski [EMAIL PROTECTED] -
From: Michal Zalewski [EMAIL PROTECTED]
To: [EMAIL PROTECTED], bugtraq@securityfocus.com,
[EMAIL PROTECTED]
Date: Sun, 3 Aug 2003 21:12:34 +0200 (CEST)
Subject: [Full-Disclosure] Postfix 1.1.12 remote DoS / Postfix
to be
secure out of the box (except for programming errors, as we recently
saw :-( ). So improving Postfix security should be done inside of
Postfix. You may want to you the Postfix mailing list (warning: lots
of traffic!) and ask there.
Lupe Christoph
--
| [EMAIL PROTECTED] | http
, the potential for an ordinary user to exploit this is there.
This allows access to the user the Apache work processes run as. Not
much, but depending on local setup, this can be harmful.
So I believe it should be fixed.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe
/perl5/Crypt/PasswdMD5.pm which claims to be based on
the implementation found on FreeBSD 2.2.[56]-RELEASE, MD5 passwords
consist of the invariant string '$1$' and the encrypted password encoded
with the alphabet [./a-zA-Z]. This is similar to Base64 encoding, but
uses a different alphabet.
HTH,
Lupe
as they are currently in the archives? I would like to
build a new kernel with the vuln patched ASAP, rather than wait for the
upload to reopen.
Thanks,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze
, so a Life CD Debian is very handy. I carry a Knoppix with me
at almost any time... And a Debian Stable CD 1.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry
about X/Open and their Unix standards? I'd bet they specify
this in exceeding detail.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry Pratchett |
password to the
yppasswordd.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry Pratchett |
support for MD5.
FreeBSD supports MD5 passwords. So it's not non-Linux.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry Pratchett |
to change them, so I guess you should know why.
BTW, try running ls as a user when /etc/group and /etc/passwd are 600.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time
Hello!
We don't use AIDE exclusively at a client site, but in combination
with Tripwire. We think tripwire is a little more secure becuse it
uses signed databases. So we protect aide.db with Tripwire. AIDE is
used for the parts tripwire can't do because of it's limited
configurability.
Here is
On Friday, 2003-12-12 at 12:39:49 +0100, Adam ENDRODI wrote:
On Fri, Dec 12, 2003 at 07:46:38AM +0100, Lupe Christoph wrote:
We don't use AIDE exclusively at a client site, but in combination
with Tripwire. We think tripwire is a little more secure becuse it
uses signed databases
. And I will set it up now. But for
the sake of people like me before I started to investigate this, I still
wanted to ask this question.
Thank you for your patience,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze
On Tuesday, 2004-01-06 at 18:00:13 +0100, Adrian 'Dagurashibanipal' von Bidder
wrote:
Clinging to sanity, Alexander Neumann mumbled in his beard:
* Lupe Christoph [EMAIL PROTECTED] wrote:
Comparing the DSAs and reading how mutt recognizes a PGP signed message,
I found that only some DSAs
On Tuesday, 2004-01-13 at 13:34:18 +0100, Lupe Christoph wrote:
Has anybody on this list managed to backport the tripwire package to
Woody? I'm running into a strange problem where configure tries to
locate an include file named locale. Yes, without an suffix. I don't
know much C
to Sarge, configure does not contain this test. The backport to
Sarge fails in a different way, BTW.
I could not find a tripwire*.deb with Google.
Please help!
Thanks,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze
plans: ...
Encrypted and signed database.
They are in the Debian source package. I haven't gotten around to
investigating how they work, though.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze
1 0 Jan19 ?00:00:06 [kupdated]
So ps does not give chkrootkit a PID, but /proc has those processes.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry
running 2.4.23.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry Pratchett |
router. the packets are taking a quite different path. Maybe U Twente
switched providers?
Also see http://www.debian.org/News/2004/20040202
That's old news. The machine has been reactivated.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence
directory.
That's why GNU find and xargs have the options -print0 and -0,
respectively. Names in Unixish filesystems can't have NULs in them.
Stoopid(tm) example:
find foo bar -print0 | xargs -0 ls -ld
There, I made the thread even more offtopic! :-O
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED
and versatile as AIDE and
Tripwire.
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief of Time, Terry Pratchett |
, the source IP address is set to that of the interface the packet
is sent on.
So you have a weird configuration for sure.
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Violence is the resort of the violent Lu Tze |
| Thief
On Sunday, 2004-03-21 at 03:17:45 -0800, Brandon High wrote:
On Sun, Mar 21, 2004 at 11:58:00AM +0100, Lupe Christoph wrote:
Can anyone tell me how I can tell the machine which NIC is the primary?
There is no such thing as a primary NIC. Unless a daemon explicitly
binds a socket
do
that, you will need to use
CXX=g++-3.0 GCC=gcc-3.0 dpkg-buildpackage -rfakeroot -us -uc
(Or similar) g++ 2.95 will not do.
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| ... putting a mail server on the Internet without filtering is like
) for
performance monitoring.
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| ... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity|
| Home for Badgers with Rabies
mail to [EMAIL PROTECTED] to inquire.
HTH,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| ... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity|
| Home for Badgers
than the
regular SuSE releases.
So in essence the announcement says screw you, commercial customers.
Please don't do that. It makes promoting Debian awkward.
Thank you for your attention,
Lupe Christoph
--
| [EMAIL PROTECTED] | http://www.lupe-christoph.de/ |
| Ask not what your
On Saturday, 2005-07-09 at 10:37:27 +0200, martin f krafft wrote:
also sprach Lupe Christoph [EMAIL PROTECTED] [2005.07.09.1022 +0200]:
The security team will continue to support Debian GNU/Linux 3.0
alias woody until May 2006, or if the security support for the
next release, codenamed
On Monday, 2005-09-05 at 12:35:25 +0200, bernd wrote:
wie angekuendigt. die security-warnung von debian fuer webcalendar
Ich glaube, Du wolltest die wo anders hinschicken...
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing
Weihnachten auch von mir. Und ein erfolgreiches neues Jahr.
You don't have to pay for reading this...
Jingle, you bells!
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built by the lowest |
| bidder. Makes
Hi!
I still have dependency problems with the sendmail update on Stable.
I only get libsasl2 2.1.19-1.5sarge1 from security.debian.org while
the sendmail-bin package depends on libsasl2 (= 2.1.19.dfsg1).
When can one expect to be able to install the sendmail update?
Thank you,
Lupe Christoph
On Tuesday, 2006-08-29 at 09:06:46 +0200, Lupe Christoph wrote:
I still have dependency problems with the sendmail update on Stable.
I only get libsasl2 2.1.19-1.5sarge1 from security.debian.org while
the sendmail-bin package depends on libsasl2 (= 2.1.19.dfsg1).
When can one expect
1. http://www.transip.nl/
2. http://www.transip.nl/
Anybody know what is happening to ClamAV?
Lupe Christoph
- Forwarded message from Cron Daemon [EMAIL PROTECTED] -
From: Cron Daemon [EMAIL PROTECTED
On Monday, 2006-10-09 at 09:57:10 +0200, Evgeni Golov wrote:
On Mon, 9 Oct 2006 09:42:14 +0200 Lupe Christoph wrote:
This morning I found a number of complaints from freshclam in my
mailbox, culminating in the one below. Checking http://www.clamav.net/
revealed that the domain is down
, you may see the interim address longer.
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built by the lowest |
| bidder. Makes you feel good, doesn't it? |
| Rockhound
a TCP
stream. I would just like to alert people that there is still some
vulnerability in the ProFTPD code that was not fixed by DSA-1218-1.
More if this happens again and I manage to run tcpdump in time.
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear
OT: There seems to be something strange with your MUA. Look at this
header:
Cc: Lupe Christoph@murphy.debian.org,
[EMAIL PROTECTED]@murphy.debian.org
On Thursday, 2006-11-30 at 12:57:53 +0100, Stefan Fritsch wrote:
The attacks ceased before I noticed, so I was not able to capture
.
CommandBufferSize isn't used, so it couldn't be that in any case.
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built by the lowest |
| bidder. Makes you feel good, doesn't
of my servers was on his
extortion list. In fact, all IP addresses of that provider were. They
and I refused to pay.
Regarding this bug, it's normal that RBLs are taken down and then
blacklist the entire address space. I've had this happen with my RBL
checker every few months.
Lupe Christoph
the result into the chroot. You can use incremental dumps or use
find | cpio for incrementals (which I did).
Of course, you need enough space to keep an encrypted, compressed dump
of all filesystems...
HTH,
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear
[EMAIL PROTECTED]::~$ touch /mnt/bar
[EMAIL PROTECTED]::~$ ls -l /mnt/bar
-rw-r--r-- 1 lupe lupe 0 2006-12-18 16:45 /mnt/bar
No cigar...
Lupe Christoph
PS: Linux loopback mounts *can* be ro.
PPS: It might be possible to mount the same device multiple times with
different options (rw vs. ro). I
On Tuesday, 2006-12-19 at 08:47:32 +0100, Dariush Pietrzak wrote:
On Mon, Dec 18, 2006 at 04:50:51PM +0100, Lupe Christoph wrote:
when I mean bind mounts. No, they are just an aliasing mechanism.
Nope, they're not:
Well, we are on a Debian mailing list, so I'd assume we talk about
Debian
only
assuming that the file is the same on all three servers.)
Is anybody capable of correcting this situation reading this list?
Thank you,
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built
On Friday, 2007-08-17 at 12:12:38 +0200, Jonas Andradas wrote:
how long have you noticed this mismatch? I mean, an update on the mirror
could be taking place, and the Packages.bz2 file not yet been updated...
On 8/17/07, Lupe Christoph [EMAIL PROTECTED] wrote:
Failed to fetch
http
On Friday, 2007-08-17 at 10:46:32 +, [EMAIL PROTECTED] wrote:
On Fri, Aug 17, 2007 at 12:20:34PM +0200, Lupe Christoph wrote:
I *wish* those updates
were atomic, but they probably arent'.
why not though ?
Because they involve a lot of files. You would have to use two areas
On Friday, 2007-08-17 at 11:22:11 +0200, Lupe Christoph wrote:
Failed to fetch
http://security.debian.org/dists/testing/updates/main/binary-i386/Packages.bz2
MD5Sum mismatch
(I have only checked one server for the Release file, so I'm only
assuming that the file is the same on all three
can do to prevent these kinds of attacks.
So, storing your files in an encrypted filesystem with permissions set
so that only your user (and the superuser) can read the files is no less
secure than storing the files individually encrypted.
HTH,
Lupe Christoph
--
| There is no substitute for bad
under /etc, you hose them with any
mode that removes the eXecute bit for others.
So it's not an exploit, it's a Denial of Service. Which I believe *is*
security related...
Lupe Christoph
--
| There is no substitute for bad design except worse design. |
| /me
On Friday, 2009-02-13 at 11:55:54 +0200, Izak Burger wrote:
On Thu, Feb 12, 2009 at 10:37 PM, Lupe Christoph l...@lupe-christoph.de
wrote:
Mode 600 will deny /etc to everybody except root while it will change
nothing for root. If you have any services on your system that run under
non
vulnerability, but allows a user to create it?
Doctor, it hurts when I do this! Don't do it, then.
Lupe Christoph
--
| There is no substitute for bad design except worse design. |
| /me |
--
To UNSUBSCRIBE, email
On Monday, 2009-08-10 at 14:03:44 +0200, Thomas Liske wrote:
#Lupe Christoph wrote:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having a reverse resolution of 'localhost'.
Doing
On Monday, 2009-08-10 at 14:35:06 +0200, Bernhard R. Link wrote:
* Lupe Christoph l...@lupe-christoph.de [090810 13:53]:
On Monday, 2009-08-10 at 13:46:38 +0200, Thomas Liske wrote:
last week, there was an article on heise security about MTAs[1] which
relay mails for hosts having
no sendmail installation to use for testing, I can't
reproduce the second problem. The sendmail package maintainer will
probably require the submitter to provide details which I can't.
Thank you,
Lupe Christoph
--
| There is no substitute for bad design except worse design. |
| /me
On Tuesday, 2009-08-11 at 10:32:04 +0200, Bernhard R. Link wrote:
* Lupe Christoph l...@lupe-christoph.de [090810 21:13]:
Almost all security holes need to user to do something. (If only to
power up the machine, to install some packages, to connect to the
internet, to give accounts
of processes to services is hard, so the
best way would probably be to filter the list by known executables and
list the unknowns for the user to restart by hand.
Lupe Christoph
--
| The politician's syllogism:|
| We must do something
...
Lupe Christoph
--
| The politician's syllogism:|
| We must do something |
| This is something |
| Therefore, we must do
;-)
Lupe Christoph
PS: I love how this slides into set theory ;-)
--
| The politician's syllogism:|
| We must do something |
| This is something
1 2012 /bin/sh - dash
BTW, I wonder why this isn't done with the alternatives system. My guess
is that /bin/sh is so crucial for system operation and especially
update-alternatives that it can't.
Lupe Christoph
--
| The politician's syllogism
ion to leave oldstable unfixed "Too intrusive
to backport". What?!? The link with that text points to a page that does
nothing to explain the decision.
Lupe Christoph
--
| As everyone knows, it was predicted that the world would end last |
| Wednesday at 10:00 PST. Since there ap
manner.
No wonder "The coroner and related PD have not responded'.
Lupe Christoph
--
| As everyone knows, it was predicted that the world would end last |
| Wednesday at 10:00 PST. Since there appears to be a world in existence |
| now, the entire universe must therefore have b
ow if Ubuntu is using the
same , or are they doing the usual, i.e. not follow Debian?
Thanks,
Lupe Christoph
--
| As everyone knows, it was predicted that the world would end last |
| Wednesday at 10:00 PST. Since there appears to be a world in existence |
| now, the entire universe mus
is site have a trusted certificate.
$ telnet -4 -z ssl -z debug security.debian.org 443
Trying 212.211.132.32...
Trying 212.211.132.250...
Trying 195.20.242.89...
telnet: Unable to connect to remote host: Connection refused
I have no IPv6 internet access, so I can't try that.
HTH,
Lupe Christoph
-
ndead
installer.
HTH,
Lupe Christoph
PS: BTW, just because something is GPLed does not mean it's trustworthy.
--
| Never attribute to malice that which is adequately explained by stupidity. |
| Hanlon's razor |
| Never attribute to
101 - 170 of 170 matches
Mail list logo