On Tue, Jul 11, 2006 at 05:50:06PM -0700, David Wagner wrote:
No, it doesn't. I think you've got it backwards. That's not what SB1386
says. SB1386 says that if a company conducts business in Caliornia and
has a system that includes personal information stored in unencrypted from
and if
On Sun, Jan 28, 2007 at 11:52:16AM -0500, Steven M. Bellovin wrote:
Is that all in one /etc/passwd file (or the NIS equivalent)? Or is it a
Kerberos KDC? I note that a salt buys the defense much less in a
For SDSC, one file. For UCSD, not sure, but I suspect it's (now) a KDC.
(Brian, are
On Wed, May 14, 2008 at 07:52:58PM -0400, Steven M. Bellovin wrote:
Given the published list of bad ssh keys due to the Debian mistake (see
http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
updated to contain a blacklist of those keys? I suspect that a Bloom
filter
Ahh the irony, apparently Debian has implement just such a feature,
but as patch to ssh within their distro:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg214853.html
On Thu, May 22, 2008 at 11:19:05AM -0700, Abe Singer wrote:
On Wed, May 14, 2008 at 07:52:58PM -0400, Steven M
