On Wed, 31 Dec 2008, Micah Anderson wrote:
> Does anyone have a legitimate reason to trust any particular Certificate
> Authority?
Right. Thing is it's not straight forward to remove package
ca-certificates. On my systems, some 60 other packages depend on it :(
The alternative may be to reconfi
http://www.win.tue.nl/hashclash/rogue-ca/
Could some skilled person comment on the article?
I noticed around 20 certificates distributed with the package
ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
Reason to worry?
Cheers,
--
Cristian
--
To UNSUBSCRIBE, email to debia
Hi list,
I've seen and heard about this on more than one occasion.
Now I wonder what's hiding behind it. What could be the point with a
dhcp-server throwing out a 255.255.255.255 subnet broadcast address
together with a ip-address/subnet mask from which the dammed thing can be
easily deducted and
On Mon, 22 Mar 2004, Giacomo Mulas wrote:
[snip]
> linuxworld Australia (see
> http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1)
[snip]
> if I were in the Debian Security Team I would definitely be pissed off
> by something like this,
Well... Why should you? The article also pr
On Mon, 22 Mar 2004, Giacomo Mulas wrote:
[snip]
> linuxworld Australia (see
> http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1)
[snip]
> if I were in the Debian Security Team I would definitely be pissed off
> by something like this,
Well... Why should you? The article also pr
Hi there,
This is debian stable (woody) openssl_0.9.6c-2.woody.4. I need to find
out the folowing. This is from debian's changelog:
,
| openssl (0.9.6c-2.woody.0) stable-security; urgency=low
|
| * SECURITY: patch for various overflows (upstream security patch
| 0.9.6d->0.9.6e)
|
| --
Hi there,
This is debian stable (woody) openssl_0.9.6c-2.woody.4. I need to find
out the folowing. This is from debian's changelog:
,
| openssl (0.9.6c-2.woody.0) stable-security; urgency=low
|
| * SECURITY: patch for various overflows (upstream security patch
| 0.9.6d->0.9.6e)
|
| --
On Thu, 26 Jun 2003, Jon wrote:
> > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT
> > 4055/evolution-exec
>
> And... I'm not sure about this one, but it's probably another item on
> the Summary page.
# hinfo -n 63.236.73.20
Processing 63.236.73.20 (63.236.73.20)
63.236.73.20 is in selwerd XB
On Thu, 26 Jun 2003, Jon wrote:
> > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT
> > 4055/evolution-exec
>
> And... I'm not sure about this one, but it's probably another item on
> the Summary page.
# hinfo -n 63.236.73.20
Processing 63.236.73.20 (63.236.73.20)
63.236.73.20 is in selwerd XB
Hi,
This might be just marginally security related, but here it goes.
Got curious about this and looked around. Checked ifconfig and ip
(iproute2).
,
| # ifconfig eth1
| eth1 Link encap:Ethernet HWaddr 00:80:c8:ca:4e:96
| UP BROADCAST RUNNING MTU:1500 Metric:1
`
Yes, I
On Sun, 20 Apr 2003, Brian McGroarty wrote:
> I'd like to disable netstat and similar programs for my shell
> users.
Could this be an alternative solution?
# dpkg-statoverride --update --add root root 700 /bin/netstat
Cheers,
Cristian
On Wed, 8 Jan 2003, Javier Fernández-Sanguino Peña wrote:
> You will see that the listing for many servers/clients in the network are
> usually port 6346 [1]. But it seems port 6352 is also used sometimes.
That seems to be the case. I found some more info on this page:
http://outpostfirewall.c
On Wed, 8 Jan 2003, Javier Fernández-Sanguino Peña wrote:
> You will see that the listing for many servers/clients in the network are
> usually port 6346 [1]. But it seems port 6352 is also used sometimes.
That seems to be the case. I found some more info on this page:
http://outpostfirewall.c
Using mozilla 1.2.1 (but I don't think the browser matters).
Browsed to:
http://www.raycomm.com/techwhirl/magazine/technical/linux.html
and tried the "Printer-friendly version" link (CAREFUL HERE: don't
click on the link and then leave home):
http://www.raycomm.com/techwhirl/phpapps/pfv/pfv
Using mozilla 1.2.1 (but I don't think the browser matters).
Browsed to:
http://www.raycomm.com/techwhirl/magazine/technical/linux.html
and tried the "Printer-friendly version" link (CAREFUL HERE: don't
click on the link and then leave home):
http://www.raycomm.com/techwhirl/phpapps/pfv/pfv
On Tue, 7 Jan 2003, Adrian 'Dagurashibanipal' von Bidder wrote:
> Some might feel more comfortable with installing a package from testing
> than with modifying version checks in a configure script. But I agree
> that I probably should have said that testing, of course, does not have
> security sup
On Tue, 7 Jan 2003, Adrian 'Dagurashibanipal' von Bidder wrote:
> Some might feel more comfortable with installing a package from testing
> than with modifying version checks in a configure script. But I agree
> that I probably should have said that testing, of course, does not have
> security sup
On Thu, 19 Dec 2002, Daniel Lysfjord wrote:
> It seems like FileZilla[1] supports ftp-ssl..
>
> [1]: http://sourceforge.net/projects/filezilla
What about lftp?
Depends: ..., libssl0.9.6, ...
On Thu, 19 Dec 2002, Daniel Lysfjord wrote:
> It seems like FileZilla[1] supports ftp-ssl..
>
> [1]: http://sourceforge.net/projects/filezilla
What about lftp?
Depends: ..., libssl0.9.6, ...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL
On Sun, 15 Sep 2002, martin f krafft wrote:
[snip]
> sorry to spurt into the thread randomly. using any packet generation
> tool, i don't think it's quite hard to create an ICMP type 69 packet.
> i wouldn't be concerned if i were you. i don't know *anyone* using
> type 69...
Unless there's some
On Sun, 15 Sep 2002, Tim Haynes wrote:
> Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]> writes:
>
> [snip]
> >> How many hops away is the supposed source if you traceroute to it and how
> >> does that compare to the 17 the above would imply?
> >
> > H
On Sun, 15 Sep 2002, Tim Haynes wrote:
> Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]> writes:
>
> > On Sun, 15 Sep 2002, Tim Haynes wrote:
> >
> >> Could you include a complete `tcpdump -X' on one or two of the packets,
> >> maybe make a series of t
On Sun, 15 Sep 2002, Tim Haynes wrote:
> Could you include a complete `tcpdump -X' on one or two of the packets,
> maybe make a series of them available for download in libpcap form so I can
> oogle them in ethereal?
Catched and oogled in ethereal:
,
| Frame 308 (174 on wire, 96 captured)
|
On Sun, 15 Sep 2002, Michal Melewski wrote:
[snip]
> Once i heard about project of internet worm comunicating through odd ICMP
> packets. This seems to be quite strange, but after all this is a good and
> relativly discrete communicating channel...
Sure. You can even chat over icmp, looks like.
On Sun, 15 Sep 2002, Tim Haynes wrote:
> Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]> writes:
>
> > I noticed (among the more common icmp: echo request) these odd icmp
> > types. The external net, my firewall is connected to, is plagued by
> > smurf-attacks from vari
I noticed (among the more common icmp: echo request) these odd icmp
types. The external net, my firewall is connected to, is plagued by
smurf-attacks from various sources. So I have tcpdump watching.
Of what I gather, this icmp-type should not exist. Can anyone shed
some light on this:
,
| 11
On Tue, 27 Aug 2002, Dale Amon wrote:
> I'm building a static sshd and am having a bit of
> hassle figuring out which configure options are needed
> for debian compatibility.
,
| Since glibc does not support 'int optreset;' functionality
| implemented in most BSDes. We have to include our ow
On Sat, 24 Aug 2002, Hanasaki JiJi wrote:
> Hello all, I am running Debian Woody on two systems. Could someone help
> me understand what is causing the below? scp between the systems is
> failing.
Loose this output:
> TERM environment variable not set.
> Linux HOST 2.4.18 #1 Wed Jul 31 15:21:0
On Sun, 18 Aug 2002, Blars Blarson wrote:
> In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
[snip]
> >You might want to have a look at this:
> >
> > http://www.blars.org/hinfo.html
> >
[snip]
> >It doesn't seem to be packaged for Debian, which is a pitty.
>
> Should I consider this a
Matthew,
On Wed, 14 Aug 2002, Matthew Sackman wrote:
[snip]
> Does anyone know of a simple program that will return info on whois IP
> lookup in a set format?
You might want to have a look at this:
http://www.blars.org/hinfo.html
It returns some interesting info in this format:
,
| Pro
On Sat, 17 Aug 2002, Dale Amon wrote:
> On Sun, Aug 18, 2002 at 12:06:44AM +0200, Cristian Ionescu-Idbohrn wrote:
> > On Sat, 17 Aug 2002, Dale Amon wrote:
> >
> > > Anyone know what this means? Even google draws a blank.
> > >
> > > tcpspy[29190
On Sat, 17 Aug 2002, Dale Amon wrote:
> Anyone know what this means? Even google draws a blank.
>
> tcpspy[29190]: /proc/net/tcp: warning: incomplete line
Nothing to worry about. One of the longer storie is here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=115613
Cheers,
Cristian
On Fri, 2 Aug 2002, Michelle Konzack wrote:
> there is a Debian-Package ssl-nfs (or secure-nfs) in the Mirror...
> It is much more save the all other trics with your Networks.
And what mirror would that be? Any pointers?
Cheers,
Cristian
On Mon, 20 May 2002, Hubert Chan wrote:
> You may also want to check out partimage. There's even a Debian package
> for it. Although it doesn't seem to support ext3 either, at least
> according to the package description.
But it supports reiserfs.
/C
--
To UNSUBSCRIBE, email to [EMAIL PROTE
On Mon, 20 May 2002, danilo lujambio wrote:
> sorry my english is not good .
>
> I suggest that you can use mondo and mindi (freshmeat.net) to make images
Mondo and mindi are packaged and available in both woody and sid.
/C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsu
On Mon, 20 May 2002, Hubert Chan wrote:
> You may also want to check out partimage. There's even a Debian package
> for it. Although it doesn't seem to support ext3 either, at least
> according to the package description.
But it supports reiserfs.
/C
--
To UNSUBSCRIBE, email to [EMAIL PROT
On Mon, 20 May 2002, danilo lujambio wrote:
> sorry my english is not good .
>
> I suggest that you can use mondo and mindi (freshmeat.net) to make images
Mondo and mindi are packaged and available in both woody and sid.
/C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "uns
On Sun, 21 Apr 2002, Jussi Ekholm wrote:
[snip]
> Thank you, I'll take a look at them. But, I'd still need some help
> concerning the DROP chain -- I've read the Packet-filtering-HOWTO,
> and eyed all related HOWTOs from LDP (actually, the Debian package
> doc-linux-html), but *still* I'm unable
On Thu, 18 Apr 2002, Tom Dominico wrote:
[snip]
> 3) Do none of the above and use an SCP client to manually transfer
> things back and forth when necessary.
Yes, but not manually. Take a look at this:
http://winscp.vse.cz/eng/
Cheers,
Cristian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
On Sun, 21 Apr 2002, Jussi Ekholm wrote:
[snip]
> Thank you, I'll take a look at them. But, I'd still need some help
> concerning the DROP chain -- I've read the Packet-filtering-HOWTO,
> and eyed all related HOWTOs from LDP (actually, the Debian package
> doc-linux-html), but *still* I'm unable
On Thu, 18 Apr 2002, Tom Dominico wrote:
[snip]
> 3) Do none of the above and use an SCP client to manually transfer
> things back and forth when necessary.
Yes, but not manually. Take a look at this:
http://winscp.vse.cz/eng/
Cheers,
Cristian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTE
On Mon, 11 Mar 2002, Javier Fernández-Sanguino Peña wrote:
> On Mon, Mar 11, 2002 at 01:12:58PM +0100, Javier Coso Gutierrez wrote:
> > You have in the "/etc/hosts.deny" this:
> > ALL:PARANOID
>
> That's exactly what I was thinking about.. many programs in
> Debian are now compiled with the
On Mon, 11 Mar 2002, Javier Fernández-Sanguino Peña wrote:
> On Mon, Mar 11, 2002 at 01:12:58PM +0100, Javier Coso Gutierrez wrote:
> > You have in the "/etc/hosts.deny" this:
> > ALL:PARANOID
>
> That's exactly what I was thinking about.. many programs in
> Debian are now compiled with the
On Thu, 14 Feb 2002, Cristian Ionescu-Idbohrn wrote:
> Greetings,
>
> Yes, I would like to do that.
> Any good tools you folks would recommand?
Thanks to everyone.
You were most helpful ;-)
Cheers,
Cristian
On Thu, 14 Feb 2002, Cristian Ionescu-Idbohrn wrote:
> Greetings,
>
> Yes, I would like to do that.
> Any good tools you folks would recommand?
Thanks to everyone.
You were most helpful ;-)
Cheers,
Cristian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Greetings,
Yes, I would like to do that.
Any good tools you folks would recommand?
Cheers,
Cristian
Greetings,
Yes, I would like to do that.
Any good tools you folks would recommand?
Cheers,
Cristian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Here is another one who bother to check the logs :)
Cheers,
Cristian
On Wed, 11 Apr 2001, JonesMB wrote:
> >> Neato. That's 3 people in total who think it's a good idea.. :/
> >
> >It's probably the 3 people in total who bother to check the logs...
>
> make that 4. I always have an xterm with a
Here is another one who bother to check the logs :)
Cheers,
Cristian
On Wed, 11 Apr 2001, JonesMB wrote:
> >> Neato. That's 3 people in total who think it's a good idea.. :/
> >
> >It's probably the 3 people in total who bother to check the logs...
>
> make that 4. I always have an xterm with
On Mon, 9 Oct 2000, Ethan Benson wrote:
[snip]
> i am a bit curious about the recent traceroute bug, (traceroute -g 1
> -g 1 segfaults) pretty much every other major dist has released an
> advisory and update for this, but debian appears not to have (unless i
> missed it). a fixed traceroute pac
On Mon, 9 Oct 2000, Ethan Benson wrote:
[snip]
> i am a bit curious about the recent traceroute bug, (traceroute -g 1
> -g 1 segfaults) pretty much every other major dist has released an
> advisory and update for this, but debian appears not to have (unless i
> missed it). a fixed traceroute pa
51 matches
Mail list logo