On Tue, Jun 28, 2005 at 05:38:16PM +0200, Christian Storch wrote:
The only absolute solution would be a kind of intelligent usb drive
which is accepting
a file to decrypt or sign and offer the result.
So somebody could use the key as long as you leave your usb drive in
your machine,
but not
On Mon, Aug 23, 2004 at 01:03:54AM +0200, martin f krafft wrote:
So if I wanted to attack 80% of all Debian machines all over the
world, I would try to compromise one of the 1000 keys, thereby
getting write access to the incoming queue. Then, I could NMU
a package and upload a trojaned
On Mon, Aug 23, 2004 at 01:03:54AM +0200, martin f krafft wrote:
Debian did not have package signatures for years, and it's been
rarely a problem. Now we are going to add them, but the sole effect
is that of a false security feeling. To me, APT 0.6 is snake oil,
which is *not* an offence to
On Wed, Sep 24, 2003 at 01:04:20PM +, [EMAIL PROTECTED] wrote:
ii ssh3.4p1-2Secure rlogin/rsh/rcp replacement (OpenSSH)
This version of ssh is neither directly from woody (which still has
3.4p1-1) nor from security.debian.org (which has 1:3.4p1-1.woody.3, and
On Wed, Sep 24, 2003 at 01:04:20PM +, [EMAIL PROTECTED] wrote:
ii ssh3.4p1-2Secure rlogin/rsh/rcp replacement
(OpenSSH)
This version of ssh is neither directly from woody (which still has
3.4p1-1) nor from security.debian.org (which has 1:3.4p1-1.woody.3, and
On Thu, Sep 18, 2003 at 09:03:12AM +0200, Markus Schabel wrote:
wget www.slacks.hpg.com.br/bin/dos
That directory www.slacks.hpg.com.br/bin/ also contains some
'interesting' files :-) Some exploits, rootkits etc.
Jan
signature.asc
Description: Digital signature
On Thu, Sep 18, 2003 at 09:03:12AM +0200, Markus Schabel wrote:
wget www.slacks.hpg.com.br/bin/dos
That directory www.slacks.hpg.com.br/bin/ also contains some
'interesting' files :-) Some exploits, rootkits etc.
Jan
signature.asc
Description: Digital signature
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
the only not vulnerable version as 3.7.1. In my mind, that means the ssh
version on security.debian.org right now is _STILL_ vulnerable. I'm not
a
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
the only not vulnerable version as 3.7.1. In my mind, that means the ssh
version on security.debian.org right now is _STILL_ vulnerable. I'm not
a
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
I guess the patch will apply to sarge as well,
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
I guess the patch will apply to sarge as well,
On Mon, Jan 20, 2003 at 08:40:25PM +0100, Thomas Viehmann wrote:
Maybe it's just me, but how come every now and then there seem to be funny
things going on. After the latest DSA:
I assume this is because the 2002 Archive Signing Key has expired on
2003-01-18, and the 2003 key has not yet been
On Wed, Nov 13, 2002 at 09:39:05AM +0100, Javier Fernández-Sanguino Peña wrote:
Unfortunately the only way to fix it currently (since even ISCs
has not published patches although there seems to be some patches
available from unofficial sources) is to upgrade to bind9. Yuck
ISC recommends
On Wed, Nov 13, 2002 at 09:52:09AM +0100, Jan Niehusmann wrote:
ISC recommends that BIND installations should be upgraded to BIND version 4.9.11,
8.2.7, 8.3.4 or to BIND version 9.
(from http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469)
Well, sorry, I should have
On Wed, Nov 13, 2002 at 09:39:05AM +0100, Javier Fernández-Sanguino Peña wrote:
Unfortunately the only way to fix it currently (since even ISCs
has not published patches although there seems to be some patches
available from unofficial sources) is to upgrade to bind9. Yuck
ISC recommends
On Wed, Nov 13, 2002 at 09:52:09AM +0100, Jan Niehusmann wrote:
ISC recommends that BIND installations should be upgraded to BIND version
4.9.11, 8.2.7, 8.3.4 or to BIND version 9.
(from http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469)
Well, sorry, I should have
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
Because a hacked mirror could contain malicious packages.
When you check signatures before upgrading,
On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote:
If people are interested enough in it, I might throw together something
more formal.
IMHO there is no lack of interesting ideas - what we really need are
implementations.
apt-check-sigs is a nice proof-of-concept, and the
On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
It does. The problem is, how
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
Can someone explain why 'apt-get update apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
Because a hacked mirror could contain malicious packages.
When you check signatures before upgrading,
On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote:
If people are interested enough in it, I might throw together something
more formal.
IMHO there is no lack of interesting ideas - what we really need are
implementations.
apt-check-sigs is a nice proof-of-concept, and the
On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
It does. The problem is, how
On Fri, Aug 16, 2002 at 11:43:25AM +0200, Javier Fernández-Sanguino Peña wrote:
/deja-vu
Didn't I propose exactly this?
Yes, you did. I didn't read the full thread before posting my message.
Jan
On Wed, Aug 14, 2002 at 12:18:29PM +0200, Danny De Cock wrote:
On Wed, 14 Aug 2002, Siegbert Baude wrote:
language. As a side note: I personally know Germans and foreign
Chinese students here in Germany working in this business, whose
English skills wouldn`t allow reading complicated DSAs.
On Wed, Aug 14, 2002 at 05:12:19PM +0200, Martin Schulze wrote:
One could reduce a DSA to do I have this package installed? Yes,
then I'd better update.. However, if these people are subscribed to
Perhaps this could even be automated: When a new (english) DSA gets
released, a script
On Sat, Jul 13, 2002 at 07:03:50PM -0500, Tom Hoover wrote:
that it was supposed to work, I found that I needed xauth installed on
the firewall machine, even though X is not installed on the firewall.
Once I did an apt-get install xbase-clients on the firewall,
everything started working.
On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
Couldn't you say something like I'm so sorry, I can't remember the pass
phrase, my mind has failed me...etc?
What about a more provable approach:
The passphrase could be changed automatically on every system
boot, and the new
On Wed, May 30, 2001 at 01:08:21AM -0700, [EMAIL PROTECTED] wrote:
Couldn't you say something like I'm so sorry, I can't remember the pass
phrase, my mind has failed me...etc?
What about a more provable approach:
The passphrase could be changed automatically on every system
boot, and the new
?
(With matching policy-files: )
$ debsigs xawtv_3.44-gondor.1_i386.deb --sign=origin
[asks for passphrase... ]
$ debsig-verify xawtv_3.44-gondor.1_i386.deb
debsig: Verified package from `Jan Niehusmann' (Niehusmann)
Jan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
?
(With matching policy-files: )
$ debsigs xawtv_3.44-gondor.1_i386.deb --sign=origin
[asks for passphrase... ]
$ debsig-verify xawtv_3.44-gondor.1_i386.deb
debsig: Verified package from `Jan Niehusmann' (Niehusmann)
Jan
On Thu, Apr 05, 2001 at 01:15:14AM -0400, Noah L. Meyerhans wrote:
OK, I've made some patched files available for potato i386. I was not
able to get ntpd to build on my sid system. The files are available at
I got ntpd compiled on sid. Only thing I had to do was including time.h
in some
On Thu, Apr 05, 2001 at 01:15:14AM -0400, Noah L. Meyerhans wrote:
OK, I've made some patched files available for potato i386. I was not
able to get ntpd to build on my sid system. The files are available at
I got ntpd compiled on sid. Only thing I had to do was including time.h
in some files
32 matches
Mail list logo