On 080516 at 08:00, Yves-Alexis Perez wrote:
On jeu, 2008-05-15 at 23:38 +0200, Steffen Schulz wrote:
or what its worth...I see 3.5 problems that accumulated into this
mess:
- OpenSSL is complex and critical but the code is little documented.
Code pieces like the ones in question
On 080515 at 22:20, Guido Hennecke wrote:
I want to say: Thank you!
Me too, but mostly for how quick+open the situation was and is handled.
I especially like that sshd doesn't accept weak keys anymore. I think
similar efforts should be made to check for weak keys in other
locations and at least
On 070816 at 20:37, Jan Hetges wrote:
On Thu, Aug 16, 2007 at 07:45:06PM +0200, Michel Messerschmidt wrote:
But if a user installs a debian package that lowers his systems security
there should be a big warning in the installer.
agree, something like debconf:
Are you shure you want
Hi,
On 070815 at 11:48, Hadmut Danisch wrote:
just a question because someone had asked me for help. The problem was
that apt-get update had complained about not beeing able to verify
signatures due to a missing pgp key.
Was easy to tell to do
gpg --recv-key A70DAF536070D3A1
gpg -a
On 070614 at 00:00, Michael Stone wrote:
On Wed, Jun 13, 2007 at 11:14:15PM +0200, Steffen Schulz wrote:
http://www.cits.rub.de/MD5Collisions/
One example how to create two files with same hash that act
differently. Should work with most active content.
Cool. So the security team can rig
On 070614 at 13:40, Michael Stone wrote:
So every maintainer could distribute nice binaries and then inject
malicious packets to certain targets.
Every maintainer can do that without dicking around with md5 collisions.
Not as good. The chances of detection grow with the install base.
If you
On 070613 at 10:43, Florian Weimer wrote:
AND the fact that it needs to be a valid .deb archive, they are
probably more than strong enough.
This is actually not much of a problem:
http://www.cits.rub.de/MD5Collisions/
One example how to create two files with same hash that act
differently.
On 030523 at 13:20, Martin Helas wrote:
On Don Mai 22, 2003 at 10:1621 +0100, Simon Huggins [EMAIL PROTECTED] wrote:
On Thu, May 22, 2003 at 01:50:51PM -0600, xbud wrote:
FYI, http://marc.theaimsgroup.com/?|=linux-kernelm=105271679705571w=2
You say 2.4 in the subject and it says 2.5 in
8 matches
Mail list logo