Re: FTP and security
In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. pscp can be found on the putty page... Greetz, Ivo Windows 2000 is more secure than Linux... Since the machine is offline half of the time because of crashes, it cannot be accessed globally, therefore producing higher security. -Original Message- From: Adam Spickler [EMAIL PROTECTED] Date: Thu, 8 Nov 2001 16:57:22 -0500 Subject: Re: FTP and security Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ Thanks, Adam On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: Previously Lars Bjarby wrote: While were on the subject, is there an OpenSSH port of SFTP? openssh has a sftp subsystem, yes. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Hard Disk Organization
eim wrote: Two days ago I've lost all my Personal Data on my Second HDD, Personal Data like Photos, Images, Audio Stuff, Source Code, Mails: everything gone...! I had some Backups fortuneatly but most stuff is lost forever. Well, now I'm Ready to start my Personal Data Organization from the begining, I've a Debian SCSI Workstation with 2 x 8GB SCSI Drives, sda and sdb. Until now my Data Organization was like this: HD0 - /dev/sda1 = / (Debian root paritition)7900 MB /dev/sda2 = swap (swap paritition) 100 MB - HD1 - /dev/sdb1 = /mnt/d(Personal Data) 8000 MB - My user home directory is in /home/eim on sda1 but most of my Real Important Files are in /mnt/d which is sdb1. So I've lost sdb1 and all my important data, but fortunately my home dir is still there ! My question is, has somebody any suggestions on how to organize personal data, maybe some Real Life examples in order to share opinions on a Secure and Safe Data Organization. I'm of course talking about a Work Station and not a Server for many different users. If anyone has some examples or suggestions I'm ready to share any ideas... Thanks for any help, Have a good time... Ivo Marino I use a nifty program called mirrordir at home, i have thousands of MP3's DIVX movies, programs documents 40Gig worth. I run mirror dir at midnight every night and it keeps a mirror of the working drive. The great thing is it only copies new stuff and is very efficient, also if a file gets deleted accidentally it is not lost and can be retrieved if it is done before midnight. Disk mirroring is good but i like the delay factor using mirrordir. Something to think about anyway ! Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Which ssh should I have?
In article [EMAIL PROTECTED] [EMAIL PROTECTED] writes: CERT tells me Debian potato is vulnerable. We might want to correct them if they are wong. http://www.cert.org/incident_notes/IN-2001-12.html http://www.kb.cert.org/vuls/id/945216 tells me: Vender Status Date updated Debian Vulnerable 2-Nov-2001 OpenSSH on Debian is right, but ssh-nonfree is still vulnerable. See http://bugs.debian.org/85725 -- NOKUBI Takatsugu E-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] / [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
On Fri, Nov 09, 2001 at 02:08:17AM +0100, Wichert Akkerman wrote: Previously Ethan Benson wrote: sorry i don't leave known security holes wide open on my boxes. only an idiot does that. If you think your box does not have currently unknown holes you are naive :) why don't you bother to read what i said. script kiddies don't exploit unknown holes as you have stated, and what i stated above is i don't leave KNOWN PATCHED holes on my boxes, those are what script kiddies attack. of course there are unknown holes, anyone exploiting those will NOT be the least bit foiled by toys like noexec /tmp. so here is the situation: i don't leave open holes that script kiddies use with thier skripts only a dumbass skript kiddie will be foiled by noexec /tmp skript kiddies will be foiled by the fact that my boxes are always up to date and patched against all known vulnerabilities. therefore noexec /tmp gives nothing but inconvenience and no added security. -- Ethan Benson http://www.alaska.net/~erbenson/ msg04026/pgp0.pgp Description: PGP signature
Re: Which ssh should I have?
* NOKUBI Takatsugu [EMAIL PROTECTED] [011109 09:53]: Vender Status Date updated Debian Vulnerable 2-Nov-2001 OpenSSH on Debian is right, but ssh-nonfree is still vulnerable. See http://bugs.debian.org/85725 It seems that some people think that even ssh in potato is unsafe. The low version number attracts crackers or something. It also irritates netadmins that nessus complains about potato-ssh every time they scan the network. Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. Best, Ville -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Sick of static dropped calls? Worried that you or your loved ones won't be able to summon help in a crisis? The Amazing ezBooster is the solution! Click Here - http://www.saverealbigdeals.com/cell The Amazing ezBooster Can Save Your Life!!! *For the lowest price anywhere and a FREE BONUS for orders of 3 you can INSURE your safety that of your loved ones!!! Click Here - http://www.saverealbigdeals.com/cell You won't believe our prices -- these are not misprints and don't overlook the BONUS on quantities of 3 Click Here - http://www.saverealbigdeals.com/cell OUR *BEST DEAL* ON THE AMAZING ezBOOSTER -- *3 for only $12.99!!* PLUS THE SPECIAL BONUS FREE! AN AMERICAN PEN -- SHOW PRIDE IN OUR GREAT COUNTRY Click Here - http://www.saverealbigdeals.com/cell Shipping Handling for all quantities is $5.00, and you may order in individual units, as follows: 1 Amazing ezBooster for $5.99 ...2 Amazing ezBoosters for $9.99 (By the way, folks*these sell in retail stores on TV for $19-$29!!) We very much appreciate your business, and in closing wish to remind you not to forget IN EMERGENCIES, GOOD CELL-PHONE RECEPTION MAKES *all* THE DIFFERENCE For more great deals, and to learn of our donations, with your help, to the Red Cross Relief Fund, please visit us SaveRealBig.com Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] pmguid:ud.sre.6smm6 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Hey, Is there *anything* we can do about all this Spam that's getting on this list? Ed -Original Message-From: HotDeals [mailto:[EMAIL PROTECTED]]Sent: Friday, November 09, 2001 3:01 AMTo: [EMAIL PROTECTED]Subject: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! Sick of static dropped calls? Worried that you or your loved ones won't be able to summon help in a crisis? The Amazing ezBooster is the solution!
Re: Debconf and noexec on /tmp
Ethan Benson [EMAIL PROTECTED] writes: [snip] so here is the situation: i don't leave open holes that script kiddies use with thier skripts only a dumbass skript kiddie will be foiled by noexec /tmp skript kiddies will be foiled by the fact that my boxes are always up to date and patched against all known vulnerabilities. therefore noexec /tmp gives nothing but inconvenience and no added security. There is a school of thought that says there is no such thing as `secure', only making it as hard work -inconvenient- for someone to persist in attacking you. That's why, the more layers I can throw in someone's face, be it firewalling, more than just `defaults' in fstab, running libsafe, the better. ~Tim -- 10:04:04 up 2 days, 12:03, 10 users, load average: 0.26, 0.17, 0.09 [EMAIL PROTECTED] |Rushing onwards, tracing the chains, http://piglet.is.dreaming.org |Chasing the days, chasing the days. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Which ssh should I have?
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote: Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. No harm beyond getting it built right (no binary installs from woody/sid into potato), and realizing that security.debian.org won't automagically post fixes for that package. Something like: apt-get source ssh cd (opensshdir) grep Build-Depends: debian/control (install those packages, possibly edit the Depends: line of debian/control if they've entered something that simply doesn't exist in potato) dpkg-buildpackage cd .. ; dpkg -i ssh*deb -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
On Fri, Nov 09, 2001 at 01:49:54PM +, Tim Haynes wrote: That's why, the more layers I can throw in someone's face, be it firewalling, more than just `defaults' in fstab, running libsafe, the better. sure useful things like nosuid, and nodev. noexec is worthless. as soon as everyone uses noexec all script kiddie scripts will run everything with ld to bypass it. -- Ethan Benson http://www.alaska.net/~erbenson/ msg04115/pgp0.pgp Description: PGP signature
Re: Which ssh should I have?
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote: Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. you can't, the dependencies will drag in half of woody. you can backport the woody ssh packages to potato however. -- Ethan Benson http://www.alaska.net/~erbenson/ msg04116/pgp0.pgp Description: PGP signature
Re: FTP and security
At 09:05 09.11.01, you wrote: In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. Take a look at Secure-iXplorer http://www.i-tree.org/ixplorer.htm, it's a GUI for pscp, you can drag'n drop your files very comfortably. It works ok here. Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
When I tried iXplorer, it didn't look to have ssh2 support. I'd prefer to use ssh2 support, WinSCP allows you to select, but it seems to crash when uploading lots and/or big files. It DOES complete, but you can't see it's progress, etc. ...adam On Fri, Nov 09, 2001 at 05:52:35PM +0100, Jens Schuessler wrote: At 09:05 09.11.01, you wrote: In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. Take a look at Secure-iXplorer http://www.i-tree.org/ixplorer.htm, it's a GUI for pscp, you can drag'n drop your files very comfortably. It works ok here. Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Which ssh should I have?
* Ethan Benson [EMAIL PROTECTED] [011109 16:41]: Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. you can't, the dependencies will drag in half of woody. I suspected that, and suggested to a friend of mine to upgrade to woody. He runs potato (which I installed ;-), but since the ssh in potato is supposed to be unsafe (which may sound funny), he has to do the backport or dist-upgrade. The latter looks easier, and almost everybody run woody or sid anyway. Thanks for helps to all. /Ville -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
At 18:00 09.11.01, you wrote: When I tried iXplorer, it didn't look to have ssh2 support. I'd prefer to use ssh2 support, WinSCP allows you to select, but it seems to crash when uploading lots and/or big files. It DOES complete, but you can't see it's progress, etc. With iXplorer 0.17 you can use a putty saved session and so you get ssh2 support. If you want support for ssh2-keys you have to download one of the developer-snapshots of putty (putty,plink,pscp,pageant and puttygen) and generate your ssh2-keys with the new puttygen. Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Great Stocking Stuffer Ideas from Lego Software
Get Four Fun LEGO Games for One Fantastic Price! FOR ALL 4 GAMES! Includes FREE Shipping Handling! (Free Standard Shipping Only) Order Today While Supplies Last! OR . . . Get Seven LEGO Games for Only $10.00 More! FOR ALL 7 GAMES! Includes FREE Shipping Handling! (Free Standard Shipping Only) Order Today While Supplies Last! Take a Closer Look at These Fun and Educational LEGO Programs: CLICK HERE for Even More LEGO Games. They're All FREE! You Pay Only $6.95 SH Each! LEGO Alpha Team Welcome to a world of secret agents, amazing gadgets and covert operations where only the quick-witted will survive! Suggested Price: $34.95 LEGO Chess Your favorite LEGO characters do battle on a virtual 3D Chess board where simple moves turn into a hilarious, animated duel. Suggested Price: $34.95 LEGO Creator Build a town with an unlimited number of bricks, add vehicles and mini-figures, then watch your creations come to life. Suggested Price: $34.95 LEGO Friends Create a world of your very own music and dance moves as you hang out with all of your favorite LEGO Friends. Suggested Price: $34.95 LEGO Knights' Kingdom Enlist the help of a brave warrior as you create a fantastical kingdom and protect it from your enemies. Suggested Price: $34.95 LEGO Island There's lots of fun waiting for you on LEGO Island. But if the Brickster gets out of jail, he will destroy it all, brick by brick! Suggested Price: $34.95 LEGOLAND Design, create and run your own Legoland Park! Build a driving school, a water park and dozens of other rides. Suggested Price: $34.95 LEGO Loco As chief conductor, you will enjoy commanding your own train system with unlimited track building potential. Suggested Price: $34.95 LEGO Racers Start your engines! Race through exciting LEGO worlds and battle the greatest LEGO racers of all time. Suggested Price: $34.95 LEGO Rock Raiders Danger lurks deep within the dark tunnels of a mysterious underground world on a distant planet. Suggested Price: $34.95 LEGO Stunt Rally Build the most fantastical stunt tracks imaginable, then challenge friends or LEGO characters to crash test fun. Suggested Price: $34.95 These special offers from iRewards are limited to inventory, so secure your order now. Your #1 Source for Free Products Super Deals Online Programs featured are under license by CD Micro, Inc. or their respective copyright holders. Program contents are the property of their respective copyright holders. Graphics and logos are trademarks of CD Micro, Inc. or their respective holders and may not be used without prior written permission. Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] pmguid:ud.si3.6smm6 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). Greetz, Sebastiaan Ed -Original Message- From: HotDeals [mailto:[EMAIL PROTECTED]] Sent: Friday, November 09, 2001 3:01 AM To: [EMAIL PROTECTED] Subject: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! Sick of static dropped calls? Worried that you or your loved ones won't be able to summon help in a crisis? The Amazing ezBooster is the solution! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
On Friday 09 November 2001 16:43 pm, Sebastiaan wrote: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). So who's handling collections? -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Wouldn't it just be better if the lists accepted mail from members only, and for those e-mail addresses that aren't subscribed, a couple of list admins could approve them? I don't think the fine for spam is being enforced, but I'm only guessing. Cya. Bud Rogers wrote: On Friday 09 November 2001 16:43 pm, Sebastiaan wrote: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). So who's handling collections? -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Regards, Robert Davidson. http://www.mlug.org.au/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: Wouldn't it just be better if the lists accepted mail from members only, I have always thought so, but whenever that suggestion comes up on any of the debian lists it gets a pretty violent response. -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
Adam Spickler wrote: Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ PSFTP http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html development snapshots only but still very useable. (also a pscp for scp) /James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Bud Rogers wrote: On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: Wouldn't it just be better if the lists accepted mail from members only, I have always thought so, but whenever that suggestion comes up on any of the debian lists it gets a pretty violent response. yeah I know - I've seen it happen before a few times, but I think thats probably the only real solution. Until something like that happens it's probably a waste of time even talking about it. -- Regards, Robert Davidson. http://www.mlug.org.au/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
My procmail rules catched the initial spam but not the bunch of usual and useless replies. Alain -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Hello, I for one would be willing put put up with Spam of this nature as long as the debian project collected the 'thousands' from the spamers. Ed -Original Message- From: Bud Rogers [mailto:[EMAIL PROTECTED]]On Behalf Of Bud Rogers Sent: Friday, November 09, 2001 6:18 PM To: [EMAIL PROTECTED] Subject: Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! On Friday 09 November 2001 16:43 pm, Sebastiaan wrote: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). So who's handling collections? -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Do you want to make money?
If so, you can find out the many ways with our wonderful eBooks! Click here to learn more info Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] pmguid:9k.spq.iaz5q -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Ethan == Ethan Benson [EMAIL PROTECTED] writes: Ethan On Thu, Nov 08, 2001 at 03:32:06PM -0800, Vineet Kumar Ethan wrote: Well, on some level, *every* system is vulnerable to scriptkiddies. The worst security flaw is admin hubris; always remember that you are not immune. Ethan sorry i don't leave known security holes wide open on my Ethan boxes. only an idiot does that. What you exhibit here looks like admin hubris. You seem to think that you can plug all known security holes. Known meaning known by *someone*, by *at least one person*. How many holes do you think exist that are only known to black hats? I fear the number is greater than zero. Study paranoia. ;-) Bye, J -- Jürgen A. Erhard ([EMAIL PROTECTED], [EMAIL PROTECTED]) MARS http://mars.jerhard.org vi has two modes the one in which it beeps and the one in which it doesn't -- Alan Cox msg04131/pgp0.pgp Description: PGP signature
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: Wouldn't it just be better if the lists accepted mail from members only, I have always thought so, but whenever that suggestion comes up on any of the debian lists it gets a pretty violent response. yeah I know - I've seen it happen before a few times, but I think thats probably the only real solution. Until something like that happens it's probably a waste of time even talking about it. There was a long discussion about this on the Curiosa list last month. It's probably not worth repeating the entire thread here (we're starting down that track). http://lists.debian.org/debian-curiosa/2001/debian-curiosa-200110/msg00030.html KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Put The Internet To Work For You!
Earn continuous residual income for the rest of your life! Well help you do it! Its easy to turn the internet into your own 24/7 business and earn an executives salary! Financial freedom is only a click away! Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] pmguid:9k.sxf.iaz5q -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. pscp can be found on the putty page... Greetz, Ivo Windows 2000 is more secure than Linux... Since the machine is offline half of the time because of crashes, it cannot be accessed globally, therefore producing higher security. -Original Message- From: Adam Spickler [EMAIL PROTECTED] Date: Thu, 8 Nov 2001 16:57:22 -0500 Subject: Re: FTP and security Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ Thanks, Adam On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: Previously Lars Bjarby wrote: While were on the subject, is there an OpenSSH port of SFTP? openssh has a sftp subsystem, yes. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Which ssh should I have?
In article [EMAIL PROTECTED] [EMAIL PROTECTED] writes: CERT tells me Debian potato is vulnerable. We might want to correct them if they are wong. http://www.cert.org/incident_notes/IN-2001-12.html http://www.kb.cert.org/vuls/id/945216 tells me: Vender Status Date updated Debian Vulnerable 2-Nov-2001 OpenSSH on Debian is right, but ssh-nonfree is still vulnerable. See http://bugs.debian.org/85725 -- NOKUBI Takatsugu E-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] / [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
On Fri, Nov 09, 2001 at 02:08:17AM +0100, Wichert Akkerman wrote: Previously Ethan Benson wrote: sorry i don't leave known security holes wide open on my boxes. only an idiot does that. If you think your box does not have currently unknown holes you are naive :) why don't you bother to read what i said. script kiddies don't exploit unknown holes as you have stated, and what i stated above is i don't leave KNOWN PATCHED holes on my boxes, those are what script kiddies attack. of course there are unknown holes, anyone exploiting those will NOT be the least bit foiled by toys like noexec /tmp. so here is the situation: i don't leave open holes that script kiddies use with thier skripts only a dumbass skript kiddie will be foiled by noexec /tmp skript kiddies will be foiled by the fact that my boxes are always up to date and patched against all known vulnerabilities. therefore noexec /tmp gives nothing but inconvenience and no added security. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpmSLNbzdVyo.pgp Description: PGP signature
Re: Which ssh should I have?
* NOKUBI Takatsugu [EMAIL PROTECTED] [011109 09:53]: Vender Status Date updated Debian Vulnerable 2-Nov-2001 OpenSSH on Debian is right, but ssh-nonfree is still vulnerable. See http://bugs.debian.org/85725 It seems that some people think that even ssh in potato is unsafe. The low version number attracts crackers or something. It also irritates netadmins that nessus complains about potato-ssh every time they scan the network. Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. Best, Ville
INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Sick of static dropped calls? Worried that you or your loved ones won't be able to summon help in a crisis? The Amazing ezBooster is the solution! Click Here - http://www.saverealbigdeals.com/cell The Amazing ezBooster Can Save Your Life!!! *For the lowest price anywhere and a FREE BONUS for orders of 3 you can INSURE your safety that of your loved ones!!! Click Here - http://www.saverealbigdeals.com/cell You won't believe our prices -- these are not misprints and don't overlook the BONUS on quantities of 3 Click Here - http://www.saverealbigdeals.com/cell OUR *BEST DEAL* ON THE AMAZING ezBOOSTER -- *3 for only $12.99!!* PLUS THE SPECIAL BONUS FREE! AN AMERICAN PEN -- SHOW PRIDE IN OUR GREAT COUNTRY Click Here - http://www.saverealbigdeals.com/cell Shipping Handling for all quantities is $5.00, and you may order in individual units, as follows: 1 Amazing ezBooster for $5.99 ...2 Amazing ezBoosters for $9.99 (By the way, folks*these sell in retail stores on TV for $19-$29!!) We very much appreciate your business, and in closing wish to remind you not to forget IN EMERGENCIES, GOOD CELL-PHONE RECEPTION MAKES *all* THE DIFFERENCE For more great deals, and to learn of our donations, with your help, to the Red Cross Relief Fund, please visit us SaveRealBig.com Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address debian-security@lists.debian.org pmguid:ud.sre.6smm6
SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Hey, Is there *anything* we can do about all this Spam that's getting on this list? Ed -Original Message-From: HotDeals [mailto:[EMAIL PROTECTED]Sent: Friday, November 09, 2001 3:01 AMTo: debian-security@lists.debian.orgSubject: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! Sick of static dropped calls? Worried that you or your loved ones won't be able to summon help in a crisis? The Amazing ezBooster is the solution!
Re: Debconf and noexec on /tmp
Ethan Benson [EMAIL PROTECTED] writes: [snip] so here is the situation: i don't leave open holes that script kiddies use with thier skripts only a dumbass skript kiddie will be foiled by noexec /tmp skript kiddies will be foiled by the fact that my boxes are always up to date and patched against all known vulnerabilities. therefore noexec /tmp gives nothing but inconvenience and no added security. There is a school of thought that says there is no such thing as `secure', only making it as hard work -inconvenient- for someone to persist in attacking you. That's why, the more layers I can throw in someone's face, be it firewalling, more than just `defaults' in fstab, running libsafe, the better. ~Tim -- 10:04:04 up 2 days, 12:03, 10 users, load average: 0.26, 0.17, 0.09 [EMAIL PROTECTED] |Rushing onwards, tracing the chains, http://piglet.is.dreaming.org |Chasing the days, chasing the days.
Re: Which ssh should I have?
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote: Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. No harm beyond getting it built right (no binary installs from woody/sid into potato), and realizing that security.debian.org won't automagically post fixes for that package. Something like: apt-get source ssh cd (opensshdir) grep Build-Depends: debian/control (install those packages, possibly edit the Depends: line of debian/control if they've entered something that simply doesn't exist in potato) dpkg-buildpackage cd .. ; dpkg -i ssh*deb -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
On Fri, Nov 09, 2001 at 01:49:54PM +, Tim Haynes wrote: That's why, the more layers I can throw in someone's face, be it firewalling, more than just `defaults' in fstab, running libsafe, the better. sure useful things like nosuid, and nodev. noexec is worthless. as soon as everyone uses noexec all script kiddie scripts will run everything with ld to bypass it. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpTvwOiuvyIS.pgp Description: PGP signature
Re: Which ssh should I have?
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote: Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. you can't, the dependencies will drag in half of woody. you can backport the woody ssh packages to potato however. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp0b1P2F7F59.pgp Description: PGP signature
Re: FTP and security
At 09:05 09.11.01, you wrote: In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. Take a look at Secure-iXplorer http://www.i-tree.org/ixplorer.htm, it's a GUI for pscp, you can drag'n drop your files very comfortably. It works ok here. Jens
Re: FTP and security
When I tried iXplorer, it didn't look to have ssh2 support. I'd prefer to use ssh2 support, WinSCP allows you to select, but it seems to crash when uploading lots and/or big files. It DOES complete, but you can't see it's progress, etc. ...adam On Fri, Nov 09, 2001 at 05:52:35PM +0100, Jens Schuessler wrote: At 09:05 09.11.01, you wrote: In this case I use (and suggest to use) pscp which is a win32 implementation of scp (secure copy). It uses a ssh connection to upload or download. Unfortunatly it uses no gui and has to run from cmd or command. Take a look at Secure-iXplorer http://www.i-tree.org/ixplorer.htm, it's a GUI for pscp, you can drag'n drop your files very comfortably. It works ok here. Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: Which ssh should I have?
* Ethan Benson [EMAIL PROTECTED] [011109 16:41]: Is there any harm from installing ssh from woody on potato? This does not apply in my case, but I'd like to know. you can't, the dependencies will drag in half of woody. I suspected that, and suggested to a friend of mine to upgrade to woody. He runs potato (which I installed ;-), but since the ssh in potato is supposed to be unsafe (which may sound funny), he has to do the backport or dist-upgrade. The latter looks easier, and almost everybody run woody or sid anyway. Thanks for helps to all. /Ville
Re: FTP and security
At 18:00 09.11.01, you wrote: When I tried iXplorer, it didn't look to have ssh2 support. I'd prefer to use ssh2 support, WinSCP allows you to select, but it seems to crash when uploading lots and/or big files. It DOES complete, but you can't see it's progress, etc. With iXplorer 0.17 you can use a putty saved session and so you get ssh2 support. If you want support for ssh2-keys you have to download one of the developer-snapshots of putty (putty,plink,pscp,pageant and puttygen) and generate your ssh2-keys with the new puttygen. Jens
Great Stocking Stuffer Ideas from Lego Software
Get Four Fun LEGO Games for One Fantastic Price! FOR ALL 4 GAMES! Includes FREE Shipping Handling! (Free Standard Shipping Only) Order Today While Supplies Last! OR . . . Get Seven LEGO Games for Only $10.00 More! FOR ALL 7 GAMES! Includes FREE Shipping Handling! (Free Standard Shipping Only) Order Today While Supplies Last! Take a Closer Look at These Fun and Educational LEGO Programs: CLICK HERE for Even More LEGO Games. They're All FREE! You Pay Only $6.95 SH Each! LEGO Alpha Team Welcome to a world of secret agents, amazing gadgets and covert operations where only the quick-witted will survive! Suggested Price: $34.95 LEGO Chess Your favorite LEGO characters do battle on a virtual 3D Chess board where simple moves turn into a hilarious, animated duel. Suggested Price: $34.95 LEGO Creator Build a town with an unlimited number of bricks, add vehicles and mini-figures, then watch your creations come to life. Suggested Price: $34.95 LEGO Friends Create a world of your very own music and dance moves as you hang out with all of your favorite LEGO Friends. Suggested Price: $34.95 LEGO Knights' Kingdom Enlist the help of a brave warrior as you create a fantastical kingdom and protect it from your enemies. Suggested Price: $34.95 LEGO Island There's lots of fun waiting for you on LEGO Island. But if the Brickster gets out of jail, he will destroy it all, brick by brick! Suggested Price: $34.95 LEGOLAND Design, create and run your own Legoland Park! Build a driving school, a water park and dozens of other rides. Suggested Price: $34.95 LEGO Loco As chief conductor, you will enjoy commanding your own train system with unlimited track building potential. Suggested Price: $34.95 LEGO Racers Start your engines! Race through exciting LEGO worlds and battle the greatest LEGO racers of all time. Suggested Price: $34.95 LEGO Rock Raiders Danger lurks deep within the dark tunnels of a mysterious underground world on a distant planet. Suggested Price: $34.95 LEGO Stunt Rally Build the most fantastical stunt tracks imaginable, then challenge friends or LEGO characters to crash test fun. Suggested Price: $34.95 These special offers from iRewards are limited to inventory, so secure your order now. Your #1 Source for Free Products Super Deals Online Programs featured are under license by CD Micro, Inc. or their respective copyright holders. Program contents are the property of their respective copyright holders. Graphics and logos are trademarks of CD Micro, Inc. or their respective holders and may not be used without prior written permission. Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address debian-security@lists.debian.org pmguid:ud.si3.6smm6
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). Greetz, Sebastiaan Ed -Original Message- From: HotDeals [mailto:[EMAIL PROTECTED] Sent: Friday, November 09, 2001 3:01 AM To: debian-security@lists.debian.org Subject: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! Sick of static dropped calls? Worried that you or your loved ones won't be able to summon help in a crisis? The Amazing ezBooster is the solution!
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
On Friday 09 November 2001 16:43 pm, Sebastiaan wrote: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). So who's handling collections? -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either.
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Wouldn't it just be better if the lists accepted mail from members only, and for those e-mail addresses that aren't subscribed, a couple of list admins could approve them? I don't think the fine for spam is being enforced, but I'm only guessing. Cya. Bud Rogers wrote: On Friday 09 November 2001 16:43 pm, Sebastiaan wrote: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). So who's handling collections? -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Regards, Robert Davidson. http://www.mlug.org.au/
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: Wouldn't it just be better if the lists accepted mail from members only, I have always thought so, but whenever that suggestion comes up on any of the debian lists it gets a pretty violent response. -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either.
Re: FTP and security
Adam Spickler wrote: Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ PSFTP http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html development snapshots only but still very useable. (also a pscp for scp) /James
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Bud Rogers wrote: On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: Wouldn't it just be better if the lists accepted mail from members only, I have always thought so, but whenever that suggestion comes up on any of the debian lists it gets a pretty violent response. yeah I know - I've seen it happen before a few times, but I think thats probably the only real solution. Until something like that happens it's probably a waste of time even talking about it. -- Regards, Robert Davidson. http://www.mlug.org.au/
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
My procmail rules catched the initial spam but not the bunch of usual and useless replies. Alain
RE: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Hello, I for one would be willing put put up with Spam of this nature as long as the debian project collected the 'thousands' from the spamers. Ed -Original Message- From: Bud Rogers [mailto:[EMAIL PROTECTED] Behalf Of Bud Rogers Sent: Friday, November 09, 2001 6:18 PM To: debian-security@lists.debian.org Subject: Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! On Friday 09 November 2001 16:43 pm, Sebastiaan wrote: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Wasn't there some rule that commercial mails posted to this list are charged for a couple of thousends $$? Most spam is a commercial ad, so there must be a lot of money going to the Debian project ;-). So who's handling collections? -- Bud Rogers [EMAIL PROTECTED] All things in moderation. And not too much moderation either. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Do you want to make money?
If so, you can find out the many ways with our wonderful eBooks! Click here to learn more info Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address debian-security@lists.debian.org pmguid:9k.spq.iaz5q
Re: Debconf and noexec on /tmp
Ethan == Ethan Benson [EMAIL PROTECTED] writes: Ethan On Thu, Nov 08, 2001 at 03:32:06PM -0800, Vineet Kumar Ethan wrote: Well, on some level, *every* system is vulnerable to scriptkiddies. The worst security flaw is admin hubris; always remember that you are not immune. Ethan sorry i don't leave known security holes wide open on my Ethan boxes. only an idiot does that. What you exhibit here looks like admin hubris. You seem to think that you can plug all known security holes. Known meaning known by *someone*, by *at least one person*. How many holes do you think exist that are only known to black hats? I fear the number is greater than zero. Study paranoia. ;-) Bye, J -- Jürgen A. Erhard ([EMAIL PROTECTED], [EMAIL PROTECTED]) MARS http://mars.jerhard.org vi has two modes the one in which it beeps and the one in which it doesn't -- Alan Cox pgpBuVUEMswFM.pgp Description: PGP signature
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
On Friday 09 November 2001 17:46 pm, Robert Davidson wrote: Wouldn't it just be better if the lists accepted mail from members only, I have always thought so, but whenever that suggestion comes up on any of the debian lists it gets a pretty violent response. yeah I know - I've seen it happen before a few times, but I think thats probably the only real solution. Until something like that happens it's probably a waste of time even talking about it. There was a long discussion about this on the Curiosa list last month. It's probably not worth repeating the entire thread here (we're starting down that track). http://lists.debian.org/debian-curiosa/2001/debian-curiosa-200110/msg00030.html KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin, Historical Review of Pennsylvania, 1759
Put The Internet To Work For You!
Earn continuous residual income for the rest of your life! Well help you do it! Its easy to turn the internet into your own 24/7 business and earn an executives salary! Financial freedom is only a click away! Remove yourself from this list by either: Entering your email address below and clicking REMOVE: OR Reply to this message with the word remove in the subject line. This message was sent to address debian-security@lists.debian.org pmguid:9k.sxf.iaz5q
