-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-067-1 [EMAIL PROTECTED]
http://www.debian.org/security/Robert van der Meulen
July 28, 2001
Hi,
Quoting Colin Phipps ([EMAIL PROTECTED]):
On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote:
I take it then that you volunteer. If not, shut up. Throwing artifical
barriers at this office isn't going to add volunteers.
The barriers to becoming a developer are mainly
Hi,
Quoting Alson van der Meulen ([EMAIL PROTECTED]):
snip
http://www.openwall.com/linux/
The Openwall patches protect against explointing buffer overruns I
think, they're not available for 2.4 yet though.
You might seem family, but you should still learn to quote :) (and follow
the
Quoting David Flatz ([EMAIL PROTECTED]):
#!/usr/bin/perl
print('enter pass: ');
$tmp = ;
system('myprogram enable $user $tmp $ip');
Because then you would still pass the password on the commandline.
Greets,
Robert
--
Linux Generation
encrypted mail
Hi,
There's a secure-coding (or somesuch) mailinglist over at securityfocus,
that might be better suited to these kinds of discussions..
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key.
Quoting Sven Hoexter ([EMAIL PROTECTED]):
You forgot to mention that you can chroot bind since a 8.x release.
Yup ! :)
The chroot is not the non plus ultra solution but it throws a few more stones
in the way of the script kiddies.
plug
..and it is even quite maintainable in a chroot, when
Hi,
http://www.pine.nl/advisories/pine-cert-20020301.txt
is public, i'm working on new packages+dsa.
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key.
There are two major products that come out
Quoting Sandip Bhattacharya ([EMAIL PROTECTED]):
Pardon my ignorance, but I was under the impression that this list is only
about official Security Announcements for Debian(DSA), and not a general
discussion on security. Am I on the wrong list or did I read the list
description incorrectly ?
Quoting eim ([EMAIL PROTECTED]):
Should I keep my key files unencrypted, or is there another
solution which preserves security ?
Yes, no. (unless you manually start your apache after booting, i.e. not from
init)
Greets,
Robert (libapache-mod-ssl maintainer)
--
Hi Jeff,
Quoting Jeff ([EMAIL PROTECTED]):
The 192... is a local private network and the next 2 addresses
are dns servers. Snort is constantly logging activity to the 1st
dns server as a portscan, and as I understand it, this config
entry is supposed to eliminate that. Is this incorrect?
Quoting Ian Cumming ([EMAIL PROTECTED]):
Secondly, with response to the original post, I think that there is an
unjustified level of paranoia by the network admin. High school children
are at best going to be script kiddies. Secondly, your school should
have an ethics agreement between the
Quoting Alan James ([EMAIL PROTECTED]):
No, but it can save you from the Ravenous Bugblatter Beast of Traal.
The towel provides security through obscurity.
I'm assuming everybody here knows about
http://www.systemtoolbox.com/towelday/ ?
Greets,
Robert
--
( o
Hi,
I was working on a newly-installed machine for a customer who requires an
ftp server. After installing vsftpd (which i *had* good experience with), I
noticed that the 'anonymous_enable' switch in /etc/vsftpd.conf, when set to
'NO' *does* allow anonymous access.
Logging in using the
Quoting Robert Brockway ([EMAIL PROTECTED]):
If he really cares about the data (and let's face it, everyone cares about
their data :) then I'd recommend dispensing with ftp entirely and using
scp or sftp (ssh v2) if the client needs to shift data to or from the box.
Configure this for RSA/DSA
Hi Dan ( list)
Quoting Daniel Jacobowitz ([EMAIL PROTECTED]):
1.2.0-3 is in incoming, or remove the pam_ftp line.
Thanks! (I've migrated to $other_ftpd for the time being, but will switch
back)
If you're running something in situations that could be quite a
disaster, I suggest you
Quoting Bernd Eckenfels ([EMAIL PROTECTED]):
In article [EMAIL PROTECTED] you wrote:
Unfortunately some customers want to pay for a solution where they can just
use their silly M$ program like they're used to, and refuse 'complicated'
solutions.
In that case, WebDAV is the way to go, or
Quoting Dariush Pietrzak ([EMAIL PROTECTED]):
Why do you think there's anything wrong with ftp?
There's nothing wrong with offering data over ftp to the general public,
especially when you can guarantee the contents in some way. There is
something wrong when you need secure, private transfers.
Quoting Dariush Pietrzak ([EMAIL PROTECTED]):
There's nothing wrong with offering data over ftp to the general public,
especially when you can guarantee the contents in some way. There is
something wrong when you need secure, private transfers.
And what is wrong with it when you need
Quoting Jan Martin Mathiassen ([EMAIL PROTECTED]):
list. it was supposed to go to debian-security, not debian-devel. i need
debian-devel removed from the Cc list.
if you want to know what was changed, you use tripwire (well, everyone
should do that anyway). that util shows changed, deleted,
Hi,
Quoting Colin Phipps ([EMAIL PROTECTED]):
On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote:
I take it then that you volunteer. If not, shut up. Throwing artifical
barriers at this office isn't going to add volunteers.
The barriers to becoming a developer are mainly
Hi,
Quoting Alson van der Meulen ([EMAIL PROTECTED]):
snip
http://www.openwall.com/linux/
The Openwall patches protect against explointing buffer overruns I
think, they're not available for 2.4 yet though.
You might seem family, but you should still learn to quote :) (and follow
the
Quoting David Flatz ([EMAIL PROTECTED]):
#!/usr/bin/perl
print('enter pass: ');
$tmp = ;
system('myprogram enable $user $tmp $ip');
Because then you would still pass the password on the commandline.
Greets,
Robert
--
Linux Generation
encrypted mail
Hi,
There's a secure-coding (or somesuch) mailinglist over at securityfocus,
that might be better suited to these kinds of discussions..
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key.
Hi,
Quoting martin f krafft ([EMAIL PROTECTED]):
yeah, but that's OpenSSH only (which *is* 99% of what you'd use it for).
but i'd love a PAM-based solution. maybe i should port it. if openssh
can do it, then the code is open-source, then pam should be able to do
it too.
There are open source
Hi,
Quoting James ([EMAIL PROTECTED]):
We could start by blocking @aol.com =)
Or by all running good anti-spam measures and not replying to spam; I didn't
even know it was there until people started replying to it, and i had to
look up the original posting in my spam folder..
Greets,
Quoting Jerry Lynde ([EMAIL PROTECTED]):
For secure DNS service, I suggest djbdns. It's much more secure than BIND.
Much!!
It also has a much more anal license (much!!)
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger [EMAIL
Quoting Jerry Lynde ([EMAIL PROTECTED]):
At 12:15 PM 2/25/2002, Robert wrote:
It also has a much more anal license (much!!)
True, true...
But Michael was asking for secure, not non-anal licensing... I don't expect
he was gonna try and hack BIND or djbdns or anything else... shrug
Nahh,
Quoting Sven Hoexter ([EMAIL PROTECTED]):
You forgot to mention that you can chroot bind since a 8.x release.
Yup ! :)
The chroot is not the non plus ultra solution but it throws a few more stones
in the way of the script kiddies.
plug
..and it is even quite maintainable in a chroot, when
Hi,
http://www.pine.nl/advisories/pine-cert-20020301.txt
is public, i'm working on new packages+dsa.
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key.
There are two major products that come out
Quoting Sandip Bhattacharya ([EMAIL PROTECTED]):
Pardon my ignorance, but I was under the impression that this list is only
about official Security Announcements for Debian(DSA), and not a general
discussion on security. Am I on the wrong list or did I read the list
description incorrectly ?
Quoting Bdale Garbee ([EMAIL PROTECTED]):
nothing snipped
You must be kidding :)
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key.
If you want divine justice, die. -- Nick
Quoting eim ([EMAIL PROTECTED]):
Should I keep my key files unencrypted, or is there another
solution which preserves security ?
Yes, no. (unless you manually start your apache after booting, i.e. not from
init)
Greets,
Robert (libapache-mod-ssl maintainer)
--
Hi Jeff,
Quoting Jeff ([EMAIL PROTECTED]):
The 192... is a local private network and the next 2 addresses
are dns servers. Snort is constantly logging activity to the 1st
dns server as a portscan, and as I understand it, this config
entry is supposed to eliminate that. Is this incorrect?
Quoting Ian Cumming ([EMAIL PROTECTED]):
Secondly, with response to the original post, I think that there is an
unjustified level of paranoia by the network admin. High school children
are at best going to be script kiddies. Secondly, your school should
have an ethics agreement between the
Quoting Alan James ([EMAIL PROTECTED]):
No, but it can save you from the Ravenous Bugblatter Beast of Traal.
The towel provides security through obscurity.
I'm assuming everybody here knows about
http://www.systemtoolbox.com/towelday/ ?
Greets,
Robert
--
( o
Quoting Anne Carasik ([EMAIL PROTECTED]):
This one time, Jeff Bonner wrote:
3) Any reason you *wouldn't* want to use compression in SSH?
Yes, if you're going over a high speed line, no reason to use
compression. If you're connecting through a slow line (like a
modem), use compression.
I'm
Quoting Thomas Thurman ([EMAIL PROTECTED]):
I can see how [speed of line] and [whether to use compression] are
related, and how [trustedness of line] and [whether to use encryption] are
related. But I don't see how anyone could say that If your data's going
over a high-speed line, there's no
Quoting Matt Zimmerman ([EMAIL PROTECTED]):
On Mon, Jun 10, 2002 at 08:29:15PM +0200, Robert van der Meulen wrote:
My data isn't worth one bit less because it's travelling over dark fiber
:)
Eh? If your data is travelling over it, then it isn't dark.
http://www.canet3.net/library
Quoting Nathan E Norman ([EMAIL PROTECTED]):
Right; when you bought it, it was dark. Once you put light into it,
it's no longer dark. If someone thinks dark denotes who owns the
tranceivers, well, they're deluded :)
Both meanings are 100% correct, and 100% acceptable terms. Maybe if you
Quoting Ren? Seindal ([EMAIL PROTECTED]):
I don't know about apache-ssl
libapache-mod-ssl is in incoming.
Greets,
Robert
--
( o Linux Generation o )
///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\
\V_/
Quoting Paul Haesler ([EMAIL PROTECTED]):
Doesn't OpenBSD have a full-disclosure policy anyway?
It has 'listen to theo or fuck off' disclosure policy, which basically means
you have to do what theo says, and no matter what you do, you'll end up with
problems and bitching, and disclosure is only
Quoting Jay Kline ([EMAIL PROTECTED]):
I maay be wrong, but dont the SSH clients need that banner to be able to
identify what version to use?
Yes; the major/minor combination tells the client which protocol versions
can be used. The latest phrack has some interesting information about that
as
Hi,
I was working on a newly-installed machine for a customer who requires an
ftp server. After installing vsftpd (which i *had* good experience with), I
noticed that the 'anonymous_enable' switch in /etc/vsftpd.conf, when set to
'NO' *does* allow anonymous access.
Logging in using the
Quoting Robert Brockway ([EMAIL PROTECTED]):
If he really cares about the data (and let's face it, everyone cares about
their data :) then I'd recommend dispensing with ftp entirely and using
scp or sftp (ssh v2) if the client needs to shift data to or from the box.
Configure this for RSA/DSA
Hi Dan ( list)
Quoting Daniel Jacobowitz ([EMAIL PROTECTED]):
1.2.0-3 is in incoming, or remove the pam_ftp line.
Thanks! (I've migrated to $other_ftpd for the time being, but will switch
back)
If you're running something in situations that could be quite a
disaster, I suggest you
Quoting Bernd Eckenfels ([EMAIL PROTECTED]):
In article [EMAIL PROTECTED] you wrote:
Unfortunately some customers want to pay for a solution where they can just
use their silly M$ program like they're used to, and refuse 'complicated'
solutions.
In that case, WebDAV is the way to go, or
Quoting Dariush Pietrzak ([EMAIL PROTECTED]):
Why do you think there's anything wrong with ftp?
There's nothing wrong with offering data over ftp to the general public,
especially when you can guarantee the contents in some way. There is
something wrong when you need secure, private transfers.
Quoting Dariush Pietrzak ([EMAIL PROTECTED]):
There's nothing wrong with offering data over ftp to the general public,
especially when you can guarantee the contents in some way. There is
something wrong when you need secure, private transfers.
And what is wrong with it when you need
48 matches
Mail list logo