Try dmesg -n1 or alternatively, change your firewall rules so they
don't log so much.
micah
EErdem schrieb am Monday, den 22. December 2003:
Hi,
From i've set up iptables i've get this messages continual on tty's
(console
Try dmesg -n1 or alternatively, change your firewall rules so they
don't log so much.
micah
EErdem schrieb am Monday, den 22. December 2003:
Hi,
From i've set up iptables i've get this messages continual on tty's
(console
this problem?
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
with onion
addresses.
Are there any mirrors with a hidden service onion address? If so, I
would like to know where!
Are there any mirror operators out there who might be interested in
adding a tor hidden service, but don't know how? If so, contact me, I'd
be happy to help you set it up.
micah
to know if anyone thinks otherwise?
I don't exactly have the time right now to volunteer for changing
things, but I thought that the first step would be to see what people
thought, and then maybe if it was clear what people's preferences were,
perhaps someone might volunteer!
micah
Kurt Roeckx k...@roeckx.be writes:
On Mon, Jun 08, 2015 at 10:00:00AM +, Thorsten Glaser wrote:
Stefan Fritsch sf at sfritsch.de writes:
And custom DH groups are not that easy to handle in an automated way.
Right. I'm currently suggesting each site to generate one and
roll that out
Thorsten Glaser t...@mirbsd.de writes:
micah micah at riseup.net writes:
Encouraging custom DH groups is not a good idea, as this opens up the
triple handshake attack possibility[0].
0. https://www.secure-resumption.com/ (search for Initial DHE Handshake)
-- details an attack where
Well - I was more thinking that whatever service is sending these
regularly scheduled broadcasts ought to be choked. I don't have any
reason for kerberos to be on and it sort of disturbs me that I can't find
this service in either my /etc/services file or even inetd.conf.
Micah
On Wed, Aug 09
the ICMP
port orginate on the 127.0.0.1 end or the destination end?
Micah
On Sun, 11 Feb 2001, Simon Murcott wrote:
Tim Bishopric wrote:
This log shows that Ipchains is rejecting outbound loopback (lo) traffic with a
source IP of 127.0.0.1 and a destination of 127.0.0.1. Protocol 1 is ICMP
. Unless I am wrong, currently there is no known
exploit for this hole, but that isn't that much of a reassurance either.
Thanks,
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
(#106)
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it
this? I am looking
for specifics, not something like Write a perl script, that'll do it.
Thanks!
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
/sbin/checksecurity.
But, what is the point of logging these each day into
/var/log/setuid.changes if nobody sees them? Why doesn't this list get
emailed to root? Am I missing something?
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
Got what appears to be a crc32 compensation attack in my logs today,
about 10 minutes worth of these types of messages should I be
worried? Should I laugh at this feable attempt to break in? Should I
gnaw my fingernails with my shotgun on my lap?
Active System Attack Alerts
On Fri, 16 Nov 2001, Mathias Gygax wrote:
well, i thought this is the definition of root.
no. with LIDS you can protect files and syscalls even from root. in my
setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
kernel,
Potato has 1.2-14 as its latest for poppasswd... I agree that
v1.8-ceti would be a better solution, especially considering the
security issues you cited. What does it take to get this version into
the security updates? A bug filed?
Micah
On Wed, 09 Jan 2002, Steve Mickeler wrote:
I'm using
comes a significant loss in security policy.
Now that woody draws near to being stable, perhaps the policy can be
altered to accomodate for that.
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
regeneration to work, and would have to be
reinstalled from the original packages that they came from in order to
get the man pages properly returned.
micah
On Fri, 15 Aug 2003, Per Tenggren wrote:
Hey!
I updateed my Woody a few days ago and every night I receive the following
mail from Cron
, and
contacting the package maintainer, but no results.
Thanks,
micah
pgp0.pgp
Description: PGP signature
.
Thanks!
micah
Steve Kemp schrieb am Tuesday, den 07. October 2003:
On Tue, Oct 07, 2003 at 09:52:59AM +0200, Alain Tesio wrote:
I had exactly the same problem, it's because logcheck look for cracking
patterns before removing lines which should be ignored, it shouldn't be
hard to fix
Try the package falselogin
micah
Javier Fern?ndez-Sanguino Pe?a schrieb am Thursday, den 23. October 2003:
On Wed, Oct 22, 2003 at 09:45:24AM +0200, Tobias Reckhard wrote:
Hi
We recently noticed that a stock woody install produces an /etc/passwd
in which most, if not all, system
complaining about this and
not doing anything? ;)
micah
On Tue, 02 Dec 2003, Adam ENDRODI wrote:
Just a humble question: how the average user who doesn't use the
kernel sources provided by Debian and cannot follow lk should have
known about the bug? The changelog read ``Add TASK_SIZE check
On Tue, 02 Dec 2003, Michael Stone wrote:
On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote:
I want to chime in here also, I too was unhappy that I did not know
about a local root exploit in 2.4.22 until the Debian machines were
compromised in this manner. I think a lot of people
On Tue, 02 Dec 2003, Rick Moen wrote:
Quoting Micah Anderson ([EMAIL PROTECTED]):
I want to chime in here also, I too was unhappy that I did not know
about a local root exploit in 2.4.22 until the Debian machines were
compromised in this manner. I think a lot of people were in the same
They are clean.
On Fri, 05 Dec 2003, Mo Zhen Guang wrote:
Hi,
I am going to install a few new debian servers, but I worry about the
integratity of the packages because of the incident of compromised debian
servers some days ago.
Can anybody confirm me if these servers are clean now?
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
al what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
http
couldn't get
any of them to find the problem that is being discussed here.
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
are the file I/O operators,
so -dSAFER is unnecessary.
Micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
According to [EMAIL PROTECTED] message posted by
Steve Langasek on Mon, 2 Aug 2004 00:11:55:
Aug. 8: Official security support for sarge begins
Anyone have any updates on this? Is it happening, is it delayed, what
can we do to help?
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
announcements to you and your
organization and you want to make sure someone follows up on them, but
I don't think the rest of the list needs to know that.
Please do us all a favor and turn off your auto-responder.
Micah
On Thu, 10 Feb 2005, Physics IT Support via RT wrote:
Hello,
Thank you
in UMLled
system components.
Have a look at vservers (http://linux-vserver.org/), designed
specifically to fix the problems that can be circumvented with
chroots, take up significantly less resources than UMLs, and are
really quite cool.
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
[ note: Reply-To: set to debian-devel ]
This is a quick summary of the Debian Testing Security Team[1] work
and a request for some aid to help sort out some difficult Sarge
security problems.
Contents of this message:
What the Testing Security Team has been up to
How can I
a message there, it will become re-opened.
Micah
On Thu, 17 Mar 2005, Geoff Crompton wrote:
I noticed that #286905 fixes CAN-2005-0448, however it fixes it for
version 5.8.4-7, while stable has perl version 5.6.1-8.8.
#286905 is marked as resolved, will this fix be backported to stable
On Thu, 17 Mar 2005, Micah Anderson wrote:
I think that the best course of action with regards to this query is
to send a message to [EMAIL PROTECTED] asking this very question.
The maintainers of this package are probably not paying attention to
debian-security, but would respond
On Wed, 16 Mar 2005, Frank Küster wrote:
Frank Küster [EMAIL PROTECTED] wrote:
Micah Anderson [EMAIL PROTECTED] wrote:
7. Is our xpdf vulnerable to CAN-2005-0206[13]?
This also needs to be checked for pdftex (in tetex-bin) and pdftohtml,
and perhaps others that include xpdf code
Fixed in 2.6.8-15 (see #300838)
Things that show up in that list are unresolved items, if it doesn't
show up there then it is resolved.
Micah
On Wed, 30 Mar 2005, Geoff Crompton wrote:
On http://merkel.debian.org/~joeyh/testing-security.html this CAN is
listed, as waiting for a 2.4.27-9
against apache (tagging it security), and
providing as much information as you can. Or the problem does not
affect the particular version of apache in Debian... Do your absolute
best to figure out the latter first.
Micah
On Wed, 30 Mar 2005, Geoff Crompton wrote:
Does anyone know if apache 1.3
on this project. Here is some information about the history of
the team, and if you read through the message there is information
about how to help:
http://lists.debian.org/debian-devel-announce/2005/03/msg00014.html
micah
signature.asc
Description: Digital signature
Alvin Oga schrieb am Tuesday, den 28. June 2005:
On Tue, 28 Jun 2005, Micah Anderson wrote:
Alvin Oga schrieb am Tuesday, den 28. June 2005:
If you are interested in testing security, then there is a group
working on this project. Here is some information about the history
Alvin Oga schrieb am Wednesday, den 29. June 2005:
On Wed, 29 Jun 2005, Micah Anderson wrote:
Alvin Oga schrieb am Tuesday, den 28. June 2005:
You sent an email where about what and got no response? I did not see
your offer to help come across the mailing list (if it is there, can
Alvin Oga schrieb am Wednesday, den 29. June 2005:
On Wed, 29 Jun 2005, Micah Anderson wrote:
i think you can search thru the debian security archives just as
easily as i can or in fact even more easily since yu have a debian acct ??
Did you read the email that I referenced
: output REJECT lo PROTO=1
+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=4545 F=0x T=255 (#64)
Feb 10 15:40:48 stallman kernel: Packet log: output REJECT lo PROTO=1
+127.0.0.1:3 127.0.0.1:3 L=92 S=0xC0 I=5884 F=0x T=255 (#64)
Does anyone know what these are?
Thanks!
Micah
the ICMP
port orginate on the 127.0.0.1 end or the destination end?
Micah
On Sun, 11 Feb 2001, Simon Murcott wrote:
Tim Bishopric wrote:
This log shows that Ipchains is rejecting outbound loopback (lo) traffic
with a source IP of 127.0.0.1 and a destination of 127.0.0.1. Protocol 1
. Unless I am wrong, currently there is no known
exploit for this hole, but that isn't that much of a reassurance either.
Thanks,
Micah
(#106)
Micah
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it does
this? I am looking
for specifics, not something like Write a perl script, that'll do it.
Thanks!
Micah
worth the additional cracks? Do you
trust each admin to be secure with both their password choices as well as
the rest of their actions?
Micah
On Sun, 08 Jul 2001, Andres Salomon wrote:
This is completely off-topic at this point, but there are a few uses
of sudo. The original poster trusts
and age, and are decent
passwords? And how does one reliably log sudo logs offsite?
Micah
Not all mutt users use vi, as a pager I use most, as an editor I use
jed. These things can be configured.
On Tue, 18 Sep 2001, Andres Salomon wrote:
Aside from the fact that it's a pretty big IF; I'm not aware of too many
mail clients that use pagers. mutt uses vi, pine uses pico, X based
Got what appears to be a crc32 compensation attack in my logs today,
about 10 minutes worth of these types of messages should I be
worried? Should I laugh at this feable attempt to break in? Should I
gnaw my fingernails with my shotgun on my lap?
Active System Attack Alerts
On Fri, 16 Nov 2001, Mathias Gygax wrote:
well, i thought this is the definition of root.
no. with LIDS you can protect files and syscalls even from root. in my
setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
kernel,
Potato has 1.2-14 as its latest for poppasswd... I agree that
v1.8-ceti would be a better solution, especially considering the
security issues you cited. What does it take to get this version into
the security updates? A bug filed?
Micah
On Wed, 09 Jan 2002, Steve Mickeler wrote:
I'm using
comes a significant loss in security policy.
Now that woody draws near to being stable, perhaps the policy can be
altered to accomodate for that.
Micah
regeneration to work, and would have to be
reinstalled from the original packages that they came from in order to
get the man pages properly returned.
micah
On Fri, 15 Aug 2003, Per Tenggren wrote:
Hey!
I updateed my Woody a few days ago and every night I receive the following
mail from Cron
, and
contacting the package maintainer, but no results.
Thanks,
micah
pgpaGKEe3owA6.pgp
Description: PGP signature
.
Thanks!
micah
Steve Kemp schrieb am Tuesday, den 07. October 2003:
On Tue, Oct 07, 2003 at 09:52:59AM +0200, Alain Tesio wrote:
I had exactly the same problem, it's because logcheck look for cracking
patterns before removing lines which should be ignored, it shouldn't be
hard to fix
Try the package falselogin
micah
Javier Fern?ndez-Sanguino Pe?a schrieb am Thursday, den 23. October 2003:
On Wed, Oct 22, 2003 at 09:45:24AM +0200, Tobias Reckhard wrote:
Hi
We recently noticed that a stock woody install produces an /etc/passwd
in which most, if not all, system
complaining about this and
not doing anything? ;)
micah
On Tue, 02 Dec 2003, Adam ENDRODI wrote:
Just a humble question: how the average user who doesn't use the
kernel sources provided by Debian and cannot follow lk should have
known about the bug? The changelog read ``Add TASK_SIZE check
They are clean.
On Fri, 05 Dec 2003, Mo Zhen Guang wrote:
Hi,
I am going to install a few new debian servers, but I worry about the
integratity of the packages because of the incident of compromised debian
servers some days ago.
Can anybody confirm me if these servers are clean now?
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
I have a collegue who runs a community web server with some 100
different sites and almost half that in different CMS', blogs,
publishing software, formmail scripts, postnuke, phpnuke,
seems to have a local root exploit for
CDROMs: http://lwn.net/Articles/80480/
micah
Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the people can always be brought to the bidding of the leaders
micah
Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the people can always be brought to the bidding of the leaders.
This is easy. All you have to do is to tell them they are being
attacked
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
al what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
http
couldn't get
any of them to find the problem that is being discussed here.
micah
it as such.
micah
On Sun, 31 Jul 2005, Micah wrote:
Nikita V. Youshchenko wrote:
There won't be _any_ Debian solution with the current mozilla.org policy.
Not exactly. Correct statement is, '... with the current mozilla.org policy
AND Debian traditional way of doing things'.
I agree
that this extention was highly inadequite comparably.
micah
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDhf5A9n4qXRzy1ioRAj4vAJ9R0LkrGvVTbEawGHI/RGZGwCeqsACgqjTe
OkN+3cUQZD2ecy6RgnEanAQ=
=5ln7
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
this is an fun solution to this problem.
Hopefully it will get fixed soon.
micah
1.http://lists.netfilter.org/pipermail/netfilter-devel/2005-December/022696.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDnE149n4qXRzy1ioRArhPAKCYEU/SKwwRfzljT27Kz1uSi1k0BACfT7WO
time.
Micah
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFLGtx9n4qXRzy1ioRAscIAJ9yit4nDbeEWU1Zy6VIJJGPJsNnxACePreu
ySJpV18udhVkQmaJyPJb/qE=
=axFK
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
You are missing:
deb http://security.debian.org/ etch/updates main
micah
Tomasz Ciolek wrote:
Hi All
have packages for these updates:
[DSA 1308-1] New iceweasel packages
[DSA 1309-1] New PostgreSQL 8.1
[DSA 1310-1] New libexif packages
been uploaded to the repositories and added
now someone has
found a way to predict the sequence numbers again (likely by looking at
the algorithm used). Even so, the sequence numbers are not that
difficult to predict because you can guess all 2^16 of them at the same
time. This real problem in the DNS protocol at a very basic level.
Micah
* Stefan Novak [EMAIL PROTECTED] [071212 01:39]:
Hello!
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
This is CVE-2007-6239[1].
Will there be a patch für Debian Etch?
Etch and Sarge are vulnerable, the issue is known to the squid
maintainer and the security team[2].
1.
. In other words, ssh sessions are not
compromised just because an adversary has the host keys (unless a MITM
is setup, in which case you need bot the host key and the authentication
key to perform a mitm attack).
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
not
secure
in the least
Forgive me
it was convenient
so sweet
and so easy
micah
---
with apologies to william carlos williams
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
* Wolfgang Jeltsch [EMAIL PROTECTED] [2008-07-09 13:31-0400]:
configure it to only listen on 127.0.0.1,
How do I do this? dpkg-reconfigure doesn’t help.
I think the bind9 package comes configured this way by default in
Debian (a caching-only local nameserver).
Micah
--
To UNSUBSCRIBE
* Michael Stone [EMAIL PROTECTED] [2008-07-17 08:09-0400]:
On Thu, Jul 17, 2008 at 04:46:54PM +0200, Daniel Leidert wrote:
Today there were some news about a study from the University of Arizona
regarding security issues with package management systems (like apt). I
did not yet read the whole
command to trigger a denyhosts DOS to
lock out anyone they want.
micah
signature.asc
Description: Digital signature
and report
attacks to (http://headcandy.org/rojo/ for some examples using
fail2ban).
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
of your choosing.
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
a legitimate reason to trust any particular Certificate
Authority?
micah
signature.asc
Description: Digital signature
On Wed, 31 Dec 2008, Micah Anderson wrote:
Does anyone have a legitimate reason to trust any particular Certificate
Authority?
Yves-Alexis Perez cor...@debian.org writes:
I may be wrong, but I trust the CAs in ca-certificates. I've followed
the add
* Steffen Joeris steffen.joe...@skolelinux.de [2009-03-18 18:48-0400]:
On Thu, 19 Mar 2009 09:19:28 am Micah Anderson wrote:
[snip: removed some unrelated stuff to move discussion to
debian-security, please reply there]
On a somewhat tangential note, I've been asked a number of times
reproduce what you have seen, using the same kernel.
micah
ps - upstream doesn't like unofficial packages either :)
signature.asc
Description: Digital signature
* Karl Goetz k...@kgoetz.id.au [2009-06-10 03:44-0400]:
On Tue, 2 Jun 2009 00:14:45 -0400
Micah Anderson mi...@riseup.net wrote:
Thanks for your response, sorry about my delay getting back to you.
* Karl Goetz k...@kgoetz.id.au [2009-06-01 23:31-0400]:
The suggestion in #vserver
* Karl Goetz k...@kgoetz.id.au [2009-06-11 08:25-0400]:
On Wed, 10 Jun 2009 11:05:13 -0400
Micah Anderson mi...@riseup.net wrote:
* Karl Goetz k...@kgoetz.id.au [2009-06-10 03:44-0400]:
On Tue, 2 Jun 2009 00:14:45 -0400
Micah Anderson mi...@riseup.net wrote:
Odd. I've just done
#27213 failed with exit status 1: 1 Time(s)
Your cronjob returns an exit status 1, previously crond didn't report
that, but now it does. Make your cronjob return a zero exit code to make
it go away.
micah
pgp3rjl40HE1X.pgp
Description: PGP signature
on 1.8,
that would be helpful for 3.5 years or so (6 months until wheezy
releases, 2 yrs of stable, 1 yr of old stable). How does this sound to
people?
--
Micah Gersten
Ubuntu Security Team
signature.asc
Description: OpenPGP digital signature
On 01/26/2012 12:19 PM, Gustavo Noronha Silva wrote:
On Thu, 2012-01-26 at 10:03 -0600, Micah Gersten wrote:
In Ubuntu, we need to maintain a stable branch of webkitgtk+ for 5 years
for our upcoming LTS. That is from Apr 2012 to Apr 2017. We'll be
using the webkitgtk+ 1.8 branch since it's
package, that provides the
kernel with grsecurity patches applied? Don't bother the kernel team
with it, and just maintain it yourself in the archive? Its free software
afterall.
micah
pgpy3qdaRwiBa.pgp
Description: PGP signature
that I've just installed X package,
and you then just look over at our security tracker and find
that this package has an exploit...
micah
pgp50ulNq1plS.pgp
Description: PGP signature
91 matches
Mail list logo