--- Dan Lukes [EMAIL PROTECTED] wrote:
Statefull rules can stop the sophisticated intruder, but are often more
vulnerable to DoS attacks.
Every method has pros and cons ...
Hmm... U mean, when someone creates a lot of states? At least pf can limit
that... But here it looks like
--- Simon L. Nielsen [EMAIL PROTECTED] wrote:
On 2006.09.13 02:54:47 -0700, R. B. Riddick wrote:
Hi!
Since linux-flashplugin7 r63 is vulnerable according to
http://vuxml.FreeBSD.org/7c75d48c-429b-11db-afae-000c6ec775d9.html
isn't www/linux-seamonkey vulerable, too (it seems
--- Bigby Findrake [EMAIL PROTECTED] wrote:
On Wed, 6 Sep 2006, Travis H. wrote:
Wouldn't it be better to detect /and/ prevent an attempt to change the
system binaries?
That's how I interpret that passage from the handbook - that you should
detect *and* prevent. I'm not clear on how
--- Bob Johnson [EMAIL PROTECTED] wrote:
On 9/6/06, Barkley Vowk [EMAIL PROTECTED] wrote:
You are a complete madman. You want to protect your data with a key stored
on the most completely and utterly unreliable form of data storage still
lamentably in use? Its not the 1970's anymore, get a
--- Jack Barnett [EMAIL PROTECTED] wrote:
One idea is having 1 server with a CD-ROM drive and exporting it via NFS.
When a server boots it mounts the remote CD-ROM drive and looks for key
$HOSTNAME.key.
But then u would have the problem with network security...
On 9/6/06, Barkley Vowk
--- Doug Barton [EMAIL PROTECTED] wrote:
The patches you sent to implement this option didn't come through to the
mailing list, could you resend them please? :)
Seriously though, a lot of people looked at this problem when yarrow was
introduced, and no solution became immediately apparent.
--- Brooks Davis [EMAIL PROTECTED] wrote:
On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote:
These are valid if probably overly paranoid points. :)
Hmm... Oki Doke... But why use ssh, if u do not really care, if u connect to
the right host? Maybe the postmen know telecom-men
--- fwaggle [EMAIL PROTECTED] wrote:
i have a question. perhaps i'm misunderstanding something with how SSH
works, but how would having a standard freebsd private key benefit
anyone? if you wanted to impersonate a newly installed freebsd machine,
then all you'd need is that freely-available
--- Michael Scheidell [EMAIL PROTECTED] wrote:
I was doing some regression testing in 5.5: Specifically testing booting
up a 'virgin' hard disk from a clean install.
I was testing what happened if the 300 second timeout happened vs
hitting return for 'fast+insecure' startup and punching in a
--- Ari Suutari [EMAIL PROTECTED] wrote:
On FreeBSD 6.1, run rcorder /etc/rc.d/*. You'll notice that
pf is run after netif so if one is using only pf as firewall,
there is a window between run of netif and pf where network
interfaces are up but there is no firewall
--- Mike Tancsa [EMAIL PROTECTED] wrote:
But what if the trojan copies its files to the RAM disc and waits for this
sha256 binary showing up? And then, when it is there, it removes its
changes on
the hard disc (those changes certainly must be in unused (formerly zeroed)
areas of the hard
--- Dag-Erling Smørgrav [EMAIL PROTECTED] wrote:
R. B. Riddick [EMAIL PROTECTED] writes:
(bb) physical access (for reading the content of powered off RAM)
You cannot read the content of powered-off DRAM.
Yes, that it is true. _I_ cannot read powered-off DRAM... But my feathered
friends
--- Dan Lukes [EMAIL PROTECTED] wrote:
[...] Thus, keeping sensitive informations within memory for short
time only MAY reduce the risk level. The intruder need wait for
information to appear in memory again - but it cost time. [...]
That is true - it costs time...
But if a bad guy has
--- Nick Borisov [EMAIL PROTECTED] wrote:
[...] Allowing an intrunder to deal with your
system even one extra minute may lead to tremendous losses depending
[...]
:-) OK.. Let's see, if I understood this right:
1 minute -could be- 1 tremendous loss
50 minutes -could be- 50 tremendous losses
--- Nick Borisov [EMAIL PROTECTED] wrote:
2006/6/19, R. B. Riddick [EMAIL PROTECTED]:
It was possible to transfer about 20MB of data over about
one hour from a single IP, that was never seen there before...
Well, you are not goin' to say that was a great achievement of those
--- Nick Borisov [EMAIL PROTECTED] wrote:
Well, providing zeroed pages to processes is not quite similar to
explicit cleaning of pages after use as some security standards
demand. That's why I'm asking. The Z malloc option seems to be
suitable but it's actually for debugging.
Since you would
--- Robert Watson [EMAIL PROTECTED] wrote:
It's a pity this wasn't brought to my attention sooner, or there might have
been a chance to work on it for 6.1-RELEASE, especially given that it sounds
like it has been a moderately long-standing problem. The first I heard about
I can crash
17 matches
Mail list logo