Package: debsecan
Version: 0.4.2
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://idssi.enyo.de/tracker/CVE-2006-2426 currently states that no
fixed Sun Java packages exist and lists even version 1.5.0-08-1 as
vulnerable.
I think this is wrong because CVE-2006-2426 mentions
the loopback
interface. And you may want to discard packets coming from the internal
network card, if they don't have an approriate IP address.
Here is an example: http://www.sns.ias.edu/~jns/files/iptables_ruleset
--
Michel Messerschmidt, [EMAIL PROTECTED]
$ rpm -q --whatrequires linux
no package requires
Neal Murphy said:
The point is to obscure the ssh server from everyone, including those
who
are authorized to access it remotely.
You're right, this is just the old idea of security by obscurity.
The point is to reduce brute-forace attacks to the point of nearly total
ineffectiveness. The
Zuerst mal vielen Dank für die Antworten.
Das waren wohl doch zuviele Wünsche auf einmal.
Also muss ich wohl entweder auf die Fax-Unterstützung verzichten, den
AVM-Treiber verwenden oder auf USB verzichten. Der Tipp mit der aktiven
Karte ist aber gut, das werde ich mir mal überlegen.
--
Ich steige gerade von Analog auf ISDN um und bin auf der Suche nach
geeigneter Hardware (bevorzugt USB, alternativ PCI). Dabei brauche
ich sowohl PPP wie Fax Unterstützung.
Das ganze soll unter Debian Sarge / Etch funktionieren und zwar
möglichst ohne auf binary-only Treiber doer Firmware
sending it out to the
world.
So for the question how to handle possibly dangerous code
it all comes down to Who do you trust ?
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
___
Full
/index.xml) ?
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
in this thread.
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-descs/mssqlm.shtml
http://vil.nai.com/vil/content/v_2.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
http://www.viruslist.com/eng/viruslist.html?id=59159
HTH,
Michel
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science
-descs/mssqlm.shtml
http://vil.nai.com/vil/content/v_2.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
http://www.viruslist.com/eng/viruslist.html?id=59159
HTH,
Michel
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science
was successful
- couldn't test boot from floppy (no floppy installed)
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
Anyone to shed some light over this?
Seems like there has been a message to debian-announce:
http://cert.uni-stuttgart.de/ticker/article.php?mid=1167
I'm just wondering why I didn't received it ?
--
Michel Messerschmidt
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
Anyone to shed some light over this?
Seems like there has been a message to debian-announce:
http://cert.uni-stuttgart.de/ticker/article.php?mid=1167
I'm just wondering why I didn't received it ?
--
Michel Messerschmidt
.
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
by at least two independant reporters.
There is no such thing as a standard list for viruses or virus names.
Michel
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
the possibility of a false negative (a innocent file
reported as infected), if the virus definition is poorly choosen.
Although this is occurs rarely, it is not impossible.
For example there are products out there that detect a virus only by
a single line in a email.
Michel
--
Michel Messerschmidt
-viral malware is usally reported differently by f-prot
(eg. as is a security risk or a backdoor program)
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
-viral malware is usally reported differently by f-prot
(eg. as is a security risk or a backdoor program)
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
Diego Brouard schreibt:
As you've seen you have been cracked by a worm, it's called
RST.b.
In few words, it infect exectable files in /bin and in the current directory
from where you are executing an already infected binary. You were infected
because of a php bug and the ptrace bug.
Might be a
Diego Brouard schreibt:
As you've seen you have been cracked by a worm, it's called
RST.b.
In few words, it infect exectable files in /bin and in the current directory
from where you are executing an already infected binary. You were infected
because of a php bug and the ptrace bug.
Might
destroys any
privacy that's left on todays systems.
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
destroys any
privacy that's left on todays systems.
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
for this.
--
Michel Messerschmidt
[EMAIL PROTECTED]
http://www.michel-messerschmidt.de
101 - 123 of 123 matches
Mail list logo