Diego Brouard schreibt:
As you've seen you have been cracked by a worm, it's called
RST.b.
In few words, it infect exectable files in /bin and in the current directory
from where you are executing an already infected binary. You were infected
because of a php bug and the ptrace bug.
Might be a
-viral malware is usally reported differently by f-prot
(eg. as is a security risk or a backdoor program)
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
by at least two independant reporters.
There is no such thing as a standard list for viruses or virus names.
Michel
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
the possibility of a false negative (a innocent file
reported as infected), if the virus definition is poorly choosen.
Although this is occurs rarely, it is not impossible.
For example there are products out there that detect a virus only by
a single line in a email.
Michel
--
Michel Messerschmidt
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
Anyone to shed some light over this?
Seems like there has been a message to debian-announce:
http://cert.uni-stuttgart.de/ticker/article.php?mid=1167
I'm just wondering why I didn't received it ?
--
Michel Messerschmidt
-descs/mssqlm.shtml
http://vil.nai.com/vil/content/v_2.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
http://www.viruslist.com/eng/viruslist.html?id=59159
HTH,
Michel
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science
Diego Brouard schreibt:
As you've seen you have been cracked by a worm, it's called
RST.b.
In few words, it infect exectable files in /bin and in the current directory
from where you are executing an already infected binary. You were infected
because of a php bug and the ptrace bug.
Might
-viral malware is usally reported differently by f-prot
(eg. as is a security risk or a backdoor program)
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
Anyone to shed some light over this?
Seems like there has been a message to debian-announce:
http://cert.uni-stuttgart.de/ticker/article.php?mid=1167
I'm just wondering why I didn't received it ?
--
Michel Messerschmidt
-descs/mssqlm.shtml
http://vil.nai.com/vil/content/v_2.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
http://www.viruslist.com/eng/viruslist.html?id=59159
HTH,
Michel
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science
Neal Murphy said:
The point is to obscure the ssh server from everyone, including those
who
are authorized to access it remotely.
You're right, this is just the old idea of security by obscurity.
The point is to reduce brute-forace attacks to the point of nearly total
ineffectiveness. The
the loopback
interface. And you may want to discard packets coming from the internal
network card, if they don't have an approriate IP address.
Here is an example: http://www.sns.ias.edu/~jns/files/iptables_ruleset
--
Michel Messerschmidt, [EMAIL PROTECTED]
$ rpm -q --whatrequires linux
no package requires
On Thu, Jan 11, 2007 at 06:55:33PM +0100, Adrian von Bidder wrote:
Anybody has an idea if and how this is possible? The obvious but ugly
solution would be to run a second sshd on a different port, but I'd rather
avoid that.
If I understand this correctly, it's not a matter of public key or
On Sun, Jan 14, 2007 at 02:36:10PM +0100, Adrian von Bidder wrote:
I have users a, b, c, d, e. All users except e can have shell access, but
beecause shell access is powerful, must not be able to log in with
password, but only with public key.
If you don't trust your users to keep their
On Tue, Jan 16, 2007 at 09:23:31AM +0100, Maik Holtkamp wrote:
Public keys can be stolen too. If you consider this a risk, you should
[Typ|Brain]o?
s/Public/Private/
Okay, I had a long day, but this really sounds stupid ;)
Please read it as
The *private* key used for ssh public key
that they put their system at a
risk.
It's certainly a bad idea to force something onto users they may not
understand.
But if a user installs a debian package that lowers his systems security
there should be a big warning in the installer.
--
Michel Messerschmidt [EMAIL PROTECTED
On Thu, Oct 18, 2007 at 09:51:45PM +0200, Michael Heide wrote:
I was concerned about the fact, that there is one simple way to circumvent
the hole encryption system if someone has physical access to the pc: to
simply replace the kernel or initrd at the boot partition to include some
trojan
On Tue, Feb 12, 2008 at 09:18:30PM +0100, Jens Schüßler wrote:
* Florian Weimer [EMAIL PROTECTED] wrote:
Not in our tests. Are you sure you're running the new kernel? What
does uname -a say?
$uname -a
Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686 GNU/Linux
As I
On Tue, Feb 12, 2008 at 09:18:30PM +0100, Jens Schüßler wrote:
* Florian Weimer [EMAIL PROTECTED] wrote:
Not in our tests. Are you sure you're running the new kernel? What
does uname -a say?
$uname -a
Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686 GNU/Linux
As I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Florian Weimer said:
The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since propagated to the testing and
current stable (etch) distributions. The old stable distribution
(sarge) is not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexandros Papadopoulos said:
+ I enabled password authentication in sshd_config
(PasswordAuthentication yes)
+ aptitude update aptitude dist-upgrade, which updated the packages
and restarted the openssh daemon
+ shortly thereafter my SSH
On Tue, May 20, 2008 at 08:45:20PM +0100, Alexandros Papadopoulos wrote:
a) How/why were my active connections to the server killed right after
upgrading and
Don't know, I've never seen this behaviour on a debian system.
b) Why I am not allowed access now that I try to utilise the simplest
On Mon, Jul 06, 2009 at 10:51:44AM +0200, Sam Lowry wrote:
losetup /dev/loop0 lenny.img
mkdir lenny
mount lenny.img lenny -t ext3 -o loop=/dev/loop0,offset=98703360
losetup offset is in bytes (see 'man losetup')
cryptsetup luksFormat --offset=98703360 /dev/loop0
Command failed:
On Thu, Jul 16, 2009 at 12:41:32AM +0200, Lukas Faulstich wrote:
W: GPG error: http://security.debian.org etch/updates Release: Die
folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher
Schlüssel nicht verfügbar ist: NO_PUBKEY 9AA38DCD55BE302B
W: Probieren Sie »apt-get
On Mon, Sep 14, 2009 at 07:05:35PM +0200, Moritz Muehlenhoff wrote:
For the experimental distribution, these problems have been fixed in
version 1.9.1.3-1.
It seems the update is not yet available for i386 because the build failed
25 matches
Mail list logo