Dear Damanjeet, The meet is on 21 Dec at my place B6, Raksha Bhawan, Man Singh Rd, New Delhi, Tele 23388826. I am posting the route chart today on the list. Regards, Ashwin ----- Original Message ----- From: "damanjeet" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 04, 2003 10:27 AM Subject: [ilugd] Re: ilugd Digest, Vol 9, Issue 6
> Dear All > Can anyone tell me the address and Timing of next meeting. > Damanjeet Singh > BrickRed Technologies Pvt. Ltd. > B-2 , Sector 31,Noida, Tel +91-120-2456361, Ext18 > Mobile:-9891520520 > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 04, 2003 10:19 AM > Subject: ilugd Digest, Vol 9, Issue 6 > > > > Send ilugd mailing list submissions to > > [EMAIL PROTECTED] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://frodo.hserus.net/mailman/listinfo/ilugd > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of ilugd digest..." > > > > > > Please trim replies before posting. > > > > Today's Topics: > > > > 1. (fwd) GLSA: rsync.gentoo.org rotation server compromised > > (200312-01) (Raj Mathur) > > 2. New resource - Policy Routing and Bandwidth Management > > ([EMAIL PROTECTED]) > > 3. New resource - Squid Caching Proxy Server ([EMAIL PROTECTED]) > > 4. Re: Post on December meet - Threaded view (Tushar Shah) > > 5. The way to the 21 Dec Meet (Ashwin Baindur) > > 6. [Commercial] Programmers Required (Sudhir Gandotra) > > 7. RE: The way to the 21 Dec Meet (Anuj Sharma) > > 8. (fwd) GnuPG 1.2.3, 1.3.3 external HKP interface format string > > issue (Raj Mathur) > > 9. The Wonderful World of Linux 2.6 (Raj Shekhar) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Wed, 3 Dec 2003 21:39:58 +0530 > > From: Raj Mathur <[EMAIL PROTECTED]> > > Subject: [ilugd] (fwd) GLSA: rsync.gentoo.org rotation server > > compromised (200312-01) > > To: [EMAIL PROTECTED], > > [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=us-ascii > > > > [FYI. Doesn't seem to be anything to worry about yet if you're a > > Gentoo user -- Raju] > > > > This is an RFC 1153 digest. > > (1 message) > > ---------------------------------------------------------------------- > > > > Mime-Version: 1.0 > > Content-Type: multipart/signed; micalg=pgp-sha1; > > protocol="application/pgp-signature"; boundary="rG+KBTClKkGekJUE" > > Message-ID: <[EMAIL PROTECTED]> > > From: Kurt Lieber <[EMAIL PROTECTED]> > > Sender: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Subject: [Full-Disclosure] GLSA: rsync.gentoo.org rotation server > compromised (200312-01) > > Date: Tue, 2 Dec 2003 21:01:17 -0500 > > > > > > --rG+KBTClKkGekJUE > > Content-Type: text/plain; charset=iso-8859-1 > > Content-Disposition: inline > > Content-Transfer-Encoding: quoted-printable > > > > -------------------------------------------------------------------------- > -= > > ---- > > GENTOO LINUX SECURITY ANNOUNCEMENT 200312-01 > > -------------------------------------------------------------------------- > -= > > ---- > > Summary : rsync.gentoo.org rotation server compromised=20 > > Date : 2003-12-02 > > Exploit : remote > > CVE : - None - > > Priority : Normal > > -------------------------------------------------------------------------- > -= > > ---- > > > > SUMMARY: > > =3D=3D=3D=3D=3D=3D=3D=3D > > > > On December 2nd at approximately 03:45 UTC, one of the servers that makes > up > > the rsync.gentoo.org rotation was compromised via a remote exploit. At > this > > point, we are still performing forensic analysis. However, the > compromised > > system had both an IDS and a file integrity checker installed and we have > a > > very detailed forensic trail of what happened once the box was breached, > so= > > we > > are reasonably confident that the portage tree stored on that box was > > unaffected. The attacker appears to have installed a rootkit and > > modified/deleted some files to cover their tracks, but left the server > > otherwise untouched. =20 > > > > The box was in a compromised state for approximately one hour before it > was > > discovered and shut down. During this time, approximately 20 users > > synchronized against the portage mirror stored on this box. The method > used > > to gain access to the box remotely is still under investigation. We will > > release more details once we have ascertained the cause of the remote > explo= > > it. > > > > This box is not an official Gentoo infrastructure box and is instead > donated > > by a sponsor. The box provides other services not related to Gentoo Linux > = > > as > > well and the sponsor has requested that we not publicly identify the box > at > > this time. Because the Gentoo part of this box appears to be unaffected > by > > this exploit, we are currently honoring the sponsor's request. That said, > = > > if > > at any point, we determine that any file in the portage tree was > > inappropriately modified, we will release full details about the > compromised > > server. > > > > SOLUTION > > =3D=3D=3D=3D=3D=3D=3D=3D > > Again, based on the forensic analysis done so far, we are reasonably > confid= > > ent > > that no files within the Portage tree on the box were affected. However, > t= > > he > > server has been removed from all rsync.*.gentoo.org rotations and will > rema= > > in > > so until the forensic analysis has been completed and the box has been > wiped > > and rebuilt. Thus, users preferring an extra level of security may ensure > > that they have a correct and accurate portage tree by running: > > > > emerge sync > > > > Which will perform a sync against another server, thus ensuring that all > fi= > > les > > are up to date. > > > > --rG+KBTClKkGekJUE > > Content-Type: application/pgp-signature > > Content-Disposition: inline > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.3 (GNU/Linux) > > > > iD8DBQE/zUPtJPpRNiftIEYRAsuzAJ9VhNxkc1+kPvnXxqF9AMYczPrN6QCfQivy > > pBdmUugrjQd4fD8YmYMx4YI= > > =2VEN > > -----END PGP SIGNATURE----- > > > > --rG+KBTClKkGekJUE-- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ------------------------------ > > > > End of this Digest > > ****************** > > > > -- > > Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ > > GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F > > It is the mind that moves > > > > > > > > ------------------------------ > > > > Message: 2 > > Date: Mon, 1 Dec 2003 10:17:29 +0530 > > From: [EMAIL PROTECTED] > > Subject: [ilugd] New resource - Policy Routing and Bandwidth > > Management > > To: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > > > Resource ID: 78 > > Title: Policy Routing and Bandwidth Management > > Category: I S P > > URL: www.lartc.org > > Contact: Joel > > Description: "All things to know how to manage your bandwidth. Policy > based routing on linux." > > Inform when comment is added: ON > > Inform when resource is rated: ON > > - Submitted by Joel Solanki on 12/01/2003. > > -------------------------------------------------- > > This email is brought to you by http://www.linux-delhi.org/ > > > > > > > > > > ------------------------------ > > > > Message: 3 > > Date: Mon, 1 Dec 2003 10:24:55 +0530 > > From: [EMAIL PROTECTED] > > Subject: [ilugd] New resource - Squid Caching Proxy Server > > To: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > > > Resource ID: 79 > > Title: Squid Caching Proxy Server > > Category: Networking > > URL: www.squid-cache.org > > Contact: Joel Solanki > > Description: "Squid is a Caching proxy server. > > Features:--- > > Proxy Server. > > Web Caching. > > Manage Bandwidth. > > Url Filtering. > > And Much More." > > Inform when comment is added: ON > > Inform when resource is rated: ON > > - Submitted by Joel Solanki on 12/01/2003. > > -------------------------------------------------- > > This email is brought to you by http://www.linux-delhi.org/ > > > > > > > > > > ------------------------------ > > > > Message: 4 > > Date: Mon, 1 Dec 2003 14:57:04 +0530 (IST) > > From: "Tushar Shah" <[EMAIL PROTECTED]> > > Subject: Re: [ilugd] Post on December meet - Threaded view > > To: "The Linux-Delhi mailing list" <[EMAIL PROTECTED]> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain;charset=iso-8859-1 > > > > Hi, > > I had send an earlier mail reg my intrest in presenting fedora > > installation . I am sorry to inform you that under the current > > circumstances of uncertainty wrt to my college schedule , I will not > > be able to commit myself as a presenter for fedora demostration : ( , > > but at the same time if I reach delhi in time I hope to be part of > > the meet . > > bye > > Tushar Shah > > > > > > > > ------------------------------ > > > > Message: 5 > > Date: Wed, 3 Dec 2003 18:05:08 +0530 > > From: "Ashwin Baindur" <[EMAIL PROTECTED]> > > Subject: [ilugd] The way to the 21 Dec Meet > > To: "The Linux-Delhi mailing list" <[EMAIL PROTECTED]> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="iso-8859-1" > > > > Dear all, > > Please find attached a sketch about how to locate Raksha Bhawan for the 21 > Dec meet.My home is in B6. The watchman will be told about the meet. He will > direct you. > > regards, Ashwin > > > > ------------------------------ > > > > Message: 6 > > Date: 04 Dec 2003 01:04:06 +0530 > > From: Sudhir Gandotra <[EMAIL PROTECTED]> > > Subject: [ilugd] [Commercial] Programmers Required > > To: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain > > > > Hello, > > > > There is requirement of : > > > > 1. One/Two Programmers with strong fundamentals and experience (6 months > > onwards) of Perl, Php, MySQL/PostgreSQL, Html, on Linux; > > 2. Two-three trainees with basic knowledge of the above; > > > > 3. Two Programmers with strong fundamentals and experience of C, > > PostgreSQL and GTK/QT; > > 4. Two-three trainees with strong fundamentals of the above. > > > > 5. Two Programmers with strong fundamentals and experience of Java based > > programming. > > 6. Two-three trainees with strong fundamentals of the above. > > > > These are basic minimum requirements. Additional abilities/knowledge on > > Linux platform technologies will be helpful. > > > > The requirements are in Delhi and salary will be in accordance with > > experience and creative abilities. > > > > Ours is a Linux based Application development company > > (www.kalculate.com) and now we are expanding in a big way into this > > arena with both GUI based applications and web-based developments. > > > > Those interested, please mail your resume, offline, to > > [EMAIL PROTECTED] mentioning contact info, qualifications & experience > > on Linux platform, etc. details in text, openoffice, html format. > > -- > > Peace, Force & Joy! Sudhir Gandotra. 98-101-20918. > > > > Legal.Software @ Fractional.Cost : http://kalculate.com > > > > Transform lives: http://humanistmovement.org/ > > !!! Treat Others As You Would Have Them Treat You !!! > > > > > > > > ------------------------------ > > > > Message: 7 > > Date: Thu, 04 Dec 2003 08:00:52 +0530 > > From: "Anuj Sharma" <[EMAIL PROTECTED]> > > Subject: RE: [ilugd] The way to the 21 Dec Meet > > To: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; format=flowed > > > > Hi Ashwin, > > > > i dont c ny attchmnt on ur mail mate! > > > > Anuj > > > > _________________________________________________________________ > > Marriage? http://www.bharatmatrimony.com/cgi-bin/bmclicks1.cgi?74 Join > > BharatMatrimony.com for free. > > > > > > > > > > ------------------------------ > > > > Message: 8 > > Date: Thu, 4 Dec 2003 09:19:45 +0530 > > From: Raj Mathur <[EMAIL PROTECTED]> > > Subject: [ilugd] (fwd) GnuPG 1.2.3, 1.3.3 external HKP interface > > format string issue > > To: [EMAIL PROTECTED], > > [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=us-ascii > > > > [Please upgrade if you use the experimental gpgkeys_hkp program. This > > program is not built with GnuPG by default -- Raju] > > > > This is an RFC 1153 digest. > > (1 message) > > ---------------------------------------------------------------------- > > > > Message-ID: <[EMAIL PROTECTED]> > > From: S-Quadra Security Research <[EMAIL PROTECTED]> > > To: full-disclosure <[EMAIL PROTECTED]>, > > bugtraq <[EMAIL PROTECTED]> > > Subject: GnuPG 1.2.3, 1.3.3 external HKP interface format string issue > > Date: Wed, 03 Dec 2003 16:30:38 +0300 > > > > > > S-Quadra Advisory #2003-12-03 > > > > Topic: GnuPG 1.2.3, 1.3.3 external HKP interface format string issue > > Severity: Low > > Vendor URL: http://www.gnupg.org > > Advisory URL: http://www.s-quadra.com/advisories/Adv-20031203.txt > > Release date: 3 Dec 2003 > > > > 1. DESCRIPTION > > > > GnuPG is a complete and free replacement for PGP. > > Because it does not use the patented IDEA algorithm, it can be used > > without any restrictions. > > GnuPG is a RFC2440 (OpenPGP) compliant application. > > > > GnuPG has external HKP inteface which is marked as experimental and not > > enabled by default in 1.2 stable branch and to use it you should compile > > GnuPG with '--enable-external-hkp' configuration option. > > Also, on 1.3 devel branch external HKP interface is enabled by default > > and to disable you should compile GnuPG with '--disable-hkp' > > configuration option. > > > > When the external HKP interface is enabled, GnuPG will make use of > > 'gpgkeys_hkp' utility for keyserver accesses. > > > > There exists a format string vulnerability in 'gpgkeys_hkp' utility > > which would allow a malicious > > keyserver in the worst case to execute an arbitrary code on the user's > > machine. > > > > 2. DETAILS > > > > The offending code can be found in keyserver/gpgkeys_hkp.c: > > > > <snip> > > int get_key(char *getkey) > > { > > int rc,gotit=0; > > char search[29]; > > char *request; > > struct http_context hd; > > > > ... > > > > if(verbose>2) > > fprintf(console,"gpgkeys: HTTP URL is \"%s\"\n",request); > > > > rc=http_open_document(&hd,request,http_flags); > > if(rc!=0) > > { > > fprintf(console,"gpgkeys: HKP fetch error: %s\n", > > rc==G10ERR_NETWORK?strerror(errno):g10_errstr(rc)); > > fprintf(output,"KEY 0x%s FAILED\n",getkey); > > } > > else > > { > > unsigned int maxlen=1024,buflen; > > byte *line=NULL; > > > > while(iobuf_read_line(hd.fp_read,&line,&buflen,&maxlen)) > > { > > maxlen=1024; > > > > if(gotit) > > { > > // S-Quadra: here is where format string bug lives > > fprintf(output,line); > > if(strcmp(line,"-----END PGP PUBLIC KEY BLOCK-----\n")==0) > > break; > > } > > else > > if(strcmp(line,"-----BEGIN PGP PUBLIC KEY BLOCK-----\n")==0) > > { > > // S-Quadra: here is where format string bug lives > > fprintf(output,line); > > gotit=1; > > } > > } > > ... > > return 0; > > } > > > > </snip> > > > > 3. FIX INFORMATION > > > > S-Quadra alerted GnuPG development team to this issue on 27th November > 2003. > > For 1.2 branch fix available in CVS, latest devel version 1.3.4 also > > contains fix for the reported bug. > > > > 4. CREDITS > > > > Evgeny Legerov <[EMAIL PROTECTED]> is responsible for discovering > > this issue. > > > > 5. ABOUT > > > > S-Quadra offers services in computer security, penetration testing and > > network assesment, > > web application security, source code review and third party product > > vulnerability assesment, > > forensic support and reverse engineering. > > > > Security is an art and our goal is to bring responsible and high quality > > security > > service to the IT market, customized to meet the unique needs of each > > individual client. > > > > S-Quadra, (pronounced es quadra), is not an acronym. > > It's unique, creative and innovative - just like the security services > > we bring to our clients. > > > > S-Quadra Advisory #2003-12-03 > > > > > > ------------------------------ > > > > End of this Digest > > ****************** > > > > -- > > Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ > > GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F > > It is the mind that moves > > > > > > > > ------------------------------ > > > > Message: 9 > > Date: 04 Dec 2003 10:10:32 +0530 > > From: Raj Shekhar <[EMAIL PROTECTED]> > > Subject: [ilugd] The Wonderful World of Linux 2.6 > > To: lugd <[EMAIL PROTECTED]> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain > > > > Joseph Pranevich has written a nice long article on what new things are > > coming in the 2.6 kernel. You can see the whole article at > > http://kniggit.net/wwol26.html. I am putting the most interesting parts > > here. > > > > Interactivity and Responsiveness > > -------------------------------- > > > > One of the key improvements in Linux 2.6, is that the kernel is finally > > preemptible. In all previous versions of Linux, the kernel itself cannot > > be interrupted while it is processing. (On a system with multiple > > processors, this was true on a per-CPU basis.) Under Linux 2.6, the > > kernel now can be interrupted mid-task, so that other applications can > > continue to run even when something low-level and complicated is going > > on in the background. Of course, there are still times when the kernel > > cannot be interrupted in its processing. In reality, most users never > > saw these delays, which are rarely over small fractions of a second. > > Despite that, many users may notice an improvement in interactive > > performance with this feature enabled; things like user input will > > "feel" faster, even when the system is bogged down. > > > > [snip] > > > > Scaling Down -- Linux for Embedded Systems > > ------------------------------------------ > > One of the two most fundamental changes to Linux in 2.6 comes through > > the acceptance and merging of much of the uClinux project into the > > mainstream kernel. The uClinux project (possibly pronounced > > "you-see-Linux", but more properly spelled with the Greek character > > "mu") is the Linux for Microcontrollers project. This variant of Linux > > has already been a major driver of support for Linux in the embedded > > market, and its inclusion in the official release should encourage > > further development in this space. Unlike the "normal" Linux ports that > > we are generally accustomed to, embedded ports do not have all the > > features that we associate with the kernel, due to hardware limitations. > > The primary difference is that these ports feature processors that do > > not feature an MMU. ("memory management unit" - what makes a > > protected-mode OS "protected") While these are generally true > > multitasking Linux systems, they are missing memory protection and other > > related features. (Without memory protection, it is possible for a > > wayward process to read the data of, or even crash, other processes on > > the system.) This may make them unusable for a multi-user system, but an > > excellent choice for a low-cost PDA or dedicated device. It is difficult > > to over-emphasize this architecture shift in Linux 2.6; all versions of > > Linux up to this point were derived (however indirectly) from the > > limitations inherent with Linus' initial work on his Intel 80386. > > [snip] > > > > -- > > / \__ > > ( @\___ Raj Shekhar > > / O My home : http://geocities.com/lunatech3007/ > > / (_____/ My blog : http://lunatech.journalspace.com/ > > /_____/ U > > > > > > > > > > > > ------------------------------ > > > > _______________________________________________ > > ilugd mailing list > > [EMAIL PROTECTED] > > http://frodo.hserus.net/mailman/listinfo/ilugd > > > > > > End of ilugd Digest, Vol 9, Issue 6 > > *********************************** > > > _______________________________________________ > ilugd mailing list > [EMAIL PROTECTED] > http://frodo.hserus.net/mailman/listinfo/ilugd > _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
