Re: I want to somehow "crack" the Uefi "Bios" screen of my packard bell ENLG81BA Notebook
On 2016-11-12 09:02 +0100, David wrote: > I want to somehow "crack" the Uefi "Bios" screen of my ENLG81BA Notebook. > > For example for looking into the Boot order or editing it. > > The question is how I can use a grml CD / DVD / USB-Stick (I have > already downloaded the grml iso image). > > Or is it possible even without grml through a command line when GRUB > is starting? There should be "System setup" in the grub menu. If it isn't there, use 'c' to get a commandline and type "fwsetup". Cheers, Sven
I want to somehow "crack" the Uefi "Bios" screen of my packard bell ENLG81BA Notebook
I want to somehow "crack" the Uefi "Bios" screen of my ENLG81BA Notebook. For example for looking into the Boot order or editing it. The question is how I can use a grml CD / DVD / USB-Stick (I have already downloaded the grml iso image). Or is it possible even without grml through a command line when GRUB is starting? The F2 key that during boot opens the Uefi "Bios" screen does not work. The F12 that normally unlocks the F2, also does not work. Loading the Debian efivars kernel module which is necessary to execute the programs efivar and efibootmgr is impossible, it results in following error message: *** modprobe: ERROR: could not insert 'efivars': No such device *** ... the assumption is that the ENLG81BA is very, very good protected against opening the Uefi "Bios" screen. I no longer have Windows on it, under Windows 10 I could install the "easyUEFI" Program and use the menu command reboot into Uefi screen. But because I no longer have Windows I can no longer use that program. *** I want to even know more about my computer. The next question is: can the computer, when executing update-grub and the old Windows 7 disk attached through usb, find it? And if it finds it - can it then even boot the externally attached Windows 7 disk? This is an hpdv9000 harddisk and I found that no cases are available; I had to order - through ebay - a case which is shipped directly from China, delivery time one to two months, which is not for usb cable but fits into the CD / DVD slot, do not know when I will receive it and whether it will work or not. *** Hope there is somebody out there who has the exact same computer model as me, and exact knowledge about its use and configuration under Debian. Debian itself - it is the "stretch" (testing) distribution - boots and works fine.
Re: Does the HDCP crack have any implications for Debian?
On 09/21/2010 05:50 AM, Scott Ferguson wrote: On 21/09/10 19:44, Chris Bannister wrote: On Sat, Sep 18, 2010 at 01:38:51AM +0200, Klistvud wrote: Dne, 17. 09. 2010 23:33:00 je Aaron Toponce napisal(a): That is, if Blu-ray is here to stay. I wouldn't count on that. The useful lifespan of each subsequent media support has been steadily decreasing since at least the advent of celluloid film. Vinyl records lasted for, give or take, 7 or 8 decades. Not true. They are still the preferred choice amongst serious audiophiles. True, but how many companies still press LPs? More than piano roll manufacturers? I did hear that there is at least 2 LP makers - though I wouldn't expect the number to increase anytime soon. Whereas CDs are still manufactured by no one (?) Ditto floppy disks. (and crts). /snip/ Borders has a full section of CDs. How else will you buy music? One-offs at 99¢ from I-tunes? If I want an album of Chopin, am I going to have to watch a BR video of somebody playing it? (That's a tough one for drivers with CD players!) You can still buy floppies at Radio Shack. And cassette tape. I don't know for how long. The rumor is that they will be bought by a big-box consumer appliance store. --doug -- Blessed are the peacekeepers...for they shall be shot at from both sides. --A.M. Greeley -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c992f26.2090...@optonline.net
Re: Does the HDCP crack have any implications for Debian?
Dne, 21. 09. 2010 11:44:17 je Chris Bannister napisal(a): On Sat, Sep 18, 2010 at 01:38:51AM +0200, Klistvud wrote: > I wouldn't count on that. The useful lifespan of each subsequent > media support has been steadily decreasing since at least the advent > of celluloid film. Vinyl records lasted for, give or take, 7 or 8 > decades. Not true. They are still the preferred choice amongst serious audiophiles. Just as film is still the preferred choice among (some) serious photographers. Can't argue against that. To clarify: it was the "large-scale, mainstream consumer market lifespan" what I had in mind when I wrote "useful" lifespan. As opposed to "niche market lifespan". -- Regards, Klistvud Certifiable Loonix User #481801 http://bufferoverflow.tiddlyspot.com Please reply to the list, not to me. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1285064661.215...@compax
Re: Does the HDCP crack have any implications for Debian?
On 21/09/10 19:44, Chris Bannister wrote: > On Sat, Sep 18, 2010 at 01:38:51AM +0200, Klistvud wrote: >> Dne, 17. 09. 2010 23:33:00 je Aaron Toponce napisal(a): >>> That is, if Blu-ray is here to stay. >>> >> I wouldn't count on that. The useful lifespan of each subsequent >> media support has been steadily decreasing since at least the advent >> of celluloid film. Vinyl records lasted for, give or take, 7 or 8 >> decades. > Not true. They are still the preferred choice amongst serious audiophiles. > True, but how many companies still press LPs? More than piano roll manufacturers? I did hear that there is at least 2 LP makers - though I wouldn't expect the number to increase anytime soon. Whereas CDs are still manufactured by no one (?) Ditto floppy disks. (and crts). Given the amount of time and money being sunk into higher storage capacity mediums I'd expect to see blu-ray replaced within 5 years (if not earlier). I've still got rolls of Super8 - but it's no longer manufactured either. Cheers -- *In case you never receive this mail, please notify me immediately* -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c988003.7030...@gmail.com
Re: Does the HDCP crack have any implications for Debian?
On Sat, Sep 18, 2010 at 01:38:51AM +0200, Klistvud wrote: > Dne, 17. 09. 2010 23:33:00 je Aaron Toponce napisal(a): > >That is, if Blu-ray is here to stay. > > > > I wouldn't count on that. The useful lifespan of each subsequent > media support has been steadily decreasing since at least the advent > of celluloid film. Vinyl records lasted for, give or take, 7 or 8 > decades. Not true. They are still the preferred choice amongst serious audiophiles. -- "Religion is excellent stuff for keeping common people quiet." -- Napoleon Bonaparte -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100921094417.ge19...@fischer
Re: Does the HDCP crack have any implications for Debian?
On 19/09/10 06:04, Mark Allums wrote: > On 9/18/2010 4:55 AM, Scott Ferguson wrote: >> I'm very >> happy with the performance I get by simply copying the bluerays I buy to >> hard drive, and I prefer keep my media on hdd. > > > This bears some explanation. Are you watching stuff from Blu-Ray on a > Debian machine? How? What is the process? > > PAU supported video, blu-ray player, makemkv, vlc, google ;-p -- *In case you never receive this mail, please notify me immediately* -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c95ef97.4030...@gmail.com
Re: Does the HDCP crack have any implications for Debian?
On 9/18/2010 4:55 AM, Scott Ferguson wrote: I'm very happy with the performance I get by simply copying the bluerays I buy to hard drive, and I prefer keep my media on hdd. This bears some explanation. Are you watching stuff from Blu-Ray on a Debian machine? How? What is the process? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c951b6b.9080...@allums.com
Blu-ray status in Linux (was: Does the HDCP crack have any implications for Debian?)
On Fri, 17 Sep 2010 22:29:49 +0100, Angus Hedger wrote: > On Fri, 17 Sep 2010 16:12:47 -0500 Mark Allums wrote: (...) >> I'm not interested in that, but I wondered if that meant that we would >> eventually be able to play Blu-Ray on Debian machines. Do you suppose >> we will see Blu-Ray support in VLC anytime soon? (...) > It means that BR playback on linux is closer, for example windows has a > protected content layer that passes the content from the player to the > screen, with this key you could build something like that for windows. Mmmm, just out of curiosity (as I don't own a BD player neither have Blu- ray discs to play) but, do you mean there is currently no way to play Blu- ray in Linux? :-? Or just to put it in other words, what is the current status of the Blu- ray technology in Linux? It seems there is a project¹ that allows viewing such media type, but does it work nice, has any drawbacks...? ¹ http://themediaviking.com/software/bluray-linux/ Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.09.18.14.39...@gmail.com
Re: Does the HDCP crack have any implications for Debian?
On 18/09/10 19:10, Angus Hedger wrote: > On Sat, 18 Sep 2010 10:51:21 +1000 > Scott Ferguson wrote: >> The key is legitimate (confirmed by Intel) - what has been >> misreported is that the key is used for encrypting the contents of >> the disk... the disks are encrypted using AACS, it's the stream from >> the player to the screen that is encrypted with HDCP. >> The key (I want it printed on a bedsheet) is most likely to turn up >> in a FPGA board, to be used by people wanting to rip the stream (need >> fast RAID and a few TB of space). > You would need around about 1TB of space for 1 movie uncompressed and > the FPGA/raid would need to be able to sustain around about 120-200MB/s. > > So it would need to be a highend FPGA/Raid, but the whole thing could > probs be had for around about £1000 + disks. > > > > -- > Regards, > > Angus Hedger > > Debian GNU/Linux User PGP Public Key 0xEE6A4B97 Agreed (though I've no idea what a UK (?) pound is worth. 1920 x 1080 x 24 bits per pixel x 24 fps = 145MB/sec (not allowing for audio) I suspect there would only be two types of user for the key - vendors of home entertainment systems "might" become a market (though they already use a system to bypass restrictions on projectors), and commercial pirating operations (the ones who actually press disks). Though the articles I've read all talk about pirates I suspect the reporters are just *cough* wrong (pre-release pirate material is copied from studio prior to encryption). I recall reading an article by a Google engineer where he spoke of a (Linux) system using multiple off-the-shelf computers with software (?) RAID to achieve near-RAM speed disk access - and an evaluation FPGA card from www.xilinx.com is fairly cheap... With reference to the original posters question - maybe, just maybe, the key might become part of a driver to allow any display to display a stream from a blueray player... but I won't be writing it. I'm very happy with the performance I get by simply copying the bluerays I buy to hard drive, and I prefer keep my media on hdd. Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c948ca2.9070...@gmail.com
Re: Does the HDCP crack have any implications for Debian?
On Sat, 18 Sep 2010 10:51:21 +1000 Scott Ferguson wrote: > The key is legitimate (confirmed by Intel) - what has been > misreported is that the key is used for encrypting the contents of > the disk... the disks are encrypted using AACS, it's the stream from > the player to the screen that is encrypted with HDCP. > The key (I want it printed on a bedsheet) is most likely to turn up > in a FPGA board, to be used by people wanting to rip the stream (need > fast RAID and a few TB of space). You would need around about 1TB of space for 1 movie uncompressed and the FPGA/raid would need to be able to sustain around about 120-200MB/s. So it would need to be a highend FPGA/Raid, but the whole thing could probs be had for around about £1000 + disks. -- Regards, Angus Hedger Debian GNU/Linux User PGP Public Key 0xEE6A4B97 signature.asc Description: PGP signature
Re: Does the HDCP crack have any implications for Debian?
On 18/09/10 07:12, Mark Allums wrote: > The master key to HDCP was leaked and it has been reported that it is > legitimate, meaning it is now possible to crack Blu-Ray. > > I'm not interested in that, but I wondered if that meant that we would > eventually be able to play Blu-Ray on Debian machines. Do you suppose > we will see Blu-Ray support in VLC anytime soon? > > The key is legitimate (confirmed by Intel) - what has been misreported is that the key is used for encrypting the contents of the disk... the disks are encrypted using AACS, it's the stream from the player to the screen that is encrypted with HDCP. The key (I want it printed on a bedsheet) is most likely to turn up in a FPGA board, to be used by people wanting to rip the stream (need fast RAID and a few TB of space). So - sorry no relationship between the stream encypting key and the ability to read the disk. The x264 encoder is more efficient than h264, so the current method of ripping (lossy) still produces a better picture quality than the "legal" releases. Note: HDCP is what decides whether your monitor is allowed to display the stream. Hint: copy the disk to hdd and HDCP is removed from the equation. for your edification:- a forty times forty element matrix of fifty-six bit hexadecimal numbers. To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV. Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key. To generate a sink key, do the same, but with the transposed matrix. big table Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c940d09.4000...@gmail.com
Re: Does the HDCP crack have any implications for Debian?
On 9/17/2010 4:33 PM, Aaron Toponce wrote: On Fri, Sep 17, 2010 at 04:12:47PM -0500, Mark Allums wrote: The master key to HDCP was leaked and it has been reported that it is legitimate, meaning it is now possible to crack Blu-Ray. I'm not interested in that, but I wondered if that meant that we would eventually be able to play Blu-Ray on Debian machines. Do you suppose we will see Blu-Ray support in VLC anytime soon? I would count on it. As much as libdecss is a part of the GNU/Linux ecosystem, I would expect libdehdcp, or similar to become a part of the same. That is, if Blu-ray is here to stay. As was pointed out by Angus Hedger, I realized that HDCP =/= Blu-Ray. The hope of some is that having the one will help with the other. The success of Blu-Ray's encryption is in part because they can revoke keys and add new ones. Newer movie releases use the new keys. In some instances, older players will fail to play new movies without a firmware update. (There are other reasons for this, like new codecs and new disc menus and other things.) Still, we can hope. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c9400e6.4020...@allums.com
Re: Does the HDCP crack have any implications for Debian?
Dne, 17. 09. 2010 23:33:00 je Aaron Toponce napisal(a): That is, if Blu-ray is here to stay. I wouldn't count on that. The useful lifespan of each subsequent media support has been steadily decreasing since at least the advent of celluloid film. Vinyl records lasted for, give or take, 7 or 8 decades. CDs will hardly reach 5 decades. DVDs are being slowly supplanted by BluRay after having lasted, what, 2 decades? At that rate, BluRay should be dead in 10 years. Good riddance. -- Regards, Klistvud Certifiable Loonix User #481801 http://bufferoverflow.tiddlyspot.com Please reply to the list, not to me. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1284766731.2471...@compax
Re: Does the HDCP crack have any implications for Debian?
On Fri, Sep 17, 2010 at 04:12:47PM -0500, Mark Allums wrote: > The master key to HDCP was leaked and it has been reported that it > is legitimate, meaning it is now possible to crack Blu-Ray. > > I'm not interested in that, but I wondered if that meant that we > would eventually be able to play Blu-Ray on Debian machines. Do you > suppose we will see Blu-Ray support in VLC anytime soon? I would count on it. As much as libdecss is a part of the GNU/Linux ecosystem, I would expect libdehdcp, or similar to become a part of the same. That is, if Blu-ray is here to stay. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature
Re: Does the HDCP crack have any implications for Debian?
On Fri, 17 Sep 2010 16:12:47 -0500 Mark Allums wrote: > The master key to HDCP was leaked and it has been reported that it is > legitimate, meaning it is now possible to crack Blu-Ray. > > I'm not interested in that, but I wondered if that meant that we > would eventually be able to play Blu-Ray on Debian machines. Do you > suppose we will see Blu-Ray support in VLC anytime soon? > > HDCP =! BR. Blueray is protected by BD+ and acss, HDCP is what closes the "analog hole" (between the player and the screen). Having the HDCP key means you could make a virtual device that accepts a HDCP encrypted single then passes it out in an unencrypted form to the screen. It means that BR playback on linux is closer, for example windows has a protected content layer that passes the content from the player to the screen, with this key you could build something like that for windows. -- Regards, Angus Hedger Debian GNU/Linux User PGP Public Key 0xEE6A4B97 signature.asc Description: PGP signature
Does the HDCP crack have any implications for Debian?
The master key to HDCP was leaked and it has been reported that it is legitimate, meaning it is now possible to crack Blu-Ray. I'm not interested in that, but I wondered if that meant that we would eventually be able to play Blu-Ray on Debian machines. Do you suppose we will see Blu-Ray support in VLC anytime soon? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c93d9cf.20...@allums.com
Re: crack attempt?
Will Trillich wrote: aha -- i think i actually attracted a script kiddie! http://www.securityfocus.com/archive/75/370288/2004-07-31/2004-08-06/2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack attempt?
Philippe Marzouk wrote: On Tue, Aug 10, 2004 at 02:33:20AM -0500, Will Trillich wrote: aha -- i think i actually attracted a script kiddie! [...] - End forwarded message - the fact that each attempt is a few seconds from the previous one (and that there were only eight tries) leads me to believe this was a human, and not a 'bot of some sort. he even tried "guest"! (standard windows hole -- is it of likely cnocern to a debian system?) I have exactly the same thing in my logs since a few weeks. In general from IPs with no reverse DNS set. They test guest, test sometimes root. It may be some automated tools as it is always the same logins which are tried. I've tracked it down to a couple of bored ISP help desk staff in the past. This seems to be the main occupation for junior crackers. They have some spare time, so they practice. Regards, David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack attempt?
Philippe Marzouk wrote: On Tue, Aug 10, 2004 at 02:33:20AM -0500, Will Trillich wrote: aha -- i think i actually attracted a script kiddie! [...] - End forwarded message - the fact that each attempt is a few seconds from the previous one (and that there were only eight tries) leads me to believe this was a human, and not a 'bot of some sort. he even tried "guest"! (standard windows hole -- is it of likely cnocern to a debian system?) I have exactly the same thing in my logs since a few weeks. In general from IPs with no reverse DNS set. They test guest, test sometimes root. It may be some automated tools as it is always the same logins which are tried. I don't worry about it as I do not have this kind of users on my systems and root is of course not allowed direct ssh login. Same here, I saw someone knocking on one of my doors the other day. -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack attempt?
hi ya will On Tue, 10 Aug 2004, Will Trillich wrote: > aha -- i think i actually attracted a script kiddie! nah... those are "free one-time audits" from summ-buddy with two much free thyme :-) and you should be happy you don't get those few dozen times per hour and even more happier that they don't do anything else like ping bomb or mail bomb or .. other silly fun stuff c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack attempt?
On Tue, Aug 10, 2004 at 02:33:20AM -0500, Will Trillich wrote: > > aha -- i think i actually attracted a script kiddie! > > [...] > > - End forwarded message - > > the fact that each attempt is a few seconds from the previous > one (and that there were only eight tries) leads me to believe > this was a human, and not a 'bot of some sort. > > he even tried "guest"! (standard windows hole -- is it of likely > cnocern to a debian system?) > I have exactly the same thing in my logs since a few weeks. In general from IPs with no reverse DNS set. They test guest, test sometimes root. It may be some automated tools as it is always the same logins which are tried. I don't worry about it as I do not have this kind of users on my systems and root is of course not allowed direct ssh login. Philippe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
crack attempt?
aha -- i think i actually attracted a script kiddie! - Forwarded message from root <[EMAIL PROTECTED]> - Subject: boss 2004/08/09 02:02 system check From: root <[EMAIL PROTECTED]> Date: Mon, 09 Aug 2004 02:02:05 -0500 To: [EMAIL PROTECTED] This mail is sent by logcheck. If you do not want to receive it any more, please modify the configuration files in /etc/logcheck or deinstall logcheck. Possible Security Violations =-=-=-=-=-=-=-=-=-= Aug 9 02:01:13 boss PAM_unix[17097]: authentication failure; (uid=0) -> guest for ssh service Aug 9 02:01:15 boss sshd[17097]: Failed password for guest from 216.57.26.222 port 4839 ssh2 Aug 9 02:01:23 boss PAM_unix[17107]: authentication failure; (uid=0) -> guest for ssh service Aug 9 02:01:24 boss PAM_unix[17109]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:25 boss sshd[17107]: Failed password for guest from 216.57.26.222 port 1261 ssh2 Aug 9 02:01:26 boss sshd[17109]: Failed password for root from 216.57.26.222 port 1302 ssh2 Aug 9 02:01:28 boss PAM_unix[17113]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:30 boss sshd[17113]: Failed password for root from 216.57.26.222 port 1450 ssh2 Aug 9 02:01:31 boss PAM_unix[17119]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:34 boss sshd[17119]: Failed password for root from 216.57.26.222 port 1574 ssh2 Aug 9 02:01:35 boss PAM_unix[17122]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:37 boss sshd[17122]: Failed password for root from 216.57.26.222 port 1630 ssh2 Aug 9 02:01:40 boss PAM_unix[17125]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:41 boss sshd[17125]: Failed password for root from 216.57.26.222 port 1823 ssh2 Aug 9 02:01:43 boss PAM_unix[17127]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:45 boss sshd[17127]: Failed password for root from 216.57.26.222 port 1939 ssh2 Unusual System Events =-=-=-=-=-=-=-=-=-=-= Aug 9 02:01:13 boss PAM_unix[17097]: authentication failure; (uid=0) -> guest for ssh service Aug 9 02:01:15 boss sshd[17097]: Failed password for guest from 216.57.26.222 port 4839 ssh2 Aug 9 02:01:23 boss PAM_unix[17107]: authentication failure; (uid=0) -> guest for ssh service Aug 9 02:01:24 boss PAM_unix[17109]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:25 boss sshd[17107]: Failed password for guest from 216.57.26.222 port 1261 ssh2 Aug 9 02:01:26 boss sshd[17109]: Failed password for root from 216.57.26.222 port 1302 ssh2 Aug 9 02:01:28 boss PAM_unix[17113]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:30 boss sshd[17113]: Failed password for root from 216.57.26.222 port 1450 ssh2 Aug 9 02:01:31 boss PAM_unix[17119]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:34 boss sshd[17119]: Failed password for root from 216.57.26.222 port 1574 ssh2 Aug 9 02:01:35 boss PAM_unix[17122]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:37 boss sshd[17122]: Failed password for root from 216.57.26.222 port 1630 ssh2 Aug 9 02:01:40 boss PAM_unix[17125]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:41 boss sshd[17125]: Failed password for root from 216.57.26.222 port 1823 ssh2 Aug 9 02:01:43 boss PAM_unix[17127]: authentication failure; (uid=0) -> root for ssh service Aug 9 02:01:45 boss sshd[17127]: Failed password for root from 216.57.26.222 port 1939 ssh2 - End forwarded message - the fact that each attempt is a few seconds from the previous one (and that there were only eight tries) leads me to believe this was a human, and not a 'bot of some sort. he even tried "guest"! (standard windows hole -- is it of likely cnocern to a debian system?) $ whois 222.26.57.216.in-addr.arpa No match found for 222.26.57.216.in-addr.arpa. # ARIN WHOIS database, last updated 2004-08-09 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. $ whois 216.57.26.222 OrgName:eLink Communications INC. OrgID: ELNK Address:39 Broadway Address:19th Floor City: New York StateProv: NY PostalCode: 10006 Country:US NetRange: 216.57.0.0 - 216.57.63.255 CIDR: 216.57.0.0/18 NetName:EUREKANETWORKS-IP-D839-18 NetHandle: NET-216-57-0-0-1 Parent: NET-216-0-0-0-0 NetType:Direct Allocation NameServer: NS-AUTH1.ISP.E-NT.NET NameServer: NS-AUTH2.ISP.E-NT.NET NameServer: NS-AUTH3.ISP.E-NT.NET Comment: RegDate: Updated:2004-04-19 AbuseHandle: ENAA-ARIN AbuseName: Eureka Networks Abuse Administrator AbusePhone: +1-800-562-4206 AbuseEmail: [EMAIL PROTECTED] NOCHandle: EIA-ARIN NOCName: Eureka Networks IP Administrator NOCPhone: +1-800-562-4206 NOCEmail: [EMAIL PROTECTED] TechHandle: EIA-ARIN TechName: Eureka Networks IP Administrator TechPhone: +1-800-562-4206 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: ENAA-ARIN Org
Re: [OT] SCO's crack legal team
On Sat, Nov 08, 2003 at 01:06:15PM -0500, Roberto Sanchez wrote: > Have you looked at pngcrush? > > apt-cache show pngcrush No, but I'll definitely look into it for next time. Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Fri, Nov 07, 2003 at 04:36:30PM -0600, Alan Shutko wrote: > That looks like it's 8 bits per color, or 24 bpp. What does identify > -verbose say about it? It looks like you're correct. Thanx, I'll remember this if the issue comes up again. ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Wed, 2003-11-05 at 20:35, csj wrote: > On Wed, 5 Nov 2003 16:52:09 -0600, > Greg Norris wrote: > > > > I thought this might provide some much-needed amusement... My > > wife has put together a picture of SCO's crack legal team, > > which pretty much explains their entire strategy. Feel free to > > share! ;-) > > > >http://home.kc.rr.com/snidely/cornscolio.gif > > Speaking of IP hassles, maybe you should have exported that into > the free png format. http://www.gregfolkert.net/pics/satire/tn/scolegalteam.png.html There ya be... signature.asc Description: This is a digitally signed message part
Re: [OT] SCO's crack legal team
Greg Norris wrote: On Thu, Nov 06, 2003 at 11:34:59PM -0500, Roberto Sanchez wrote: Just out of curiousity, did you originally save it as a 24-bit or 8-bit PNG? IIRC, GIFs are always 8-bit and 8-bit PNGs are comparable in size. I can understand how a 24-bit PNG would be bigger, but I can't see how an 8-bit would be that much different in size. The original image claims to be 8-bit... it's approximately 3 times the size of the gif version. $ file cornscolio.* cornscolio.gif: GIF image data, version 89a, 788 x 1000 cornscolio.png: PNG image data, 788 x 1000, 8-bit/color RGBA, non-interlaced $ ls -l cornscolio.* -rw-r--r--1 adricadric 263471 Nov 4 17:49 cornscolio.gif -rw-r--r--1 adricadric 743422 Nov 4 17:32 cornscolio.png Have you looked at pngcrush? apt-cache show pngcrush -Roberto pgp0.pgp Description: PGP signature
Re: [OT] SCO's crack legal team
Greg Norris <[EMAIL PROTECTED]> writes: > The original image claims to be 8-bit... it's approximately 3 times the > size of the gif version. That looks like it's 8 bits per color, or 24 bpp. What does identify -verbose say about it? -- Alan Shutko <[EMAIL PROTECTED]> - I am the rocks. DOS Gang version...DOS.N.HOOD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Thu, Nov 06, 2003 at 11:34:59PM -0500, Roberto Sanchez wrote: > Just out of curiousity, did you originally save it as a 24-bit or > 8-bit PNG? IIRC, GIFs are always 8-bit and 8-bit PNGs are comparable > in size. I can understand how a 24-bit PNG would be bigger, but I can't > see how an 8-bit would be that much different in size. The original image claims to be 8-bit... it's approximately 3 times the size of the gif version. $ file cornscolio.* cornscolio.gif: GIF image data, version 89a, 788 x 1000 cornscolio.png: PNG image data, 788 x 1000, 8-bit/color RGBA, non-interlaced $ ls -l cornscolio.* -rw-r--r--1 adricadric 263471 Nov 4 17:49 cornscolio.gif -rw-r--r--1 adricadric 743422 Nov 4 17:32 cornscolio.png -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
Greg Norris wrote: On Thu, Nov 06, 2003 at 09:35:53AM +0800, csj wrote: Speaking of IP hassles, maybe you should have exported that into the free png format. The original version was png, actually... I converted it to gif because more browsers handle that format, and it has a significantly smaller file size in this instance. The site it's hosted on has a minimal bandwidth allocation, so size was not an insignificant concern. In addition, the gif patent has expired in the USA (and is very close to doing so elsewhere), and simply isn't an issue which troubles me all that much. If anyone requests the png version, I'd be happy to email it. People are welcome to share either version (email, posting on the web, whatever). Just out of curiousity, did you originally save it as a 24-bit or 8-bit PNG? IIRC, GIFs are always 8-bit and 8-bit PNGs are comparable in size. I can understand how a 24-bit PNG would be bigger, but I can't see how an 8-bit would be that much different in size. -Roberto pgp0.pgp Description: PGP signature
Re: [OT] SCO's crack legal team
On Thu, Nov 06, 2003 at 09:35:53AM +0800, csj wrote: > Speaking of IP hassles, maybe you should have exported that into > the free png format. The original version was png, actually... I converted it to gif because more browsers handle that format, and it has a significantly smaller file size in this instance. The site it's hosted on has a minimal bandwidth allocation, so size was not an insignificant concern. In addition, the gif patent has expired in the USA (and is very close to doing so elsewhere), and simply isn't an issue which troubles me all that much. If anyone requests the png version, I'd be happy to email it. People are welcome to share either version (email, posting on the web, whatever). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Wed, 5 Nov 2003 16:52:09 -0600, Greg Norris wrote: > > I thought this might provide some much-needed amusement... My > wife has put together a picture of SCO's crack legal team, > which pretty much explains their entire strategy. Feel free to > share! ;-) > >http://home.kc.rr.com/snidely/cornscolio.gif Speaking of IP hassles, maybe you should have exported that into the free png format. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Wed, Nov 05, 2003 at 04:52:09PM -0600, Greg Norris wrote: > I thought this might provide some much-needed amusement... My wife has > put together a picture of SCO's crack legal team, which pretty much > explains their entire strategy. Feel free to share! ;-) Heh, heh, heh. He said 'crack'. Heh heh heh. -- Dave Thayer | WARNING: Persons denying the existence of Denver, Colorado USA | robots may be robots themselves. [EMAIL PROTECTED] | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Thu, 2003-11-06 at 11:52, Greg Norris wrote: > I thought this might provide some much-needed amusement... My wife has > put together a picture of SCO's crack legal team, which pretty much > explains their entire strategy. Feel free to share! ;-) > >http://home.kc.rr.com/snidely/cornscolio.gif LOL. Nice. -- .''`. Paul William : :' :Debian admin and user `. `'` `- Debian - when you have better things to do than fixing a system -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[OT] SCO's crack legal team
I thought this might provide some much-needed amusement... My wife has put together a picture of SCO's crack legal team, which pretty much explains their entire strategy. Feel free to share! ;-) http://home.kc.rr.com/snidely/cornscolio.gif -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
Thanks to all contributors for your helpful, kind and informative responses and discussion. I will now unsubscribe temporarily and be back by the middle of next month, then at first reinstalling... Of course, should there be further postings I'll be happy to read them later. Take care, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
Jesse Meyer wrote: On Fri, 25 Jul 2003, Andreas von Heydwolff wrote: [ Snip most details of computer setup and getting cracked ] When you install a system, unless its absolutely necessary, install it from behind a firewall. Then, before you set up any sort of firewall on the machine, start disabling ports - most servers can be configured to listen to only the local loopback device or the internal network. Even without a firewall, your system should be secure. (Hint: 'listen', 'bind', 'allow from', 'interface', etc in config files to limit what device the server listens to, and xinetd to limit those services that traditionally start from inetd.) I was a bit sloppy on this - my previous install was better in that respect. Your goal is to be able to scan your machine (via nmap), and find no unnecessary service listening to the outside interface. IS running nessus from within aimed at eth0 with the outside IP address equivalent? This is what I did earlier. Then, build up your firewall scripts. Connect to the internet and do all the security updates. A secured Woody as the firewall box should make it viable to run SID inside the network again, wouldn't it? Finally, use a security scanner from outside your machine ( I believe that http://www.grc.com has one [about the only thing the site's good for, IMHO]). grc.com is a good start. http://check.lfd.niedersachsen.de/start.php is more comprehensive, provided by the Data Protection Registrar of the federal state of Niedersachsen in Germany. (For those who want to use it: The first button is to confirm that the displayed IP address is indeed yours, the second button starts the test. Page two displays three buttons in the top row "start self-test", "stop ..." and "... WITHOUT ("ohne") SSL" and you can select only a phase 1, 2 or 3 with the buttons beneath.) BTW, "TIP", the ZIP cartridge testing program from grc.com is excellent. It checks and if necessary disables flakey sectors on ZIP disks, moving data to the 10% spare sectors provided on disks for this purpose by Iomega. Needs to be run from Windows though. You don't want your security system to consist solely of your firewall - firewalls are supposed to supplement your defense! Just my $.02 ~ Jesse Meyer Thanks, Jesse. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Jul 25, 2003 at 11:36:58PM -0500, Jesse Meyer wrote: > Your goal is to be able to scan your machine (via nmap), and find > no unnecessary service listening to the outside interface. You're going to want to run nmap from a foreign host to test yourself. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Ig2zJ5vLSqVpK2kRAgBvAJ4xzzv707xMqCqu+nsWtcUNcSsb0gCcDgAi gE5SvHoNzTzlskrDb+8/F3s= =aV5h -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Jul 25, 2003 at 07:49:13PM +0200, Andreas von Heydwolff wrote: > What I wonder is whether it is potentially dangerous for me to have > iptables starting quite slowly on my 133MHz firewall machine, Nope, not really. > And I now wonder whether a powerful thing like iptables is manageable by > an amateur with some half knowledge when even professionals have their > troubles. Of course it is. Not all professionals know what they're doing. > Or perhaps I am now in the process of learning the hard way > that the good enough firewall has to be on at *all* times, no matter what. No, however, a firewall is not the end-all, be-all of security. You don't have a really weak root password or something, do you? > I also wonder whether a stock Windows98 box is less of a hassle because > a friend who is not so security conscious is customer of the same cable > provider. Oh, hell no. You think iptables is hard, just *try* securing a Windows box. It can't be done. Windows exists exclusively to live on firewalled networks. Microsoft even says this somewhere in thier support knowledge base, "trustworthy computing" be damned. > Despite frequent hits on my firewall from the provider's > subnet to which he must more or less be subjected too he has never > reported anything problematic. Of course you're going to see traffic on your subnet. I *really, really* hate windows-based "personal firewalls" for instilling the idea that normal traffic somehow constitutes an attack (and that a windows box with a program listening on *every* port is somehow more secure than just shutting off listening services, or the idea that Windows can be secured from within at all). Other people use that subnet, too, and other people need to send broadcasts for DHCP, ARP and what not... > Do Linux boxen attract the more skilled attackers? Yes, but for every skilled attacker, there's thirty of fourty script kiddies waiting to nail Windows hosts. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Ign8J5vLSqVpK2kRAgi6AKCW6iTJqeb2C4WS3cwn74MzooZ1+wCgtgT6 X5Yi16KxjQ+fBd54ytyaZUg= =ZLyg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
On Fri, 25 Jul 2003, Andreas von Heydwolff wrote: > [ Snip most details of computer setup and getting cracked ] When you install a system, unless its absolutely necessary, install it from behind a firewall. Then, before you set up any sort of firewall on the machine, start disabling ports - most servers can be configured to listen to only the local loopback device or the internal network. Even without a firewall, your system should be secure. (Hint: 'listen', 'bind', 'allow from', 'interface', etc in config files to limit what device the server listens to, and xinetd to limit those services that traditionally start from inetd.) Your goal is to be able to scan your machine (via nmap), and find no unnecessary service listening to the outside interface. Then, build up your firewall scripts. Connect to the internet and do all the security updates. Finally, use a security scanner from outside your machine ( I believe that http://www.grc.com has one [about the only thing the site's good for, IMHO]). You don't want your security system to consist solely of your firewall - firewalls are supposed to supplement your defense! Just my $.02 ~ Jesse Meyer -- icq: 34583382 / msn: [EMAIL PROTECTED] / yim: tsunad "We are what we pretend to be, so we must be careful about what we pretend to be." - Kurt Vonnegut Jr : Mother Night pgp0.pgp Description: PGP signature
Re: crack traces in /var ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Jul 25, 2003 at 11:24:12AM -0400, Greg Folkert wrote: > On Fri, 2003-07-25 at 02:54, Andreas von Heydwolff wrote: > > Err, and one more: Should I buy a hardware firewall/router instead of > > fiddeling around with iptables as an amateur? > > Well, if you dare run Testing or Unstable... (Don;t know if it is > available for Woody) there is a VERY nice package that is called: > > fwbuilder Even easier: ipmasq - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/IgIhJ5vLSqVpK2kRApw3AJ9eBmomaUPQXQwTZsbEeaowWNWZHwCfRW/I fHQlV5r7Q+mqN/Acf/ufC4I= =7g7/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
Jamin W. Collins wrote: On Fri, Jul 25, 2003 at 04:14:58PM -0400, Jaldhar H. Vyas wrote: On Fri, 25 Jul 2003, David Fokkema wrote: Hmmm... Shorewall's default is to start it _way_ after network services... Anyone knows the debian way to deal with this? Report it as a bug. A pretty major one I would say. Should start prior to networking if at all possible or just after (potentially even via an if-up.d script). On my small network when I started the desktop machine with its own iptables fw before the fw box itself was up, the startup process stopped, waiting for timeouts. I wonder if this had only to do with ntp on the desktop machine not being able to connect to the internet timeserver or actually its iptables not being able to load before the fw box offered a net connection. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
Jamin W. Collins wrote: On Fri, Jul 25, 2003 at 04:14:58PM -0400, Jaldhar H. Vyas wrote: On Fri, 25 Jul 2003, David Fokkema wrote: Hmmm... Shorewall's default is to start it _way_ after network services... Anyone knows the debian way to deal with this? Report it as a bug. A pretty major one I would say. Should start prior to networking if at all possible or just after (potentially even via an if-up.d script). On my small network when I started the desktop machine with its own iptables fw before the fw box itself was up, the startup process stopped, waiting for timeouts. I wonder if this had only to do with ntp on the desktop machine not being able to connect to the internet timeserver or actually its iptables not being able to load before the fw box offered a net connection. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
On Fri, Jul 25, 2003 at 04:14:58PM -0400, Jaldhar H. Vyas wrote: > On Fri, 25 Jul 2003, David Fokkema wrote: > > > Hmmm... Shorewall's default is to start it _way_ after network > > services... Anyone knows the debian way to deal with this? > > Report it as a bug. A pretty major one I would say. Should start prior to networking if at all possible or just after (potentially even via an if-up.d script). -- Jamin W. Collins Remember, root always has a loaded gun. Don't run around with it unless you absolutely need it. -- Vineet Kumar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
On Fri, 25 Jul 2003, David Fokkema wrote: > Hmmm... Shorewall's default is to start it _way_ after network > services... Anyone knows the debian way to deal with this? Report it as a bug. A pretty major one I would say. -- Jaldhar H. Vyas <[EMAIL PROTECTED]> La Salle Debain - http://www.braincells.com/debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
First of all, thanks for your little essay, ;-) On Fri, Jul 25, 2003 at 07:49:13PM +0200, Andreas von Heydwolff wrote: > partitions. I run tiger and chkrootkit occasionally, i.e. once or twice > a week, sometimes not. The firewall box is a small hardened Woody with > security updates, the desktop a current SID installation. Hmmm... I run woody for a few months now, but I have _never_ run tiger or chkrootkit. I will do so immediately... Tiger returns clean. Chkrootkit returns clean. ;-)) > open one of the higher ports for a few hours. Fiddeling with > firestarter/iptables until port forwarding worked was when I shut off > the firewall for minutes and once unfortunately a lot longer: I forgot I use shorewall, as others have already recommended. I looked into a few other programs, fwbuilder, ferm, plain iptables... I liked shorewall best. It guards you from making (stupid) mistakes when scripting your own firewall, while allowing you to use your favourite text editor to add or comment out a single rule. No hassles, just protection. > What I wonder is whether it is potentially dangerous for me to have > iptables starting quite slowly on my 133MHz firewall machine, it takes > maybe 10 seconds to get all the modules loaded while ntp already picks > up the time and a net connection has seemingly already been established. > I power down my system almost daily to reduce risks and keep my power > bill lower, so there is a certain window almost daily at startup. My IP > address is a de facto fixed one from the cable provider. I have wondered about this too... Hmmm... Shorewall's default is to start it _way_ after network services... Anyone knows the debian way to deal with this? Otherwise I'll probably add a iptables -P DROP in my /etc/network/interfaces. Is this correct? > PS will ook at Shrewall too Yes, please do, :-) David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
On Fri, Jul 25, 2003 at 07:49:13PM +0200, Andreas von Heydwolff wrote: > What I wonder is whether it is potentially dangerous for me to have > iptables starting quite slowly on my 133MHz firewall machine, it takes > maybe 10 seconds to get all the modules loaded while ntp already picks > up the time and a net connection has seemingly already been > established. I power down my system almost daily to reduce risks and > keep my power bill lower, so there is a certain window almost daily at > startup. My IP address is a de facto fixed one from the cable > provider. Why not put a basic firewall in place prior to the network startup? With default policys set to DROP, and rules to allow only necessary traffic in and out. After the network connections are up, you can then add any interface/ip specific rules that are neccessary. This can either be tacked on to the existing minimal ruleset or you could flush the rules (leaving policy at DROP) and build all new rules. -- Jamin W. Collins This is the typical unix way of doing things: you string together lots of very specific tools to accomplish larger tasks. -- Vineet Kumar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
Andy Firman wrote: Oh well. Second time this year. snip Maybe we can learn from your mistakes. I would appreciate the information. (If you want it short, this may not be for you - here goes:) Andy, thanks for your interest. I consider myself still a newbie, this is my third Debian year, Corel Linux got me started after an unconvincing try at RedHat5 years earlier. I have no prefessional IT background but like 'puters and am reading a lot around in the newsgroups, Howtos etc. Policy: I have no services open to the outside, exceptions are mentioned below. There are only trusted users inside the network. Besides iptables I have set nosuid,nodev,noexec flags for my home dir and other storage partitions. I run tiger and chkrootkit occasionally, i.e. once or twice a week, sometimes not. The firewall box is a small hardened Woody with security updates, the desktop a current SID installation. As I haven't set up my mail dir to work with Mozilla and haven't bothered to find out how to make the black background of mutt lighter I am not reading the reports frequently - reports from programs I am slowly getting familiar with like snort, tiger. Before the first crack I had ssh (and nothing else) open to the outside. In addition, maintenance of some proprietary custom tailored database program that I had acquired for another location made it necessary to open one of the higher ports for a few hours. Fiddeling with firestarter/iptables until port forwarding worked was when I shut off the firewall for minutes and once unfortunately a lot longer: I forgot to start iptables via firestarter again a few weeks ago over a period of a few hours after said situation - maybe this sealed my fate this time. I am paying dearly as even the laptop that for file synchronization I hook up to the switch now and then currently sports some unknown numeric group permissions for the home dir as reported by tiger later today. I detected the first crack when chkrootkit reported a deletion in wted. For this crack (only after which I built the separate firewall box) I have the following explanation although I may have been to sloppy as well with restarting the firewall immediately after stopping it for whatever reason I had back then: I saw in the log that the time of the wted deletion was almost to the minute the time when I installed a freshly compiled kernel. The machine had locked up then and during installing I had thought that this was due to some module problem (running SID, as I said), and the second try worked so that I did not bother any more. But in retrospect it may have been the crack(er) who caused the crash. What I wonder is whether it is potentially dangerous for me to have iptables starting quite slowly on my 133MHz firewall machine, it takes maybe 10 seconds to get all the modules loaded while ntp already picks up the time and a net connection has seemingly already been established. I power down my system almost daily to reduce risks and keep my power bill lower, so there is a certain window almost daily at startup. My IP address is a de facto fixed one from the cable provider. And I now wonder whether a powerful thing like iptables is manageable by an amateur with some half knowledge when even professionals have their troubles. Or perhaps I am now in the process of learning the hard way that the good enough firewall has to be on at *all* times, no matter what. I also wonder whether a stock Windows98 box is less of a hassle because a friend who is not so security conscious is customer of the same cable provider. Despite frequent hits on my firewall from the provider's subnet to which he must more or less be subjected too he has never reported anything problematic. Do Linux boxen attract the more skilled attackers? But perhaps his occasional reinstalls are not so much due to fat havoc after dozens of lockups per month but signs of unrecognized security compromises... don't get me wrong, I see no alternative for me in this other OS, and I wonder what he'll be reporting after his current XP honeymoon. So I guess it's all my fault, understimating what trouble already a few or no firewall hits per hour when traffic is low can mean without the firewall. Andreas PS will ook at Shrewall too -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
> > Oh well. Second time this year. > How on earth and why are you getting cracked? Can you share with us the reasons you have been cracked twice in 7 months? What services do you think are being compromised? What kind of security (if any) policies do you implement besides iptables? Is it possible you were not implementing iptables correctly? (I recommend Shorewall to help implement iptables the right way) This is one thing I never want to happen to my servers, hence all the questions. Maybe we can learn from your mistakes. I would appreciate the information. Andy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
On Fri, 2003-07-25 at 02:54, Andreas von Heydwolff wrote: > Err, and one more: Should I buy a hardware firewall/router instead of > fiddeling around with iptables as an amateur? Well, if you dare run Testing or Unstable... (Don;t know if it is available for Woody) there is a VERY nice package that is called: fwbuilder I have used it since ... a long time ago, and it continues to improve with each revision. It has a firewall wizard the blocks everything. You have to make exceptions in order to get traffic IN. It is very nice and makes short work of the whole thing. Just remember Order of Execution of the Rules is the FOREMOST import. As the first rule that applies WINS. So if you put your catch-all in before your exceptions... well the exceptions won't matter. fwbuilder supports a number of netfilter/iptables type of systems. http://www.fwbuilder.org ttfn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
(Some of this is my personal opinion; I don't claim to be a security expert.) Andreas von Heydwolff <[EMAIL PROTECTED]> writes: > My home dir contains no database files but lots of proprietary > WordPerfect docs, pdfs, oggs/mp3s/wavs and jpgs and my mail > archive. The thing you're mostly worried about is things that can have executable code in them. Your PDFs, pictures, and music are probably all okay (unless you picked up something that was intentionally going after them); I'd be a little worried about scripting code buried in the WordPerfect files. But it's not like you have a bunch of things compiled by hand in your home directory that are potentially infected, it sounds like. > It is always mounted noexec,nosuid,nodev,user. (This isn't much security; the attacker is almost certainly root so nosuid is irrelevant, and if you have /home/me/bin/foo you can explicitly run '/lib/ld-linux.so /home/me/bin/foo' to run the binary regardless of noexecness.) > And, lastly for now: The /var/crackdir dir has a timestamp X. Does > this mean the crack most probably did not happen before day X? See touch(1). The timestamp is completely meaningless. -- David Maze [EMAIL PROTECTED] http://people.debian.org/~dmaze/ "Theoretical politics is interesting. Politicking should be illegal." -- Abra Mitchell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
Ron Johnson wrote: On Fri, 2003-07-25 at 01:54, Andreas von Heydwolff wrote: Paul Johnson wrote: [snip] Err, and one more: Should I buy a hardware firewall/router instead of fiddeling around with iptables as an amateur? No, just do a better job of firewalling. Maybe get a "trashheap special", install a minimal Debian on it and have it be your fw. http://morizot.net/firewall/gen/ will do a good job of generating an iptables script. Thanks, Ron. I have been using a trashheap AMD 133MHz with a 200M harddisk and a woody stable install with iptables/firestarter so far but perhaps I had the firewall open just a bit too long once during maintenance. Will give http://morizot.net/firewall/gen/ a try - have been wanting to get rid of X plus the gnome libs on this little machine for some time anyway. Andreas PS sorry, Ron, for the private mail - keep forgetting about Mozilla's reply behavior -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
On Fri, 2003-07-25 at 01:54, Andreas von Heydwolff wrote: > Paul Johnson wrote: [snip] > Err, and one more: Should I buy a hardware firewall/router instead of > fiddeling around with iptables as an amateur? No, just do a better job of firewalling. Maybe get a "trashheap special", install a minimal Debian on it and have it be your fw. http://morizot.net/firewall/gen/ will do a good job of generating an iptables script. -- +-+ | Ron Johnson, Jr.Home: [EMAIL PROTECTED] | | Jefferson, LA USA | | | | "I'm not a vegetarian because I love animals, I'm a vegetarian | | because I hate vegetables!"| |unknown | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
Paul Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 24, 2003 at 04:19:46PM +0200, Andreas von Heydwolff wrote: Would you think with deleting the /var/bobsdata dir, the crontab entry and my --reinstall I have stopped being a DDoS client and can skip a new install of my machine? Any ideas appreciated... You've been pretty nicely cracked. It's time to mkfs over everything and start from scratch. Restore /home from the last backup that you know for sure was made before this started, anything backed up after that is garbage and shouldn't be used anymore. Good luck. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' :proud Debian admin and user Oh well. Second time this year. Thanks, Paul, for the response and good wishes. I now have a few more questions: My home dir contains no database files but lots of proprietary WordPerfect docs, pdfs, oggs/mp3s/wavs and jpgs and my mail archive. It is always mounted noexec,nosuid,nodev,user. I do have a virtual VMware NT4 machine running some of the time that seems to be virus/trojan free. Would you still recommend going back to a backup of /home after a clean install? The virtual NT4 machine probably should be thrown away, or would you (or anyone from the list, as it were) consider it safe because the crack looks like a *nix specific one? And, lastly for now: The /var/crackdir dir has a timestamp X. Does this mean the crack most probably did not happen before day X? Err, and one more: Should I buy a hardware firewall/router instead of fiddeling around with iptables as an amateur? Regards, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack traces in /var ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 24, 2003 at 04:19:46PM +0200, Andreas von Heydwolff wrote: > Would you think with deleting the /var/bobsdata dir, the crontab entry > and my --reinstall I have stopped being a DDoS client and can skip a new > install of my machine? Any ideas appreciated... You've been pretty nicely cracked. It's time to mkfs over everything and start from scratch. Restore /home from the last backup that you know for sure was made before this started, anything backed up after that is garbage and shouldn't be used anymore. Good luck. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/IK0rJ5vLSqVpK2kRAkyQAJ99UOytcN93cMJ4kG9PqZ0xrmAAlwCeKWoD NmAxU+JdZSfMHW5z17z0h/A= =f+wm -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
crack traces in /var ?
Hi all, Google didn't yield anything specific, so does anyone know what sort of crack my desktop machine (NAT behind an up to date woody stable iptables firewall) seems to have suffered? Symptoms are a dir named /var/bobsdata, containing "admin.pwd" with a string like $1$WmspYkT9$POV... and subdirs current/process, containing "cmdloop" and "check_loop". I also found a crontab entry 0-59/5 * * * * root /var/bobsdata/current/process/check_loop My firewall sometimes displays packets to ports that are used by trin00 and subseven with a DST address of my internal network. chkrootkit reported nothing unusual. Tiger gives me about 30 messages about standard binaries such as --WARN-- [sig004w] None of the following versions of /usr/bin/passwd (-rwsr-xr-x) matched the /usr/bin/passwd on this machine. >>>>>> Linux 2.0.35 Therefore I cleaned the deb cache, did an apt-get install --reinstall of all mentioned packages and still am getting this set of warnings. Considering earlier experiences with tiger I wonder if this is a Debian-specific tiger problem and a false positive just as the complaints about --FAIL-- [pass009e] Login daemon has a user id of 1. --FAIL-- [pass009e] Login daemon has a group id of 1. (Debian default, no?) and a trace of Hylafax: --FAIL-- [pass009e] Login faxmaster has more than 8 characters. --FAIL-- [pass009e] Group faxmaster has more than 8 characters. Would you think with deleting the /var/bobsdata dir, the crontab entry and my --reinstall I have stopped being a DDoS client and can skip a new install of my machine? Any ideas appreciated... Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
problem installing new "crack" program
I just installed crack,a password cracking program to test things, and it won't --configure. I get the following message from the post installation script: Setting up crack (5.0a-1) ... error in control file: `Files' value not specified at /usr/sbin/install-docs line 644, line 14. Thanks. -- John Covici [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: crack and MD5
On Sun, Jan 21, 2001 at 06:23:26PM -0600, Benjamin Pharr wrote: > I'm running potato with MD5 password hashing enabled. Crack works fine > when used on a system that uses standard crypt(). I would like to run > crack to test my users passwords. I changed the Crack script to gcc > settings and moved and copied the files I was supposed to for MD5. When I > did a "./Crack -makeonly it gives me the following errors (paraphrased): > > elcid.c:139: undefined reference to crypt > collect2: ld returned 1 exit status > ../run/bin/linux-2-unknown/stdlib-cracker] Error 1 > ../run/bin/linux-2-unknown/cracker] Error 2 > make: *** [utils] Error 1 > > If anyone out there is familiar with crack, please give me a hand. Thanks! im not familier with crack, but it looks like you need to add -lcrypt to the compile time arguments. or try john the ripper. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp3GBCBCSo56.pgp Description: PGP signature
crack and MD5
I'm running potato with MD5 password hashing enabled. Crack works fine when used on a system that uses standard crypt(). I would like to run crack to test my users passwords. I changed the Crack script to gcc settings and moved and copied the files I was supposed to for MD5. When I did a "./Crack -makeonly it gives me the following errors (paraphrased): elcid.c:139: undefined reference to crypt collect2: ld returned 1 exit status ../run/bin/linux-2-unknown/stdlib-cracker] Error 1 ../run/bin/linux-2-unknown/cracker] Error 2 make: *** [utils] Error 1 If anyone out there is familiar with crack, please give me a hand. Thanks! Ben Pharr
Re: crack?
Ethan Pierce wrote: > > Hi all, I wanted to test out crack on my /etc/passwd file... > someone told me it takes 6 days to run for good passwords. > While my root password is non dictionary, will crack work? If it _really_ is non-dictionary, probably not, but I can't answer for sure without studying if crack will go on from intelligent cracking methods to the brute force of trying everything, whether tracked-pseudo-randomly, or in order, but I doubt so, since that should, theoretically and statistically speaking, take _much_ longer than only six days. You'll just have to try it out. > Im very curious about how much a user can gain if he/she is > able to cat my /etc/passwd The same ability to run crack on it as you do, without having to guess at login names, as it would be without it. Plus the ability to see if any logins have no password, some of which, if not all, being so, present vulnerabilities. -- [EMAIL PROTECTED] 972-729-5387 [EMAIL PROTECTED] (home phone on request) http://www.koyote.com/users/bolan RE: xmailtool http://www.koyote.com/users/bolan/xmailtool/index.html I am the "ILOVEGNU" signature virus. Just copy me to your signature. This email was infected under the terms of the GNU General Public License.
crack?
Hi all, I wanted to test out crack on my /etc/passwd file...someone told me it takes 6 days to run for good passwords. While my root password is non dictionary, will crack work? Im very curious about how much a user can gain if he/she is able to cat my /etc/passwd
Re: locate/updatedb on crack
> > now with "gimpinitl.h." > > gimpintl.h != gimpinit.h > > > The other found gimp.h, which is in the same dir as gimpinit.h. But > > it still can't locate gimpinitl.h. Well, that's embarassing. Stupid typos... Maybe I'm dyslexic (is that spelled right?, ispell flags it, no suggestions though, and I can't think of anything else)... Yeah, that's it. To partially save face, I confused gimpintl.h with gimpinitl.h, not gimpintl.h and gimpinit.h, although it might not look like that... -- Pat Mahoney <[EMAIL PROTECTED]> I had no shoes and I pitied myself. Then I met a man who had no feet, so I took his shoes. -- Dave Barry
locate/updatedb on crack
Locate has been acting strangely lately, please have a look: I just ran updatedb two minutes ago; updatedb.conf appears below. [EMAIL PROTECTED]:~$ locate /usr/include/libgimp/gimpintl.h /usr/include/libgimp/gimpintl.h # ok, it found it [EMAIL PROTECTED]:~$ locate gimpinit.h # but not this time? [EMAIL PROTECTED]:~$ locate /libgimp/gimpintl.h # good /usr/include/libgimp/gimpintl.h [EMAIL PROTECTED]:~$ locate /gimpintl.h # again /usr/include/libgimp/gimpintl.h [EMAIL PROTECTED]:~$ locate gimpintl.h # ok, now why does it work here? /usr/include/libgimp/gimpintl.h [EMAIL PROTECTED]:~$ locate gimpintl.h # again? /usr/include/libgimp/gimpintl.h I'm using two Eterms. Now it's working in one of them (the one above), but not the other. Both seem to work fine except for the other one now with "gimpinitl.h." The other found gimp.h, which is in the same dir as gimpinit.h. But it still can't locate gimpinitl.h. /etc/updatedb.conf: # This file sets environment variables which are used by updatedb # filesystems which are pruned from updatedb database PRUNEFS="NFS nfs afs proc smbfs autofs auto iso9660 ncpfs coda" export PRUNEFS # paths which are pruned from updatedb database PRUNEPATHS="/tmp /usr/tmp /var/tmp /afs /amd /alex /var/spool" export PRUNEPATHS # netpaths which are added NETPATHS="" export NETPATHS ### end of updatedb.conf ## -- Pat Mahoney <[EMAIL PROTECTED]> I cannot overemphasize the importance of good grammar. . What a crock. I could easily overemphasize the importance of good grammar. For example, I could say: "Bad grammar is the leading cause of slow, painful death in North America," or "Without good grammar, the United States would have lost World War II." -- Dave Barry, "An Utterly Absurd Look at Grammar"
Re: Compiling Crack 5.0a in hamm
On Fri, May 29, 1998 at 01:04:09AM -0400, Norbert Veber wrote: > Hi.. > > Today I decided to test the strength of my /etc/passwd, so I went and got > the crack 5.0 source, but it wouldnt compile. It gave me the following > error: > I got it to work with the help of #linuxos people, the fix is: change /src/util/Makefile line 12 to: CFLAGS= $(XCFLAGS) -I../lib -lcrypt (just letting you know incase others have had the same problem) pgp1gDYsLKV5p.pgp Description: PGP signature
Compiling Crack 5.0a in hamm
Hi.. Today I decided to test the strength of my /etc/passwd, so I went and got the crack 5.0 source, but it wouldnt compile. It gave me the following error: cracker.c: In function ogger': cracker.c:108: warning: implicit declaration of function ime' date > ../../run/bin/linux-2-unknown/libdes-cracker make[2]: Leaving directory /root/c50a/src/util' gcc -g -O2 -Wall -DUSE_STRING_H -DUSE_STDLIB_H -DUSE_SIGNAL_H -DUSE_SYS_TYPES_H -DUSE_UNISTD_H -DUSE_PWD_H -I../lib -o ../../run/bin/linux-2-unknown/dictfilt dictfilt.c elcid.o ../../run/bin/linux-2-unknown/libc5.a elcid.o: In function lcid_test': /root/c50a/src/util/elcid.c:159: undefined reference to rypt' make[1]: *** [../../run/bin/linux-2-unknown/dictfilt] Error 1 make[1]: Leaving directory /root/c50a/src/util' make: *** [utils] Error 1 It did compile fine under slackware, so maybe this is a glibc issue, or maybe I'm missing some *-dev package. Also what are some thoughts on packaging this beast? I assume its not included with debian as it is considered to be evil.. :) pgpSrZIuvZEcN.pgp Description: PGP signature
Re: good crack program
Paul wrote: > > Hello everybody, is there a good crack program. I can't seem to find > qcrack. Can somebody tell me where to find qcrack. > thanks > Paul > Run dselect and look in the administration sections for it. -- 0 0 " http://www.netaxs.com/~ldc/ ___ooO ~ Ooo___ LeRoy D. Cressy /\_/\ [EMAIL PROTECTED] Computer Consulting ( o.o ) (215) 389-5870 > ^ < -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
good crack program
Hello everybody, is there a good crack program. I can't seem to find qcrack. Can somebody tell me where to find qcrack. thanks Paul -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Crack and cops
On Sun, 17 Nov 1996, CoB SysAdmin wrote: > > I didn't notice crack or cops listed in the Debian 1.1 package listing. Both packages would be more than welcome to Debian. However, COPS would be more important since Debian 1.2 has qcrack (a high speed version of crack using hashing files). Currently, COPS and Crack are in my to-do list of packages to Debianize but if you feel a urgent need for them go ahead to package them. > I ftp'd crack and had trouble compiling it, discovered many others did, too; > found the glitch and fixed it. Yes, Crack is a pain but easily fixed. > So, it brings me to an interesting question: Is there a reason why cops > and crack aren't in a package yet, other than possibly not having a > maintainer? I figured that people might not like making a package like > crack quite so "plug-n-play", lest the baddie baddies get wind of it. It not a matter of Debian/Linux not accepting them, it matter of time. Most package developers aren't paid for their time, so it takes awhile for packages such as COPS and Crack to get packaged. > If the only impediment is that they need a maintainer, what do I need to > do to enlist? (Probably check the FAQ first, huh? Duh!) You got it! :) And good luck should you take on this job COPS is going to be a major pain in the *ss to debianize (in my opinion). Let me know if you decide to take on either package so we don't duplicate our efforts. --- "LEAR: Into her womb convey sterility! Dry up in her the organs on increase..." (King Lear) --- Patrick J. Edwards <[EMAIL PROTECTED]> http://www.cs.usask.ca/undergrads/pje120/ http://hup1.usask.ca:8000/ finger [EMAIL PROTECTED] for my PGP Key Key fingerprint = 9F 45 7D 6E C0 A4 B4 0D 48 C7 14 CA 23 B0 B4 F8 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
-BEGIN PGP SIGNED MESSAGE- On Sun, 17 Nov 1996, CoB [EMAIL PROTECTED] (Joe Emenaker) wrote: > > I didn't notice crack or cops listed in the Debian 1.1 package listing. > > I ftp'd crack and had trouble compiling it, discovered many others did, too; > found the glitch and fixed it. > > So, it brings me to an interesting question: Is there a reason why cops > and crack aren't in a package yet, other than possibly not having a > maintainer? I figured that people might not like making a package like > crack quite so "plug-n-play", lest the baddie baddies get wind of it. qcrack is already in debian 1.2 (rex frozen), works well and has a good dictionnary. > > If the only impediment is that they need a maintainer, what do I need to > do to enlist? (Probably check the FAQ first, huh? Duh!) > Well, the FAQ about maintenance need was post lately... did you want a copy? :) - --- The trick isn't that free software are among the best, it's that commercial stuff aren't the best! - --- Fabien Ninoles aka Baffouille || Running Debian-Linux [EMAIL PROTECTED]|| Lover of MOO, mountains, http://www-edu.gel.usherb.ca/ninf01 || poetry and Freedom. - --- -BEGIN PGP SIGNATURE- Version: 2.6.3i Charset: noconv iQCVAwUBMpPPgFX6fc7jcjhFAQEEhwQAueQB/y0lJq05RPhunv5yrVyNKincER21 0ZiFVI6j4LjX1AMLg34VT7EUzMpySvQVAanfyMRIvWjog/FTlrAUNSbvQ+BZp9Rg BmqpKippKT7J7poG2XfaJy26tigu2ffZ2Snqm7Kisgtv6ahFGHEtBqSFpgax90MH 0b7YHPSHd6o= =ct7+ -END PGP SIGNATURE- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
> > > Pardon my ignorance but what exactly are "crak" and "cops"? > > Cops: security checker. Cops does some cute things. First off, it checks for some obvious things like, say, your /var/spool/cron/crontabs dir being world-writable or your hosts.equiv file being world writable, etc It's got one really *cute* feature called "kuwang", I think. Basically, it's supposed to find ways that a user can gain root access through a *process*. For example, let's we've got three users on the system: "A", "B", and root. Let's also say that A's primary group is "X" but it's also in "Z". B's primary group is "Z" and is also in the "root" group. Further, let us assume that B was careless enough to turn on group write permissions for his/her .profile. So, we've got something like this: % ls -l /home/B/.profile -rwxrwxr-x BZ1534 Jan 17 12:34 .profile And let us assume the same of root: % ls -l /root/.profile -rwxrwxr-x root root 2543 Feb 23 16:32.profile Well, now, it's possible for user "A" to gain root privledges. A will be able to write to "B"s .profile and, hence, will be able to run anything as "B". This means that "A" (while running something as "B") will be able to write to "root"s .profile and will be able to run anything as root. I know this seems preposterous... like you need this impossible conspiracy of little misconfigurations to allow for a security hole of this nature... but it's really not that impossible. Imagine, for example, if you put a certain user in the "www" group to allow them to maintain a portion of your web site. Also imagine that you've added "www" to the "root" group so that certain CGI scripts will be able access some files that www doesn't normally have access to. Well, now you're more than half way there... and you got there by doing two things that, in themselves, didn't seem as all that unreasonable. So, to keep a long story from getting any longer, that is what kuwang is supposed to do. I'm not sure if it really *does*, since it's never found a hole like that on my machine yet. - Joe -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
On Tue, 19 Nov 1996 17:04:52 EST "Joe Feenin" ([EMAIL PROTECTED]) wrote: > Pardon my ignorance but what exactly are "crak" and "cops"? Crack: password cracker. Cops: security checker. Phil. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
CoB SysAdmin (Joe Emenaker) <[EMAIL PROTECTED]> writes: > If the only impediment is that they need a maintainer Yes. > , what do I need to do to enlist? (Probably check the FAQ first, > huh? Duh!) See the Work Needing and Prospective Packages document. I'm not sure where it it kept, but it's posted to one of the lists (debian-devel?) on a regular basis. There you can make sure someone else hasn't claimed it, and can see how to become a maintainer. Note that there is a new qcrack package. I don't know how that relates to crack. -- Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Crack and cops
I didn't notice crack or cops listed in the Debian 1.1 package listing. I ftp'd crack and had trouble compiling it, discovered many others did, too; found the glitch and fixed it. So, it brings me to an interesting question: Is there a reason why cops and crack aren't in a package yet, other than possibly not having a maintainer? I figured that people might not like making a package like crack quite so "plug-n-play", lest the baddie baddies get wind of it. If the only impediment is that they need a maintainer, what do I need to do to enlist? (Probably check the FAQ first, huh? Duh!) - Joe -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
anyone got Crack to work in Debian
I recently downloaded Crack_4.1 from Sunsite (I couldn't find a Debian version, there isn't one is there?). When I ran it, I got "Version of crypt() being used internally is not compatible with standard. Terminating...". Is this true that Debian crypt() is non-standard? Has anyone got this to work with Debian? It seemed like there might be other things that needed to be changed to get it to run, but the crypt thing seemed like the most serious. I did successfully run Crack a year or so ago on a Linux system. Don't know what's changed since then. Gerry [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]