Re: [expert] finding security holes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim C wrote on Sat, Mar 08, 2003 at 10:53:52AM -0800 : > Short form: There is no way provided to turn html off, as far as I can > tell, in Netscape 7.0. No check box and no known means of doing so by > inserting comments anywhere in the system. Install demime and filter all inbound mail through it. google for demime and it should come up with something like scifi.squawk.com or close to it. Blue skies... Todd - -- | MandrakeSoft USA | Security is like an onion. It's made | | http://www.mandrakesoft.com | made up of several layers and makes | | http://www.mandrakelinux.com | you cry. --Howard Chu| Mandrake Cooker Devel Version, Kernel 2.4.21-0.12mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+bB4ulp7v05cW2woRAjsQAKCoHs1sMc+whrMbr9rOfuVTS9rNrwCeLCGU bZGeApIIMIbwKYtOi0Fw0k8= =A6OV -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
On Fri Mar 07, 2003 at 11:49:06PM -0300, Leonardo wrote: > I'm very sorry!!! I didn't know that i was writting messages in html. I've > had some problems with my home mdk box so i'm using (unfortunately) outlook. > I'll try to figure out if there's any option that can disable the html > format on e-mail messages. > > Anyway, thanks for the answer.I can't afford a machine just for firewall... > I'll try to install chrootkit and some tools that i recently discovered > (tripwire, nmap and snort). If you, or anyone, knows urls of docs about > those, please tell me (but i think google is the faster and the best way to > find docs). You can also fine a lot of info on http://www.mandrakesecure.net/ including tutorials, links, and a listing of tools for a variety of purposes. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} pgp0.pgp Description: PGP signature
Re: [expert] finding security holes
Short form: There is no way provided to turn html off, as far as I can tell, in Netscape 7.0. No check box and no known means of doing so by inserting comments anywhere in the system. I'm not sure I understand your problem. FWIW, though, KMail displays the plain text version of a dual-mode send if you have the html turned off. Is there nothing similar you can do in Netscape? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
On Saturday 08 Mar 2003 5:50 pm, Jim C wrote: > Netscape 7.0 does have filters and I employ them in concert with > SpamPal. What it doesn't have is the ability to add: > to the end of any file that contains > or etc. I don't want to eliminate the mail all together > because I do occasionally get html messages I want to view. I just want > viewing it turned off by default. > > engage wrote: > > There is. Use an e-mail program that has filters. I'm not sure I understand your problem. FWIW, though, KMail displays the plain text version of a dual-mode send if you have the html turned off. Is there nothing similar you can do in Netscape? Anne -- Registered Linux User No.293302 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [Fwd: Re: [expert] finding security holes]
Whoops. Double wammy! Sorry. Jim C wrote: Netscape 7.0 does have filters and I employ them in concert with Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[Fwd: Re: [expert] finding security holes]
Netscape 7.0 does have filters and I employ them in concert with SpamPal. What it doesn't have is the ability to add: to the end of any file that contains or etc. I don't want to eliminate the mail all together because I do occasionally get html messages I want to view. I just want viewing it turned off by default. engage wrote: > There is. Use an e-mail program that has filters. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
Netscape 7.0 does have filters and I employ them in concert with SpamPal. What it doesn't have is the ability to add: to the end of any file that contains or etc. I don't want to eliminate the mail all together because I do occasionally get html messages I want to view. I just want viewing it turned off by default. engage wrote: There is. Use an e-mail program that has filters. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
There is. Use an e-mail program that has filters. On Saturday 08 March 2003 10:08 am, Jim C wrote: > Great. Now if there just were a way to avoid vewing it in Netscape 7.0. > :-/ > > >>I'm very sorry!!! I didn't know that i was writting messages in html. > >> I've > > ... > > > It isn't difficult to modify Outlook Express to disable HTML (which is > > enabled by default). Tools->Options->Send->Mail Sending Format Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
Great. Now if there just were a way to avoid vewing it in Netscape 7.0. :-/ I'm very sorry!!! I didn't know that i was writting messages in html. I've ... It isn't difficult to modify Outlook Express to disable HTML (which is enabled by default). Tools->Options->Send->Mail Sending Format Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
On Friday 07 March 2003 07:49 pm, Leonardo wrote: > I'm very sorry!!! I didn't know that i was writting messages in html. I've > had some problems with my home mdk box so i'm using (unfortunately) > outlook. I'll try to figure out if there's any option that can disable the > html format on e-mail messages. > It isn't difficult to modify Outlook Express to disable HTML (which is enabled by default). Tools->Options->Send->Mail Sending Format Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
On Friday 07 March 2003 07:10 pm, civileme wrote: > > You can activate prelude and watch the logs, and you can load chkrootkit, > and you can compile the kernel specifically for your machine with all > modules compiled in and none loading, which helps proof against rootkits, > but remember linux is by nature much much more secure than the best > lockdown you can put on windows. > How does one add pelude to the system logs in Webmin? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
I'm very sorry!!! I didn't know that i was writting messages in html. I've had some problems with my home mdk box so i'm using (unfortunately) outlook. I'll try to figure out if there's any option that can disable the html format on e-mail messages. Anyway, thanks for the answer.I can't afford a machine just for firewall... I'll try to install chrootkit and some tools that i recently discovered (tripwire, nmap and snort). If you, or anyone, knows urls of docs about those, please tell me (but i think google is the faster and the best way to find docs). Cheers, Leonardo Sá - Original Message - From: "civileme" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 07, 2003 11:10 PM Subject: Re: [expert] finding security holes > On Friday 07 March 2003 02:23 pm, Leonardo wrote: > > i've just finished setting up a mdk9.0 server with postfix, mailman, > > iptables and apache. Things are going fine, but I would like to know how > > can I detect any security breaches on my system to prevent possible hacker > > invasions. I've been using the netstat command but there should be > > others... > > > > Thanks in advance, > > Leonardo Sá > > Recife, Brazil > > Well your html messages aren't going to get too many answers, cause most folks > filter them out. I occasionally scan my trash for list messages, so I saw > yours. > > What you want is to sign up for the security advirories list and stay updated. > > If you want a real firewall put it on a machine between you and the net > connection. MNF, which is free to download does a wonderful job, and still > allows you to forward ports your server uses to the server. > > Nothing like Norton's Personal Firewall exists which will notify you about > regular net traffic (remember personal firewall will claim an ftp connection > on port 21 is the WinCrash trojan cause it sometimes also uses port 21). > > You can activate prelude and watch the logs, and you can load chkrootkit, and > you can compile the kernel specifically for your machine with all modules > compiled in and none loading, which helps proof against rootkits, but > remember linux is by nature much much more secure than the best lockdown you > can put on windows. > > Civileme > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] finding security holes
On Friday 07 March 2003 02:23 pm, Leonardo wrote: > i've just finished setting up a mdk9.0 server with postfix, mailman, > iptables and apache. Things are going fine, but I would like to know how > can I detect any security breaches on my system to prevent possible hacker > invasions. I've been using the netstat command but there should be > others... > > Thanks in advance, > Leonardo Sá > Recife, Brazil Well your html messages aren't going to get too many answers, cause most folks filter them out. I occasionally scan my trash for list messages, so I saw yours. What you want is to sign up for the security advirories list and stay updated. If you want a real firewall put it on a machine between you and the net connection. MNF, which is free to download does a wonderful job, and still allows you to forward ports your server uses to the server. Nothing like Norton's Personal Firewall exists which will notify you about regular net traffic (remember personal firewall will claim an ftp connection on port 21 is the WinCrash trojan cause it sometimes also uses port 21). You can activate prelude and watch the logs, and you can load chkrootkit, and you can compile the kernel specifically for your machine with all modules compiled in and none loading, which helps proof against rootkits, but remember linux is by nature much much more secure than the best lockdown you can put on windows. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] finding security holes
i've just finished setting up a mdk9.0 server with postfix, mailman, iptables and apache. Things are going fine, but I would like to know how can I detect any security breaches on my system to prevent possible hacker invasions. I've been using the netstat command but there should be others... Thanks in advance, Leonardo Sá Recife, Brazil