Re: How do you guys handle PNG/JPG binary files with potential payloads for all the image viewers?
Corey H wrote: > how do you guys test all of the potential PNG/JPG potential malware payloads to check any file for potential malware you can use: chkrootkit rkhunter but you can also try with: binwalk <- detect/extract binary data in files string <- to detect strings in the image/audio file exiftool, exiv2 <- to detect metadata but in image/audio file you can hide also information with steganography[¹] you can try with: stegcracker stegosuite foremost I have read that you can determine if an image file has hidden content or not, but I don't know if there is a software that do only this check. Probably with histogram analysis[²] you can find suspected altered files. You can start read for steganalysis[³] and report here results. Ciao Davide [¹] https://en.wikipedia.org/wiki/Steganography [²] https://en.wikipedia.org/wiki/Image_histogram [³] https://en.wikipedia.org/wiki/Steganalysis -- My Privacy is None of Your Business https://noyb.eu/it
Re: How to securely verify that package-installed files match originals?
On 14/01/21 11:56, Erik Poupaert wrote: dpkg -V The reason why I am carrying out this audit is, however, because I somehow suspect that the system could be compromised. as suggested you can use debsums you can also use * to detect missing or unexplained files cruft Note: the output can be very very long, save it to a file and set the --ignore flag to directory where you are sure there are no problems * to detect rootkit chkrootkit rkhunter If your system is compromised and try to understand from where they come in or you want to check for vulnerability on your system you can use (I never try these): checksecurity tiger To see open security bugs on installed package: debian-security-support Note that, in theory, your system can be compromised with code in RAM/GPU MEMORY/BIOS/UEFI/... For RAM and similar you can solve restarting your PC with a trusted system, but for others normally you are unable to check if something is wrong and from that PC can be that you cannot start a trusted system I'm not a security expert, but this thinks is very interesting... Ciao Davide
Re: Scripts that run insecurely-downloaded code
On 01/05/20 22:00, Rebecca N. Palmer wrote: On 01/05/2020 20:31, Elmar Stellnberger wrote: https isn´t any more secure than http as long as you do not have a verifiably trustworthy server certificate that you can check for. As we know the certification authority system is totally broken. Imperfect yes, but still better than nothing. There is another problem: implementation. Not all the software that implement HTTPS verify the validity of the certificate and the validity of all the certification chain. For example where I work has been invalidated a certificate, but for mistake the new valid one was not loaded on a https site. With Debian and Firefox I cannot access that site (I get "the certificate is not valid" or something similar), but other people, that use another OS, can access it with internet explorer and chrome, but not with Firefox. Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Sistema operativo: http://www.debian.org GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: Why no security support for binutils? What to do about it?
On 01/01/20 10:29, Elmar Stellnberger wrote: Up to now I did not see any notable effort to support malware reverse engineering under Linux. The only program I knew was boomerang for decompiling malware but it seems to be unsupported since long. probably here you can find some useful: http://www.backerstreet.com/decompiler/decompilers.htm https://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers https://retdec.com/ Ciao Davide
Re: network-manager applet disappeared
On 15/12/19 19:06, Pegro wrote: I was just unable to recieve an IP address --- the router does NOT allow me to use static IP addresses If I don't mistake, router always allow you to use a static IP address... if you select the IP address in the authorized range. First you need to know a valid IP address not actually used (IP_ADDRESS) and the net mask of the network (NETMASK), the network interface of your PC (ETH0) and the IP of the router (IP_ROUTER). I suppose that you are able to know the values of IP_ADDRESS, NETMASK, ETH0, and IP_ROUTER Normally this is the basic step to have a network working: # ifconfig ETH0 IP_ADDRESS netmask NETMASK # route add default gw IP_ROUTER You can also see if the DNS have been setted: $ cat /etc/resolv.conf if it is blank you must insert one-two valid entry, for the example the following (opendns) nameserver 208.67.222.222 nameserver 208.67.220.220 When you have correctly activated your network, then you can address all other issue you have. If this was not appropriate mailing list to send this mail, I apologise ... I think it is better to ask to the user mailing list... Ciao Davide
Re: Have I caught a firmware attack in the act? Or am I just paranoid?
On 15/08/19 22:57, Rebecca N. Palmer wrote: I have only seen intelligence visiting my home when I left an offline computer around with HDD. If you feel safe answering: what country was this in? Your name and time zone suggest Germany/Austria/Switzerland, which I wouldn't have thought of as the kind of places that do this. With the amendment of the StPO 2017, the German Bundestag created a legal basis for the widespread use of these so-called Statetrojans[¹] More states have laws that let they spy citizen with trojans. This cause our device/software to be less secure and the same backdoor can be used also by others. Also when data is collected is also accessible by people who work directly/indirectly and some of these can use that data (sell/send to others/read for himself/...) Ciao Davide [¹] https://www.spiegel.de/international/germany/state-spyware-german-court-permits-restricted-online-surveillance-a-538094.html -- Dizionari: http://linguistico.sourceforge.net/wiki Esci dall'illegalità: utilizza LibreOffice/OpenOffice: http://linguistico.sf.net/wiki/doku.php?id=usaooo Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: Intel Microcode updates
On 24/06/19 01:57, Lou Poppler wrote: I am only guessing, but I think a possible explanation which resolves this conundrum might be this: The latest release page is saying that the latest microcode package contains the latest microcode for this Core2 processor, which is the version last updated on 2010-09-28. Not changed, but still made available in the 20190312 standard microcodes blob. Maybe, only guessing. ok, so this can be the explanation that the core2 don't have mitigation for the latest hardware bug found and the other branch of this thread that say that you can install this manually is not correct. I have read that intel say that make mitigation for "older"[¹] CPU is too much costly. Ciao Davide [¹] as I have wrote I have seen that the core2 CPU was on sell as new (probably as last magazine pieces?) on a lot of sites when spectre and meltdown were found. And I have read comment of people that have buy they to upgrade their old machine... so this CPUs are not so old. Also I have see, at the same time, Intel charts that tell you that these CPUs are the better for performance/price on the market... so this CPUs are not so bad.
Re: Intel Microcode updates
On 23/06/19 22:28, Henrique de Moraes Holschuh wrote: The README already tells you how to do it yourself, and people won't read it, why would them find about an example downloader script? $ zless /usr/share/doc/intel-microcode/README.Debian.gz [...] Custom Linux kernels must be built with initramfs support enabled (Kconfig option CONFIG_BLK_DEV_INITRD=y), as well as early microcode support enabled (Kconfig options CONFIG_MICROCODE=y, CONFIG_MICROCODE_INTEL=y, CONFIG_MICROCODE_INTEL_EARLY=y) [...] $ grep CONFIG_MICROCODE_INTEL_EARLY /boot/config-4.19.* $ I try with F8 in .../src/linux$ make nconfig but it find nothing [...] A new version of the microcode bundle can be downloaded directly from Intel (through their GitHub project): https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files To manually install the downloaded microcode bundle, unpack the archive you got from Intel and copy the microcode-*.dat file from the archive to /usr/share/misc/intel-microcode.dat. [...] I have download the bundle, but inside there aren't .dat files as I have say in another post in this thread: here there are the same files of the intel-microcode package Ciao Davide PS: I don't want to criticize Debian (I'm a Debian user fun) nor who reply on the list (this people help other to understand what the don't know)
Re: Intel Microcode updates
On 11/06/19 04:19, Henrique de Moraes Holschuh wrote: On Mon, 10 Jun 2019, Russell Coker wrote: model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz Intel upstream decided to not distribute it, for whatever reason. The Core2 will not get any fixes for MDS either (nor will Nehalem and Westmere). ok, I have read that also, but in the latest release page[¹] it tell you that Intel® Core™2 Quad Processor is supported by the latest microcode (Version: 20190312 (Latest)). But if I do a # dmesg | grep microcode [0.00] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28 $ dpkg -l intel-microcode ii intel-microcode 3.20190618.1~deb9u1 So Intel tell you, in the "press", that your CPU is not supported; in the microcode official page, it tell you that your CPU is supported... and the microcode is installed on my PC, but not loaded... something is wrong, or I don't have understand. It is easy enough to source that microcode update if you look for it, and you can just drop it on /usr/share/misc/intel-microcode.bin with intel-microcode installed, and update the initramfs. It will pick the extra microcode up. in the page [¹] there is not a download link, but a .txt file that tell you do download from github[²] and here there is exactly what I have in: $ dpkg -L intel-microcode and not the intel-microcode.bin you talk about Am I missing something? Ciao Davide [¹] https://downloadcenter.intel.com/download/28727/Linux-Processor-Microcode-Data-File?product=35428 [²] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
Re: Intel Microcode updates
On 10/06/19 13:16, Michael Stone wrote: On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote: I just discovered the spectre-meltdown-checker package model name : Intel(R) Core(TM)2 Quad CPU Q9505 @ 2.83GHz Your CPU is not supported my Intel, so you either accept the risk or buy a new one. you have another choice: disable the SMP & C. and all mitigation form Linux (Note that the latest version of the microcode is from 2015--long before any of these speculative execution vulnerabilities were mitigated.) Yours is a yorkfield: https://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/ Intel(R) Core(TM)2 Quad CPU was already on sell on many site when the spectre/meltdown hardware bug was discovered and probably you can buy also now. It is a shame that intel do not give microcode update for these CPU and others. For me, buying new CPU do not give you protection against possible hardware bug because: * you will get only mitigation and not bug correction. Mitigation == the attack is more hard, but it can be done successfully. I don't have read any new CPU that was designed against this bug... probably because need 5-10 years have these CPU on the market * your CPU run slower because of these mitigation (I have rad that for some task you can have 50% or less performance), also some software have been modified (== make more slower) for these bugs: compiler, browser, ... and, in theory, these mitigation in compilation can be propagate to all the software you are running (== slowing all your software) * each CPU has a lot of undocumented instructions each of these can be a potentially new attack target. There are tools that let you find some of these, but after that understand how to use or abuse of them is an another story * firmware also is nearly always an obscure piece of code, always bigger that the previous one and in that can be present back door (recently it has been found back doors in firmware of some cellphone sell in Germany) * new hardware bugs and variant of previous bugs are found constantly, so we need a new CPU class designed for security. I have read that some people want to create a new CPU under free license, I think that is the only solution that we can trust * ... Ciao Davide
Re: Call for testing: Testers needed for ghostscript update
On 06/11/2018 16:16, Salvatore Bonaccorso wrote: We plan to rebase ghostscript via stretch-security to 9.25 plus cherry picked security fixes which happened after that release. Packages are at https://people.debian.org/~carnil/tmp/ghostscript/ I'm using Buster, but I have download ghostscript_9.25~dfsg-0+deb9u1~1.gbpb6a7bd_amd64.deb libgs9_9.25~dfsg-0+deb9u1~1.gbpb6a7bd_amd64.deb libgs9-common_9.25~dfsg-0+deb9u1~1.gbpb6a7bd_all.deb and installed. $ ghostscript a.pdf GPL Ghostscript 9.25 (2018-09-13) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 1. Page 1 Loading NimbusSans-Regular font from /usr/share/ghostscript/9.25/Resource/Font/NimbusSans-Regular... 4451500 2921389 6492968 5150597 3 done. Loading NimbusSans-Bold font from /usr/share/ghostscript/9.25/Resource/Font/NimbusSans-Bold... 4517612 3103754 6513168 5168226 3 done. >>showpage, press to continue<< XIO: fatal IO error 0 (Success) on X server ":0" after 120 requests (120 known processed) with 0 events remaining. $ gs Linux-Voice-Issue-001.pdf GPL Ghostscript 9.25 (2018-09-13) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 116. Page 1 >>showpage, press to continue<< XIO: fatal IO error 0 (Success) on X server ":0" after 1244 requests (1244 known processed) with 0 events remaining. This one is a multi-page PDF and it show only the first. I have open gimp and exported as PDF, I try to open and I see the drawing. $ gs /tmp/1/Senzanome.pdf GPL Ghostscript 9.25 (2018-09-13) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 1. Page 1 >>showpage, press to continue<< XIO: fatal IO error 2 (No such file or directory) on X server ":0" after 84 requests (84 known processed) with 0 events remaining. I have converted the drawing to ps $ pdftops Senzanome.pdf $ gs Senzanome.ps GPL Ghostscript 9.25 (2018-09-13) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. >>showpage, press to continue<< XIO: fatal IO error 2 (No such file or directory) on X server ":0" after 84 requests (84 known processed) with 0 events remaining. I see the correct image in the PDF, I don't know what is these 2 fatal IO error I get. I have checked and I get the same fatal IO error with the gs present in Buster. Let me know if you want me to make more test and what type of test. Ciao Davide
Re: Gaps in security coverage?
On 06/11/2018 02:34, Paul Wise wrote: On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote: So I recently started running debsecan on one of my boxes. It's a fairly barebones server install, uses unattended-upgrades and is fully up-to-date. I expected a clean bill of health, but didn't get that. I got pages and pages and pages of output. Some of it (especially kernel related) I believe may be false positives, but not all. Some of it simply isn't patched yet. That has been the normal state of things since I started running debsecan many many years ago. I'm not a security expert, but: * security bugs are found daily * security bugs are found also by people that don't work on the project and upstream can consider these bugs in different way: lower security bug; no security bug; no bug at all; ... * a software without security bugs (or fewer) is not intricately more secure than one with a lot of security bugs... the first one can be not checked for security bugs... * a security bug of a software that you are using can also not impact you, that depend on how you use that software and the system/network on which it is installed * ... Ciao Davide
Re: [SECURITY] [DSA 4187-1] linux security update
On 04/05/2018 04:06, Paul Wise wrote: On Thu, May 3, 2018 at 4:53 PM, richard lucassen wrote: There is also an big increase in time before random is initialized: ... One of the consequences is that openntpd (or a program like rdate) hangs until the crng is initialized. What do these two programs require entropy for? security: Integrates the latest secure API advances from OpenBSD such as getentropy(2), arc4random(3) (a fail-safe CSRNG that works in chroot environments), and reallocarray(3) (an integer overflow-checking malloc/calloc/realloc replacement).[1] you can read more detail on NTP RFC[2] Ciao Davide [1] http://www.openntpd.org/features.html [2] https://www.ietf.org/rfc/rfc1305.txt https://www.ietf.org/rfc/rfc5905.txt
Re: retpoline-enabled GCC build for jessie
On 18/02/2018 10:44, who.are.you wrote: On Sat, Feb 17, 2018 at 07:03:00PM +, Holger Levsen wrote: is this gcc only useful for rebuilding the kernel or would it "in theory" (and practice) be better to rebuild everything with it? (of course the latter is probably not really practical for Debian, but others could do it more easily.) Does this mean re-installing Debain is the best way to mitigate Spectre? If yes, would re-installing Debian from now (and onwards) be a good time to avoid Spectre vulnerabilities? If a Debian package is recompiled then this package is a new version of the previous package and you get it as a Debian update. So if it is better to rebuild all with retpoline-enabled I think that someone in Debian will recompile all the packages and you get they as Debian update... and so you don't have to re-install Debian (or if you reinstall Debian you get the same system you have already... without retpoline-enabled, because I don't have see any package recompiled with that, for now). Ciao Davide PS: I am I
haveibeenpwned -> sub...@bugs.debian.org and others
I have try this site: https://haveibeenpwned.com/ that inform you if your credential have been compromised in data brench (only for public compromised data). I have try it with sub...@bugs.debian.org and this account result compromised!! for: Email addresses, Passwords, Device usage tracking data, Names, Physical addresses Have this address a password? Can this be a security issue? (If this is not know and the password was not changed) I have see that also other Debian mail result compromised: secur...@debian.org debian-security@lists.debian.org requ...@bugs.debian.org listmas...@lists.debian.org debian-de...@lists.debian.org debian-proj...@lists.debian.org debian-security-annou...@lists.debian.org debian-i...@lists.debian.org debian-ital...@lists.debian.org debian-l10n-ital...@lists.debian.org Ciao Davide
Is packages build without verifying the source package signatures?
If I don't mistake the automatic package build system don't require that the source signature is verified correctly. In here: https://buildd.debian.org/status/fetch.php?pkg=gnome-shell=amd64=3.26.2-1=1509919343=0 I have found this: Unpack source - gpgv: unknown type of key resource 'trustedkeys.kbx' gpgv: keyblock resource '/sbuild-nonexistent/.gnupg/trustedkeys.kbx': General error gpgv: Signature made Sun Nov 5 19:11:53 2017 UTC gpgv:using RSA key 09B3AC2ECB169C904345CC546AE1DF0D608F22DC gpgv:issuer "bi...@debian.org" gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./gnome-shell_3.26.2-1.dsc dpkg-source: info: extracting gnome-shell in /<> dpkg-source: info: unpacking gnome-shell_3.26.2.orig.tar.xz dpkg-source: info: unpacking gnome-shell_3.26.2-1.debian.tar.xz dpkg-source: info: applying 27-nm-libexec-path.patch dpkg-source: info: applying workaround_crasher_fractional_scaling.patch So it don't have the public key (?) and so it don't check the package signature. But the package is build successfully... and signed. If an attacker change the source and package it with a wrong private key, it can have his "patch" applied to the signed binary packages? Ciao Davide
Re: What patches/packages to install for specific bugs.
On 29/11/2017 17:09, Jonathan Hutchins wrote: When doing an in-release upgrade it's usually not necessary to do "upgrade" first, then "full-upgrade" (equivalent to dist-upgrade). that is true, but I prefer to do an "upgrade" first because it is "safer" (it don't remove other packages) and than a "dist-upgrade" o "full-upgrade". I use the "-u" options to see what apt are doing and splitting the two operation I can see easily (there are less package) what it is doing Ciao Davide
Re: What patches/packages to install for specific bugs.
On 28/11/2017 21:40, P P wrote: for example https://www.debian.org/security/2016/dsa-3503 for DSA 3503. But the link doesn't tell which patch to install to fix the bug of DSA 3503. if you look in the CVE link you find if there is a patch and where is it, ... for example if you open the first CVE: https://security-tracker.debian.org/tracker/CVE-2013-4312 you can see that it is fixed in: * stretch in the version 4.9.51-1 * stretch (security) in the version 4.9.30-2+deb9u5 * ... So we can use apt-get to install them. no, you can apply the patch with three command: $ apt-get update $ apt-get -u upgrade $ apt-get -u dist-upgrade if you have a proper /etc/apt/sources.list file I suggest you to use the deb.debian.org with https protocol Read here for more details: https://deb.debian.org/ I suggest you to have at least these two line in the sources.list Note: replace the "testing" with your Debian distro deb https://deb.debian.org/debian testing main contrib non-free deb https://deb.debian.org/debian-security testing/updates main contrib non-free Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki What happened in 2013 couldn't have happened without free software (He credited free software for his ability to help disclose the U.S. government's far-reaching surveillance projects). Edward Snowden
Re: [SECURITY] [DSA 3576-1] icedove security update
please learn how to quote, so all can understand what is the question and what is the answer. Also break your line response to 75 character On 13/05/2016 23:17, Harris Paltrowitz wrote: I use Icedove on Jessie, and immediately after I received this email I ran apt-get update and apt-get upgrade, but no packages were updated. On May 13, 2016, at 1:58 PM, Moritz Muehlenhoff wrote: For the stable distribution (jessie), these problems have been fixed in version 38.8.0-1~deb8u1. if you check the PTS[1] you can find that: [2016-05-13] Accepted 38.8.0-1~deb7u1 in oldstable-security (medium) so the package is available from 13 may 2016 and probably you have already upgrade to this icedove's version. To ckeck $ grep icedove /var/log/dpkg.log Note: if you don't find nothing try dpkg.log.1 file if there is nothing then look at your sources.list $ cat /etc/apt/sources.list you must have a lines as the followings deb http://security.debian.org/ stable/updates main contrib non-free or deb http://security.debian.org/ jessie/updates main contrib non-free if not, then you must add one and execute: # apt-get update # apt-get -u upgrade Ciao Davide [1] https://packages.qa.debian.org/i/icedove.html
Re: fighting spam
On 25/04/2016 10:58, Paul Wise wrote: On Fri, Apr 22, 2016 at 6:14 PM, SZÉPE Viktor wrote: Please consider using http://psky.me/ to keep spam out of the list. The people running the Debian lists can be contacted here: https://www.debian.org/MailingLists/#maintenance I've forwarded your suggestion to them. I think this is a very bad solution. There are IP addresses shared by different people and in some case they don't know who are the other people. For example there are societies that have this policy selling INTERNET access. But you also block people who use public proxies or protected their INTERNET access with product like TOR. Think if your state block Debian mailing lists and you use TOR to access they... I think the actual policy is the best one. Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Motivi per non comprare/usare ms-windows-vista: http://badvista.fsf.org/ Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: strange behaviour with konqueror
I'm not a security expert. I will try to give you some security information. On 22/02/2016 22:23, Hans wrote: I found a strange behavior with konqueror. $ apt-cache show konqueror [...] Recommends: [...] kpart-webkit [...] $ apt-cache show kpart-webkit [...] Depends: [...] libqtwebkit4 (>= 2.2.0) [...] [...] # apt-get install debian-security-support if you try this command probably you have something like the following: $ check-support-status [...] * Source:qtwebkit Details: No security support upstream and backports not feasible, only for use on trusted content [...] with this command you can see all packages you have installed that have limited or no more security support. Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Elenco di software libero: http://tinyurl.com/eddgj GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: Security support incomplete?
On 02/02/2016 17:21, Wolfgang Jeltsch wrote: • Where is a list of unfixed security issues? You can know security issues of potentially security issues on packages you have installed on your system: 1) you can list installed package with open security issues # apt-get install debsecan $ debsecan 2) You can know package that can have bugs, but that these bugs will not be fixed because there is only a partial security support or there isn't a security support. # apt-get install debian-security-support $ check-support-status When you upgrade your system or you install new packages you will have a report if there is one or more packages without or limited security support So with this you can know packages with potentially unfixed bugs. Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Esci dall'illegalità: utilizza LibreOffice/OpenOffice: http://linguistico.sf.net/wiki/doku.php?id=usaooo Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: Security support incomplete?
On 02/02/2016 22:29, Davide Prina wrote: On 02/02/2016 17:21, Wolfgang Jeltsch wrote: • Where is a list of unfixed security issues? You can know security issues of potentially security issues on packages you have installed on your system: 1) you can list installed package with open security issues # apt-get install debsecan $ debsecan 2) You can know package that can have bugs, but that these bugs will not be fixed because there is only a partial security support or there isn't a security support. # apt-get install debian-security-support $ check-support-status 3) you can know installed package that is not into Debian repository, so they can have bug not fixed # apt-get install apt-show-versions $ apt-show-versions | grep "No availab" Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Database: http://www.postgresql.org GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: [SECURITY] [DSA 3451-1] fuse security update
On 21/01/2016 22:20, Ricardo Palacios wrote: Unsubscribe You can unsubscribe from this mailing list: 1) with your browser go to this address: https://www.debian.org/MailingLists/unsubscribe 2) check the "debian-security" and the "debian-security-announce" mailing list (note that you must check these exact names) Note: this because you have reply to a mail sent to two mailing-list 3) put your email address (the one you had used to post here) in the bottom edit box with the label "Your E-Mail address:" and press the "unsubscribe" button Alternatively you can go to this web page: https://lists.debian.org/debian-security/ put your e-mail address and press "unsubscribe" button If this not work then read this: https://www.debian.org/MailingLists/#subglitches Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Perché microsoft continua a compiere azioni illegali?: http://linguistico.sf.net/wiki/doku.php?id=traduzioni:ms_illegal GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: Debian Desktop Environment
Hi Mateusz, I'm not a security expert. And also I'm not an English expert ;-) On 27/10/2015 12:29, Mateusz Kozłowski wrote: Could You tell me which debian desktop environment is the most security and the best privacy and which You recommned for debian users? (KDE, XFCE, GNOME etc.)? I think that your question is not correct or it is a nonsense. Today the most security DE can be XYZ, but tomorrow it can be another one. The worst security DE can be the best one for your DE usage. Note: I think that nobody can say what is the most security DE ... You must define what is "security" for you. So what is mandatory to you and what it isn't. Also you must define a maximum "cost" for your security (probably you won't spend 1B$ or spend 23 hours/day in your life to take your browser history secret) and... Note: I think security is subjective and can have a different definition in different time, situation, ... ... and so on... First you can start installing some interesting packages (Note: I'm using Stretch and I don't know which Debian version are you using, so I don't know if you can install all the following packages) that can be used for monitoring and improving security in your system: 1) debian-security-support with this you can have: - during package installation/upgrading a warning for each package without or limited security support - invoking the command $ check-support-status you can have a list of installed packages without or limited security support Note: in Stretch you can see that there are some KDE important packages without security support 2) apt-listbugs with this you can have, during package installation/upgrade, a list of severe bugs or security bugs 3) apt-listchanges with this you can have a list of important changes (or also lesser important changes, if you configure it properly) in packages 4) apt-show-versions whit this you can search for packages that are not in the sources.list repositories or are not anymore, with a command like that: $ apt-show-versions | grep availab If a package is not in the Debian repository... so it can be a security risk Also you can search other package related to security, for example: $ axi-cache search check security if you don't have the axi-cache package you can install it with # apt-get install apt-xapian-index You can also read some security books, you can find someone in the Debian site. Ciao Davide
Re: Argonne Nat'l Lab no longer a public mirror
On 05/02/2015 18:58, john wrote: I saw that my updates weren't working, checked into it and found a notice on http://mirror.anl.gov/ saying they no longer host any public mirrors I think it is better to use: http://http.debian.net/ see instruction on http://http.debian.net/ page Ciao Davide -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54d3be18.6070...@gmail.com
Re: flashplugin-nonfree get-upstream-version.pl security concern
On 13/12/2012 20:52, Jordon Bedwell wrote: On Thu, Dec 13, 2012 at 1:47 PM, Davide Prina wrote: su -c USER1 script.sh ... (downloading the file [with ugo+r] in /tmp/RANDOMDIR [with ugo+x] only once). Why does the group and other need access again? for letting other users read the file without download it again Even if it's read only you are still introducing fatal security problem indirectly by promoting the usage of global read. # mkdir /tmp/RANDOMDIR # chown -R USER1:USER1 /tmp/RANDOMDIR # su -c USER1 script.sh # chown -R USER2:USER2 /tmp/RANDOMDIR # su -c USER2 script.sh ... Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki I lati oscuri del secure boot: https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/whitepaper-web Petizione contro il secure boot: https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50cdd48d.6060...@gmail.com
Re: flashplugin-nonfree get-upstream-version.pl security concern
On 12/12/2012 23:26, Michael Gilbert wrote: Ultimately, for anyone even modestly security-conscious adobe flash should really be avoided at all costs. +1 I'm not an expert, but I think that packages like this must first ask the users list on which you want this plugin installed and than execute scripts only for those users as user not root with, for example, su -c USER1 script.sh ... (downloading the file [with ugo+r] in /tmp/RANDOMDIR [with ugo+x] only once). Also I think that these packages must alert the user that they will download somethings from a website and ask for a confirmation to continue (I don't know if it is already implemented). Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Fate una prova di guida ... e tenetevi la macchina!: http://linguistico.sf.net/wiki/doku.php?id=usaooo2 Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50ca30db.6090...@gmail.com
Re: Command 'su' is not working in virtual console
On 16/12/2011 20:57, frederic ollivier wrote: You are sure that the original su ? $ type su /bin/su $ apt-file -x search /bin/su$ login: /bin/su so you can check integrity with: $ debsums -a login Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Strumenti per l'ufficio: http://it.openoffice.org GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4eeba943.2070...@gmail.com
Re: Command 'su' is not working in virtual console
but you use top posting... this is bad! ;-) On 16/12/2011 21:26, Marko Randjelovic wrote: The same as for hdparm. I reinstalled it and all looks OK. so try a disk fsck and also a RAM check I have had problems like these when a RAM was damaged Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Motivi per non comprare/usare ms-windows-vista: http://badvista.fsf.org/ Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4eebab55.80...@gmail.com
Re: question regarding verification of a debian installation iso
On 02/01/2011 19:32, Naja Melan wrote: Then cd to the location of your download and do : md5sum YourDebian.iso. well preferably one of the other hashing algorithms, since md5 is considered broken what I have read is that you can easy find another DadFile.iso file with the same YourDebian.iso md5, but it is very hard to have that this DadFile.iso file is a real .iso file, more hard is to have into the .iso file something usable, than having a Debian system altered is (very hard)^3^3 I think that md5 is appropriate to verify a .iso file and is not need a stronger algorithm. Ciao Davide PS: I'm not a security expert -- Dizionari: http://linguistico.sourceforge.net/wiki Strumenti per l'ufficio: http://it.openoffice.org GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d20caa1.4090...@gmail.com
Re: Are these scan logs dangerous ?
a dehqan wrote: [11:19:43] Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file. $ apt-file search /usr/sbin/unhide-linux26 unhide: /usr/sbin/unhide-linux26 probably you have installed unhide as suggested by rkhunter and you have installed it after the last rkhunter check. You can check the unhide package $ debsums unhide Note: this is not a 100% secure check. It use /var/lib/dpkg/info/*.md5sums stored file, so an attacker can have modified also these... or he can have cracked the debsums program When you have see that unhide is ok you can add it to rkhunter with the --propupd command option [11:19:59] Checking for enabled inetd services [ Warning ] [11:19:59] Warning: Found enabled inetd service: ident if you PC have an internet connection than it is normal to have inetd/ident service active Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Perché microsoft continua a compiere azioni illegali?: http://linguistico.sf.net/wiki/doku.php?id=traduzioni:ms_illegal GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Are these scan logs dangerous ?
a dehqan wrote: please quote :-) # chkconfig --level 23 identd off identd: unknown service probably you have mistaken inetd with identd But port 113 auth is open ! So which service has opened port 113 ? from root # netstat -putan to see all the service listening to see only 113 port: # fuser -n tcp 113 You can use also lsoft # lsof -i -n # lsof -i TCP:113 Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Browser: http://www.mozilla.org/products/firefox GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Are these scan logs dangerous ?
a dehqan wrote: [11:19:43] Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file. $ apt-file search /usr/sbin/unhide-linux26 unhide: /usr/sbin/unhide-linux26 probably you have installed unhide as suggested by rkhunter and you have installed it after the last rkhunter check. You can check the unhide package $ debsums unhide Note: this is not a 100% secure check. It use /var/lib/dpkg/info/*.md5sums stored file, so an attacker can have modified also these... or he can have cracked the debsums program When you have see that unhide is ok you can add it to rkhunter with the --propupd command option [11:19:59] Checking for enabled inetd services [ Warning ] [11:19:59] Warning: Found enabled inetd service: ident if you PC have an internet connection than it is normal to have inetd/ident service active Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Perché microsoft continua a compiere azioni illegali?: http://linguistico.sf.net/wiki/doku.php?id=traduzioni:ms_illegal GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Bug#401969: please build using hunspell
Rene Engelhard wrote: MySpell is obsolete. Please build against Hunspell, which is an improved version of MySpell retaining full backwards compatibility. That also would make the usage of hunspell-de-* in iceweasel possible. probably not so full backwards compatibility. [ The Problem is that hunspell-de-* is an improved version of the MySpell dict for hunspell and it's working in OOo since it uses Hunspell also Italian dictionary in Debian is a very old release ... so obsolete than a lot of people ask me to correct a lot of errors, errors that are already corrected in the last version. I think that Debian is the last GNU/Linux distro that have a so old Itailian dictionary version. The last Italian dictionary under GPL license can be downloaded from here (2.3 beta 23/07/2006): http://linguistico.sf.net/wiki/doku.php?id=dizionario_italiano I have reported a whishlist for that #329971 at Date: Sat, 24 Sep 2005 23:04:33 +0200 For Italian language there is also a surname dictionary, also it under GPL, that can be found here: http://linguistico.sf.net/wiki/doku.php?id=dizionario_cognomi_italiani I don't see the hurry to have hunspell used on all programs ... if it is so hard or impossible to have recent dictionaries in Debian that are other languages than English or maintainer mother language. Mike Hommey wrote: On Fri, Dec 08, 2006 at 10:58:11PM +0100, Rene Engelhard wrote: Mike Hommey wrote: if there happens to be a security bug in hunspell ? I am sure there won't be, but if it happens it happens. There's some static libs in Debian where this is the case, afaik. Of course. not having to do that is better, but... How do buildds feel to have to rebuild iceape, iceweasel, icedove, OOo and enchant for every hunspell upload ? You don't have to. So when you fix bugs in hunspell, you want to leave the bugs in the programs that are statically linked to it. How great. I have reported some hunspell bugs to László (I don't know if some can be security bugs). I don't know if they are already corrected (László have told me: I hope, I will solve the problem this month for OOo 2.1). For example hunspell can generate more strings or more time the same string than myspell starting from the same dictionary. For hunspell there isn't a program that expand all the dictionary, so it is very hard to know if it work as you expected. Ciao Davide
Re: Bug#401969: please build using hunspell
Rene Engelhard wrote: Davide Prina wrote: MySpell is obsolete. Please build against Hunspell, which is an improved version of MySpell retaining full backwards compatibility. That also would make the usage of hunspell-de-* in iceweasel possible. probably not so full backwards compatibility. Proof? for example this: ---8--FILE a.aff-8- SET ISO8859-15 TRY aioertnsclmdpgubzfvhàq'ACMSkBGPLxEyRTVòIODNwFéùèìjUZKHWJYQX SFX B Y 1 SFX B ere ono ere # p SFX p Y 2 SFX p o i o SFX p o e o ---8-8- ---8--FILE a.dic-8- 1 decidere/B ---8-8- ---8--FILE a.txt-8- decidere decidono decidoni decidone ---8-8- note that decidere/B must generate only decidono (with myspell), but hunspell generate also decidoni and decidone that are wrong Italian words. I have see that I can gain the same result with SFX B ere ono ere anystring p also if I write SFX B ere ono ere anystring abcdef than it is the same that write decidono/abcdef also Italian dictionary in Debian is a very old release ... so obsolete than a lot of people ask me to correct a lot of errors, errors that are already corrected in the last version. I think that Debian is the last GNU/Linux distro that have a so old Itailian dictionary version. The last Italian dictionary under GPL license can be downloaded from here (2.3 beta 23/07/2006): http://linguistico.sf.net/wiki/doku.php?id=dizionario_italiano I have reported a whishlist for that #329971 at Date: Sat, 24 Sep 2005 23:04:33 +0200 Irrelevant for this discussion. I can't add GPLed stuff to the package because it then would be GPL. The other dictionaries in the OOo source are LGPL, though. I don't have ask to add it to the OOo source, but to the myspell-it package. You can package it externally or make it build from the ispell one, but I will *not* include it in -dictionaries due it's being GPL. If I don't have mistake I intend -dictionaries as a Debian package interesting ... so you can neither include the German dictionary ... it is under GPL license and non-GPL for package that support the OASIS Open Document Format for Office Applications and whose PRIMARY format for saving documents is the Open Document Format I don't think icedove, iceweasel, ... respect this exception, so for all these the German dictionary is only GPL 2.0 or upper I think theare are lot of other dictionaries/thesaurus that have the same problem. I told that in the bug report that it's G`PL and can't add it. If you don't read it/understand it and then complain, well... where? when? querybts tell me: ---8---8---8---8---8 From: Rene Engelhard Subject: Re: Bug#329971: New Italian dictionary version available Date: Sat, 24 Sep 2005 23:45:45 +0200 [...] Aha. Hmm. And OOo 1.9.x/2.0 also contains only 2.1. Will look. When 1.9.x enters sid myspell-it will become 2.1 anyway and I'll look about updating the copy with 2.2. [...] Grüße/Regards, Rene ---8---8---8---8---8 note that the 2.2 version is GPL only Also the Italian thesaurus is only GPL and there is a recent version in Debian ... why? I have reported some hunspell bugs to Láló don't know if some can be security bugs). I don't know if they are already corrected (Lálóve told me: I hope, I will solve the problem this month for OOo 2.1). Doubt that, there's no new hunspell release and neither does OOo 2.1 correct a new hunspell AFAIS (or he fixed the OOo h unspell copy and forgot the normal one..) you can try the above example to check it Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Client di posta: http://www.mozilla.org/products/thunderbird GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook
Re: Firefox on testing hijacked by http://www.megago.com/l/?
ahi, ahi, ahi ... top quoting! This is bad! ;-) http://en.wikipedia.org/wiki/Netiquette Torsten Sadowski wrote: Unluckily its not that easy. The homepage preference is not altered and points to the right site. It seem to be a search service ... probably have you a Firefox extension of it? else search here $ less /usr/bin/firefox else try that # apt-get install rkhunter # rkhunter --update # rkhunter -c Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Client di posta: http://www.mozilla.org/products/thunderbird GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPG errors from apt update
ahi, ahi, ahi ... top posting ... this is bad ;-) Robert Dobbs wrote: I cannot do it because of my company's firewall. you can go to a keyring site and download the key from here Why is the key not in debian-keyring package? key is updated each year ... but next update will be in January (I think) Ciao Davide -- Dizionari: http://linguistico.sourceforge.net/wiki Browser: http://www.mozilla.org/products/firefox GNU/Linux User: 302090: http://counter.li.org Non autorizzo la memorizzazione del mio indirizzo su outlook -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: public key problem with mirrors.kernel.org
James Miller ha scritto: W: GPG error: http://mirrors.kernel.org testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F there are two solutions: 1) with root user: wget http://ftp-master.debian.org/ziyi_key_2006.asc -O - | apt-key add - 2) with root user take the last 8 characters (identified as XXX in the commands below) from the NO_PUBLICK and do: # gpg --keyserver pgp.mit.edu --recv-keys # gpg --armor --export | apt-key add - after that do a # apt-get update Ciao Davide -- Dizionari: http://sourceforge.net/projects/linguistico Conoscere il TC: http://www.no1984.org Strumenti per l'ufficio: http://it.openoffice.org Sistema operativo: http://www.it.debian.org Browser: http://www.mozilla.org/products/firefox Client di posta: http://www.mozilla.org/products/thunderbird Linux User: 302090: http://counter.li.org -- Non autorizzo la memorizzazione del mio indirizzo di posta a chi usa outlook: non voglio essere invaso da spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hardening checkpoints
steve ha scritto: connection time, so she simply refused. Moreover, in Italy you have to give an ID (they do a photocopy of it; she couldn't tell me how long they keep it..) to be able to use a computer in an Internet Café (terrorism you know...). yes. All data (only your person identification and all sites you have visited) will be registered, for now, until 31 December 2007 (but this date can be delayed with a next law) right : you eat better in France than in Italy wrong Ciao Davide -- Dizionari: http://sourceforge.net/projects/linguistico Conoscere il TC: http://www.no1984.org Strumenti per l'ufficio: http://it.openoffice.org Sistema operativo: http://www.it.debian.org Browser: http://www.mozilla.org/products/firefox Client di posta: http://www.mozilla.org/products/thunderbird Linux User: 302090: http://counter.li.org -- Non autorizzo la memorizzazione del mio indirizzo di posta a chi usa outlook: non voglio essere invaso da spam
Re: a compromised machine
Nejc Novak ha scritto: So, for now i killed this process, disabled the cronjob and killed web server - there is now way the attacker is capable of coming back into server or is there a chance that there is another backdoor installed somewhere (chkrootkit doesn't find anything). try also rkhunter http://www.rootkit.nl/ Probably this will be a Debian package soon (?) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=243938 Ciao Davide -- Linux User: 302090: http://counter.li.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bad md5's on ftp.us.debian.org ?
hanasaki wrote: Below are the errors reported by apt-get update. Is this correct? Could someone explain please? Thanks. === 16:35 CST 2004-11-26 Failed to fetch http://ftp.us.debian.org/debian/dists/sarge/main/binary-i386/Packages.gz MD5Sum mismatch I think this is an error on ftp.us.debian.org, try another mirror and if you see it work report that bug you can found debian mirror here: http://www.debian.org/mirror/mirrors_full after your apt-get work again you can select the best mirror for your location using netselect Ciao Davide -- Linux User: 302090: http://counter.li.org Prodotti consigliati: Sistema operativo: Debian: http://www.it.debian.org Strumenti per l'ufficio: OpenOffice.org: http://it.openoffice.org Database: PostgreSQL: http://www.postgres.org Browser: FireFox: http://texturizer.net/firefox Client di posta: Thunderbird: http://texturizer.net/thunderbird Enciclopedia: wikipedia: http://it.wikipedia.org -- Non autorizzo la memorizzazione del mio indirizzo di posta a chi usa outlook: non voglio essere invaso da spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spyware / Adware
Snyder, Dave (D.F.) wrote: Security, I just purchased Debian Linux for my home PC and waiting for the CD's to arrive this week. I'm looking forward to installing so I can eventually divorce myself from Microsoft Windows. I've had more calls in the last few weeks from friends and relatives regarding SpyWare and Adware that was downloaded and running on their Windows PC's. I don't understand if you would like to speak about SpyWare and Adware or virus, trojan, worm, ... Adware and SpyWare are software that log your activity and send constant report to one site. Basically they log user activity for market surveys. With these logs they build a database to understand what people like and so sell this information to others, for example to publicity society. But some of these programs can do other things, they can read all your files, all your informations, ... and send they to someone. So Adware and SpyWare don't delete file, don't crash your pc, don't replicate to the network; they only spy and send information to someone. Also ms-winwods do that: it send information to microsoft. For example if you intall a firewall on a ms-windows. At the first program crash you can see a dialog box that ask you if you want to send information to microsoft so it can improve the system; you can reply yes or not, but the system try to send informatio to microsoft (if you have a firewall up you can see that some packets are blocked). Also in installation and upgrading it do something like that. Is Linux vulnerable to these unwanted downloads and if so, how do I protect Linux so I don't have a similar issue? Adware and SpyWare are not unwanted downloads. They are inside some programs that are free or shareware and run under ms-windows. You must download and install one of that software to download and install they. Most of this program haves some banner on when you run they. Note that if you uninstall a program that have an Adware and SpyWare or spyware on it you remove only the program, not Adware and SpyWare. Basically Adware are software that look only what you do when you surf the web, what banner you click on and things like that. Spyware are programs that also stole you some information on your pc. Under GNU/Linux I never see a program with some Adware/Spyware, all program I have see are free software, but all come with source so it is very hard to hide a SpyWare or an Adware. So I think that GNU/Linux is free of this type of pests if you use only free software. Probably there are some non free software that run under GNU/Linux that can have on it some of these. Ciao Davide Thanks Please reply to all so your answer gets sent to my personal email address. *Dave Snyder ITS - DBA Supervisor PD/Finance/OGC iTek Building - Dearborn - Office: W2F197 Phone: 313 62-16647 - Fax: 313 206-3543 - Pager: 313 795-7892* -- Linux User: 302090: http://counter.li.org Prodotti consigliati: Sistema operativo: Debian: http://www.it.debian.org Strumenti per l'ufficio: OpenOffice.org: http://it.openoffice.org Database: PostgreSQL: http://www.postgres.org Browser: FireFox: http://texturizer.net/firefox Client di posta: Thunderbird: http://texturizer.net/thunderbird Enciclopedia: wikipedia: http://it.wikipedia.org -- Non autorizzo la memorizzazione del mio indirizzo di posta a chi usa outlook: non voglio essere invaso da spam -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Pomodoro San Marzano DOP! Solo su Terrasolis.com Spedizione Gratis per spese superiori a 85 Euro Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2497d=31-8 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian and viruses ...
Marcin ha scritto: Hello, I am trying to find solution for finding wiruses in my LAN networks. I am administrator of ISP router (generaly Debian of course), and in LAN there are litle storm of wiruses, trojans, spammers, etc shits ... Is any possible method to find them ? Any debian tools ? I was thinking about snort - it is possible to configure it to detect this traffic ? Are there anywhere examples (or ready databases) of wirus signatures, rules, etc ? -- Regards, Martin. have you try: # apt-cache search virus? Ciao Davide -- Linux User: 302090: http://counter.li.org Prodotti consigliati: Sistema operativo: Debian: http://www.it.debian.org Strumenti per l'ufficio: OpenOffice.org: http://it.openoffice.org Database: PostgreSQL: http://www.postgres.org Browser: FireFox: http://texturizer.net/firefox Client di posta: Thunderbird: http://texturizer.net/thunderbird Enciclopedia: wikipedia: http://it.wikipedia.org -- Non autorizzo la memorizzazione del mio indirizzo di posta a chi usa outlook: non voglio essere invaso da spam -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=19-5 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian and viruses ...
Marcin ha scritto: Hello, I am trying to find solution for finding wiruses in my LAN networks. I am administrator of ISP router (generaly Debian of course), and in LAN there are litle storm of wiruses, trojans, spammers, etc shits ... Is any possible method to find them ? Any debian tools ? I was thinking about snort - it is possible to configure it to detect this traffic ? Are there anywhere examples (or ready databases) of wirus signatures, rules, etc ? -- Regards, Martin. have you try: # apt-cache search virus? Ciao Davide -- Linux User: 302090: http://counter.li.org Prodotti consigliati: Sistema operativo: Debian: http://www.it.debian.org Strumenti per l'ufficio: OpenOffice.org: http://it.openoffice.org Database: PostgreSQL: http://www.postgres.org Browser: FireFox: http://texturizer.net/firefox Client di posta: Thunderbird: http://texturizer.net/thunderbird Enciclopedia: wikipedia: http://it.wikipedia.org -- Non autorizzo la memorizzazione del mio indirizzo di posta a chi usa outlook: non voglio essere invaso da spam -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=19-5
Re: debian and viruses ...
Marcin ha scritto: Hello, have you try: # apt-cache search virus? yes, of course. $ apt-cache search virus gnome-xbill - Fight the infection. mailscanner - An email virus scanner and spam tagger. renattach - Rename attachments on the fly. sanitizer - The Anomy Mail Sanitizer - an email virus scanner xbill - Get rid of those Wingdows Viruses! amavis-postfix - Interface between MTA and virus scanner. all of them are in case - spam, wiruses etc filtering on mail-serwer. But the LAN with wiruses are only like this: but I have also: libclamav1 - Virus scanner library libclamav1-dev - Clam Antivirus library development files libfile-scan-perl - Perl lib to scan files for viruses f-prot-installer - F-Prot(tm) Antivirus installer package sorry I don't use an antivirus ... if you have windows PC probably it is best to install firewall on each PC and enable only few programs to go in/out ... or better install Debian on all this PCs Ciao Davide LAN (lots of strange people)[router,NAT,firewall,squid]---my provider. (whos do not understand what is trojan or wirus, using windows XP and others ...) mail serwer of course have spamassasin, amavis, fprot, header and body checks and more more other. The problem is in only in topology picture above. Thats why it is so big problem. bogofilter spamassassin the same. All of them are for mail server. -- Regards, Marcin. -- Linux User: 302090: http://counter.li.org Prodotti consigliati: Sistema operativo: Debian: http://www.it.debian.org Strumenti per l'ufficio: OpenOffice.org: http://it.openoffice.org Database: PostgreSQL: http://www.postgres.org Browser: FireFox: http://texturizer.net/firefox Client di posta: Thunderbird: http://texturizer.net/thunderbird Enciclopedia: wikipedia: http://it.wikipedia.org -- Non autorizzo la memorizzazione del mio indirizzo di posta a chi usa outlook: non voglio essere invaso da spam -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=19-5
