Re: Can not login as root
Thanks James, It worked!!! Murat At 10:04 PM 9/3/2008, James Shupe wrote: Just reset the root password. Reboot, and at Grub select the kernel, hit 'e', then append "init=/bin/sh" to the end of the kernel line (without the quotes). Press 'b', to boot the system. Once it boots, you can run "mount -o remount,rw /" to make sure the root volume is mounted rw, and then use the passwd utility to change the password or a text editor to delete the password hash (in between the second and third colons on a line) from /etc/shadow. Reboot the system normally when you're done. Murat Ohannes Berin wrote: > Hi, > > I just insralled Debian on my laptop. However, I can not login as root. > It says wrong password. I am quite sure I am typing th right password. I > am able to loging as the regular user. > > Murat > > Thank you, -- James Shupe HermeTek Network Solutions http//www.hermetek.com 1.866.325.6207 This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is legally privileged. The information contained in this Email is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone 1.866.325.6207 and destroy the original message. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Can not login as root
Hi, I just insralled Debian on my laptop. However, I can not login as root. It says wrong password. I am quite sure I am typing th right password. I am able to loging as the regular user. Murat -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OPENSSL
Reckhard, Tobias wrote: There are web browsers that will negotiate 128 bits only if the certificate presented by the web server is a "step-up certificate". I'm not sure what makes a certificate a step-up certificate, however, nor if this restriction still applies to current browsers. The step up involved the browser checking the signer was a legitimate CA to sign a step-up cert and then performing the re-negotiation. The restriction disapeared when the crypto export laws were all relaxed. You have to go a fair way back (few years) to get a browser that still only supports 128bit symmetric in SGC mode. Cheers, Berin
Re: OPENSSL
Reckhard, Tobias wrote: There are web browsers that will negotiate 128 bits only if the certificate presented by the web server is a "step-up certificate". I'm not sure what makes a certificate a step-up certificate, however, nor if this restriction still applies to current browsers. The step up involved the browser checking the signer was a legitimate CA to sign a step-up cert and then performing the re-negotiation. The restriction disapeared when the crypto export laws were all relaxed. You have to go a fair way back (few years) to get a browser that still only supports 128bit symmetric in SGC mode. Cheers, Berin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Integrity of Debian packages
Andrew, Apologies - I'm having a bad day. Ignore previous e-mail. If I'd bothered to read the start of the article properly I would have picked up where it was coming from a bit better. However, check out : http://groups.google.com/groups?q=debian+signatures&hl=en&lr=&ie=UTF-8&selm=20010314170107.A347%40kitenet.net&rnum=3 There's been stuff going on for quite a while on this front. I'm also not convinced that there needs to be a single trusted point. It seems to me that the Debian "web of trust" is a perfectly adequate method for gaining the required level of trust. Cheers, Berin > > From: Andrew Pollock <[EMAIL PROTECTED]> > Subject: Integrity of Debian packages > Date: 07/03/2003 12:33:15 > To: debian-security@lists.debian.org > > Hi, > > One of my friends sent me this URL, it's an oldie, and the topic in > general has been discussed before, but this article certainly does raise > some concerns. > > http://www.astalavista.com/privacy/library/magic-lantern/fbi.shtml > > Andrew > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > This message was sent through MyMail http://www.mymail.com.au
Re: Integrity of Debian packages
Putting aside the signing of deb packages - The article is a wee bit simplistic. The fact that the author is stating that a win box is not vulnerable would indicate a fairly large gap in understanding. If someone has root/Administrator access on a box, they can bypass any integrity checking mechanism to install any piece of software they want to. It's just a matter of working out how to do it. The whole thing of signing packages is more aimed at the threat of me, the authorised administrator of my Debian/Windows system, downloading a package that has been compromised. As the root user, I should have a mechanism to validate the integrity of the package. Completely different threat that is being managed. And every OS is vulnerable to the threat in the article - that's why we all get so paranoid about patches. Cheers, Berin > > From: Andrew Pollock <[EMAIL PROTECTED]> > Subject: Integrity of Debian packages > Date: 07/03/2003 12:33:15 > To: debian-security@lists.debian.org > > Hi, > > One of my friends sent me this URL, it's an oldie, and the topic in > general has been discussed before, but this article certainly does raise > some concerns. > > http://www.astalavista.com/privacy/library/magic-lantern/fbi.shtml > > Andrew > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > This message was sent through MyMail http://www.mymail.com.au
Re: Integrity of Debian packages
Andrew, Apologies - I'm having a bad day. Ignore previous e-mail. If I'd bothered to read the start of the article properly I would have picked up where it was coming from a bit better. However, check out : http://groups.google.com/groups?q=debian+signatures&hl=en&lr=&ie=UTF-8&selm=20010314170107.A347%40kitenet.net&rnum=3 There's been stuff going on for quite a while on this front. I'm also not convinced that there needs to be a single trusted point. It seems to me that the Debian "web of trust" is a perfectly adequate method for gaining the required level of trust. Cheers, Berin > > From: Andrew Pollock <[EMAIL PROTECTED]> > Subject: Integrity of Debian packages > Date: 07/03/2003 12:33:15 > To: [EMAIL PROTECTED] > > Hi, > > One of my friends sent me this URL, it's an oldie, and the topic in > general has been discussed before, but this article certainly does raise > some concerns. > > http://www.astalavista.com/privacy/library/magic-lantern/fbi.shtml > > Andrew > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > This message was sent through MyMail http://www.mymail.com.au -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Integrity of Debian packages
Putting aside the signing of deb packages - The article is a wee bit simplistic. The fact that the author is stating that a win box is not vulnerable would indicate a fairly large gap in understanding. If someone has root/Administrator access on a box, they can bypass any integrity checking mechanism to install any piece of software they want to. It's just a matter of working out how to do it. The whole thing of signing packages is more aimed at the threat of me, the authorised administrator of my Debian/Windows system, downloading a package that has been compromised. As the root user, I should have a mechanism to validate the integrity of the package. Completely different threat that is being managed. And every OS is vulnerable to the threat in the article - that's why we all get so paranoid about patches. Cheers, Berin > > From: Andrew Pollock <[EMAIL PROTECTED]> > Subject: Integrity of Debian packages > Date: 07/03/2003 12:33:15 > To: [EMAIL PROTECTED] > > Hi, > > One of my friends sent me this URL, it's an oldie, and the topic in > general has been discussed before, but this article certainly does raise > some concerns. > > http://www.astalavista.com/privacy/library/magic-lantern/fbi.shtml > > Andrew > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > This message was sent through MyMail http://www.mymail.com.au -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scrollkeeper loading external (online) DTD
> > From: Hubert Chan <[EMAIL PROTECTED]> > Subject: Re: scrollkeeper loading external (online) DTD > Date: 10/01/2003 6:33:22 snip > DTDs cannot introduce any vulnerabilities (unless the XML parser is > horribly buggy). The worst that can happen is that the file doesn't > validate, and scrollkeeper complains. snip Is this strictly true? There have been a few articles on bugtraq recently around this kind of thing. One in the area of "bugs", and one around external entities and the potential for a "rogue" DTD to specify bad URIs. In particular an external reference might cause a parser to open a connection to a site that the user would not wish. Alternately, an entity reference might translate to some form of control string for the application that is later using the parsed XML. And even if the only concern is around bugs, surely experience would indicate that given the growing use of XML parsers in a wide range of applications, we should be careful of all input? External Entities : http://online.securityfocus.com/archive/1/297714 and DTD DoS bug : http://www.macromedia.com/v1/handlers/index.cfm?ID=23559 (Doesn't say much). This message was sent through MyMail http://www.mymail.com.au replyAll Description: PGP signature
Re: scrollkeeper loading external (online) DTD
> > From: Hubert Chan <[EMAIL PROTECTED]> > Subject: Re: scrollkeeper loading external (online) DTD > Date: 10/01/2003 6:33:22 snip > DTDs cannot introduce any vulnerabilities (unless the XML parser is > horribly buggy). The worst that can happen is that the file doesn't > validate, and scrollkeeper complains. snip Is this strictly true? There have been a few articles on bugtraq recently around this kind of thing. One in the area of "bugs", and one around external entities and the potential for a "rogue" DTD to specify bad URIs. In particular an external reference might cause a parser to open a connection to a site that the user would not wish. Alternately, an entity reference might translate to some form of control string for the application that is later using the parsed XML. And even if the only concern is around bugs, surely experience would indicate that given the growing use of XML parsers in a wide range of applications, we should be careful of all input? External Entities : http://online.securityfocus.com/archive/1/297714 and DTD DoS bug : http://www.macromedia.com/v1/handlers/index.cfm?ID=23559 (Doesn't say much). This message was sent through MyMail http://www.mymail.com.au replyAll Description: PGP signature