On Sat, 15 Sep 2001, Dimitri Maziuk wrote:
If you suspect your machine was r00ted,
1. Take it off the net _now_.
This may be dangerous: some rootkits run a sort of heartbeat utility
that detects that the box was disconnected from the net and run something
nasty (i.e. rm -rf /) in that case.
On Sat, 15 Sep 2001, Petro wrote:
If you believe that you've been hacked, fdisk and restore from
backup--if you are absolutely positive your backup is clean.
Otherwise rebuild from scratch.
I can easily agree with the above, emphasizing the if clause on top of
it. You do not want
For more than six months now, I've been trying to disable
Keyboard-Interactive authentication in OpenSSH. Still, ssh -v
shows the following when connecting to the server:
debug1: authentications that can continue: publickey,keyboard-interactive
The server's sshd_config is as follows:
Port 22
Then, get in touch with me by some secure means and confirm that
snip
I think rather that secure it might be better to say using some
other means of authentication. Authentication can mean a lot of
things, with the method depending on the level of security required (a
phone call to quote the
Hi,
On Mon, 17 Sep 2001 19:42:05 +1000, Steve writes:
I mention this because a friend/colleague use to send his GPG public
key to people via email, and then placed his key fingerprint in his
.sig, in the belief that this would enhance security (not to mention
his geek-cred). A five minute
Wade == Wade Richards [EMAIL PROTECTED] writes:
Wade I think that many people put their fingerprint in their e-mail
Wade signature to exploit the Internet's archiving capability. If I
Wade e-mail you my public key, you should not pay attention to the
Wade fingerprint in the signature of that
Wade Richards [EMAIL PROTECTED] writes:
A five minute explanation of the principle of a
man-in-the-middle attack, followed by a swift bat upside the head with a
copy of Applied Cryptography seemed to do the trick, and he sheepishly
removed it.
I think that many people put
Tim Haynes wrote/napisa[a]/schrieb:
Wade Richards [EMAIL PROTECTED] writes:
A five minute explanation of the principle of a
man-in-the-middle attack, followed by a swift bat upside the head with a
copy of "Applied Cryptography" seemed to do the trick, and he sheepishly
also sprach Tim Haynes (on Mon, 17 Sep 2001 05:05:27PM +0100):
Unless I'm well mistaken, of course... But I'd never trust a key whose
fingerprint had turned up in public before.
that's a little ridiculous, isn't it, given that i can use my gpg to
view the fingerprint of your public key, which
Current problems with Debian Security have led me into reconsidering
this issue which I thought about one year ago or so. Debian Security
is very crucial to our users and thus should be managed properly.
To help improve the situation I'm offering a very important job within
the Debian project.
On Sat, 15 Sep 2001, Dimitri Maziuk wrote:
If you suspect your machine was r00ted,
1. Take it off the net _now_.
This may be dangerous: some rootkits run a sort of heartbeat utility
that detects that the box was disconnected from the net and run something
nasty (i.e. rm -rf /) in that case.
On Sat, 15 Sep 2001, Petro wrote:
If you believe that you've been hacked, fdisk and restore from
backup--if you are absolutely positive your backup is clean.
Otherwise rebuild from scratch.
I can easily agree with the above, emphasizing the if clause on top of
it. You do not want
For more than six months now, I've been trying to disable
Keyboard-Interactive authentication in OpenSSH. Still, ssh -v
shows the following when connecting to the server:
debug1: authentications that can continue: publickey,keyboard-interactive
The server's sshd_config is as follows:
Port 22
Then, get in touch with me by some secure means and confirm that
snip
I think rather that secure it might be better to say using some
other means of authentication. Authentication can mean a lot of
things, with the method depending on the level of security required (a
phone call to quote the
Current problems with Debian Security have led me into reconsidering
this issue which I thought about one year ago or so. Debian Security
is very crucial to our users and thus should be managed properly.
To help improve the situation I'm offering a very important job within
the Debian project.
Hi,
On Mon, 17 Sep 2001 19:42:05 +1000, Steve writes:
I mention this because a friend/colleague use to send his GPG public
key to people via email, and then placed his key fingerprint in his
.sig, in the belief that this would enhance security (not to mention
his geek-cred). A five minute
Wade == Wade Richards [EMAIL PROTECTED] writes:
Wade I think that many people put their fingerprint in their e-mail
Wade signature to exploit the Internet's archiving capability. If I
Wade e-mail you my public key, you should not pay attention to the
Wade fingerprint in the signature of that
Wade Richards [EMAIL PROTECTED] writes:
A five minute explanation of the principle of a
man-in-the-middle attack, followed by a swift bat upside the head with a
copy of Applied Cryptography seemed to do the trick, and he sheepishly
removed it.
I think that many people put their
Tim Haynes wrote/napisaĆ[a]/schrieb:
Wade Richards [EMAIL PROTECTED] writes:
A five minute explanation of the principle of a
man-in-the-middle attack, followed by a swift bat upside the head with a
copy of Applied Cryptography seemed to do the trick, and he sheepishly
In linux.debian.security, you wrote:
On Sat, 15 Sep 2001, Petro wrote:
If you believe that you've been hacked, fdisk and restore from
backup--if you are absolutely positive your backup is clean.
Otherwise rebuild from scratch.
I can easily agree with the above, emphasizing the
[EMAIL PROTECTED] (Dimitri Maziuk) writes:
I can easily agree with the above, emphasizing the if clause on top
of it. You do not want to wipe away your computer and spend a good
amount of time rebuilding it unless you _believe_ it has been rooted.
That's why you unplug it (to begin with)
21 matches
Mail list logo