also sprach Dan Faerch <[EMAIL PROTECTED]> [2002.04.26.1955 +0200]:
> Second more, if your users are allowed to have pages on the same
> address as the login system, the browser can, without much effort,
> be tricked into giving away your systems username and password to
> a personal user page...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "DSC" == DSC Siltec <[EMAIL PROTECTED]> writes:
DSC> Actually, the beauty of the Parker Souchacki method is that it
DSC> would allow the simultaneous solution of a system of equations that
DSC> has one functional solution. Which means that you
also sprach eim <[EMAIL PROTECTED]> [2002.04.26.1757 +0200]:
> With https data will be encripted and it's impossible to
> find out login and password because they're not sent over
> the net in a clear way.
never say impossible.
--
martin; (greetings from the heart of the sun.)
\__
First check if your reverse DNS is working, after that, try to put the line:
sshd: 192.168.1.10 192.168.1.11
In your /etc/hosts.allow.
Regards
<[EMAIL PROTECTED]> escreveu em Wed, 24 Apr 2002 22:18:14 +0700 (JAVT):
> Dear all,
>
> I am a beginner in linux os,
>
> I try to configure tcp_wrap
On Fri, Apr 26, 2002 at 07:55:06PM +0200, Dan Faerch wrote:
> You should be aware, that when you use normal .htaccess protection,
> browser never logout..With eg. Internet Explorer, all intances of IE
> have to be closed to make the browser forget the login..
Actually, I think instances of IE tha
also sprach Dan Faerch <[EMAIL PROTECTED]> [2002.04.26.1955 +0200]:
> Second more, if your users are allowed to have pages on the same
> address as the login system, the browser can, without much effort,
> be tricked into giving away your systems username and password to
> a personal user page...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "DSC" == DSC Siltec <[EMAIL PROTECTED]> writes:
DSC> Actually, the beauty of the Parker Souchacki method is that it
DSC> would allow the simultaneous solution of a system of equations that
DSC> has one functional solution. Which means that you
also sprach eim <[EMAIL PROTECTED]> [2002.04.26.1757 +0200]:
> With https data will be encripted and it's impossible to
> find out login and password because they're not sent over
> the net in a clear way.
never say impossible.
--
martin; (greetings from the heart of the sun.)
\_
Michael Robinson wrote:
>
> On Fri, Apr 26, 2002 at 11:18:16AM +0200, DSC Siltec wrote:
> > Now, define this function to be F, and define P to be the product of
> > a whole bunch of functions F. Now, define that a function F is to be
> > centered at any integer location where the value of the fun
First check if your reverse DNS is working, after that, try to put the line:
sshd: 192.168.1.10 192.168.1.11
In your /etc/hosts.allow.
Regards
<[EMAIL PROTECTED]> escreveu em Wed, 24 Apr 2002 22:18:14 +0700 (JAVT):
> Dear all,
>
> I am a beginner in linux os,
>
> I try to configure tcp_wra
On Fri, Apr 26, 2002 at 07:55:06PM +0200, Dan Faerch wrote:
> You should be aware, that when you use normal .htaccess protection,
> browser never logout..With eg. Internet Explorer, all intances of IE
> have to be closed to make the browser forget the login..
Actually, I think instances of IE th
Htaccess:
---
You should be aware, that when you use normal .htaccess protection, browser
never logout..With eg. Internet Explorer, all intances of IE have to be
closed to make the browser forget the login..
There are several tricks to make the browser forget the login, but none
really se
Michael Robinson wrote:
>
> On Fri, Apr 26, 2002 at 11:18:16AM +0200, DSC Siltec wrote:
> > Now, define this function to be F, and define P to be the product of
> > a whole bunch of functions F. Now, define that a function F is to be
> > centered at any integer location where the value of the fu
Htaccess:
---
You should be aware, that when you use normal .htaccess protection, browser
never logout..With eg. Internet Explorer, all intances of IE have to be
closed to make the browser forget the login..
There are several tricks to make the browser forget the login, but none
really s
Hallo Brane,
I'm actually a K-13 student, and so in my 'strategic'
position I'm on both sides, admin of debian box and 3v1l cracker :)
No, well.. I was just kidding, I have really better things to
do than actually cracking Debian boxes in pubblic environments,
but anyway I what do you think about
Hallo Brane,
I'm actually a K-13 student, and so in my 'strategic'
position I'm on both sides, admin of debian box and 3v1l cracker :)
No, well.. I was just kidding, I have really better things to
do than actually cracking Debian boxes in pubblic environments,
but anyway I what do you think abou
On Fri, Apr 26, 2002 at 08:59:50AM +0200, Martin Quinson wrote:
> What is a cross-site scripting type attack ?
One of the first analyses was published by Marc Slemko of the Apache
Group at http://httpd.apache.org/info/css-security/ . You'll
probably have to read the CERT links on that page as wel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
Michael Robinson wrote:
[snip]
| Finding the "unencrypted data" in this case is equivalent to either
| cracking the session key RNG, or cracking the symmetric cipher, the
| ability to do either of which obviates the need to deduce the RSA
|
Hi,
today I saw something mysterious with IPtables. I had a little mistake
in my script. To test the funktionality. i pinged a host in the www and
changed then the wrong entries in my script. I looked with tcpdump if
the ping becomes a reply. But erverything i've done, no reply came back.
Then i
On Fri, Apr 26, 2002 at 11:18:16AM +0200, DSC Siltec wrote:
> Specifically, I think that if you have the public key, and the
> encrypted data, and know (or can guess) what the unencrypted data
> is, then you can quickly deduce the private key.
I forgot to mention: in encryption scenarios with RSA
On Fri, Apr 26, 2002 at 11:18:16AM +0200, DSC Siltec wrote:
> Now, define this function to be F, and define P to be the product of
> a whole bunch of functions F. Now, define that a function F is to be
> centered at any integer location where the value of the function is 1.
Consider the case of
On Fri, Apr 26, 2002 at 08:59:50AM +0200, Martin Quinson wrote:
> What is a cross-site scripting type attack ?
One of the first analyses was published by Marc Slemko of the Apache
Group at http://httpd.apache.org/info/css-security/ . You'll
probably have to read the CERT links on that page as we
On Wed, Apr 24, 2002 at 01:23:02AM +0200, Luis Gómez Miralles wrote:
> Hi,
>
> Simple. Do the init=/bin/sh trick. When you're booted, mount / -o
> remount,rw
> Then edit /etc/passwd and add this to /etc/passwd:
> root2::0:0:root:/root:/bin/bash
>
> This should do the trick :)
If you want
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
Michael Robinson wrote:
[snip]
| Finding the "unencrypted data" in this case is equivalent to either
| cracking the session key RNG, or cracking the symmetric cipher, the
| ability to do either of which obviates the need to deduce the RSA
|
On Wed, Apr 24, 2002 at 11:26:16AM -0400, Andrew Kaplan wrote:
> How do I disable RPC. I know the scripts can be removed from init.d But I
> know there's a command similar to "apt-get remove ???" or something similar.
> That removes is completely.
Read
http://www.debian.org/doc/manuals/securing-d
I hate to say this, but I think I have reason to believe that PGP
might actually be an easy crack. Before now, it probably was
only easy to those with access to specially designed analog computers,
which means that it really wasn't a problem. But there is
now in the public domain an algorithm
Hi,
today I saw something mysterious with IPtables. I had a little mistake
in my script. To test the funktionality. i pinged a host in the www and
changed then the wrong entries in my script. I looked with tcpdump if
the ping becomes a reply. But erverything i've done, no reply came back.
Then i
On Fri, Apr 26, 2002 at 11:18:16AM +0200, DSC Siltec wrote:
> Specifically, I think that if you have the public key, and the
> encrypted data, and know (or can guess) what the unencrypted data
> is, then you can quickly deduce the private key.
I forgot to mention: in encryption scenarios with RS
On Fri, Apr 26, 2002 at 11:18:16AM +0200, DSC Siltec wrote:
> Now, define this function to be F, and define P to be the product of
> a whole bunch of functions F. Now, define that a function F is to be
> centered at any integer location where the value of the function is 1.
Consider the case of
On Fri, 2002-04-26 at 09:58, Trancom wrote:
> how to unsubscribe.
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Look here
Or Here \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/
--
To UNSUBSCRI
how to unsubscribe.
--
Best regards.
Администратор Сети ООО Транком Коробанов Сергей Иванович.
ph (248) 3-96-47
(095) 745-09-50
mailto: [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, Apr 24, 2002 at 01:23:02AM +0200, Luis Gómez Miralles wrote:
> Hi,
>
> Simple. Do the init=/bin/sh trick. When you're booted, mount / -o
> remount,rw
> Then edit /etc/passwd and add this to /etc/passwd:
> root2::0:0:root:/root:/bin/bash
>
> This should do the trick :)
If you wan
On Wed, Apr 24, 2002 at 11:26:16AM -0400, Andrew Kaplan wrote:
> How do I disable RPC. I know the scripts can be removed from init.d But I
> know there's a command similar to "apt-get remove ???" or something similar.
> That removes is completely.
Read
http://www.debian.org/doc/manuals/securing-
Hello,
We have an ongoing effort to keep all DSA translated to french. But we have
a problem with the DSA125:
Yuji Takahashi discovered a bug in analog which allows a cross-site
scripting type attack. It is easy for an attacker to insert arbitrary
strings into any web server logfile. If the
I hate to say this, but I think I have reason to believe that PGP
might actually be an easy crack. Before now, it probably was
only easy to those with access to specially designed analog computers,
which means that it really wasn't a problem. But there is
now in the public domain an algorithm
unsubscribe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, 2002-04-26 at 09:58, Trancom wrote:
> how to unsubscribe.
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Look here
Or Here \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/
--
To UNSUBSCR
how to unsubscribe.
--
Best regards.
áÄÍÉÎÉÓÔÒÁÔÏÒ óÅÔÉ ïïï ôÒÁÎËÏÍ ëÏÒÏÂÁÎÏ× óÅÒÇÅÊ é×ÁÎÏ×ÉÞ.
ph (248) 3-96-47
(095) 745-09-50
mailto: [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Trust not in switches.
They too can be easily manipulated unless you have locked them down at a
mac address and port level.
'apt-get install dsniff' ; 'man arpspoof'
> Another option would be to run switches instead of normal hub or bus
> topology. Switches tend not to allow other nodes on a n
Tom Dominico wrote:
>
> Hello all,
>
> I have written some php-based internal systems for our users. Users are
> required to authenticate to access this system, and their login
> determines what they are allowed to do within the system. I am
> concerned that their logging in with cleartext pass
40 matches
Mail list logo
