On Tue, Jun 10, Stefan Neufeind wrote:
> I'm using a 128-bit-cert.
You're using an X.509 certificate. The grade of symmetric encryption
negotiated between browser and web server is (at least in theory)
independent of the certificate.
> But browsers that support less encryption
> (e.g. IE that co
On Tue, Jun 10, 2003 at 02:58:27PM -0500, Robert Ebright wrote:
> Hello,
> I logged in to my server today to find that
> /usr/sbin/ncsd was running about 50 copies,
> since I don't have BIND installed, obviously
> something was up...they were also running with
> the user www-data...
> After a littl
On Wed, 11 Jun 2003, Celso González wrote:
> I dont have any information about your trojan, but i can give you a
> solution (also a good security practice)
>
> Mount /tmp in a separate partition with the noexec flag in fstab
>
> This will disable most of the trojans
Sorry to delude you, but brows
On 11 Jun 2003 at 6:59, Reckhard, Tobias wrote:
> On Tue, Jun 10, Stefan Neufeind wrote:
> > I'm using a 128-bit-cert.
>
> You're using an X.509 certificate. The grade of symmetric encryption
> negotiated between browser and web server is (at least in theory)
> independent of the certificate.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Jun 2003 at 10:47:49AM +0200, Giacomo Mulas wrote:
> On Wed, 11 Jun 2003, Celso Gonz?lez wrote:
>
> > I dont have any information about your trojan, but i can give you a
> > solution (also a good security practice)
> >
> > Mount /tmp in a s
On Wed, 11 Jun 2003, Phillip Hofmeister wrote:
> While I agree with your observation I feel compelled to defend his
> point.
>
> He said mounting /tmp will stop MOST Trojans. While it might not stop a
> trojan planted by a person, it will stop a trojan planted by a worm
> (which is what this thre
> While I agree with your observation I feel compelled to
> defend his point.
>
> He said mounting /tmp will stop MOST Trojans. While it might
> not stop a trojan planted by a person, it will stop a trojan
> planted by a worm (which is what this thread is about) since
> the author of the worm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 10 June 2003 21:58, Robert Ebright wrote:
Have you copy to the new server the home directory of the user www-data?
in debian is located in the root directory of the web server, so if you have
copy the document root from the old server
On Wed, Jun 11, 2003 at 03:24:11PM +0200, DEFFONTAINES Vincent wrote:
> I use it and am very happy with it. If I trust archives from this list, I am
> not
> the only one in this case :-)
Is anyone using it with 2.5? I'm on the cusp of switching a
few machines to it to get up the learning curve be
Hello all.
I am using arpwatch, but I use a few machines with 2 ethernet cards, and
they often flip-flop... As I know them, I want to exclude the flip-flop
mails from my mailbox...
How could I tune arpwatch so that it does not listen to those
flip-flops, or it does not send mails for these ?
On Wed, 11 Jun 2003, Jacques Foury wrote:
> Date: Wed, 11 Jun 2003 17:50:14 +0200
> From: Jacques Foury <[EMAIL PROTECTED]>
> To: debian-security@lists.debian.org
> Subject: arpwatch exclusion ?
> Resent-Date: Wed, 11 Jun 2003 11:10:48 -0500 (CDT)
> Resent-From: debian-security@lists.debian.org
>
Martynas Domarkas wrote:
Yes, of course. But in this case I will invoke rotatelogs... I don't
like it.
Martynas:
three people now have given you advice on how to fix your "problem"
three different ways. Apache doesn't have this behaviour: in fact, the
apache foundation suggests you use
Le jeu, Jun 05, 2003 a 21:50:33 -0400, Hubert Chan a écrit:
> > "Vinai" == Vinai Kopp <[EMAIL PROTECTED]> writes:
>
> [...]
>
> Vinai> There seem to be problems using both the grsecurity and the
> Vinai> freeswan patches (at least I haven't been successfull applying
> Vinai> the patches - I t
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>I am using arpwatch, but I use a few machines with 2 ethernet cards, and
>they often flip-flop... As I know them, I want to exclude the flip-flop
>mails from my mailbox...
>
>How could I tune arpwatch so that it does not listen to those
http://packetstorm.linuxsecurity.com/filedesc/atftpdx.c.html says: Proof
of concept remote root exploit for atftpd version 0.6. Makes use of the
filename overflow found by Rick Patel. Related post here. Tested against
Debian 3.0. By gunzip
http://packetstorm.linuxsecurity.com/filedesc/atftpd.patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK, I have been seeing lots of people on this list recommend using the
grsecurity kernel patch. Now I want to give it a go, but I see that
there is also a lsm patch and I also remember lids being recommended in
the past by others.
I would like to le
Hi,
just got an announcement from the mandrake security list.
Could please someone of the people with a deeper knowledge explain, if
the mentioned issues are addressed in one of the "stock" debian
kernels or if I have to get the sources from kernel.org and patch it
myself?
Mandrake Linux Secu
On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
> Could please someone of the people with a deeper knowledge explain, if
> the mentioned issues are addressed in one of the "stock" debian
> kernels or if I have to get the sources from kernel.org and patch it
> myself?
See DSA 311-1 at
Have you tried checking the root crontab? not a normal place to put stuff,
but worth checking out anyway...
Regards,
William
On Tue, 10 Jun 2003, Dale Amon wrote:
> Just ran across an interesting prob, wondered if
> anyone else has seen it. I added a repeating entry
> to /etc/cron.d/foo that ra
On Thu, Jun 12, 2003 at 11:55:00AM +1000, William Law wrote:
> Have you tried checking the root crontab? not a normal place to put stuff,
> but worth checking out anyway...
Yeah, I'd checked everything. Just didn't account for pure
blind bad luck chance :-)
(you probably read my second post by no
On Tue, Jun 10, 2003 at 02:58:27PM -0500, Robert Ebright wrote:
> Hello,
> I logged in to my server today to find that
> /usr/sbin/ncsd was running about 50 copies,
> since I don't have BIND installed, obviously
> something was up...they were also running with
> the user www-data...
> After a littl
On Wed, 11 Jun 2003, Celso González wrote:
> I dont have any information about your trojan, but i can give you a
> solution (also a good security practice)
>
> Mount /tmp in a separate partition with the noexec flag in fstab
>
> This will disable most of the trojans
Sorry to delude you, but brows
On 11 Jun 2003 at 6:59, Reckhard, Tobias wrote:
> On Tue, Jun 10, Stefan Neufeind wrote:
> > I'm using a 128-bit-cert.
>
> You're using an X.509 certificate. The grade of symmetric encryption
> negotiated between browser and web server is (at least in theory)
> independent of the certificate.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Jun 2003 at 10:47:49AM +0200, Giacomo Mulas wrote:
> On Wed, 11 Jun 2003, Celso Gonz?lez wrote:
>
> > I dont have any information about your trojan, but i can give you a
> > solution (also a good security practice)
> >
> > Mount /tmp in a s
On Wed, 11 Jun 2003, Phillip Hofmeister wrote:
> While I agree with your observation I feel compelled to defend his
> point.
>
> He said mounting /tmp will stop MOST Trojans. While it might not stop a
> trojan planted by a person, it will stop a trojan planted by a worm
> (which is what this thre
> While I agree with your observation I feel compelled to
> defend his point.
>
> He said mounting /tmp will stop MOST Trojans. While it might
> not stop a trojan planted by a person, it will stop a trojan
> planted by a worm (which is what this thread is about) since
> the author of the worm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 10 June 2003 21:58, Robert Ebright wrote:
Have you copy to the new server the home directory of the user www-data?
in debian is located in the root directory of the web server, so if you have
copy the document root from the old server
On Wed, Jun 11, 2003 at 03:24:11PM +0200, DEFFONTAINES Vincent wrote:
> I use it and am very happy with it. If I trust archives from this list, I am
> not
> the only one in this case :-)
Is anyone using it with 2.5? I'm on the cusp of switching a
few machines to it to get up the learning curve be
Hello all.
I am using arpwatch, but I use a few machines with 2 ethernet cards, and
they often flip-flop... As I know them, I want to exclude the flip-flop
mails from my mailbox...
How could I tune arpwatch so that it does not listen to those
flip-flops, or it does not send mails for these ?
On Wed, 11 Jun 2003, Jacques Foury wrote:
> Date: Wed, 11 Jun 2003 17:50:14 +0200
> From: Jacques Foury <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: arpwatch exclusion ?
> Resent-Date: Wed, 11 Jun 2003 11:10:48 -0500 (CDT)
> Resent-From: [EMAIL PROTECTED]
>
> Hello all.
>
> I am using
Martynas Domarkas wrote:
Yes, of course. But in this case I will invoke rotatelogs... I don't
like it.
Martynas:
three people now have given you advice on how to fix your "problem"
three different ways. Apache doesn't have this behaviour: in fact, the
apache foundation suggests you use crono
Le jeu, Jun 05, 2003 a 21:50:33 -0400, Hubert Chan a écrit:
> > "Vinai" == Vinai Kopp <[EMAIL PROTECTED]> writes:
>
> [...]
>
> Vinai> There seem to be problems using both the grsecurity and the
> Vinai> freeswan patches (at least I haven't been successfull applying
> Vinai> the patches - I t
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>I am using arpwatch, but I use a few machines with 2 ethernet cards, and
>they often flip-flop... As I know them, I want to exclude the flip-flop
>mails from my mailbox...
>
>How could I tune arpwatch so that it does not listen to those
http://packetstorm.linuxsecurity.com/filedesc/atftpdx.c.html says: Proof
of concept remote root exploit for atftpd version 0.6. Makes use of the
filename overflow found by Rick Patel. Related post here. Tested against
Debian 3.0. By gunzip
http://packetstorm.linuxsecurity.com/filedesc/atftpd.patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK, I have been seeing lots of people on this list recommend using the
grsecurity kernel patch. Now I want to give it a go, but I see that
there is also a lsm patch and I also remember lids being recommended in
the past by others.
I would like to learn
Hi,
just got an announcement from the mandrake security list.
Could please someone of the people with a deeper knowledge explain, if
the mentioned issues are addressed in one of the "stock" debian
kernels or if I have to get the sources from kernel.org and patch it
myself?
Mandrake Linux Secu
On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
> Could please someone of the people with a deeper knowledge explain, if
> the mentioned issues are addressed in one of the "stock" debian
> kernels or if I have to get the sources from kernel.org and patch it
> myself?
See DSA 311-1 at
Have you tried checking the root crontab? not a normal place to put stuff,
but worth checking out anyway...
Regards,
William
On Tue, 10 Jun 2003, Dale Amon wrote:
> Just ran across an interesting prob, wondered if
> anyone else has seen it. I added a repeating entry
> to /etc/cron.d/foo that ra
On Thu, Jun 12, 2003 at 11:55:00AM +1000, William Law wrote:
> Have you tried checking the root crontab? not a normal place to put stuff,
> but worth checking out anyway...
Yeah, I'd checked everything. Just didn't account for pure
blind bad luck chance :-)
(you probably read my second post by no
On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
> Hi,
>
> just got an announcement from the mandrake security list.
>
> Could please someone of the people with a deeper knowledge explain, if
> the mentioned issues are addressed in one of the "stock" debian
> kernels or if I have to ge
40 matches
Mail list logo
