On Wed, 16 May 2001 12:53:50 +0600
Igor Goldenberg [EMAIL PROTECTED] wrote:
On Tue, May 15, 2001 at 10:04:07PM -0700, Alexander Hvostov wrote:
Note that my MUA, Sylpheed, was moved from main to non-US in the last upgrade,
since the maintainer decided to compile in GPG signing/encryption
On 15 May 2001 21:58:40 -0700
[EMAIL PROTECTED] (Thomas Bushnell, BSG) wrote:
Peter Cordes [EMAIL PROTECTED] writes:
It should be possible with netscape. Mozilla in Debian is not making much
progress, because the maintainer doesn't want to do anything until someone
decides whether
On Wed, 16 May 2001 12:53:50 +0600
Igor Goldenberg [EMAIL PROTECTED] wrote:
On Tue, May 15, 2001 at 10:04:07PM -0700, Alexander Hvostov wrote:
Note that my MUA, Sylpheed, was moved from main to non-US in the last
upgrade,
since the maintainer decided to compile in GPG signing/encryption
On Sun, 8 Apr 2001 18:04:54 -0400
"Robert Bartels" [EMAIL PROTECTED] wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
^X^X^Y^Y^Z^Z^[^[%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
On Sun, 8 Apr 2001 18:04:54 -0400
Robert Bartels [EMAIL PROTECTED] wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
On 07 Apr 2001 09:34:44 +0200
Berend De Schouwer [EMAIL PROTECTED] wrote:
On 07 Apr 2001 01:27:54 -0700, Tim Uckun wrote:
What service runs on UDP port 1035? I did not see it in /etc/services and
netstat says that it's active along with tcp 1 and 6 (and others but I know
those).
bind
On Sat, 24 Mar 2001 01:14:31 -0900
Ethan Benson [EMAIL PROTECTED] wrote:
On Sat, Mar 24, 2001 at 12:39:03AM -0500, Daniel Jacobowitz wrote:
Vsftpd does, too.
i have read GnuPG has code to use a capability to allocate secure
memory instead of using suid, but its only really useful if you
On Fri, 23 Mar 2001 22:23:59 -0800
Wade Richards [EMAIL PROTECTED] wrote:
Hi all,
I've received the following log message
date kernel: eth0: Something Wicked happened! 001a.
a few times. I've read through the source for the driver, and it doesn't
appear to denote an extremely Wicked
On Sat, 24 Mar 2001 01:14:31 -0900
Ethan Benson [EMAIL PROTECTED] wrote:
On Sat, Mar 24, 2001 at 12:39:03AM -0500, Daniel Jacobowitz wrote:
Vsftpd does, too.
i have read GnuPG has code to use a capability to allocate secure
memory instead of using suid, but its only really useful if you
On Fri, 23 Mar 2001 22:23:59 -0800
Wade Richards [EMAIL PROTECTED] wrote:
Hi all,
I've received the following log message
date kernel: eth0: Something Wicked happened! 001a.
a few times. I've read through the source for the driver, and it doesn't
appear to denote an extremely
[EMAIL PROTECTED] wrote:
Hello.
I have been setting up a webserver that users need to acess remotely.
The problem is that I don't like the way that ftp sends passwords
plaintext. I am currently useing proftpd, as I also require the
ability to chroot users into thier own directories. Now,
[EMAIL PROTECTED] wrote:
Hello.
I have been setting up a webserver that users need to acess remotely.
The problem is that I don't like the way that ftp sends passwords
plaintext. I am currently useing proftpd, as I also require the
ability to chroot users into thier own directories.
Kozman,
SAFT is a nifty little protocol that lets you send a file to some other
user on the internet without them having to explicitly accept it. Instead,
the SAFT server will receive the file and place it in a queue for access
later on. The protocol itself is quite new; an implementation is in
Daniel,
Wouldn't surprise me. Often these kinds of things are done from
compromised hosts, so that they don't reveal the true identity of the
attacker (who, obviously, doesn't want to go to jail ;).
Regards,
Alex.
On Mon, 5 Mar 2001, [iso-8859-2] Szabó Dániel wrote:
Hello.
My packet filter
Kozman,
SAFT is a nifty little protocol that lets you send a file to some other
user on the internet without them having to explicitly accept it. Instead,
the SAFT server will receive the file and place it in a queue for access
later on. The protocol itself is quite new; an implementation is in
On Mon, 5 Mar 2001, Jaan Sarv wrote:
Also, paranoid network administrators might be a little upset by it, since
Linux sends out a frame indicating it is switching into (or out
of) promiscuous mode. This is possible evidence that you're running a
sniffer of some kind (such as snort).
On Mon, 5 Mar 2001, Jaan Sarv wrote:
Also, paranoid network administrators might be a little upset by it, since
Linux sends out a frame indicating it is switching into (or out
of) promiscuous mode. This is possible evidence that you're running a
sniffer of some kind (such as snort).
-skinned. grin]
On Thu, 1 Mar 2001, Seth Arnold wrote:
* Alexander Hvostov [EMAIL PROTECTED] [010301 22:35]:
That's why you create classes under packages other than `java' or
`javax'. The Java API proper is in the `java' and `javax' packages, and
Sun is simply trying to keep Java consistent across
Jeff,
It can potentially slow your machine down somewhat, as now the kernel has
to handle each and every frame transmitted on the network eth0 is attached
to, rather than only the ones addressed to your machine and
broadcasts. Quite a lot of load if your system isn't addressed much on a
Matthias,
netstat -atp | less
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P--- L$ E+ W+(-) N+ o? K? w---()
!O !M !V PS+(++)+ PE-(--) Y++ PGP t+++ !5
Matthias,
netstat -atp | less
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P--- L$ E+ W+(-) N+ o? K?
w---()
!O !M !V PS+(++)+ PE-(--) Y++ PGP t+++ !5
Lucien,
I've proposed a secure by default configuration for new Debian
installations on this list before. It drew harsh criticism from at least
one person whose belief it was that those who lack the knowledge to secure
their systems deserve to be rooted. Because of this attitude, and the
fact
Lucien,
I've proposed a secure by default configuration for new Debian
installations on this list before. It drew harsh criticism from at least
one person whose belief it was that those who lack the knowledge to secure
their systems deserve to be rooted. Because of this attitude, and the
fact
Mohammed,
Check /etc/hosts.deny and /etc/hosts.allow. It looks like tcpd is refusing
the connection. The problem may also be caused by improper DNS entries for
the machine you're trying to connect from.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D
Mohammed,
Check /etc/hosts.deny and /etc/hosts.allow. It looks like tcpd is refusing
the connection. The problem may also be caused by improper DNS entries for
the machine you're trying to connect from.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D
Hello,
I'm trying to get the `limit' match support in iptables/netfilter to be
inverted in the sense that it only matches when the limit has been
exceeded. For instance, to log a flood:
iptables -I INPUT -m limit ! --limit 1/s -j LOG
However, for some reason, the `!' flag does not seem to
Hello,
I'm trying to get the `limit' match support in iptables/netfilter to be
inverted in the sense that it only matches when the limit has been
exceeded. For instance, to log a flood:
iptables -I INPUT -m limit ! --limit 1/s -j LOG
However, for some reason, the `!' flag does not seem to
Rando,
I suggest using a signal other than SIGKILL in that instance. :P
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P--- L$ E+ W+(-) N+ o? K?
w---()
Jochen,
mkdir /usr/local/bin/restricted;ln -s command
/usr/local/bin/restricted/command;...
export PATH=/usr/local/bin/restricted;exec rbash
...boom. Now only the commands you want the user to be able to run will be
available. Shell scripts, however, continue to work fine, since their
`hash
Henning,
While the `unstable' version of Debian, named `woody', now comes with
XFree86 4.0 (which supports your GeForce), I don't imagine a newbie would
be too comfortable running the unstable distribution...
By the way, can I have your equipment? A Descent monitor? Cool!! I have
_got_ to see
Jason,
What exactly does this have to do with security? Ask this on debian-user
or something.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P--- L$ E+
Use PuTTY. Go to http://www.openssh.com/, click on Alternatives - For
Windows Mac, and at the top is PuTTY.
SSH2 support was only added quite recently, though, and hasn't made it
into the stable distribution as of yet. Still, I use it whenever SSHing
from Windows boxes. It's a small download,
BLOCK--
On Thu, 2 Nov 2000, Robert Varga wrote:
On Wed, 1 Nov 2000, Patrick Maheral wrote:
On Wed, 1 Nov 2000, Alexander Hvostov wrote:
Penguin,
Because the patents and IP on your radio expired a long time ago. The ones
on the algorithms haven't. :)
Regards,
Isn't
Penguin,
Because the patents and IP on your radio expired a long time ago. The ones
on the algorithms haven't. :)
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$
Penguin,
I hope you know assembly and don't mind being sued...
In other words, it's impossible, for legal reasons. The owners of those
proprietary algorithms are highly unlikely to think twice about putting
you on the street.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367
Penguin,
Because the patents and IP on your radio expired a long time ago. The ones
on the algorithms haven't. :)
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$
Thomas,
Make sure you have the latest version of libdb2 as well. For that matter,
make sure you have the latest version of everything. I have ldconfig, and
it's owned by libc6, so I'm not sure how you got that...
By the way, what's this got to do with debian-security?
Regards,
Alex.
---
Thomas,
Make sure you have the latest version of libdb2 as well. For that matter,
make sure you have the latest version of everything. I have ldconfig, and
it's owned by libc6, so I'm not sure how you got that...
By the way, what's this got to do with debian-security?
Regards,
Alex.
---
Mo,
Red Hat security is always lousy ;)
Unlike Red Hat, Debian gets security bugs and such fixed in a timely
manner, especially if you are using the current `unstable' distribution
(which is presently `woody'); `at' should be fine. Be sure to get security
updates from security.debian.org if you
Mo,
Red Hat security is always lousy ;)
Unlike Red Hat, Debian gets security bugs and such fixed in a timely
manner, especially if you are using the current `unstable' distribution
(which is presently `woody'); `at' should be fine. Be sure to get security
updates from security.debian.org if you
Wesley,
e2fsck -f should find and clean that up, but I _strongly_ advise you to
reinstall completely. Rooted boxes are like some forms of cancer -- no
matter how hard you try, you just can't get the disease (or the script
kiddie, in your case) to go away. Reinstallation is your only real option.
Florian and all,
ippl is a generally better program than iplogger. (this is by ippl's
design ;)
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P---() L E++
Thomas,
Create a rule for each possible source address, i.e.:
for i in 127.0.0.1 192.168.1.1 192.168.1.2 192.168.1.3; do
ipchains -A input -s $i
done
That will set up counters for traffic coming from 127.0.0.1, 192.168.1.1,
192.168.1.2, and 192.168.1.3, all with their own counters.
Thomas,
Create a rule for each possible source address, i.e.:
for i in 127.0.0.1 192.168.1.1 192.168.1.2 192.168.1.3; do
ipchains -A input -s $i
done
That will set up counters for traffic coming from 127.0.0.1, 192.168.1.1,
192.168.1.2, and 192.168.1.3, all with their own counters.
Thomas,
Shave off the `-j ACCEPT' from the end of that ipchains rule! Read the man
page for more.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P---() L
Marco,
No. What I gather here is that Koala has his own LAN, as well as a
corporate intranet, which is then connected to the Internet by
masquerading. He wants a router between his own LAN and the corporate
intranet. That router must forward Internet-bound datagrams from his LAN
to the corporate
-- !R tv b DI D++
G+++ e-- h! !r y
--END GEEK CODE BLOCK--
On Fri, 7 Jul 2000, Wichert Akkerman wrote:
Previously Alexander Hvostov wrote:
It still needs to be fixed, and I'm glad someone decided to audit proftpd.
Who said proftpd was audited?
Wichert
Johan,
It still needs to be fixed, and I'm glad someone decided to audit proftpd.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P---() L E++ W+(-) N o?
Johan,
It still needs to be fixed, and I'm glad someone decided to audit proftpd.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P---() L E++ W+(-) N o? K?
Christopher,
If you have access to WinNT source, you must be of some importance to
Micro$oft (or perhaps they are to you), so why are you on this mailing
list?
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version:
Thomas,
The old password is requested first.. ;P
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P---() L E++ W+(-) N o? K?
w--()
!O M- !V PS++ PE- Y+ PGP
Dennis,
We don't want you to leave debian-security. ;)
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P---() L E++ W+(-) N o? K?
w--()
!O M- !V PS++ PE-
Christopher,
If you have access to WinNT source, you must be of some importance to
Micro$oft (or perhaps they are to you), so why are you on this mailing
list?
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Wichert,
So is root's password. ;)
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS/CMCC/IT d- s:+ a16 C++()$ UL$ P---() L E++ W+(-) N o? K?
w--()
!O M- !V PS++ PE- Y+ PGP t+ !5 X-- !R
Thor,
Disable booting from floppy in BIOS, password protect LILO, install
chassis intrusion detection system wired to gun turrets with 50mm heavy
machine guns...
...okay, I think I'm going a little overboard here... ;)
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A
Tollef,
There are other security bugs that 2.2.16 fixes, y'know.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R
Lennie,
Can you give me any more details than just that Linux I/O performance is
inferior to *BSD?
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On Wed, 14 Jun 2000, L. Besselink wrote:
On Wed, 14 Jun 2000, Alexander Hvostov wrote:
Lennie,
Can you give me any more details than just that Linux
--END GEEK CODE BLOCK--
On Wed, 14 Jun 2000, Wichert Akkerman wrote:
Previously Alexander Hvostov wrote:
I have a better idea: an integrated 'user' command, which uses plugins to
access the actual database server (like PAM, but for writing to the
database rather than reading from
Ronny and all,
If you want to use LDAP, I suggest you do LDAP over SSL/TLS. The current
OpenLDAP doesn't support it natively, but I believe there's a patch, and
of course there's always wrappers like stunnel.
Of course, if you want to use user authentication from Windows, using PAM
is more or
windows 95 the passwords are sent over the line
encrypted. The encryption might be weak but they are not clear text
anymore.
There is a switch in SMB to allow encrypted passwords. This is ON by
default in debian (I believe)
-Ryan
On Tue, 13 Jun 2000, Alexander Hvostov wrote:
Ronny
Michael,
I have a better idea: an integrated 'user' command, which uses plugins to
access the actual database server (like PAM, but for writing to the
database rather than reading from it), and performs any of several
functions. Some examples:
# user add joe
Enter password:
Repeat password:
User
Sergio,
That's what GPG and a good MUA like Pine is for. Let's see Big
Brother crack 1024-bit public key crypto anytime this decade...
I know you can't legally do this in France; if you have a desire for your
email to be private, then I suggest moving to a country whose crypto
policies are not
Daniel,
...Unless you encrypt to a public key belonging to everyone on the mailing
list, which certainly can be done, though this means distributing the
appropriate public/private key pair, so the keys themselves would also
have to be encrypted, probably to each individual user.
Of course, you
Bradley,
Uhm, isn't Sendmail's SMTP-over-SSL thing supposed to conform to some
standard..? I seriously doubt the other endpoint has to be
Sendmail; rather, I think it probably only needs to be running a proper
SMTP-over-SSL implementation. If this is the case, then this can be done
with stunnel
-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On Fri, 26 May 2000, Julien Stern wrote:
On Fri, May 26, 2000 at 12:19:33AM -0700, Alexander Hvostov wrote:
Sergio
:
On Fri, May 26, 2000 at 12:19:33AM -0700, Alexander Hvostov wrote:
Sergio,
That's what GPG and a good MUA like Pine is for. Let's see Big
Brother crack 1024-bit public key crypto anytime this decade...
I know you can't legally do this in France; if you have a desire for your
email
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On Fri, 26 May 2000, Sergio Brandano wrote:
Alexander Hvostov wrote
...Unless you encrypt to a public key belonging to everyone
X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On Fri, 26 May 2000, Ethan Benson wrote:
On Fri, May 26, 2000 at 02:19:06AM -0700, Alexander Hvostov wrote:
Ethan, and everyone,
I seem to keep having to repeat myself: the USA recently relaxed its
crypto export
, 26 May 2000, Ethan Benson wrote:
On Fri, May 26, 2000 at 02:37:59AM -0700, Alexander Hvostov wrote:
Ethan,
Only one problem. Charlie Brown doesn't have hordes of lawyers.
and the Free software movement does?
MS has hoards of lawyers and billions of dollors and even
Hi,
Um, you don't need a kernel patch for that. Just the immutable bit and the
`lcap' program/package to make that immutable bit permanent. (Of course
you will need to set immutability on inittab and anything called from
there, so that it can't be changed during boot, allowing the script kiddie
Jim,
Not the capability _bounding_ set. Check the 'lcap' package. The only time
the capabilities are restored is when the machine is rebooted, and only a
process which originated as a kernel thread (i.e., init, kswapd, etc) can
restore capabilities without a reboot. None of those programs will do
t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On Fri, 28 Apr 2000, Jim Breton wrote:
On Thu, Apr 27, 2000 at 11:44:23PM -0700, Alexander Hvostov wrote:
Not the capability _bounding_ set. Check the 'lcap' package. The only time
the capabilities are restored is when
Ethan,
The securelevel is obsolete, which is probably why it doesn't seem to be
there anymore. Check out the 'lcap' package: once you remove one of the
capabilities in that list, it cannot be restored until the machine is
rebooted, and you'd probably have to boot into single user mode in order
Tollef,
How do you do NFS over SSH? I'm interested.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On 27 Apr 2000, Tollef Fog Heen wrote:
* Alexander Hvostov
| How do you do NFS over SSH? I'm interested.
I
Ingemar,
I think tripwire is a better approach -- see the package with the same
name.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+
Sascha,
Yeah, yeah, you just try and break an MD5 checksum anytime this
year. *cough*
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+
Wichert,
I was able to do what he said to crash xfs remotely. God only knows how
that could be leveraged... No, Debian xfs is _not_ safe.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a---
Sergio,
Yes, but how many lame script kiddies do you know of that know how to do
that? :)
Seriously, though -- fakebo is more for intercepting people actually
trying to exploit you, rather than just scan you. If you want that, go get
scanlogd or something.
Regards,
Alex.
---
PGP/GPG
Greetings,
Would anyone happen to know why there doesn't seem to be a pam_krb4.so PAM
module, as described in the manual?
Regards,
Alex.
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e--
Brian,
Check /etc/esound/esd.conf. Change auto_spawn=1 to 0.
Also, esd has an option for using Unix sockets, but it says that they're
disabled for security reasons. Anyone have any idea why?
Regards,
Alex.
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++
Brian (and everyone, for that matter),
I configured ORBit to use Unix sockets as you said to do. A pleasant side
effect of this is that GNOME seems to be faster.
An unpleasant side effect is that ORBit is now placing sockets in /tmp,
which looks like it may be vulnerable to a symlink attack.
Brian,
That sounds like it should be filed in a bug report, wouldn't you agree?
Regards,
Alex.
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
Greetings,
Would anyone happen to know if it's possible (without hacking the sources
and breaking something) to disable the TCP listen ports that a great deal
of GNOME apps seem to listen on?
My suspicion is that these ports are used for GNOME's CORBA support, which
is great, but I tend to feel
Neil,
That's a bad idea because it defeats the purpose of the password being
there to start with. You see, the password is ordinarily encrypted and
kept under tight safeguards, to make it hard to figure out what it is. If
you were to reset the password periodically, you would presumably have to
Greetings,
What about printing via a UNIX socket? Is that even supported?
Regards,
Alex.
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On
Greetings,
Would anyone happen to know if someone is in the process of Debianizing
Kerberos V? Are there some legal troubles preventing that from happening?
Given the newly relaxed crypto export laws, it may be quite possible to
export it now, if that's what's preventing it from being
Ivan,
Almost anything will connect to your auth port. ippl will, IRC servers
will, Web and FTP servers often will, as will e-mail servers...
Regards,
Alex.
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+
Ethan,
MD5 as an algorithm supports a theoretically infinitely sized password (or
other string), though of course it becomes less secure as the string's
size increases. That said, I think the maximum password length supported
by glibc (and, thus, PAM) is 128 bytes long.
Indeed, PAM is a potato
Kevin,
If you find something along the lines of MD5_CRYPT_ENAB, turn it on.
Regards,
Alex.
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
--END GEEK CODE BLOCK--
On
Hi,
What about protecting .esd in a manner similar to {x,g,w,k}dm, by starting
it at boot, or having {x,g,w,k}dm start it?
Granted, this doesn't solve the underlying problem (which is that
.X11-unix and .esd are in /tmp, which is bad; they should probably be
somewhere in /var), but it _does_
Howard,
Oh dear. Please tell us what ISP this is so we can take special care to
avoid it. :)
(Note: NAT breaks all sorts of things, and it is incredibly cheap for an
ISP to use NAT, since they, as an ISP, /should/ be able to afford the IP
address space.)
Regards,
Alex.
-BEGIN GEEK CODE
93 matches
Mail list logo