On 10/02/02, Lazarus Long wrote:
> On Sat, Jan 26, 2002 at 12:25:08PM +, Matthew Vernon wrote:
> > Lazarus Long writes:
> > > Introduces security hole by divulging too much information to an
> > > attacker about the underlying system.
> > The rationale behind this, is that there are man
On 10/02/02, Lazarus Long wrote:
> On Sat, Jan 26, 2002 at 12:25:08PM +, Matthew Vernon wrote:
> > Lazarus Long writes:
> > > Introduces security hole by divulging too much information to an
> > > attacker about the underlying system.
> > The rationale behind this, is that there are ma
On 14/01/02, [EMAIL PROTECTED] wrote:
> AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus
> you need to use SSH2 protocol. OpenSSH supports SSH2. You need
> different keys though, as SSH2 so far does not support RSA keypairs
> and needs DSA keys.
OpenSSH supports both, RSA and
On 14/01/02, [EMAIL PROTECTED] wrote:
> AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus
> you need to use SSH2 protocol. OpenSSH supports SSH2. You need
> different keys though, as SSH2 so far does not support RSA keypairs
> and needs DSA keys.
OpenSSH supports both, RSA and
On 30/11/01, David Ehle wrote:
> Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker.
Not so far. But calling a software where the source and the fix are
available, so that you can build a fixed version on your own is
inappropriate. Especially if you are using Win98 and Netscape, both
On 30/11/01, David Ehle wrote:
> Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker.
Not so far. But calling a software where the source and the fix are
available, so that you can build a fixed version on your own is
inappropriate. Especially if you are using Win98 and Netscape, bot
On 27/11/01, martin f krafft wrote:
> * op <[EMAIL PROTECTED]> [2001.11.27 10:23:57+0100]:
> > I specify the users in /ets/ssh/sshd_config who are allowed to connect via
> > ssh. But I'd like some more control. I'd like to control which subnets user
> > x
> > can connect from. Some should be al
On 27/11/01, martin f krafft wrote:
> * op <[EMAIL PROTECTED]> [2001.11.27 10:23:57+0100]:
> > I specify the users in /ets/ssh/sshd_config who are allowed to connect via
> > ssh. But I'd like some more control. I'd like to control which subnets user x
> > can connect from. Some should be allowe
On 29/10/01, Emmanuel Lacour wrote:
> On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote:
> What about a package ssh-chroot in debian? I think the pam module is
> more interesting as it can be aplied to other thinks, but I tried it and
> was unable to make it working (I'm not a pam mast
On 29/10/01, Emmanuel Lacour wrote:
> On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote:
> What about a package ssh-chroot in debian? I think the pam module is
> more interesting as it can be aplied to other thinks, but I tried it and
> was unable to make it working (I'm not a pam mas
On 26/10/01, Javier Fernández-Sanguino Peña wrote:
> The problem is, how can an admin restrict remote access from a given user
> (through telnet and/or sshd) in order to limit his "moves" inside the
> operating system.
[...]
> AFAIK, pam only allows to limit some user accesses (cores, memory
> limi
On 26/10/01, Javier Fernández-Sanguino Peña wrote:
> The problem is, how can an admin restrict remote access from a given user
> (through telnet and/or sshd) in order to limit his "moves" inside the
> operating system.
[...]
> AFAIK, pam only allows to limit some user accesses (cores, memory
> lim
On 23/10/01, Michael Robinson wrote:
> On Tue, Oct 23, 2001 at 09:55:04AM +0200, Christian Kurz wrote:
> > Do you know how difficult and time-consuming it really is to do a manual
> > source code audit? Also the available programs for source code audits
> > can only give you h
On 23/10/01, Michael Robinson wrote:
> On Tue, Oct 23, 2001 at 09:55:04AM +0200, Christian Kurz wrote:
> > Do you know how difficult and time-consuming it really is to do a manual
> > source code audit? Also the available programs for source code audits
> > can only give you
On 23/10/01, Javier Fernández-Sanguino Peña wrote:
> On Mon, Oct 22, 2001 at 09:31:38PM +0200, Christian Kurz wrote:
> > What does security policies for building a debian package exactly have
> > to do with securing a debian box? System administrator reading this
> > docume
On 23/10/01, Javier Fernández-Sanguino Peña wrote:
> On Mon, Oct 22, 2001 at 09:31:38PM +0200, Christian Kurz wrote:
> > What does security policies for building a debian package exactly have
> > to do with securing a debian box? System administrator reading this
> > docume
On 22/10/01, Javier Fernández-Sanguino Peña wrote:
> I am looking into the security policies outlined for package
> building, in order to include some notes regarding them in the section
> "How does Debian handle security" in the "Securing Debian Manual"
> (http://www.debian.org/doc/ddp)
Wh
On 22/10/01, Javier Fernández-Sanguino Peña wrote:
> I am looking into the security policies outlined for package
> building, in order to include some notes regarding them in the section
> "How does Debian handle security" in the "Securing Debian Manual"
> (http://www.debian.org/doc/ddp)
W
On 01-08-31 Martin F Krafft wrote:
> also sprach Christian Kurz (on Fri, 31 Aug 2001 10:12:31AM +0200):
> > > honest question: whose business is the name of a user who initiated a
> > > connection???
> > It can be some sort of help if you have a system with lots of
On 01-08-31 Martin F Krafft wrote:
> also sprach Christian Kurz (on Fri, 31 Aug 2001 10:12:31AM +0200):
> > > honest question: whose business is the name of a user who initiated a
> > > connection???
> > It can be some sort of help if you have a system with lots of
On 01-08-30 Brian P. Flaherty wrote:
> I have had a lot of problems running non-Debian software when I
> disable ident. It seems like the licensing daemons expect to find
What the hell is a licensing daemon? And which package contains this
software in debian? May I suggest that you first start re
On 01-08-31 Martin F Krafft wrote:
> On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote:
> > I was checking my firewall logs and have detected lots of TCP/113 dropped
> > packets. Checking /etc/services I realized it was ident traffic. What do
> > you think about such service? Should I
On 01-08-30 Brian P. Flaherty wrote:
> I have had a lot of problems running non-Debian software when I
> disable ident. It seems like the licensing daemons expect to find
What the hell is a licensing daemon? And which package contains this
software in debian? May I suggest that you first start r
On 01-08-31 Martin F Krafft wrote:
> On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote:
> > I was checking my firewall logs and have detected lots of TCP/113 dropped
> > packets. Checking /etc/services I realized it was ident traffic. What do
> > you think about such service? Should
On 01-08-26 Javier Fernández-Sanguino Peña wrote:
> - New integrity checkers (currently tripwire and aide were available):
> integrit and samhain
You know that integrit is already packaged for debian?
Package: integrit
Priority: optional
Section: admin
Installed-Size: 509
Maintainer: Andras Bali
On 01-08-26 Javier Fernández-Sanguino Peña wrote:
> - New integrity checkers (currently tripwire and aide were available):
> integrit and samhain
You know that integrit is already packaged for debian?
Package: integrit
Priority: optional
Section: admin
Installed-Size: 509
Maintainer: Andras Bal
On 01-08-09 Martin Domig wrote:
> On Thu, Aug 09, 2001 at 08:03:15PM +1000, Matt Hope wrote:
> [...]
> > : When my friends (2 differnt ones, one of which is planning to switch
> > : to mutt) get the mails, they get it in an attachment, have to save it
> > : and decode it manually (apparently kmail
On 01-08-09 Martin Domig wrote:
> On Thu, Aug 09, 2001 at 08:03:15PM +1000, Matt Hope wrote:
> [...]
> > : When my friends (2 differnt ones, one of which is planning to switch
> > : to mutt) get the mails, they get it in an attachment, have to save it
> > : and decode it manually (apparently kmail
On 01-07-30 Andrew Sione Taumoefolau wrote:
> > I've you are using vim use:
> > set textwidth=72
> > in your .vimrc to wrap te lines to a max of 72 char.
> Probably better not to do it that way, unless you're okay with Vim
> wrapping ALL documents you edit with it at 72 characters. I've got a li
On 01-07-30 Andrew Sione Taumoefolau wrote:
> > I've you are using vim use:
> > set textwidth=72
> > in your .vimrc to wrap te lines to a max of 72 char.
> Probably better not to do it that way, unless you're okay with Vim
> wrapping ALL documents you edit with it at 72 characters. I've got a l
On 01-06-18 Thomas Bushnell, BSG wrote:
> In fact, the only reason mailcrypt is in contrib is that it adapts to
> the patent-restricted versions of gpg/pgp software. As far as its use
> with gpg, it belongs in main.
Would you please check the next time either your box running unstable or
packages
On 01-06-18 Thomas Bushnell, BSG wrote:
> In fact, the only reason mailcrypt is in contrib is that it adapts to
> the patent-restricted versions of gpg/pgp software. As far as its use
> with gpg, it belongs in main.
Would you please check the next time either your box running unstable or
package
On 00-12-27 Peter Palfrader wrote:
> On Wed, 27 Dec 2000, Christian Kurz wrote:
> > On 00-12-27 David Wright wrote:
> > > Quoting Christian Kurz ([EMAIL PROTECTED]):
> > > > [ Stop sending me unnecessary Ccs.]
> > > | Date: Tue, 26 Dec 2000 16:02:30 +0100
On 00-12-27 David Wright wrote:
> Quoting Christian Kurz ([EMAIL PROTECTED]):
> > [ Stop sending me unnecessary Ccs.]
> | Date: Tue, 26 Dec 2000 16:02:30 +0100
> | From: Christian Kurz <[EMAIL PROTECTED]>
> | To: debian-security@lists.debian.org
> | Subject:
On 00-12-27 Peter Palfrader wrote:
> On Wed, 27 Dec 2000, Christian Kurz wrote:
> > On 00-12-27 David Wright wrote:
> > > Quoting Christian Kurz ([EMAIL PROTECTED]):
> > > > [ Stop sending me unnecessary Ccs.]
> > > | Date: Tue, 26 Dec 2000 16:02:30 +0100
On 00-12-27 David Wright wrote:
> Quoting Christian Kurz ([EMAIL PROTECTED]):
> > [ Stop sending me unnecessary Ccs.]
> | Date: Tue, 26 Dec 2000 16:02:30 +0100
> | From: Christian Kurz <[EMAIL PROTECTED]>
> | To: [EMAIL PROTECTED]
> | Subject: Re: Debian auditi
On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <[EMAIL PROTECTED]> writes:
> > > Debsums seems to help a little bit - you can expect to catch some
> > > less-clueful
> > > intruders with it, but it doesn't help in general.
> >
> > debs
On 00-12-26 Peter Cordes wrote:
> have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't
> a real break against MD5. It means that you can find two messages that hash
> to the same value. To do so, you _have_ to choose both messages yourself.
> If one of the messages is /bin/
On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <[EMAIL PROTECTED]> writes:
> > > Debsums seems to help a little bit - you can expect to catch some less-clueful
> > > intruders with it, but it doesn't help in general.
> >
> > debsums just uses md5s
On 00-12-26 Peter Cordes wrote:
> have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't
> a real break against MD5. It means that you can find two messages that hash
> to the same value. To do so, you _have_ to choose both messages yourself.
> If one of the messages is /bin
On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <[EMAIL PROTECTED]> writes:
> > [ Stop sending me unnecessary Ccs.]
> Start thinking about getting a decent mail client.
My client is so decent, that it support a pure list-reply-function.
Looks like your client is miss
[ Stop sending me unnecessary Ccs.]
On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <[EMAIL PROTECTED]> writes:
> > > Debsums seems to help a little bit - you can expect to catch some
> > > less-clueful intruders with it, but it doesn't help in general.
&g
On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <[EMAIL PROTECTED]> writes:
> > [ Stop sending me unnecessary Ccs.]
> Start thinking about getting a decent mail client.
My client is so decent, that it support a pure list-reply-function.
Looks like your client is miss
[ Stop sending me unnecessary Ccs.]
On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <[EMAIL PROTECTED]> writes:
> > > Debsums seems to help a little bit - you can expect to catch some
> > > less-clueful intruders with it, but it doesn't help in general.
&g
On 00-12-21 Peter Cordes wrote:
> On Thu, Dec 21, 2000 at 03:37:56PM +0100, Christian Kurz wrote:
> > On 00-12-21 Dan Hutchinson wrote:
> > > Sorry it was fornesics, but the code is basically matching the machine
> > > code, a unique pattern of 1's and 0
On 00-12-21 Peter Cordes wrote:
> On Thu, Dec 21, 2000 at 03:37:56PM +0100, Christian Kurz wrote:
> > On 00-12-21 Dan Hutchinson wrote:
> > > Sorry it was fornesics, but the code is basically matching the machine
> > > code, a unique pattern of 1's and 0
On 00-12-21 Colin Phipps wrote:
> On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
> > [ Would you please stop those Ccs to me?]
> If you don't want CC's then fix your mail headers:
> Mail-Followup-To: Christian Kurz <[EMAIL PROTECTED]>,
> debi
On 00-12-21 Colin Phipps wrote:
> On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
> > [ Would you please stop those Ccs to me?]
> If you don't want CC's then fix your mail headers:
> Mail-Followup-To: Christian Kurz <[EMAIL PROTECTED]>,
>[E
[ Would you please stop those Ccs to me?]
On 00-12-21 Colin Phipps wrote:
> On Thu, Dec 21, 2000 at 03:30:25PM +0100, Christian Kurz wrote:
> > > > > Hence my comment. "Less-clueful" intruders won't modify
> > > > > /var/lib/dpkg/info/p
On 00-12-21 Dan Hutchinson wrote:
> Sorry it was fornesics, but the code is basically matching the machine
> code, a unique pattern of 1's and 0's to the machine code of the kernal.
Well, but then you need to know all patterns of malicous code that could
occur. I think this will be a lot of patter
On 00-12-22 Peter Eckersley wrote:
> On Thu, Dec 21, 2000 at 02:33:32PM +0100, Christian Kurz wrote:
> > > My suggested alternative is a system which knows about official Debian
> > > packages, and will register that change as simply "installed/upgraded
> > > pac
On 00-12-22 Peter Eckersley wrote:
> On Thu, Dec 21, 2000 at 01:39:19PM +0100, Christian Kurz wrote:
> > On 00-12-21 Peter Eckersley wrote:
> > > Basically, I started reading the tripwire documentation, stopped, and
> > > thought "Debian ought to make this *much
On 00-12-21 Dan Hutchinson wrote:
> I would agree with your comments except the scan of the Linux Kernel.
Thanks. :)
> You can use computer fornesics to scan the kernal against familiar trojan
> and virus patterns realitively quickly and at least identify problem
Hm, you know that some parts ar
[ Would you please stop those Ccs to me?]
On 00-12-21 Colin Phipps wrote:
> On Thu, Dec 21, 2000 at 03:30:25PM +0100, Christian Kurz wrote:
> > > > > Hence my comment. "Less-clueful" intruders won't modify
> > > > > /var/lib/dpkg/info/p
On 00-12-21 Peter Eckersley wrote:
> Basically, I started reading the tripwire documentation, stopped, and
> thought "Debian ought to make this *much* simpler". It seemed that if I
> wanted to use tripwire, I'd need to tell it every time I was installing
> a new package. I'd then need to update a
On 00-12-21 Dan Hutchinson wrote:
> Sorry it was fornesics, but the code is basically matching the machine
> code, a unique pattern of 1's and 0's to the machine code of the kernal.
Well, but then you need to know all patterns of malicous code that could
occur. I think this will be a lot of patte
On 00-12-22 Peter Eckersley wrote:
> On Thu, Dec 21, 2000 at 02:33:32PM +0100, Christian Kurz wrote:
> > > My suggested alternative is a system which knows about official Debian
> > > packages, and will register that change as simply "installed/upgraded
> > >
On 00-12-22 Peter Eckersley wrote:
> On Thu, Dec 21, 2000 at 01:39:19PM +0100, Christian Kurz wrote:
> > On 00-12-21 Peter Eckersley wrote:
> > > Basically, I started reading the tripwire documentation, stopped, and
> > > thought "Debian ought to make this *much
On 00-12-21 Dan Hutchinson wrote:
> I would agree with your comments except the scan of the Linux Kernel.
Thanks. :)
> You can use computer fornesics to scan the kernal against familiar trojan
> and virus patterns realitively quickly and at least identify problem
Hm, you know that some parts a
On 00-12-21 Peter Eckersley wrote:
> Basically, I started reading the tripwire documentation, stopped, and
> thought "Debian ought to make this *much* simpler". It seemed that if I
> wanted to use tripwire, I'd need to tell it every time I was installing
> a new package. I'd then need to update
On 00-12-17 Kevin van Haaren wrote:
> Ident questions
>
> Going through the Securing Debian HOW-TO I don't see a specific
> mention either for or against running the ident service (either
> through inetd or standalone.) Is there a consensus about if this
> service is particularly u
On 00-12-17 Kevin van Haaren wrote:
> Ident questions
>
> Going through the Securing Debian HOW-TO I don't see a specific
> mention either for or against running the ident service (either
> through inetd or standalone.) Is there a consensus about if this
> service is particularly
On 00-12-05 Javier Fernandez-Sanguino Peña wrote:
> Christian Kurz escribió:
> > On 00-12-04 Javier Fernandez-Sanguino Peña wrote:
> > > Christian Kurz escribió:
> > > >
> > > >
> > > > > I have checked it out and would really like to
On 00-12-05 Javier Fernandez-Sanguino Peña wrote:
> Christian Kurz escribió:
> > On 00-12-04 Javier Fernandez-Sanguino Peña wrote:
> > > Christian Kurz escribió:
> > > >
> > > >
> > > > > I have checked it out and would really lik
[Please do not send me Ccs, I read the list where I'm posting to. If not
I explicitly state this at the beginnning of my mail.]
On 00-12-04 Javier Fernandez-Sanguino Peña wrote:
> Christian Kurz escribió:
> >
> >
> > > I have checked it out and would real
On 00-12-04 Javier Fernandez-Sanguino Peña wrote:
> (I'm taking this out of the previous thread)
> I've been giving some thought on a Debian metapackage related to
> security.. and I think that it might be useful to have a package
> that :
Do we really need to discuss this again
[Please do not send me Ccs, I read the list where I'm posting to. If not
I explicitly state this at the beginnning of my mail.]
On 00-12-04 Javier Fernandez-Sanguino Peña wrote:
> Christian Kurz escribió:
> >
> >
> > > I have checked it out and would real
On 00-12-04 Javier Fernandez-Sanguino Peña wrote:
> (I'm taking this out of the previous thread)
> I've been giving some thought on a Debian metapackage related to
> security.. and I think that it might be useful to have a package
> that :
Do we really need to discuss this agai
On 00-12-02 Wichert Akkerman wrote:
> Previously Christian Kurz wrote:
> > How long is dpkg-statoverries available for debian?
> Couple of weeks. There is also the slight fact that the currently
> shipped version is subtly broken :(. It's still cool though!
Well, from readin
On 00-12-02 Wichert Akkerman wrote:
> Previously Christian Kurz wrote:
> > How long is dpkg-statoverries available for debian?
> Couple of weeks. There is also the slight fact that the currently
> shipped version is subtly broken :(. It's still cool though!
Well, from r
On 00-12-01 Wichert Akkerman wrote:
> Previously Javier Fernandez-Sanguino Pe?a wrote:
> > I do not know if other developers are aware, but there is a nice
> > Security HOWTO available in
> > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander
> > Reelsen (which I am sending this t
On 00-12-01 Wichert Akkerman wrote:
> Previously Javier Fernandez-Sanguino Pe?a wrote:
> > I do not know if other developers are aware, but there is a nice
> > Security HOWTO available in
> > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander
> > Reelsen (which I am sending this
On 00-11-30 Javier Fernandez-Sanguino Peña wrote:
> I do not know if other developers are aware, but there is a nice
> Security HOWTO available in
> http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander
> Reelsen (which I am sending this to in case he is not o
On 00-11-30 Javier Fernandez-Sanguino Peña wrote:
> I do not know if other developers are aware, but there is a nice
> Security HOWTO available in
> http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander
> Reelsen (which I am sending this to in case he is not
On 00-11-19 Mike Fisk wrote:
[big snip]
> Is that possible? Would the security team be willing to maintain such a
> pseudo-package?
Something very close to this kind of task package has been discussed
recently on debian-devel and we come to the conclusion that it won't be
helpful or easy to maint
On 00-11-19 Mike Fisk wrote:
[big snip]
> Is that possible? Would the security team be willing to maintain such a
> pseudo-package?
Something very close to this kind of task package has been discussed
recently on debian-devel and we come to the conclusion that it won't be
helpful or easy to main
On 00-11-07 Andreas Schuldei wrote:
> * Christian Kurz ([EMAIL PROTECTED]) [001107 00:03]:
> > [Changed Reply-To to point to the right list]
> Not so sure about that. I do NOT want the security issues to be an issue for
> the super advanced/paranoid/freaked-out-ones/security-awar
On 00-11-07 Andreas Schuldei wrote:
> * Christian Kurz ([EMAIL PROTECTED]) [001107 00:03]:
> > [Changed Reply-To to point to the right list]
> Not so sure about that. I do NOT want the security issues to be an issue for
> the super advanced/paranoid/freaked-out-ones/security-awar
On 00-11-03 Ian wrote:
> There are too many to list, but here are some:
> -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire
Maybe some logfile of tripwire? I don't know it's content so I can't
make a judgement about it's security risk.
> -rw-r--r--1 root root10152 N
On 00-11-03 Ian wrote:
> There are too many to list, but here are some:
> -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire
Maybe some logfile of tripwire? I don't know it's content so I can't
make a judgement about it's security risk.
> -rw-r--r--1 root root10152
re is
> this discussed?
I think it has something to do with RSBAC (Rule Set Based Acces
Control). You can find more information about this on www.rsbac.org
Ciao
Christian
--
****
* Christian Kurz Debian De
81 matches
Mail list logo