Re: red worm amusement

2001-07-22 Thread Jacob Meuser
ers bandwidth/disk space, if anyone wishes to further discuss the questions I raised above, or try to flame me, please send your email to: <[EMAIL PROTECTED]> On Sun, Jul 22, 2001 at 01:57:24AM -0800, Ethan Benson wrote: > On Sun, Jul 22, 2001 at 07:11:04PM +1000, CaT wrote: > >

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 07:11:04PM +1000, CaT wrote: > > Please, quote me on where I have contradicted that. > > Right below. > Nothing is contradicting that. > > If you only wanted to talk about apt-get you should've stuck to it. > Then I'm to ignore all other questions and ideas, as well per

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:44:19AM -0800, Ethan Benson wrote: > what part of `don't install the service if you don't need it/don't > know how to configure it' don't you understand? > And when, during the installation, or regular use of Debain, is that message ever displayed to the user? <[EMAIL

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 06:35:34PM +1000, CaT wrote: > On Sun, Jul 22, 2001 at 01:37:29AM -0700, Jacob Meuser wrote: > > For the last time: I am saying that apt-get install should not immediately > > start a service, and it should not install the startup links in /etc/rc?.d. >

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
<[EMAIL PROTECTED]> On Sun, Jul 22, 2001 at 06:05:18PM +1000, CaT wrote: > On Sun, Jul 22, 2001 at 12:40:11AM -0700, Jacob Meuser wrote: > > On Sat, Jul 21, 2001 at 10:26:38PM -0800, Ethan Benson wrote: > > > On Sat, Jul 21, 2001 at 09:02:54PM -0700, Jacob Meuser wrote: >

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
ers bandwidth/disk space, if anyone wishes to further discuss the questions I raised above, or try to flame me, please send your email to: <[EMAIL PROTECTED]> On Sun, Jul 22, 2001 at 01:57:24AM -0800, Ethan Benson wrote: > On Sun, Jul 22, 2001 at 07:11:04PM +1000, CaT wrote: > >

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 01:32:00AM -0600, Hubert Chan wrote: > > I'm not sure that would be an effective warning, and it may even be > confusing to people, as it does not indicate that there is a potential > security risk, but just tells them to read the security pages. > Hmmm, silly me reference

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 02:03:23AM -0500, Nathan E Norman wrote: > > Oh, grow up. I did not "attack" you, I questioned the wisdom of > comparing running services on a computer to the politically loaded > question of guns. > "You are beginning to sound like a troll." - Nathan E Norman <[EMAIL PR

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 10:26:38PM -0800, Ethan Benson wrote: > On Sat, Jul 21, 2001 at 09:02:54PM -0700, Jacob Meuser wrote: > > > > Oh, I guess anyone can say something like "Four years without a remote > > hole in the default install!" on the internet, where an

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 07:11:04PM +1000, CaT wrote: > > Please, quote me on where I have contradicted that. > > Right below. > Nothing is contradicting that. > > If you only wanted to talk about apt-get you should've stuck to it. > Then I'm to ignore all other questions and ideas, as well pe

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 07:42:28AM +0200, Martin Bieder wrote: > > WARNING: You have started this car! You are about to drive this car. > That means, you will be moving, what means that accidents could be > harmful for you. Do you really want to proceed? > > [Yes] [No][Abort] >

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:44:19AM -0800, Ethan Benson wrote: > what part of `don't install the service if you don't need it/don't > know how to configure it' don't you understand? > And when, during the installation, or regular use of Debain, is that message ever displayed to the user? <[EMAI

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 06:35:34PM +1000, CaT wrote: > On Sun, Jul 22, 2001 at 01:37:29AM -0700, Jacob Meuser wrote: > > For the last time: I am saying that apt-get install should not immediately > > start a service, and it should not install the startup links in /etc/rc?.d. >

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:34:50AM -0500, Nathan E Norman wrote: > On Sat, Jul 21, 2001 at 09:28:35PM -0700, Jacob Meuser wrote: > > PS We don't give guns to children, do we? > > What the hell does this have to do with running services on a freaking > computer connected to

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:34:47AM -0500, Rob VanFleet wrote: > On Sat, Jul 21, 2001 at 07:52:02PM -0700, Jacob Meuser wrote: > > And whose going to teach them? Certainly not an OS that makes it as > > easy as 'apt-get install apache' ! &g

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
<[EMAIL PROTECTED]> On Sun, Jul 22, 2001 at 06:05:18PM +1000, CaT wrote: > On Sun, Jul 22, 2001 at 12:40:11AM -0700, Jacob Meuser wrote: > > On Sat, Jul 21, 2001 at 10:26:38PM -0800, Ethan Benson wrote: > > > On Sat, Jul 21, 2001 at 09:02:54PM -0700, Jacob Meuser w

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 01:32:00AM -0600, Hubert Chan wrote: > > I'm not sure that would be an effective warning, and it may even be > confusing to people, as it does not indicate that there is a potential > security risk, but just tells them to read the security pages. > Hmmm, silly me referenc

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 02:03:23AM -0500, Nathan E Norman wrote: > > Oh, grow up. I did not "attack" you, I questioned the wisdom of > comparing running services on a computer to the politically loaded > question of guns. > "You are beginning to sound like a troll." - Nathan E Norman <[EMAIL P

Re: red worm amusement

2001-07-22 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 10:26:38PM -0800, Ethan Benson wrote: > On Sat, Jul 21, 2001 at 09:02:54PM -0700, Jacob Meuser wrote: > > > > Oh, I guess anyone can say something like "Four years without a remote > > hole in the default install!" on the internet, where an

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 07:42:28AM +0200, Martin Bieder wrote: > > WARNING: You have started this car! You are about to drive this car. > That means, you will be moving, what means that accidents could be > harmful for you. Do you really want to proceed? > > [Yes] [No][Abort]

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 10:34:56PM -0500, Dana J. Laude wrote: > On Sat, Jul 21, 2001 at 06:27:00PM -0700 Jacob Meuser wrote: > > IMHO, no distribution is secure out of the box. Hell, > even OpenBSD has had major blunders in their lastest > release. Security is, after all... a

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 08:21:09PM -0700, Nicole Zimmerman wrote: > > > > last i used OpenBSD (2.6) it started portmap and identd by default at > > > the very least, maybe fingerd too i don't remember for sure. > > > > > The difference is, those were not exploitable. > > And they are on debian?

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:34:50AM -0500, Nathan E Norman wrote: > On Sat, Jul 21, 2001 at 09:28:35PM -0700, Jacob Meuser wrote: > > PS We don't give guns to children, do we? > > What the hell does this have to do with running services on a freaking > computer connected to

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:34:47AM -0500, Rob VanFleet wrote: > On Sat, Jul 21, 2001 at 07:52:02PM -0700, Jacob Meuser wrote: > > And whose going to teach them? Certainly not an OS that makes it as > > easy as 'apt-get install apache' ! &g

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 07:13:00PM -0800, Ethan Benson wrote: > On Sat, Jul 21, 2001 at 07:52:02PM -0700, Jacob Meuser wrote: > > > > > Still not the point. I'm talking about services being enabled, either > > i don't think you know what your point is. i

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:54:49PM +1000, CaT wrote: > > You know. You're right. We should make it as difficult as possible > to install software. Right down to removing makefiles from source > repositories and rot13ing the source code because the harder it is > to install a piece of software, the

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 05:29:35PM -0800, Ethan Benson wrote: > > oh? and why not? don't believe OpenBSD's hype about being the apex of > computer and code security just because they have done auditing, they > still miss A LOT. thier audited ftpd had a remote root hole > recently. thier KERNEL

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 10:34:56PM -0500, Dana J. Laude wrote: > On Sat, Jul 21, 2001 at 06:27:00PM -0700 Jacob Meuser wrote: > > IMHO, no distribution is secure out of the box. Hell, > even OpenBSD has had major blunders in their lastest > release. Security is, after all... a

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 08:21:09PM -0700, Nicole Zimmerman wrote: > > > > last i used OpenBSD (2.6) it started portmap and identd by default at > > > the very least, maybe fingerd too i don't remember for sure. > > > > > The difference is, those were not exploitable. > > And they are on debian?

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 07:13:00PM -0800, Ethan Benson wrote: > On Sat, Jul 21, 2001 at 07:52:02PM -0700, Jacob Meuser wrote: > > > > > Still not the point. I'm talking about services being enabled, either > > i don't think you know what your point is. i

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 04:32:32PM -0800, Ethan Benson wrote: > > if you install a service its expected you want to run it, so if you > don't need it don't install it. > Not really what I was getting at. I was saying this is TOO EASY. I'm saying that Debian doesn't do a good enough job of warnin

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sun, Jul 22, 2001 at 12:54:49PM +1000, CaT wrote: > > You know. You're right. We should make it as difficult as possible > to install software. Right down to removing makefiles from source > repositories and rot13ing the source code because the harder it is > to install a piece of software, th

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 05:29:35PM -0800, Ethan Benson wrote: > > oh? and why not? don't believe OpenBSD's hype about being the apex of > computer and code security just because they have done auditing, they > still miss A LOT. thier audited ftpd had a remote root hole > recently. thier KERNEL

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 10:57:39PM +0100, Nik Butler wrote: > Jacon Said: > >> . I doubt everyone who is running servers on Debain (by choosing to do > so during > >> the 'oh so easy' installation) really knows what they're doing. > > Grr, talk about giving companies like mine a bad name, Im prom

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 04:32:32PM -0800, Ethan Benson wrote: > > if you install a service its expected you want to run it, so if you > don't need it don't install it. > Not really what I was getting at. I was saying this is TOO EASY. I'm saying that Debian doesn't do a good enough job of warni

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote: > On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote: > > You really can not blame people for not hiring > > "expensive unix sysadmins" and letting some semi competent windows user run > > the NT network. > > oh? and whyever no

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 10:57:39PM +0100, Nik Butler wrote: > Jacon Said: > >> . I doubt everyone who is running servers on Debain (by choosing to do > so during > >> the 'oh so easy' installation) really knows what they're doing. > > Grr, talk about giving companies like mine a bad name, Im pro

Re: red worm amusement

2001-07-21 Thread Jacob Meuser
On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote: > On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote: > > You really can not blame people for not hiring > > "expensive unix sysadmins" and letting some semi competent windows user run > > the NT network. > > oh? and whyever n

Re: aargh... I am being asked to change to SuSE

2001-07-16 Thread Jacob Meuser
On Mon, Jul 16, 2001 at 11:03:41AM +0300, Juha Jäykkä wrote: > (off topic) > enforcing it. I do not know SuSE myself, so I cannot fight them (they > do not know Debian, but they are the ones who decide - they do not > Who's administering the boxen, you or them? If the answer is you, or other peop

Re: aargh... I am being asked to change to SuSE

2001-07-16 Thread Jacob Meuser
On Mon, Jul 16, 2001 at 11:03:41AM +0300, Juha Jäykkä wrote: > (off topic) > enforcing it. I do not know SuSE myself, so I cannot fight them (they > do not know Debian, but they are the ones who decide - they do not > Who's administering the boxen, you or them? If the answer is you, or other peo

Re: strange log entry

2001-05-25 Thread Jacob Meuser
On Thu, May 24, 2001 at 05:30:14AM -0800, Ethan Benson wrote: > On Thu, May 24, 2001 at 05:41:08AM -0700, Jacob Meuser wrote: > > On Thu, May 24, 2001 at 04:06:08AM -0800, Ethan Benson wrote: > > > On Thu, May 24, 2001 at 04:50:57AM -0700, Jacob Meuser wrote: > > > &

Re: strange log entry

2001-05-25 Thread Jacob Meuser
On Thu, May 24, 2001 at 05:30:14AM -0800, Ethan Benson wrote: > On Thu, May 24, 2001 at 05:41:08AM -0700, Jacob Meuser wrote: > > On Thu, May 24, 2001 at 04:06:08AM -0800, Ethan Benson wrote: > > > On Thu, May 24, 2001 at 04:50:57AM -0700, Jacob Meuser wrote: > > > &

Re: strange log entry

2001-05-24 Thread Jacob Meuser
On Thu, May 24, 2001 at 04:06:08AM -0800, Ethan Benson wrote: > On Thu, May 24, 2001 at 04:50:57AM -0700, Jacob Meuser wrote: > > > > > BS, when was the last time you installed OpenBSD? I just did an install > > 2.5 That was what, 2 years ago? > > > today.

Re: strange log entry

2001-05-24 Thread Jacob Meuser
On Thu, May 24, 2001 at 12:43:40AM -0800, Ethan Benson wrote: > On Thu, May 24, 2001 at 01:34:01AM -0700, Jacob Meuser wrote: > > On Thu, May 24, 2001 at 01:24:50AM -0400, Ed Street wrote: > > > Hello, > > > > > > Well first off WHY are you running the rpc stuf

Re: strange log entry

2001-05-24 Thread Jacob Meuser
On Thu, May 24, 2001 at 04:06:08AM -0800, Ethan Benson wrote: > On Thu, May 24, 2001 at 04:50:57AM -0700, Jacob Meuser wrote: > > > > > BS, when was the last time you installed OpenBSD? I just did an install > > 2.5 That was what, 2 years ago? > > > today.

Re: strange log entry

2001-05-24 Thread Jacob Meuser
On Thu, May 24, 2001 at 12:43:40AM -0800, Ethan Benson wrote: > On Thu, May 24, 2001 at 01:34:01AM -0700, Jacob Meuser wrote: > > On Thu, May 24, 2001 at 01:24:50AM -0400, Ed Street wrote: > > > Hello, > > > > > > Well first off WHY are you running the r

Re: strange log entry

2001-05-24 Thread Jacob Meuser
On Thu, May 24, 2001 at 01:24:50AM -0400, Ed Street wrote: > Hello, > > Well first off WHY are you running the rpc stuff? (i.e. I can root a redhat > 6.x box in under 30 seconds with a rpc exploit from a clean install) Turn > that stuff OFF. > Not to start a thread discussing OSes, but ... Ope

Re: strange log entry

2001-05-24 Thread Jacob Meuser
On Thu, May 24, 2001 at 01:24:50AM -0400, Ed Street wrote: > Hello, > > Well first off WHY are you running the rpc stuff? (i.e. I can root a redhat > 6.x box in under 30 seconds with a rpc exploit from a clean install) Turn > that stuff OFF. > Not to start a thread discussing OSes, but ... Op

Re: Got root?

2001-05-01 Thread Jacob Meuser
On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > A while ago, I remember reading on slashdot about how TrustedBSD and OpenBSD > were different from each other. http://www.sigmasoft.com/cgi-bin/wilma/openbsd-misc use a "restricted files match" for Apr 2001 search for "acl" or "t

Re: Got root?

2001-05-01 Thread Jacob Meuser
On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > A while ago, I remember reading on slashdot about how TrustedBSD and OpenBSD > were different from each other. http://www.sigmasoft.com/cgi-bin/wilma/openbsd-misc use a "restricted files match" for Apr 2001 search for "acl" or "

Re: SSH with potato, not very secure?

2001-03-03 Thread Jacob Meuser
On Fri, Mar 02, 2001 at 10:21:48PM +0100, Tollef Fog Heen wrote: > | > | I believe it becomes uncommented if one installs over the network? (That > | would make sense to ME anyway.) > > How do you know whether I installed from a local mirror (which I > happen to have, even though my connection t

Re: SSH with potato, not very secure?

2001-03-03 Thread Jacob Meuser
> > I believe it becomes uncommented if one installs over the network? (That > > would make sense to ME anyway.) > > I installed solely over ftp/http from central debian-servers and this is > what the aforementioned line looks like with me: > > #deb http://security.debian.org stable/updates main

Re: SSH with potato, not very secure?

2001-03-03 Thread Jacob Meuser
On Fri, Mar 02, 2001 at 10:21:48PM +0100, Tollef Fog Heen wrote: > | > | I believe it becomes uncommented if one installs over the network? (That > | would make sense to ME anyway.) > > How do you know whether I installed from a local mirror (which I > happen to have, even though my connection

Re: SSH with potato, not very secure?

2001-03-03 Thread Jacob Meuser
> > I believe it becomes uncommented if one installs over the network? (That > > would make sense to ME anyway.) > > I installed solely over ftp/http from central debian-servers and this is > what the aforementioned line looks like with me: > > #deb http://security.debian.org stable/updates mai

Re: SSH with potato, not very secure?

2001-03-02 Thread Jacob Meuser
On Thu, Mar 01, 2001 at 10:30:35AM -0700, Hubert Chan wrote: > > On the other hand, OpenSSH was created by the OpenBSD people, who are > famous for secure programming. > And also for quick security fixes. They had a patch for sudo about 5 hours after the recent bug was discovered. It took a few

Re: SSH with potato, not very secure?

2001-03-02 Thread Jacob Meuser
On Fri, Mar 02, 2001 at 11:39:15AM +0100, Tollef Fog Heen wrote: > * Ethan Benson > > | On Thu, Mar 01, 2001 at 05:07:43AM +0000, Jacob Meuser wrote: > | > > | > My potatos have > | > deb http://security.debian.org stable/updates main contrib non-free >

Re: Proposal: OpenSSH 2.3.0/2.5.1 to proposed updates

2001-03-02 Thread Jacob Meuser
On Fri, Mar 02, 2001 at 07:13:22PM +1100, Steve wrote: > Hi, > > Would it be possible for the latest version of OpenSSH (2.5.1 in > unstable) to be back-ported to potato and added to proposed updates > once it enters testing. > I second that. > > Disclaimer: I am not a developer. However, I am

Re: SSH with potato, not very secure?

2001-03-02 Thread Jacob Meuser
On Thu, Mar 01, 2001 at 10:30:35AM -0700, Hubert Chan wrote: > > On the other hand, OpenSSH was created by the OpenBSD people, who are > famous for secure programming. > And also for quick security fixes. They had a patch for sudo about 5 hours after the recent bug was discovered. It took a fe

Re: SSH with potato, not very secure?

2001-03-02 Thread Jacob Meuser
On Fri, Mar 02, 2001 at 11:39:15AM +0100, Tollef Fog Heen wrote: > * Ethan Benson > > | On Thu, Mar 01, 2001 at 05:07:43AM +0000, Jacob Meuser wrote: > | > > | > My potatos have > | > deb http://security.debian.org stable/updates main contrib non-free >

Re: Proposal: OpenSSH 2.3.0/2.5.1 to proposed updates

2001-03-02 Thread Jacob Meuser
On Fri, Mar 02, 2001 at 07:13:22PM +1100, Steve wrote: > Hi, > > Would it be possible for the latest version of OpenSSH (2.5.1 in > unstable) to be back-ported to potato and added to proposed updates > once it enters testing. > I second that. > > Disclaimer: I am not a developer. However, I a

Re: SSH with potato, not very secure?

2001-03-01 Thread Jacob Meuser
On Wed, Feb 28, 2001 at 11:51:32PM -0900, Ethan Benson wrote: > > the first thing you should add to a newly installed debian system is: > > ## security updates > deb http://security.debian.org/debian-security/ potato/updates main contrib > deb http://security.debian.org/debian-non-US/ potato/non-

Re: SSH with potato, not very secure?

2001-03-01 Thread Jacob Meuser
On Wed, Feb 28, 2001 at 11:51:32PM -0900, Ethan Benson wrote: > > the first thing you should add to a newly installed debian system is: > > ## security updates > deb http://security.debian.org/debian-security/ potato/updates main contrib > deb http://security.debian.org/debian-non-US/ potato/non

Re: how secure is mail and ftp and netscape/IE???

2001-02-21 Thread Jacob Meuser
On Wed, Feb 21, 2001 at 10:09:47PM +0100, Gaute Gullesen wrote: > On Wednesday, February 21, 2001, 9:40:05 PM, Adam Spickler wrote: > > What about if you are going from a Windows box to a *nix box. > > Is there any way to do secure ftp transfers. Mail, for me is > > no problem. I ssh into my mac

Re: how secure is mail and ftp and netscape/IE???

2001-02-21 Thread Jacob Meuser
On Wed, Feb 21, 2001 at 10:09:47PM +0100, Gaute Gullesen wrote: > On Wednesday, February 21, 2001, 9:40:05 PM, Adam Spickler wrote: > > What about if you are going from a Windows box to a *nix box. > > Is there any way to do secure ftp transfers. Mail, for me is > > no problem. I ssh into my mach