On Tue, May 23, 2006 at 03:44:04PM +0200, Christian Holler wrote:
> I'm currently setting up a bridge on Debian, which is meant to act as
> an invisible filter in our network which is otherwise directly exposed
> to the internet (every host directly reachable from the internet, no
> NAT or anything
On Wed, Dec 21, 2005 at 03:05:01PM +0100, Martin Schulze wrote:
> Kurt Fitzner discovered a buffer overflow in nbd, the network block
> device client and server that could potentially allow arbitrary cod on
> the NBD server.
Do penguins eat cod, or just herring? Personally, I consider this a maj
On Sun, Jul 10, 2005 at 12:28:15AM +0200, Christoph Haas wrote:
> Dear list...
>
> our package 'pdns' in Sarge has a serious bug which can be abused to run a
> DoS attack against a name server. My co-maintainer already mailed the
> security team but did not get a response yet.
>
> Currently we ar
On Tue, Jun 28, 2005 at 10:36:34AM +0200, Marek Olejniczak wrote:
> On Tue, 28 Jun 2005, martin f krafft wrote:
> >We are working to fix it. The last thing we need now are people
> >complaining and moaning.
>
> I'm working for many ISP providers. And now I have problems with security
> on this se
[MFT set to d-curiosa, as this is utterly off-topic for d-security]
On Wed, Mar 30, 2005 at 09:07:01PM +1000, David Pastern wrote:
> On Wed, 2005-03-30 at 20:34 +1000, Matthew Palmer wrote:
>
> > On Wed, Mar 30, 2005 at 07:02:55PM +1000, David Pastern wrote:
> > > Redhat/Fed
On Wed, Mar 30, 2005 at 07:02:55PM +1000, David Pastern wrote:
> Redhat/Fedora/Suse/Mandrake are just plain silliness. However - there
> is a big difference between a one year release cycle, and the fact that
> it's been nearly 3 years since the release of Woody. That's a huge
You're not the fir
On Mon, Feb 07, 2005 at 07:26:43PM +0100, Milan P. Stanic wrote:
> On Mon, Feb 07, 2005 at 06:25:19PM +1100, Matthew Palmer wrote:
> > Obviously you've never done this. Good luck finding someone who even knows
> > what TCP/IP is, let alone sufficient knowledge to be able to tr
On Sun, Feb 06, 2005 at 11:53:50PM -0800, Alvin Oga wrote:
>
> On Mon, 7 Feb 2005, Matthew Palmer wrote:
>
> > On Sun, Feb 06, 2005 at 10:52:50PM -0800, Alvin Oga wrote:
> > > it's best when you can call the fbi (on the phone) and say, they're
> > &g
On Sun, Feb 06, 2005 at 10:52:50PM -0800, Alvin Oga wrote:
> it's best when you can call the fbi (on the phone) and say, they're
> back, trace um "NOW"
Obviously you've never done this. Good luck finding someone who even knows
what TCP/IP is, let alone sufficient knowledge to be able to track a
On Tue, Dec 21, 2004 at 01:28:00PM +0100, martin f krafft wrote:
> Stop using PHP. Learn Zope and PostgreSQL.
Because, of course, neither of those ever have security vulnerabilities, and
if they did, their upstreams would naturally help us to backport security
fixes to 3 year old versions of the s
On Thu, Nov 25, 2004 at 10:34:48AM +0100, Martin Schulze wrote:
> For the stable distribution (woody) these problems have been fixed in
> version 1.5.19-9.2
>
> For the unstable distribution (sid) these problems have been fixed in
> version 2.1.17-1.
Uhm, cyrus-imapd in unstable is 1.5.19-20. cy
On Wed, Oct 06, 2004 at 12:22:47PM +0200, Jasper Filon wrote:
> I agree with you that maybe it would be better if the browser would
> interpret a authorisation request on a favicon.ico as a 404 (or 403)
> error, but on the other hand, the request for favicon isn't any different
> from a normal http
On Wed, Oct 06, 2004 at 11:43:21AM +0200, Jasper Filon wrote:
> I have a little issue with the favicon file. My www root is password
> protected. But i also have a /public directory, which can be accessed by
> everyone. However, when someone opens a picture in his webbrowser by
> opening "www.mydom
On Fri, Sep 24, 2004 at 11:24:54PM +0100, Dale Amon wrote:
> On Fri, Sep 24, 2004 at 04:15:09PM -0600, s. keeling wrote:
> > Is anyone still using telnet when there's ssh? Why? I wouldn't even
> > use it inside my own firewalled LAN. ssh is just better.
>
> Unfortuneately if you use Cisco gear
On Wed, Aug 25, 2004 at 10:01:25AM +0100, Dale Amon wrote:
> On Wed, Aug 25, 2004 at 06:02:22AM +0200, Almut Behrens wrote:
> > Somewhat more seriously: are there generally any defining criteria for
> > something one would call a 'hash function', saying that it always must
> > map some larger input
On Wed, Aug 25, 2004 at 09:24:01AM -0400, Phillip Hofmeister wrote:
> On Tue, 24 Aug 2004 at 06:18:50PM -0400, Matthew Palmer wrote:
> > In the case of hashing algorithms, there's one 'key' involved -- the
> > plaintext -- and for password security, you
On Tue, Aug 24, 2004 at 09:11:34PM -0400, Michael Stone wrote:
> On Wed, Aug 25, 2004 at 12:39:57AM +0200, Rolf Kutz wrote:
> >This depends on how the attack really works. If
> >you just need to flip a few bits in a document it
> >might just look like typos (think crc32). If your
> >document is a t
On Wed, Aug 25, 2004 at 12:44:43AM +1000, Daniel Pittman wrote:
> Also, while there are issues with those hash algorithms, I don't think
> they are quite bad enough that there is a significant *immediate* risk
> to my systems; the cost of breaking in through the detected collisions
> is lower than
On Tue, Aug 24, 2004 at 12:20:24PM -0400, Phillip Hofmeister wrote:
> On Tue, 24 Aug 2004 at 10:50:38AM -0400, Daniel Pittman wrote:
> > Be aware that this sort of technique "multi-encryption" technique can
> > lead to significant exposures when applied to traditional crypto; it can
> > produce res
19 matches
Mail list logo
