I don't see how this is relevant? Obviously if hardware is seized then the
owners no longer have control. If you have suggestions as to how to secure
hardware that's great, but if you just want to point out that Nothing can
be done. That's not helpful.
On Tue, Oct 29, 2013 at 4:52 AM, Tormen
I think the big issue here is that you need to be part of the 'in crowd' to
know that the DSA team is reached via the debian-admin list. It's not
logical, IMHO, for these to be related. I don't believe that these two
teams completely ignore the debian-security lists, as they obviously(IMHO)
have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lukas,
cryptsetup does not encrypted filesystems, so you must be mistaken
if you believe that you are remote unlocking of encrypted
filesystems with cryptsetup. Be specific about your configuration,
this is important in this case. Those looking
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/12/13 15:11, Lukas Schwaighofer wrote:
Hello Mike,
thanks for your answer.
On 12.02.2013 21:05, Mike Mestnik wrote:
What issue do you have, sounds like you are just generally
concerned. You should direct concerns to the authors
This is exactly why a higher level interface should be considered. If
you go about setting your own low level iptables rules then you would
also have the task of testing those rules.
I use shorewall and I've used firhol, both are good. Please consult
there results(the tables they generate) for
On 01/12/13 12:12, Daniel Curtis wrote:
Hi
Whether the Iceweasel 10.0.11 ESR package can be updated a little faster due
to several security issues? On January 8 Mozilla published about 20
Security Advisories[1]. Many distributions already have updated Firefox
to the
latest 18 and 10.0.12
On 12/12/12 12:02, Moritz Mühlenhoff wrote: On Wed, Dec 12, 2012 at
05:52:31PM +, adrelanos wrote:
Hi,
I do not want to discuss security implications of the upstream closed
source Adobe Flash plugin. This is about how the Flash plugin is
downloaded and installed in Debian.
On many Unix systems, the default umask is 022. This would be set
explicitly by init or not at all (000). If your writing an init
replacement, make sure to set umask then later you can read a config
file and set the umask to the user configured value.
See:
Also keep in mind on modern systems init is started from the initrd and
not by the kernel, so a good umask may be set there for init.
http://linux.die.net/man/8/pivot_root
On 12/05/12 10:28, Min Wang wrote:
HI
Could any one tell what is the default umask for kernel, init, cron? is
it
On 11/23/12 06:14, Milan P. Stanic wrote:
On Fri, 2012-11-23 at 02:22, Jordon Bedwell wrote:
On Fri, Nov 23, 2012 at 12:31 AM, Mike Mestnik
cheako+debian-secur...@mikemestnik.net wrote:
On 11/22/12 11:33, Laurentiu Pancescu wrote:
More likely: a vulnerability in their web service (some form
On 11/23/12 11:14, Cindy-Sue Causey wrote:
On 11/23/12, Mike Mestnik cheako+debian-secur...@mikemestnik.net wrote:
On 11/23/12 06:14, Milan P. Stanic wrote:
On Fri, 2012-11-23 at 02:22, Jordon Bedwell wrote:
Two days passed and no one say anything about infection vector.
Expect gibberish
On 11/22/12 11:33, Laurentiu Pancescu wrote:
On 11/22/12 14:13 , Milan P. Stanic wrote:
Nothing about infection vector, so it is non-issue, probably. Yes,
root can be faked to install it from some third party module or even
DKMS, but root shouldn't do such things without careful checking
On 09/14/12 00:47, Thijs Kinkhorst wrote:
Hi David,
On Fri, September 14, 2012 03:28, David Prevot wrote:
This is a notice to inform you, that our previous PGP/GPG key expired.
Thanks for notifying us on debian-security-announce@l.d.o, but I
disagree that such an announcement deserves a
On 08/07/12 08:49, Jordon Bedwell wrote:
Hi,
On 08/07/2012 08:15 AM, Laurie Mercer wrote:
Is it possible to set the umask to a value (in this case 27) at boot
time so that all daemon processes started at boot time will have this
umask by default (unless they override it)?
In Redhat this
On 08/07/12 11:09, Laurie Mercer wrote:
However, the other entries in this file are not in this format, rather
they use 'alias XXX off' format, e.g. rds is 'alias net-pf-21 off'. I
cannot see where the mapping between rds and net-pf-21 is, and according
to the man pages alias simply gives an
On 08/06/12 22:47, maestro wrote:
#please unsubscribe me from this list
# i do not find any link to do so.
# thank you.
Instructions can be found at the bottom, there is no link or URL.
This link explains things, I know it looks like useless fluff but read
at least the first 3 lines this
No reply on these, what should happen to get backports to carry secure
versions of bitcoin?
Thank you!
Original Message
Subject: Re: bitcoind: 0.3.24~dfsg-1~bpo60+1 policy on backports?
Date: Sun, 22 Jul 2012 22:52:20 +
From: Luke-Jr l...@dashjr.org
To: Mike Mestnik cheako
What's the policy(or usual outcome) on security issues in
squeeze-backports/main?
I'm told that 0.3.24 may be vulnerable to these at the vary least...
CVE-2012-1909, BIP-0016, CVE-2012-2459, and CVE-2012-3789
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
It doesn't look like
?
At the vary least I'd like to see these being tracked, if that's
appropriate.
Thank you.
On 07/22/12 16:55, Mike Mestnik wrote:
What's the policy(or usual outcome) on security issues in
squeeze-backports/main?
I'm told that 0.3.24 may be vulnerable to these at the vary least...
CVE-2012-1909, BIP-0016
Currently this(bitcoind) package is in back-ports.
I think things may have gotten mixed up, here is the publication:
https://bitcointalk.org/index.php?topic=81749.0
Here is what the bitcoin daemon says:
cheako@hades:~$ bitcoind getinfo
{
version : 32400,
balance : 0.,
blocks
To be honest I can't say one way or another about weather there are
security issues in X if one has malicious clients connected.
However I'm not having success discussing these matters over at
xorg-de...@lists.x.org. I'm not the most likable person and I've even
recently discovered that there a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/27/12 08:48, Yves-Alexis Perez wrote:
On mar., 2012-03-27 at 14:18 +0300, Rares Aioanei wrote:
I see that as a myth. Look at it this way: if an attacker already has
access to your machine, he/she can install anything he/she wants,
including
On 03/05/12 20:41, Fernando Mercês wrote:
Hi Stayvoid, how are you?
If you'll install grub in MBR, there is no need for primary partitions
since grub can nicely boot logical partitions.
Forget about that old technology, use GPT.
Regards,
Fernando Mercês
Linux Registered User #432779
On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
The problem is I cannot get sshd to log publickey denied errors to
/var/log/auth.log so our daemons can ban these users. I want to know
what happened to messages like
On 03/01/12 18:23, Bedwell, Jordon wrote:
On Thu, Mar 1, 2012 at 3:16 PM, Mike Mestnik che...@mikemestnik.net wrote:
On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
The problem is I cannot get sshd to log publickey denied
On 03/01/12 18:57, Russell Coker wrote:
On Fri, 2 Mar 2012, Jordon Bedwell envyge...@gmail.com wrote:
Run the command below.
grep ssh:1.%.30s@%.128s.s password: /usr/sbin/sshd; echo $?
If you don't get 1 as output, your sshd is compromised.
It returned 1, this happens on freshly installed
On 03/01/12 21:00, Bedwell, Jordon wrote:
On Thu, Mar 1, 2012 at 8:18 PM, Mike Mestnik che...@mikemestnik.net wrote:
On 03/01/12 18:57, Russell Coker wrote:
On Fri, 2 Mar 2012, Jordon Bedwell envyge...@gmail.com wrote:
Run the command below.
grep ssh:1.%.30s@%.128s.s password: /usr/sbin
On 03/01/12 21:16, Mike Mestnik wrote:
On 03/01/12 21:00, Bedwell, Jordon wrote:
On Thu, Mar 1, 2012 at 8:18 PM, Mike Mestnik che...@mikemestnik.net wrote:
On 03/01/12 18:57, Russell Coker wrote:
On Fri, 2 Mar 2012, Jordon Bedwell envyge...@gmail.com wrote:
Run the command below.
grep ssh
On 02/08/12 02:41, Laurentiu Pancescu wrote:
On 2/8/12 09:53 , v...@lab127.karelia.ru wrote:
Today I found next things at squeeze. Please help to fix, I've no
experience in such tasks.
As Fabian already mentioned, you cannot know what an attacker changed
in the system (especially now that
On 02/08/12 18:07, Russell Coker wrote:
On Thu, 9 Feb 2012, Stephen Hemminger shemmin...@vyatta.com wrote:
The advice I heard is trust nothing (even reflash the BIOS).
Do you know of any real-world exploits that involve replacing the BIOS? It's
been theoretically possible for a long time but
On 01/12/12 04:19, Poison Bit wrote:
On Thu, Jan 12, 2012 at 7:48 AM, Davit Avsharyan avshar...@gmail.com wrote:
I know how to change it :). I just wanted to understand why it comes with
755 and not 700 ?
Few years ago, if I'm not mistaken, everything was 700.
The commit log(2000) is: Load
On 01/12/12 16:16, Karl Goetz wrote:
On Thu, 12 Jan 2012 11:19:41 +0100
Poison Bit poison...@gmail.com wrote:
On Thu, Jan 12, 2012 at 7:48 AM, Davit Avsharyan
avshar...@gmail.com wrote:
I know how to change it :). I just wanted to understand why it
comes with 755 and not 700 ?
Few years
On 01/12/12 17:32, Bichoy Waguih wrote:
Hello Debian World,
I have a small problem with Debian NIS authentication. Mainly, I have NIS
server running on a Mandriva Linux machine and I want to configure a
Debian
machine to be a client for this NIS server.
The Debian client receives the
On 01/02/12 15:52, Yann Autissier wrote:
On 22/12/2011 18:02, Mariusz Kruk wrote:
W dniu 2011-12-22 17:01, Yann Autissier pisze:
I am using the libnss-ldap and libpam-ldap packages with default
configuration.
NSS is configured to allow passwd and group resolution over ldap.
user@host:~$
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/11 13:32, Kees de Jong wrote:
Hi,
I'm running Debian Squeeze and I want to save my ip6table configuration
with the iptables-persistent tool.
To save an ipv4 table I use 'iptables-save /etc/iptables/rules', the
configuration file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/16/11 00:13, Ritesh Raj Sarraf wrote:
Hello Mike,
Yes, That'd be debian-security@lists.debian.org, Cced with this email.
Ritesh
On 11/16/2011 11:15 AM, Mike Christie wrote:
Hey Ritesh,
Does Debian have some sort of security list? I
It is usual to have to restart services to load security updates? Is
this something to be corrected or should I be diligent and restart
services periodically?
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Henrique de Moraes Holschuh wrote:
You know, it would help if you actually read what you replied to.
start-stop-daemon(8) says
/proc/pid/exe is used. On my system that is a symbolic link. What I
wold do if I was to write start-stop-daemon is read the link and match
that value with the
On 05/11/11 01:37, helpermn wrote:
On Tue, 10 May 2011, Henrique de Moraes Holschuh h...@debian.org wrote:
On Tue, 10 May 2011, helpermn wrote:
I imagine why files listed below have 666 file mode bits set:
/var/run/checkers.pid
/var/run/vrrp.pid
/var/run/keepalived.pid
/var/run/starter.pid
On 05/11/11 13:23, Henrique de Moraes Holschuh wrote:
On Wed, 11 May 2011, Mike Mestnik wrote:
On 05/11/11 01:37, helpermn wrote:
On Tue, 10 May 2011, Henrique de Moraes Holschuh h...@debian.org wrote:
On Tue, 10 May 2011, helpermn wrote:
I imagine why files listed below have 666 file mode
Pascal Weller wrote:
Hi All
The various tools for integrity checks (aide, integrit, tripwire, etc)
do check timestamp, uid/gui, permissions, checksum, inode etc. of the
files on an system, compare them to the last know-good state and warn
about changes.
I'm wondering why I should care
Michael Cassano wrote:
Clearly what is needed is a better explanation of this list and
what it is
for, including sections for Rules and Etiquette. Though I feel
Rules and
Etiquette may be common to all lists.debian.org
http://lists.debian.org.
More documentation would
Jim Popovitch wrote:
On Wed, Dec 15, 2010 at 07:00, John Keimel j...@keimel.com wrote:
On Wed, Dec 15, 2010 at 6:49 AM, Ashley Taylor ash...@getdarker.com wrote:
Hi,
http://tinyurl.com/ybpctcz
Please particularly note items on jeopardy reply or Top posting
and trimming.
+1
Julien Patriarca wrote:
Maybe the all of that starting point was obviously out of the scope of
this mailing list, but it seems to catch the interest of everyone
seeing how many answers have been posted.
Just stop with all that rubbish and get back to the main topic :
security in Debian.
A
Ashvin Narayanan wrote:
This probably isn't the best place to ask but I couldn't find a better one.
How do I obtain information about my Lenny installation? Is there a
command that tells me the version number?
Thanks,
Ash
http://www.debian.org/doc/FAQ/ch-software.en.html#s-isitdebian
Ash Narayanan wrote:
Wow, what has this thread turned into!?
It started off as a simple question that could have been answered with
one of two possible replies, namely, the solution itself or a
suggestion to move this query to a more appropriate mailing list.
Thank you to all of you whose
`-'(. .)`-'
http://iguanasuicide.net/ \_/
--
Mike Mestnik
Technical Team
___
Nagios Enterprises, LLC
Email: mmest...@nagios.com
Web: www.nagios.com
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
Are there any applications or projects to provide this *badly needed
service? I'm willing to assist in using or putting together an nmap
type applications that scans for known vulnerabilities and attempts to
make use of them for security awareness and _,*prof*,_ of concept
means.
Rant:
* Too
On Fri, Sep 11, 2009 at 9:11 AM, Nick Boycen...@glimmer.adsl24.co.uk wrote:
Mlor Apac wrote:
What's the status of debian (and linux kernel in general) regarding this
recent TCP vulnerability? I have been unable to find any precise
information.
I too am wondering about this.
The basic
Is there any suggestions as to where I could get reliable information related to
this topic? For example what do Debian Developers do with there private keys?
Well, I might as well try and take a stab at it. I'll rate my
suggestions from 1 to 5
based on how well I understand the issue a 1 would
Are there any guide lines for the Web-Of-Trust projects surrounding
Debian or in general? I have had a number of problems with private keys
over these past years that I've used PKI, forgetting the password,
loosing(what partition/server/drive) the file, drive corruption,
accidental deletes. I've
51 matches
Mail list logo