On Mon, Apr 14, 2014 at 10:34:29PM -0400, shawn wilson wrote:
> On Apr 14, 2014 10:11 PM, "Richard Hector" wrote:
> > They don't need to send an email, or anything intrusive. They just need
> > to put a big notice on the login page of their internet banking site -
> > along with (or instead of) al
On Tue, Apr 15, 2014 at 12:44 AM, Chris Bannister
wrote:
> On Mon, Apr 14, 2014 at 08:59:30PM -0400, shawn wilson wrote:
>> On Apr 14, 2014 11:01 AM, "Chris Bannister"
>> wrote:
>> >
>> > On Mon, Apr 14, 2014 at 01:55:04AM -0500, Stan Hoeppner wrote:
>> > > On 4/13/2014 10:03 PM, Chris Bannister
On Mon, Apr 14, 2014 at 08:59:30PM -0400, shawn wilson wrote:
> On Apr 14, 2014 11:01 AM, "Chris Bannister"
> wrote:
> >
> > On Mon, Apr 14, 2014 at 01:55:04AM -0500, Stan Hoeppner wrote:
> > > On 4/13/2014 10:03 PM, Chris Bannister wrote:
> > > ...
> > > > considering it is a catastrophe worse th
On 20140414_1902+, Артур Истомин wrote:
> On Mon, Apr 14, 2014 at 06:44:06PM +0100, Lisi Reisz wrote:
> > On Monday 14 April 2014 17:49:59 Lisi Reisz wrote:
> >
> > > But I am still getting, as I did in the first place,
> > >
> > > Installed plugins
> > > Find updates for installed plugins at
On Apr 14, 2014 10:11 PM, "Richard Hector" wrote:
>
> On 15/04/14 12:59, shawn wilson wrote:
> >> That statement was made in the sense that at least the bank could have
> >> > issued a statement along the lines of 'you may have heard of the
> >> > heartbleed bug, we can assure all of our customers
On 15/04/14 12:59, shawn wilson wrote:
>> That statement was made in the sense that at least the bank could have
>> > issued a statement along the lines of 'you may have heard of the
>> > heartbleed bug, we can assure all of our customers that we are not
>> > affected by this bug and there is no ne
On Apr 14, 2014 9:15 PM, "John Hasler" wrote:
>
> shawn wilson writes:
> > No, I don't want to hear from my bank unless there's a problem. If
> > everything is going OK, don't spam me. If its not, by all means, let
> > me know. This didn't affect them so don't tell me anything.
>
> You assume that
shawn wilson writes:
> No, I don't want to hear from my bank unless there's a problem. If
> everything is going OK, don't spam me. If its not, by all means, let
> me know. This didn't affect them so don't tell me anything.
You assume that they would tell you if they were affected.
If I did any on
On Apr 14, 2014 11:01 AM, "Chris Bannister"
wrote:
>
> On Mon, Apr 14, 2014 at 01:55:04AM -0500, Stan Hoeppner wrote:
> > On 4/13/2014 10:03 PM, Chris Bannister wrote:
> > ...
> > > considering it is a catastrophe worse than the Y2K bug.
> >
> > This is several orders of magnitude less severe than
> You have to find the exact package and install it by name, not just
>
> plug a word in and panic!! As you see, I have multiarch-support
>
> installed. If you _can't_ see that I have multiarch-support
>
> installed, and I am assuming too much, then I suggest that you read
>
> up a bit on
On 15/04/14 02:03, Stan Hoeppner wrote:
>> I certainly wouldn't jump to conclusions that they're a bank therefore
>> > they use IBM mainframes therefore they don't use OpenSSL therefore
>> > they're invulnerable,
> I jumped to no conclusion. Do you see the word "bank" in my original
> statement b
On Sunday 13 April 2014 19:27:31 ray wrote:
> > Would it be worth just trying installing multiarch? With one of
> > the apt family. (I use aptitude). I agree that it is not
> > obviously
>
> # apt-get install multiarch
> Reading package lists... Done
> Building dependency tree
> Reading state in
On 14/04/14 16:26, Reco wrote:
Hi.
On Mon, Apr 14, 2014 at 12:46:52PM +0100, José Silva wrote:
Hello,
I have a sid system since a long time and I'm very happy with it. It
started using gnome 2 when I switched from MS but now has xfce and
compiz using the common Glossy theme.
Since a few weeks
On 04/13/2014 08:01 PM, ray wrote:
Do you have Synaptic installed?? Use that to hunt down and install your
packages. If the wheezy version fails you then try the run package ...as
a last resort. Or, upgrade to jessie to legally get the latest and
greatest. That is what I did to get the newer vers
On Monday 14 April 2014 20:02:18 Артур Истомин wrote:
> Lisi, I am very stupid man, sorry for that. Make this:
No, you are very helpful. And I liked the "let's do this all
together". :-) All's well that ends well. :-)
Lisi
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with
On Mon, Apr 14, 2014 at 07:11:42PM +0100, Lisi Reisz wrote:
> On Monday 14 April 2014 17:49:59 Lisi Reisz wrote:
> > On Sunday 13 April 2014 15:58:01 Артур Истомин wrote:
> > [snip]
> >
> > > So, let's upgrade this stupid software manualy together =)
> >
> > Great, Артур! Thanks.
> >
> > > links:
On Mon, Apr 14, 2014 at 06:44:06PM +0100, Lisi Reisz wrote:
> On Monday 14 April 2014 17:49:59 Lisi Reisz wrote:
>
> > But I am still getting, as I did in the first place,
> >
> > Installed plugins
> > Find updates for installed plugins at mozilla.com/plugincheck
> > Shockwave Flash
> >
> > Fi
On Monday 14 April 2014 17:49:59 Lisi Reisz wrote:
> On Sunday 13 April 2014 15:58:01 Артур Истомин wrote:
> [snip]
>
> > So, let's upgrade this stupid software manualy together =)
>
> Great, Артур! Thanks.
>
> > links:
> > http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.350
> >/i in
On Monday 14 April 2014 17:49:59 Lisi Reisz wrote:
> But I am still getting, as I did in the first place,
>
> Installed plugins
> Find updates for installed plugins at mozilla.com/plugincheck
> Shockwave Flash
>
> File: libflashplayer.so
> Path: /home/lisi/.mozilla/plugins/libflashplayer.s
I got it working by following this page:
http://roger.steneteg.org/299/mount-mtp-device-on-debian-7-wheezy/
supports copy from device, except it seems to only copy media files,
(text and nfo doesn't work)
So i guess for now, a virtualbox is required to copy all the files i
wanna copy :(
--
To
On Sunday 13 April 2014 15:58:01 Артур Истомин wrote:
[snip]
> So, let's upgrade this stupid software manualy together =)
Great, Артур! Thanks.
> links:
> http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.350/i
>install_flash_player_11_linux.x86_64.tar.gz - for amd64
> http://fpdownl
Le 14.04.2014 18:23, Chris Angelico a écrit :
On Tue, Apr 15, 2014 at 2:20 AM,
wrote:
The package my colleague needs is iptraf, from lenny.
Is it the same as iptraf in Wheezy?
https://packages.debian.org/stable/net/iptraf
ChrisA
It seems yes, there are only 2 debian versions between th
On Tue, Apr 15, 2014 at 2:20 AM, wrote:
> The package my colleague needs is iptraf, from lenny.
Is it the same as iptraf in Wheezy?
https://packages.debian.org/stable/net/iptraf
ChrisA
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble
Le 14.04.2014 18:08, Reco a écrit :
Hi.
On Mon, Apr 14, 2014 at 05:59:20PM +0200,
berenger.mo...@neutralite.org wrote:
Hi.
We have the need at work to install a package on a lenny Debian.
I know that it's quite old ( older than oldstable btw! ) but I only
learned it's existence at the momen
Hi.
On Mon, Apr 14, 2014 at 05:59:20PM +0200, berenger.mo...@neutralite.org wrote:
> Hi.
>
> We have the need at work to install a package on a lenny Debian.
>
> I know that it's quite old ( older than oldstable btw! ) but I only
> learned it's existence at the moment. To do things quickly, we h
Hi.
We have the need at work to install a package on a lenny Debian.
I know that it's quite old ( older than oldstable btw! ) but I only
learned it's existence at the moment. To do things quickly, we have to
find an old copy of the packages. Maybe there is an old iso of lenny
somewhere?
--
Marko,
> Of course you are, in one of previous posts you got a solution but looks
> like you missed it :)
Thank you for responding. I have overlooked it a couple times now; going back
through, I don't see it. Please suggest what it was, I can't see what I am
missing.
Ray
--
To UNSUBSCRIBE
Hi.
On Mon, Apr 14, 2014 at 12:46:52PM +0100, José Silva wrote:
> Hello,
>
> I have a sid system since a long time and I'm very happy with it. It
> started using gnome 2 when I switched from MS but now has xfce and
> compiz using the common Glossy theme.
>
> Since a few weeks, some applications
For those interested:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
--Dave
smime.p7s
Description: S/MIME Cryptographic Signature
On Mon, Apr 14, 2014 at 01:55:04AM -0500, Stan Hoeppner wrote:
> On 4/13/2014 10:03 PM, Chris Bannister wrote:
> ...
> > considering it is a catastrophe worse than the Y2K bug.
>
> This is several orders of magnitude less severe than Y2K.
I read https://www.schneier.com/blog/archives/2014/04/he
PaulNM wrote:
On 04/13/2014 10:16 PM, Hugo Vanwoerkom wrote:
Hi,
So I got a script that backs up the USB stick to a file and restores a
(larger) USB stick from that file all using dd. It is here:
http://paste.debian.net/93598
That's small enough that you should have included it in the emai
On 4/14/2014 6:41 AM, Richard Hector wrote:
> On 14/04/14 23:31, Stan Hoeppner wrote:
BTW, you shouldn't focus only on banks either. There are a lot of
popular services that use free software a lot, some of which happen to
include payment functionality.
>> I did not "focusing on bank
is it really necessary to discuss this on this list?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/c62d2a36796a92df309092b679802...@cyberh0me.net
On 14/04/14 19:49, Curt wrote:
> On 2014-04-14, Richard Hector wrote:
>>
>> This one, on the other hand, was generally not predicted, and was widely
>> exploited before people got a chance to fix it. That's presumably still
>> going on.
>
> Widely exploited?
>
> http://en.wikipedia.org/wiki/Hear
On Sun, Apr 13, 2014 at 9:01 PM, ray wrote:
>
> I did not find the fglrx package in Synaptic. I did find some multiarch
> packages which I installed. But the initial error of not finding the
> architecture was persistent.
>
It is in the non-free section. Perhaps you have not include that
secti
On Mon, Apr 14, 2014 at 11:22 PM, Joel Rees wrote:
> On Mon, Apr 14, 2014 at 8:41 PM, Richard Hector
> wrote:
>>
>> The only local bank I've heard any info about is Kiwibank, who are
>> apparently not vulnerable due to running their systems on Windows.
>
>
> That's a laugh. Not vulnerable to this
On Mon, Apr 14, 2014 at 8:41 PM, Richard Hector wrote:
> On 14/04/14 23:31, Stan Hoeppner wrote:
> >> > BTW, you shouldn't focus only on banks either. There are a lot of
> >> > popular services that use free software a lot, some of which happen to
> >> > include payment functionality.
> > I did no
On Mon, Apr 14, 2014 at 1:37 AM, Ralf Mardorf
wrote:
>
>
> On Sun, 2014-04-13 at 09:33 +0900, Joel Rees wrote:
> > In what sense do you mean hacked?
> > Cracked, as in passwords and other sensitive information
>
> Exactly in this way.
But how serious is the current exposure?
I was trying to sep
Stan Hoeppner:
> On 4/14/2014 5:53 AM, Jochen Spieker wrote:
>> Stan Hoeppner:
>>>
>>> This problem only exists *if* these devices connect to a compromised or
>>> rogue host via SSL/TLS *and* the user hasn't reset and or deleted
>>> locally cached usernames and passwords.
>>
>> That is not the wh
Hello,
I have a sid system since a long time and I'm very happy with it. It
started using gnome 2 when I switched from MS but now has xfce and
compiz using the common Glossy theme.
Since a few weeks, some applications ceased to show windows decorations,
or at least not having the configured
On 14/04/14 23:31, Stan Hoeppner wrote:
>> > BTW, you shouldn't focus only on banks either. There are a lot of
>> > popular services that use free software a lot, some of which happen to
>> > include payment functionality.
> I did not "focusing on banks". I replied to Chris Bannister's statement
>
Hi.
On Mon, Apr 14, 2014 at 04:31:18AM -0400, shawn wilson wrote:
> It might be possible for an openvpn server to initiate a heartbeat sequence
> with a client. And therefore for a rogue server to exploit this. I don't
> believe
> this to be the case however and I can't think of any other way of
On 4/14/2014 5:53 AM, Jochen Spieker wrote:
> Stan Hoeppner:
>> On 4/13/2014 10:03 PM, Chris Bannister wrote:
>>
>>> Then there is also the very serious issue of embedded devices using
>>> openssl. Tablets, smartphones, routers, ... etc. etc.
>>
>> This problem only exists *if* these devices conne
On 2014-04-14, Joel Rees wrote:
>> Secondly - do you know who runs it? I don't. If I wanted to harvest a
>> bunch of potentially vulnerable sites, setting up a test site is how I'd
>> do it ...
>>
>> Richard
>
>
> Thank you, Richard, for expressing that better than I could.
I know (and so would
Heads up, guys!
On Mon, Apr 14, 2014 at 9:05 AM, Richard Hector wrote:
> On 13/04/14 23:43, Curt wrote:
> > On 2014-04-13, Eduardo M KALINOWSKI wrote:
> >> On 20h20 12 de Abril de 2014, Steve Litt wrote:
> >>> I'm changing every password: That's about 100 of them.
> >>
> >> That's a good thing t
Stan Hoeppner:
> On 4/13/2014 10:03 PM, Chris Bannister wrote:
>
>> Then there is also the very serious issue of embedded devices using
>> openssl. Tablets, smartphones, routers, ... etc. etc.
>
> This problem only exists *if* these devices connect to a compromised or
> rogue host via SSL/TLS *an
On 2014-04-14, Brian wrote:
>
> The increase in the bank balances of many consultants is well-documented
> as part of the history of the Y2K period. What is is still under discussion
> is whether the failure of a set of traffic lights in Alice Springs was its
> only major effect.
>
My understandin
On 2014-04-14, Richard Hector wrote:
>
> My understanding is that it has been widely exploited _since_ disclosure.
>
> I could be wrong, of course - I think I heard it in chat around the office.
>
No kidding.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "
On 14/04/14 21:49, Curt wrote:
> On 2014-04-14, Richard Hector wrote:
>> >
>> > This one, on the other hand, was generally not predicted, and was widely
>> > exploited before people got a chance to fix it. That's presumably still
>> > going on.
> Widely exploited?
>
> http://en.wikipedia.org/wiki
On 2014-04-14, Richard Hector wrote:
>
> This one, on the other hand, was generally not predicted, and was widely
> exploited before people got a chance to fix it. That's presumably still
> going on.
Widely exploited?
http://en.wikipedia.org/wiki/Heartbleed
Possible exploitation prior to disclo
On Mon 14 Apr 2014 at 21:15:23 +1200, Richard Hector wrote:
> On 14/04/14 18:55, Stan Hoeppner wrote:
> >
> > This is several orders of magnitude less severe than Y2K.
>
> Y2K was extensively predicted, a lot of people did a lot of work to
> avoid it, and in the end it wasn't very significant, n
Le 14/04/2014 06:26, Britton Kerin a écrit :
> The installer correctly detects a Ralink RT3290 and seems to think its
> going to be
> able to work with it, but then it always fails (I think at the DHCP
> stage) to actually
> manage to connect to the network.
>
> Has anyone else encountered this is
On 14/04/14 18:55, Stan Hoeppner wrote:
> On 4/13/2014 10:03 PM, Chris Bannister wrote:
> ...
>> considering it is a catastrophe worse than the Y2K bug.
>
> This is several orders of magnitude less severe than Y2K.
Y2K was extensively predicted, a lot of people did a lot of work to
avoid it, an
Zenaan Harkness writes:
> On 4/9/14, Kushal Kumaran wrote:
>> Zenaan Harkness writes:
>>> Any idea why the following:
>>>
>>> $ dpkg -s debmirror|grep Status
>>> Status: install ok installed
>>>
>>> $ apt-cache show debmirror|grep Depends
>>> Depends: perl (>= 5.10), libnet-perl, libdigest-md5-
It might be possible for an openvpn server to initiate a heartbeat sequence
with a client. And therefore for a rogue server to exploit this. I don't
believe this to be the case however and I can't think of any other way of
exploiting this.
If you can get openvpn to use named sockets, you should be
Hello All,
I am not entirely sure if this is right place to ask, but I thought I
would start here.
We have a client who has several dozen remote locations all connected
to the head office via OpenVPN tunnels. OpenVPN is form the Debian
packages.
The version of OpenSSL on the head offic
56 matches
Mail list logo