On Tue, Oct 15, 2019 at 11:13:00AM +1100, Keith Bainbridge wrote:
> I have an issue trying to run an alias. I get 'alias' not found error. So I
> sym-linked my .bashrc into /root. Same result.
... huh?
> If I su, get # prompt and 'alias' works. Typing alias gets list as
> expected. exit. Try su
On 9/10/19 1:42 am, Jonathan Dowland wrote:
Now to make that info useful. I have back-up disks mount noexec and then
unmount as part of the script. BUT I've had a couple of instances of the
back landing in the mount point for some reason. If the script is on the
disk, it can only run if the disk
On 9/10/19 1:42 am, Jonathan Dowland wrote:
Yes that sounds correct: if the mount didn't happen, the script isn't
there, so it won't run.
I meant to say that I'd get cron to mount the disk, then run the script
and unmount it.
Thanks again Jonathan.
--
Keith Bainbridge
ke1th3...@gmail.com
On 8/10/19 6:56 pm, Curt wrote:
The seminal vector of the ANU attack (a concerted, determined, and
sophisticated affair that might very well have been carried out by state
operatives) was social (as in engineering);
When the report that another Government may have been behind the attack,
it w
On Tue Oct 8, 2019 at 5:35 PM Keith Bainbridge wrote:
> So I put noexec under the heading of it may deter somebody who is
> looking for easy targets.
Yes I think of it like a speed bump, rather than a barrier.
> bash without the -c will run a script however.
Yes.
> Now to make that info useful
On 2019-10-08, Keith Bainbridge wrote:
>
> So I put noexec under the heading of it may deter somebody who is
> looking for easy targets.
>
The seminal vector of the ANU attack (a concerted, determined, and
sophisticated affair that might very well have been carried out by state
operatives) was s
On 8/10/19 12:45 am, Jonathan Dowland wrote:
On Mon, Oct 07, 2019 at 10:49:01AM +1100, Keith Bainbridge wrote:
Well I think the bash line means that the bash command uses ~/whatever
as data (which it could do without the x switch?) like any program
does with data files. I wasn't aware of this.
On Mon, Oct 07, 2019 at 02:46:54PM +0100, Jonathan Dowland wrote:
> On Sat, Oct 05, 2019 at 12:10:14PM +0200, to...@tuxteam.de wrote:
> >I'm pretty confident that they'll work. Firstly, Jonathan
> >knows his stuff.
>
> that's generous, thank you!
C'mon. Thank *you* for your work on Debian. *That*
On Sat, Oct 05, 2019 at 12:10:14PM +0200, to...@tuxteam.de wrote:
I'm pretty confident that they'll work. Firstly, Jonathan
knows his stuff.
that's generous, thank you!
--
👱🏻 Jonathan Dowland
✎ j...@dow.land
🔗 https://jmtd.net
On Mon, Oct 07, 2019 at 10:49:01AM +1100, Keith Bainbridge wrote:
Well I think the bash line means that the bash command uses ~/whatever
as data (which it could do without the x switch?) like any program
does with data files. I wasn't aware of this. I read later the the -c
is not necessary, and
On Sat, Oct 05, 2019 at 12:14:28PM -, Curt wrote:
> On 2019-10-05, wrote:
> I meant
>
> bash -c "~/whatever"
>
> appears to be faulty (for one reason or another.
For two reasons.
First, the -c. That's been explained already.
Second, the quotes around the tilde cause tilde expansion not
Hello,
On Thu, Oct 03, 2019 at 08:05:27AM -0400, rhkra...@gmail.com wrote:
> On Thursday, October 03, 2019 06:23:20 AM Andrew McGlashan wrote:
> > There have been numerous bugs with LookOut (otherwise known as
> > Outlook), running scripts and having other vulnerabilities due to
> > preview pane b
On 5/10/19 1:22 am, Jonathan Dowland wrote:
On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
I wonder if having /home on a 'noexec' partition would stop this
attack, please?
I don't know specifically about this attack, but noexec is trivial to
circumvent. Here's three ways:
On Sat, Oct 05, 2019 at 12:14:28PM -, Curt wrote:
> On 2019-10-05, wrote:
> >
> > # But we can bypass it with Jonathan's first method:
> > tomas@trotzki:~$ /bin/sh bar/hello
> > hello, world
> >
>
> I meant
>
> bash -c "~/whatever"
>
> appears to be faulty (for one reason or another
On 2019-10-05, wrote:
>
> # But we can bypass it with Jonathan's first method:
> tomas@trotzki:~$ /bin/sh bar/hello
> hello, world
>
I meant
bash -c "~/whatever"
appears to be faulty (for one reason or another.
--
"There are no foreign lands. It is the traveler only who is foreign."
-
On Sat, Oct 05, 2019 at 09:39:06AM -, Curt wrote:
> On 2019-10-05, Keith Bainbridge wrote:
>
> > I'm still lurking here, but not sure what this suggestion means.
>
> He's not making one.
>
> He's offering examples of the trivial circumvention of the noexec option
> (but they all appear to b
On 2019-10-05, Keith Bainbridge wrote:
> I'm still lurking here, but not sure what this suggestion means.
He's not making one.
He's offering examples of the trivial circumvention of the noexec option
(but they all appear to be faulty for one reason or another).
> Please expand.
>
> On 5/10/19
On Sat, Oct 05, 2019 at 06:02:32PM +1000, Keith Bainbridge wrote:
> I'm still lurking here, but not sure what this suggestion means.
>
> Please expand.
I don't really understand your question. Otherwise I'd try to answer.
Could you be more explicit?
Cheers
-- tomás
signature.asc
Description:
I'm still lurking here, but not sure what this suggestion means.
Please expand.
On 5/10/19 1:22 am, Jonathan Dowland wrote:
On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
I wonder if having /home on a 'noexec' partition would stop this
attack, please?
I don't know specifi
On Fri Oct 4, 2019 at 12:10 PM Greg Wooledge wrote:
Yes, you're absolutely correct. Jonathan must be having a bad day.
I actually had a great day! But I am guilty of only testing the things I
wrote on a filesystem which wasn't actually mounted noexec. (the quotes,
I added by mistake in the ema
On Fri, Oct 04, 2019 at 06:05:13PM +0200, to...@tuxteam.de wrote:
> On Fri, Oct 04, 2019 at 11:56:44AM -0400, Greg Wooledge wrote:
> > On Fri, Oct 04, 2019 at 05:52:45PM +0200, Sven Joachim wrote:
> > > On 2019-10-04 16:22 +0100, Jonathan Dowland wrote:
> > > > Here's three ways:
> > > >
> > > >
On Fri, Oct 04, 2019 at 11:56:44AM -0400, Greg Wooledge wrote:
> On Fri, Oct 04, 2019 at 05:52:45PM +0200, Sven Joachim wrote:
> > On 2019-10-04 16:22 +0100, Jonathan Dowland wrote:
> > > Here's three ways:
> > >
> > >bash -c "~/whatever"
> >
> > Does not work, bash reports "Permission denied"
On Fri, Oct 04, 2019 at 05:52:45PM +0200, Sven Joachim wrote:
> On 2019-10-04 16:22 +0100, Jonathan Dowland wrote:
>
> > On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
> >> I wonder if having /home on a 'noexec' partition would stop this
> >> attack, please?
> >
> > I don't know
On Fri, Oct 04, 2019 at 05:52:45PM +0200, Sven Joachim wrote:
> On 2019-10-04 16:22 +0100, Jonathan Dowland wrote:
> > Here's three ways:
> >
> >bash -c "~/whatever"
>
> Does not work, bash reports "Permission denied".
The quotes shouldn't be there.
wooledg:~$ rm foo; echo 'echo hi' > foo; l
On 2019-10-04 16:22 +0100, Jonathan Dowland wrote:
> On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
>> I wonder if having /home on a 'noexec' partition would stop this
>> attack, please?
>
> I don't know specifically about this attack, but noexec is trivial to
> circumvent.
Is
On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
I wonder if having /home on a 'noexec' partition would stop this
attack, please?
I don't know specifically about this attack, but noexec is trivial to
circumvent. Here's three ways:
bash -c "~/whatever"
cp ~/whatever /tmp
On 2019-10-04, wrote:
>
> Well -- that thing I implicitly mentioned was EFAIL [1], which could
> leak a PGP encrypted content by crafting a broken MIME/HTML container
> around it. You could argue that the MIME parser is broken, but software
> tends to be broken in various and creative ways always
On Fri, Oct 04, 2019 at 12:24:14PM +0100, Brian wrote:
> On Fri 04 Oct 2019 at 12:53:39 +0200, to...@tuxteam.de wrote:
> > On Fri, Oct 04, 2019 at 11:28:24AM +0100, Brian wrote:
[...]
> > > That's *after* the mail is opened.
> >
> > That even complicates the challenge to define the meaning of "o
On Fri 04 Oct 2019 at 12:53:39 +0200, to...@tuxteam.de wrote:
> On Fri, Oct 04, 2019 at 11:28:24AM +0100, Brian wrote:
> > On Fri 04 Oct 2019 at 11:36:02 +0200, to...@tuxteam.de wrote:
> >
> > > On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote:
> > >
> > > [...]
> > >
> > > > > Yes, "our"
On Fri, Oct 04, 2019 at 11:28:24AM +0100, Brian wrote:
> On Fri 04 Oct 2019 at 11:36:02 +0200, to...@tuxteam.de wrote:
>
> > On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote:
> >
> > [...]
> >
> > > > Yes, "our" security story is way better than theirs [...]
> >
> > [edit: I forgot to put
On Fri 04 Oct 2019 at 11:36:02 +0200, to...@tuxteam.de wrote:
> On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote:
>
> [...]
>
> > > Yes, "our" security story is way better than theirs [...]
>
> [edit: I forgot to put "theirs" in quotes]
>
> > A single reliable, well-documented and repeata
On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote:
[...]
> > Yes, "our" security story is way better than theirs [...]
[edit: I forgot to put "theirs" in quotes]
> A single reliable, well-documented and repeatable example of a problem
> caused by pressing enter or clicking on a mail would g
On Fri 04 Oct 2019 at 10:49:49 +0200, to...@tuxteam.de wrote:
> On Thu, Oct 03, 2019 at 08:54:10PM +0100, Brian wrote:
>
> [...]
>
> > Opening an email causes no problem to the system on Debian. We would be
> > in deep trouble if it did. Does that address your concern?
>
> Woah. A sweeping asse
On Thu, Oct 03, 2019 at 08:54:10PM +0100, Brian wrote:
[...]
> Opening an email causes no problem to the system on Debian. We would be
> in deep trouble if it did. Does that address your concern?
Woah. A sweeping assertion which would start making sense if you
tried to explain what "opening an e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 4/10/19 6:17 am, Joe wrote:
> On Thu, 3 Oct 2019 20:54:10 +0100 Brian
> wrote:
>
>
>>
>> Opening an email causes no problem to the system on Debian. We
>> would be in deep trouble if it did.
>
> That has been my experience, but I did bri
Yes Brian - precisely.
Thanks.
And Joe has repeated you, with a few suggestions to 'improve' the situation.
Now to convince people to switch. I believe it is easier than adjusting
to recent updates elsewhere, but...
Worth trying though.
Keith Bainbridge
keithrbaugro...@gmail.
On Thu, 3 Oct 2019 20:54:10 +0100
Brian wrote:
>
> Opening an email causes no problem to the system on Debian. We would
> be in deep trouble if it did.
That has been my experience, but I did bring some cautious habits from
Windows, I don't render HTML and don't use a preview window and I
do
On Thu 03 Oct 2019 at 10:28:58 +1000, Keith Bainbridge wrote:
>
> On 3/10/19 5:05 am, Brian wrote:
> > The starting post has nothing to do with Debian and, one may notice, the
> > OP has not reappeared to join the conversation and give his considered
> > opinion. It's a typical c'mon post which s
On Thursday 03 October 2019 09:24:16 rhkra...@gmail.com wrote:
> On Thursday, October 03, 2019 09:03:57 AM Gene Heskett wrote:
> > On Thursday 03 October 2019 08:05:27 rhkra...@gmail.com wrote:
> > > (I'm still using Wheezy with kmail 1.13.7 as my daily driver.)
> >
> > Wow! Thats newer than mine
On Thursday, October 03, 2019 09:03:57 AM Gene Heskett wrote:
> On Thursday 03 October 2019 08:05:27 rhkra...@gmail.com wrote:
> > (I'm still using Wheezy with kmail 1.13.7 as my daily driver.)
>
> Wow! Thats newer than mine, but I'm running TDE. But the emphasis on
> progress for TDE has been o
On 2019-10-03, rhkra...@gmail.com wrote:
> On Thursday, October 03, 2019 06:23:20 AM Andrew McGlashan wrote:
>> There have been numerous bugs with LookOut (otherwise known as
>> Outlook), running scripts and having other vulnerabilities due to
>> preview pane being open. I try to encourage people
On Thursday 03 October 2019 08:05:27 rhkra...@gmail.com wrote:
> On Thursday, October 03, 2019 06:23:20 AM Andrew McGlashan wrote:
> > There have been numerous bugs with LookOut (otherwise known as
> > Outlook), running scripts and having other vulnerabilities due to
> > preview pane being open.
On Thursday, October 03, 2019 06:23:20 AM Andrew McGlashan wrote:
> There have been numerous bugs with LookOut (otherwise known as
> Outlook), running scripts and having other vulnerabilities due to
> preview pane being open. I try to encourage people NOT to have a
> preview pane, but people will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 3/10/19 10:28 am, Keith Bainbridge wrote:
...
Well, given the fact that too many emails these days are HTML type;
ala web based they are suspect to email programs running
javascript and/or other scripting languages due to default setting
So it's not just 4 major regional hospitals here. Could it be the
attacks are connected.
By the bye, I a current-time documentary earlier this year, in a local
public hospital with what looked very like WinXP on the monitor behind
the doctor being interviewed.
Keith Bainbridge
keithrbaug
On 3/10/19 5:05 am, Brian wrote:
The starting post has nothing to do with Debian and, one may notice, the
OP has not reappeared to join the conversation and give his considered
opinion. It's a typical c'mon post which should have been ignored.
Oops, pushed the wrong keys, and replied only t
On Thu, Oct 3, 2019, 1:00 AM Lee wrote:
> On 10/2/19, Henning Follmann wrote:
> > On Wed, Oct 02, 2019 at 10:40:34AM +0100, Jeremy Nicoll wrote:
> >> On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote:
> >>
> >> > Details are at
> >> >
> >> >
> https://www.abc.net.au/news/2019-10-02/anu-cyber-
On Wed, Oct 02, 2019 at 11:57:50AM -0500, David Wright wrote:
> On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> > On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
> >
> > > I don't believe MP3 allows executable code by specifications
> > > either, so shouldn't the PNG i
On Wed 02 Oct 2019 at 19:13:01 +0200, deloptes wrote:
> Henning Follmann wrote:
>
> > And I hear already the crowds crying, but we need this for work.
> > No you don't!
> > I do not need a powerpoint presentation in my mail. If you want bullet
> > points just use "-" and indentation. You can do t
On Thu, 3 Oct 2019 04:09:38 +1000
Andrew McGlashan wrote:
Hello Andrew,
>So, NOT very transparent at all then!
They were transparent about *what* happened and what was *taken*(0). At
this stage, to tell the detailed 'how' could be opening the door to harm
at other vulnerable organisations(1).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/10/19 3:32 am, Brad Rogers wrote:
> On Wed, 2 Oct 2019 10:38:44 -0400 Lee wrote:
>
> Hello Lee,
>
>> Thanks for the link!
>>
>>> But the email program used by Client 0 is unspecified.
>>
>> As is the operating system - or did I miss that?
On Wed, 2 Oct 2019 10:38:44 -0400
Lee wrote:
Hello Lee,
>Thanks for the link!
>
>> But the email program used by Client 0 is unspecified.
>
>As is the operating system - or did I miss that?
As stated in the paper itself, to avoid being an instructional for
up and coming ne'er-do-wells, the pa
Henning Follmann wrote:
> And I hear already the crowds crying, but we need this for work.
> No you don't!
> I do not need a powerpoint presentation in my mail. If you want bullet
> points just use "-" and indentation. You can do that in a text made from
> ASCII characters only.
> Excel is shit t
On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
>
> > I don't believe MP3 allows executable code by specifications
> > either, so shouldn't the PNG image format. But think of DSA
> > 4435 which affected libpng earlier th
On 02/10/2019 18.47, Carl Fink wrote:
> On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
>
>> I don't believe MP3 allows executable code by specifications
>> either, so shouldn't the PNG image format. But think of DSA
>> 4435 which affected libpng earlier this year. When the OS
On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
> I don't believe MP3 allows executable code by specifications
> either, so shouldn't the PNG image format. But think of DSA
> 4435 which affected libpng earlier this year. When the OS
> library for handling multimedia has flaws,
On 2019-10-02, Lee wrote:
>>
>> https://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf
>>
>
> Thanks for the link!
>
>> But the email program used by Client 0 is unspecified.
>
> As is the operating system - or did I miss that?
>
I don't think you did miss it.
--
"The
Nicholas Geovanis, on 2019-10-02:
> Henning Follmann, on 2019-10-02:
> > On Wed, Oct 02, 2019 at 09:27:37AM -0400, Carl Fink wrote:
> > > On Wed, Oct 02, 2019 at 08:41:11AM -0400, Henning Follmann wrote:
> > > > only PDF/A is OK every other PDF, throw it out.
> > > > No multimedia (movies, mp3).
>
On Wed, Oct 02, 2019 at 09:33:18AM -0500, Nicholas Geovanis wrote:
[...]
> True enough but with the following difference: By specification, to the
> best of my amateur knowledge,
> the MP3 format does not permit executable content. Whereas Word and PDF
> files do.
Specifically for MP3 there see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/10/2019 10:03, Keith Bainbridge wrote:
> Good evening Folks
>
> I guess some of you have heard that a major Australian university
> was attacked by an email scam.
>
> I wonder if having /home on a 'noexec' partition would stop this
> attack
On 10/2/19, Henning Follmann wrote:
> On Wed, Oct 02, 2019 at 10:40:34AM +0100, Jeremy Nicoll wrote:
>> On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote:
>>
>> > Details are at
>> >
>> > https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578
>> > https:
On 10/2/19, Curt wrote:
> On 2019-10-02, Torben Schou Jensen wrote:
>> Interesting story.
>>
>> I am missing technical details.
>> I do not understand how preview of e-mail can result in hackers stealing
>> userid and password, what kind of mail program was used?
>>
>
> Yeah, it's better to go di
On Wed, Oct 2, 2019 at 9:06 AM Henning Follmann
wrote:
> On Wed, Oct 02, 2019 at 09:27:37AM -0400, Carl Fink wrote:
> > On Wed, Oct 02, 2019 at 08:41:11AM -0400, Henning Follmann wrote:
> >
> > > No multimedia (movies, mp3).
> >
> > Really? MP3? Paranoid much?
>
> Well, maybe.
> OTOH these massiv
On Wed, Oct 02, 2019 at 09:27:37AM -0400, Carl Fink wrote:
> On Wed, Oct 02, 2019 at 08:41:11AM -0400, Henning Follmann wrote:
>
> > Here is one thing which actually make everybody safer: Do NOT (NEVER!)
> > accept files
> > which might include executable code.
> > Office files (MS or OO )
>
> O
On Wed, Oct 02, 2019 at 08:41:11AM -0400, Henning Follmann wrote:
> Here is one thing which actually make everybody safer: Do NOT (NEVER!) accept
> files
> which might include executable code.
> Office files (MS or OO )
Open MS files with LibreOffice, which won't run the VBA, or with the
Word/Po
On Wed, Oct 02, 2019 at 10:40:34AM +0100, Jeremy Nicoll wrote:
> On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote:
>
> > Details are at
> >
> > https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578
> > https://www.abc.net.au/news/2019-10-02/the-sophis
On 2019-10-02, Torben Schou Jensen wrote:
> Interesting story.
>
> I am missing technical details.
> I do not understand how preview of e-mail can result in hackers stealing
> userid and password, what kind of mail program was used?
>
Yeah, it's better to go directly to the publicly available inc
Interesting story.
I am missing technical details.
I do not understand how preview of e-mail can result in hackers stealing
userid and password, what kind of mail program was used?
It say
"The attack on ANU was possible because of the university's old computer
network"
I prefer to use Debian Sta
On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote:
> Details are at
>
> https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578
> https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
It seems to me
Good evening Folks
I guess some of you have heard that a major Australian university was
attacked by an email scam.
I wonder if having /home on a 'noexec' partition would stop this attack,
please?
Details are at
https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-informati
70 matches
Mail list logo
