Le septidi 7 fructidor, an CCXXIV, Andrew McGlashan a écrit :
> Get the byte size of the ISO file and make sure that you only test
> exactly that many bytes from the /dev/sdb device.
>
> Divide the number of bytes with say 40960 and then multiply the answer
> with 40960 to see that you get the
On 10/08/2016 2:38 PM, Andrew F Comly 康大成 wrote:
> $ gpg --verify SHA512SUMS.sign SHA512SUMS
> gpg: Signature made 2016年06月05日 (週日) 23時59分09秒 CST using RSA key
> ID 6294BE9B
> gpg: Good signature from "Debian CD signing key
> >"
>
Hi,
Andrew F Comly wrote:
> E) Burn iso to media
> dd if=/dev/zero of=/dev/sdb1 bs=1M;
> wait;
Why this overwriting of partition 1 by zeros ?
The partition table will be overwritten by the ISO anyways.
(And on what asynchronous processes are you waiting to end ?)
>
Le 10/08/2016 à 17:13, Andrew F Comly 康大成 a écrit :
iso hacked suspicious: answers
Concerning the other questions re: "E-F)", please find the below answers:
E) Burn iso to media
dd if=/dev/zero of=/dev/sdb1 bs=1M;
This action is not needed. The next command will overwrit
Hi,
Andrew F Comly wrote:
> Am I supposed to edit the script and put something in for magic=' '?
No. Magic is what an ISO 9660 should bear at byte offset 32768:
A byte with ASCII value 1 and five bytes saying "CD001":
$ dd if=debian-8.4.0-amd64-netinst.iso bs=1 skip=32768 count=6 | od -c
iso hacked suspicious: answers
#Thanks for the reminder that protonmail didn't save the two email addresses
that I entered in the "To:" line.
Concerning the other questions re: "E-F)", please find the below answers:
E) Burn iso to media
dd if=/dev/zero of=/dev/sdb1 bs=1M;
Thomas Schmitt wrote:
>Steve McIntyre wrote:
>> It's also contained in the debian-role-keys keyring in the
>> debian-keyring package: [...]
>> and the full fingerprint is also on the Debian website using https for
>> people who would rather trust that.
>
>We users could easily be outsmarted in
Hi,
Steve McIntyre wrote:
> It's also contained in the debian-role-keys keyring in the
> debian-keyring package: [...]
> and the full fingerprint is also on the Debian website using https for
> people who would rather trust that.
We users could easily be outsmarted in this aspect, i fear.
It's
Thomas Schmitt wrote:
>Hi,
>
>Andrew F Comly wrote:
>> gpg: WARNING: This key is not certified with a trusted signature!
>
>I wonder whom we could trust to certify the Debian gpg key ...
It's signed by a number of prominent DDs, including 2 DPLs and 2
Release Managers. Oh, and a number of idiots
Le 10/08/2016 à 08:36, Thomas Schmitt a écrit :
Andrew F Comly wrote:
Notice how the two sha512sum numbers (local vs burnt usb) don't match!
Of course : the image and the device do not have the same size.
Determine the ISO size on /dev/sdb by program isosize and curb its reading
by help
Hi,
Andrew F Comly wrote:
> gpg: WARNING: This key is not certified with a trusted signature!
I wonder whom we could trust to certify the Debian gpg key ...
> Notice how the two sha512sum numbers (local vs burnt usb) don't match!
Determine the ISO size on /dev/sdb by program isosize and curb
Hi,
Doug wrote:
> If the md5 sum doesn't agree with what's posted, it most likely means a
> glitch in the data transmission. Download it again.
Good advise.
One has to be aware that MD5 is not considered to be safe against malicious
manipulations but only for transport safety. If one has to
sum numbers (local vs burnt usb) don't match!
Sincerely,
Andrew F Comly
===
===
---- Original Message
Subject: Re: you iso's may have been hacked
Local Time: August 10, 20
been hacked
On 2016-08-09 20:24, limpia wrote:
Thanks, but it would be a lot more help to know more details,
Especially which mirror you used, what was the url to where you
downloaded it from, ?
Was it a amd64 image or i386 ? Was it a "Live CD image",
"netinstall" or ?
Thank
On 08/09/2016 08:03 PM, phil hall wrote:
i have just downloaded debian gnome 8.5.0 when complete i clicked
check MD5 sum it listed a number that's not in your MD5sum document. I
have never checked an MD5sum, so don't know if this is a Mint bug or
you've been hacked
If the md5 sum doesn't
On 2016-08-09 20:03, phil hall wrote:
i have just downloaded debian gnome 8.5.0 when complete i clicked
check MD5 sum it listed a number that's not in your MD5sum document. I
have never checked an MD5sum, so don't know if this is a Mint bug or
you've been hacked
On 2016-08-09 20:24, limpia
On 2016-08-09 20:03, phil hall wrote:
i have just downloaded debian gnome 8.5.0 when complete i clicked
check MD5 sum it listed a number that's not in your MD5sum document. I
have never checked an MD5sum, so don't know if this is a Mint bug or
you've been hacked
Thanks, but it would be a lot
i have just downloaded debian gnome 8.5.0 when complete i clicked check MD5
sum it listed a number that's not in your MD5sum document. I have never
checked an MD5sum, so don't know if this is a Mint bug or you've been hacked
On Wed 24 Feb 2016 at 10:58:56 (+0100), Nicolas George wrote:
> Le quintidi 5 ventôse, an CCXXIV, David Wright a écrit :
> > Well, md5 beats md4
>
> There is something wrong in your library.
Thanks for your misplaced confidence in me. It was my timing
that wasn't rigorous enough.
Cheers,
David.
Hi,
Henrique de Moraes Holschuh wrote:
> MD5 alone can be somewhat dangerous even in benevolent environments: if the
> data sets are large enough or you are just unlucky,
The size of the data set does not matter much.
As already stated, there is the Pidgeon Hole Principle, which tells
us that a
On 02/25/2016 03:07 PM, Stefan Monnier wrote:
>> MD5 alone can be somewhat dangerous even in benevolent environments: if the
>> data sets are large enough or you are just unlucky, you are going to hit a
>> colision and corrupt-or-lose-data-on-dedup sooner or later.
>
> [G]it doesn't seem worried
>> MD5 alone can be somewhat dangerous even in benevolent environments: if the
>> data sets are large enough or you are just unlucky, you are going to hit a
>> colision and corrupt-or-lose-data-on-dedup sooner or later.
> it doesn't seem worried about this. Admittedly, they use sha1 rather
^
G
> MD5 alone can be somewhat dangerous even in benevolent environments: if the
> data sets are large enough or you are just unlucky, you are going to hit a
> colision and corrupt-or-lose-data-on-dedup sooner or later.
it doesn't seem worried about this. Admittedly, they use sha1 rather
than md5,
On Tue, 23 Feb 2016, David Wright wrote:
> 1) I do what fdupes does, ie identify files (in a benevolent
>environment) using the MD5 signature to detect duplicate
>contents.
MD5 alone can be somewhat dangerous even in benevolent environments: if the
data sets are large enough or you are
On 23/02/16 05:50, Thomas Schmitt wrote:
> But my curiosity is about whether i indirectly helped the hackers.
Technology is just that, technology. With the exception of land mines,
it mostly is neither good nor bad itself, it's how it's used, and many
tools can be used for both.
Software is no
On 02/24/2016 01:48 PM, Nicolas George wrote:
> Le sextidi 6 ventôse, an CCXXIV, Christian Seiler a écrit :
>> Yes, I know what an HMAC is. But an HMAC is _utterly_ useless for a
>> digital signature.
>
> Please stop commenting the finger when I try to show you the moon.
The problem is that you
On Thu, Feb 25, 2016 at 12:18:40AM +1100, Andrew McGlashan wrote:
> https://en.wikipedia.org/wiki/Mega_%28service%29
>
> "In July 2015, Dotcom said he doesn't trust Mega service in a Q
> session with tech website Slashdot, claims the company had "suffered
> from a hostile takeover by a Chinese
On 24/02/2016 11:47 PM, Thomas Schmitt wrote:
> I wrote:
>>> ... google ... Kim Schmitz ... rofl ... i am not that curious.
>
> Andrew McGlashan wrote:
>> Actually he doesn't run mega.nz any longer and he has said that he
>> wouldn't trust the site now due to current ownership
>
> Now is this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Feb 24, 2016 at 01:47:57PM +0100, Thomas Schmitt wrote:
> Hi,
[...]
> A large file emerges in ~/Desktop. (I am wearing my garlic necklace now,
> spraying holy water, and looking up witch signs in the Malleus Maleficarum.)
A nice and
Le sextidi 6 ventôse, an CCXXIV, Christian Seiler a écrit :
> Yes, I know what an HMAC is. But an HMAC is _utterly_ useless for a
> digital signature.
Please stop commenting the finger when I try to show you the moon.
I was not saying that HMAC are useful for digital signatures, I was giving
Hi,
an interesting detail in advance:
It does not boot from USB stick. Too dumb for that.
>From DVD it boots only via BIOS or EFI BIOS emulation, not via
generic EFI.
I wrote:
> > ... google ... Kim Schmitz ... rofl ... i am not that curious.
Andrew McGlashan wrote:
> Actually he doesn't run
>> So a valid way to construct an OpenPGP v4 signature would be to
>> use
>>
>> H(contents || 0x04 0x00 0x01 0x08 0x00 0x00)
>>
>> as the input for the RSA algorithm (and then pack that up in a
>> nice OpenPGP packet).
>
> I did not have the reference of what OpenPGP does near at hand, I was
On 24/02/16 22:50, Nicolas George wrote:
> Le sextidi 6 ventôse, an CCXXIV, Richard Hector a écrit :
>> Fair enough. Got a link to someone else's explanation?
>
> Sorry, I do not. But I gave a rather lengthy explanation myself in
> the part you trimmed.
Oh, ok. I assumed from your comment about
Le quintidi 5 ventôse, an CCXXIV, David Wright a écrit :
> Well, md5 beats md4
There is something wrong in your library.
Regards,
--
Nicolas George
signature.asc
Description: Digital signature
Le quintidi 5 ventôse, an CCXXIV, Christian Seiler a écrit :
> But if you say what Debian is doing is a mistake, then this _is_ what
> you are talking about.
I am quite sure of what I am talking about and what I am not talking about.
> This is decisively not true when we are talking about
Le sextidi 6 ventôse, an CCXXIV, Richard Hector a écrit :
> Fair enough. Got a link to someone else's explanation?
Sorry, I do not. But I gave a rather lengthy explanation myself in the part
you trimmed.
Regards,
--
Nicolas George
signature.asc
Description: Digital signature
On 24/02/16 07:52, Nicolas George wrote:
> Le quintidi 5 ventôse, an CCXXIV, Christian Seiler a écrit :
>> > You have _emphasized_ it, but you haven't _explained_ it, nor provided
>> > any search term one could use to look up an explanation for it.
> Explaining takes time, I do not want to do it
On 23/02/2016 10:02 PM, Thomas Schmitt wrote:
> Hi,
>
> Nicolas George wrote:
>> Of course, that does not mean MD5 and SHA-1 should be used nowadays. New
>> theoretical attacks are found, keeping using hashes with known weaknesses is
>> stupid.
>
> The ISO checksums are provided more for
On 23/02/2016 9:50 AM, Thomas Schmitt wrote:
> Hi,
>
> Sven Hartge wrote:
>> You cannot wget a mega.nz URL. You have to use a Javascript-enabled
>> Browser to get the file.
>
> Shall i really enable insecure Javascript to download a malicious ISO ?
>
> ... google ... Kim Schmitz ... rofl ...
On Tue 23 Feb 2016 at 16:58:38 (+0100), Nicolas George wrote:
> Le quintidi 5 ventôse, an CCXXIV, David Wright a écrit :
> > 1) I do what fdupes does, ie identify files (in a benevolent
> >environment) using the MD5 signature to detect duplicate
> >contents.
>
> You did not specify the
On 02/23/2016 07:52 PM, Nicolas George wrote:
> What you quote is about signing a summary of files at once versus signing
> each file individually. This is not what I was talking about. What I was
> talking about was signing the file contents itself versus signing the hash
> of the file.
But if
Le quintidi 5 ventôse, an CCXXIV, Christian Seiler a écrit :
> You have _emphasized_ it, but you haven't _explained_ it, nor provided
> any search term one could use to look up an explanation for it.
Explaining takes time, I do not want to do it if nobody will read it.
> Why is what Debian does
On 02/23/2016 04:49 PM, Nicolas George wrote:
> Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
>> If the SHA512SUMS.sign
>
> Stop right there. Signing a bunch of hashes is a beginner's mistake, I have
> already emphasized that in this thread.
You have _emphasized_ it, but you haven't
Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
> You have unsurpassable objections against variants which might not
> much weaken the strength of PGP ?
> Not even willing to consider the constraints of such variants ?
I have no idea what you are trying to express.
> Despite leading
> The collisions are not known, and very unlikely, but "absolute" means
> absolute, not "very likely".
from the way you stated:
> These are all cryptographic hash functions: too strong for a preliminary
> test, insufficient for absolute certainty.
I understood you suggest there is a relevant
Le quintidi 5 ventôse, an CCXXIV, arian a écrit :
> where do you get that these are "insufficient for absolute certainty"?
> (beside maybe md4)
> there are no known collisions in sha1 and better, and even md4's preimage
> attack has complexity 2^102. [1,2]
There are collisions for SHA1 as soon as
Hi,
Nicolas George wrote:
> Signing a bunch of hashes is a beginner's mistake,
You have unsurpassable objections against variants which might not
much weaken the strength of PGP ?
Not even willing to consider the constraints of such variants ?
I assume this was discussed among DDs and they
> and even md4's preimage attack has complexity 2^102. [1,2]
sorry, forgot the quotes:
[1] https://en.wikipedia.org/wiki/Preimage_attack
[2] https://en.wikipedia.org/wiki/MD4#Security
signature.asc
Description: OpenPGP digital signature
> These are all cryptographic hash functions: too strong for a preliminary
> test, insufficient for absolute certainty.
where do you get that these are "insufficient for absolute certainty"? (beside
maybe md4)
there are no known collisions in sha1 and better, and even md4's preimage
attack has
Le quintidi 5 ventôse, an CCXXIV, Seeker a écrit :
> If you take security out of the equation, simple true or false.
>
> 1. A corrupted download is better able to be detected when using MD5 than it
> is with CRC32.
>
> 2. A corrupted download is better able to be detected when using SHA than it
On 2/23/2016 3:08 AM, Nicolas George wrote:
Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
The ISO checksums are provided more for transport verification than
for the fight against intentional mainpulation.
If that were true, CRC32 would be enough.
Is that a 'Law of averages'
Le quintidi 5 ventôse, an CCXXIV, David Wright a écrit :
> 1) I do what fdupes does, ie identify files (in a benevolent
>environment) using the MD5 signature to detect duplicate
>contents.
You did not specify the average size of files nor how sure you want to be.
If the files are large,
On Tue 23 Feb 2016 at 16:04:37 (+0100), Nicolas George wrote:
> Le quintidi 5 ventôse, an CCXXIV, David Wright a écrit :
> > Any faster ones that you recommend from the lists below? (I've rolled
> > my own implementation of fdupes (which uses MD5) in python.)
>
> Nobody can recommend anything
Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
> Only as far as use cases for Debian ISO image hashs are concerned.
> No hash collisions among all Debian ISOs (or better all ISOs in the
> world) is a valuable property.
??? I have no idea what you are talking about.
> If the
I could imagine that PGP is easier to surpass than that.
> > It is not a matter of surpassing anything.
There is no use in converting the frontside of the house into
a fortress while having a backdoor made of cardboard.
If the SHA512SUMS.sign file can be hacked, then the SHA512 sums
are not tru
Le quintidi 5 ventôse, an CCXXIV, David Wright a écrit :
> Any faster ones that you recommend from the lists below? (I've rolled
> my own implementation of fdupes (which uses MD5) in python.)
Nobody can recommend anything without knowing the intended use.
Regards,
--
Nicolas George
On Tue 23 Feb 2016 at 13:15:38 (+0100), Nicolas George wrote:
> Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
> > i wrote:
> > > > The ISO checksums are provided more for transport verification than
> > > > for the fight against intentional mainpulation.
>
> > Nicolas George wrote:
>
Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
> i have to revoke some of my criticism towards Debian's signed
> hash value lists.
> Together, MD5, SHA1, SHA256, and SHA512 provide up to 132 bytes of
> uniqueness (assumed that they have no systematic correlations).
This is irrelevant.
Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
> i wrote:
> > > The ISO checksums are provided more for transport verification than
> > > for the fight against intentional mainpulation.
> Nicolas George wrote:
> > If that were true, CRC32 would be enough.
> For detecting most
Hi,
i wrote:
> > The ISO checksums are provided more for transport verification than
> > for the fight against intentional mainpulation.
Nicolas George wrote:
> If that were true, CRC32 would be enough.
For detecting most glitches, yes.
But not if we want to use it for identifying files in
On Tue, Feb 23, 2016 at 12:02:50PM +0100, Thomas Schmitt wrote:
> Hi,
>
> Nicolas George wrote:
> > Of course, that does not mean MD5 and SHA-1 should be used nowadays. New
> > theoretical attacks are found, keeping using hashes with known weaknesses is
> > stupid.
>
> The ISO checksums are
Hi,
i have to revoke some of my criticism towards Debian's signed
hash value lists.
Together, MD5, SHA1, SHA256, and SHA512 provide up to 132 bytes of
uniqueness (assumed that they have no systematic correlations).
I could imagine that PGP is easier to surpass than that.
Well, according to
Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
> The ISO checksums are provided more for transport verification than
> for the fight against intentional mainpulation.
If that were true, CRC32 would be enough.
> Signing the hash lists by PGP still seems a bit weak as protection.
Le 23/02/2016 12:02, Thomas Schmitt a écrit :
Most important seems a permanent supervision of the web site content
from not publicly known client machines.
if I followed right this, there was a redirect to an external site. How
can this be possible?
html links is the first thing spam uses
Hi,
Nicolas George wrote:
> Of course, that does not mean MD5 and SHA-1 should be used nowadays. New
> theoretical attacks are found, keeping using hashes with known weaknesses is
> stupid.
The ISO checksums are provided more for transport verification than
for the fight against intentional
Hi,
Darac Marjal wrote:
> It's difficult to provide a malicious ISO with the same MD5 as another, but
> not impossible. You can just append a certain amount of junk data until the
> hashes match.
Or you manipulate a dedicated byte array in your evil add-on. This
would avoid suspicious size
Le quintidi 5 ventôse, an CCXXIV, Darac Marjal a écrit :
> It's difficult to provide a malicious ISO with the same MD5 as another, but
> not impossible. You can just append a certain amount of junk data until the
> hashes match. Similarly, you CAN do the same with SHA-1 (hash collisions ARE
>
On Tue, Feb 23, 2016 at 09:39:24AM +0800, Gener Badenas wrote:
On Tue, Feb 23, 2016 at 3:23 AM, Thomas Schmitt <[1]scdbac...@gmx.net> wrote:
Hi,
> [2]http://thehackernews.com/2016/02/linux-mint-hack.html
A virus of 1.5 GiB size.
Does anybody know a download URL for such an
Hi,
Gener Badenas wrote:
> Will people downloading the linix mint from torrent be affected?
http://blog.linuxmint.com/?p=2994
"Does this affect you?
As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon
edition.
If you downloaded another release or another edition, this
> On Feb 22, 2016, at 6:39 PM, Gener Badenas <gener.ong.bade...@gmail.com>
> wrote:
>
> Will people downloading the linix mint from torrent be affected?
Don't think so.
Google (or DuckDuckGo) for 'linux mint hacked' and you'll get lots of info with
no "Click Here&q
On Tue, Feb 23, 2016 at 3:23 AM, Thomas Schmitt wrote:
> Hi,
>
> > http://thehackernews.com/2016/02/linux-mint-hack.html
>
> A virus of 1.5 GiB size.
>
> Does anybody know a download URL for such an infected ISO image ?
> (I am curious whether they used my software or mkisofs
Hi,
Sven Hartge wrote:
> You cannot wget a mega.nz URL. You have to use a Javascript-enabled
> Browser to get the file.
Shall i really enable insecure Javascript to download a malicious ISO ?
... google ... Kim Schmitz ... rofl ... i am not that curious.
Have a nice day :)
Thomas
Thomas Schmitt wrote:
> Dalios wrote:
>> https://mega.nz/#!QwY1EZKJ!GW1gLzXaOUo8sNGF-zddRLwgsfamZy7C5u0CARjaUs0
> Only wgets a small index.html file:
> meta name="description" content="MEGA provides free cloud storage with
> convenient and powerful always-on privacy. Claim
Hi,
Dalios wrote:
> https://mega.nz/#!QwY1EZKJ!GW1gLzXaOUo8sNGF-zddRLwgsfamZy7C5u0CARjaUs0
Only wgets a small index.html file:
meta name="description" content="MEGA provides free cloud storage with
convenient and powerful always-on privacy. Claim your free 50GB now!"
Probably spam, i fear.
>
On 02/22/2016 09:23 PM, Thomas Schmitt wrote:
> Does anybody know a download URL for such an infected ISO image ?
> (I am curious whether they used my software or mkisofs or something
> unusual.)
Here you go:
https://mega.nz/#!QwY1EZKJ!GW1gLzXaOUo8sNGF-zddRLwgsfamZy7C5u0CARjaUs0
Have in mind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 22 Feb 2016 20:50:55 +0100
"Thomas Schmitt" wrote:
>Hi,
>
>> Cannot say more, but the article is rather detailed.
>
>It tells a lot about the hack and the Mint people are bravely answering
>questions.
>But my curiosity
Hi,
> Cannot say more, but the article is rather detailed.
It tells a lot about the hack and the Mint people are bravely answering
questions.
But my curiosity is about whether i indirectly helped the hackers.
I cannot prevent such misuse of xorriso, neither practically nor legally.
The GPL does
The article indicates that hackers redirected the download link for one
edition of mint to an ftp site with their infected iso image.
Cannot say more, but the article is rather detailed.
Kare
On Mon, 22 Feb 2016, Thomas Schmitt wrote:
Hi,
Hi,
> http://thehackernews.com/2016/02/linux-mint-hack.html
A virus of 1.5 GiB size.
Does anybody know a download URL for such an infected ISO image ?
(I am curious whether they used my software or mkisofs or something
unusual.)
Have a nice day :)
Thomas
Sharing in case anyone was impacted.
-- Forwarded message --
Date: Mon, 22 Feb 2016 08:50:44 -0800
http://thehackernews.com/2016/02/linux-mint-hack.html
has access (legitimately or not) to the second account and is
> sending mails with a forged envelope From. Your only recourse is to
> present the evidence to the ISP and let them deal with it.
Thank you, Jochen and Brian, that is exactly the kind of information
I was looking for. I now know
On 10/13/2015 06:24 PM, Stephen Powell wrote:
On Tue, 13 Oct 2015 02:36:46 -0400 (EDT), Jimmy Johnson wrote:
Looks like it was mailed from MS Windows. Maybe mailed from a Windows
OS with a virus. Do you run Windows too?
No, I don't. There is no computer connected to my home network that
On Tue 13 Oct 2015 at 22:21:08 -0400, Stephen Powell wrote:
> On Tue, 13 Oct 2015 18:57:58 -0400 (EDT), Brian wrote:
> >
> > The comment was a general one and directed at all our readers. However,
> > earlier you said "Someone discovered my password somehow". You have
> >
Say that you are using the Desktop version of Android(tm). It's pretty
close to the truth.
On 10/14/15 05:33, Stuart Longland wrote:
On 14/10/15 13:23, John Hasler wrote:
Lie. Tell them you're running Windows 95.
"Ohh sorry, we only support Windows 7 or 8"
On Wed, Oct 14, 2015 at 01:33:02PM +1000, Stuart Longland wrote:
> On 14/10/15 13:23, John Hasler wrote:
> > Lie. Tell them you're running Windows 95.
>
> "Ohh sorry, we only support Windows 7 or 8"
I can truthfully say that my Android-based tablet can't get access. It's
hard for ISPs not to
On 14/10/15 13:23, John Hasler wrote:
> Lie. Tell them you're running Windows 95.
"Ohh sorry, we only support Windows 7 or 8"
--
Stuart Longland (aka Redhatter, VK4MSL)
I haven't lost my mind...
...it's backed up on a tape somewhere.
signature.asc
Description: OpenPGP digital signature
On 14/10/15 12:51, Stephen Powell wrote:
> Their level 1 help desk isn't much help anyway, if you're a Linux user.
> The last time I called their level 1 help desk for technical support, the
> conversation went something like this:
Yep, familiar story. Some can't get it through their thick heads
On Tue, 13 Oct 2015 11:22:34 -0400 (EDT), Andrew McGlashan wrote:
>
> On 13/10/2015 7:15 PM, Jochen Spieker wrote:
>> Stuart Longland: I had a similar case on my self-administered mail
>> host. A friend of mine has an account there and random hosts from
>> all over the world used his credentials
On Tue, 13 Oct 2015 22:09:53 -0400 (EDT), Stuart Longland wrote:
>
> This isn't level 1 helpdesk material, you'll actually need a technical
> contact there.
Their level 1 help desk isn't much help anyway, if you're a Linux user.
The last time I called their level 1 help desk for technical
On 14/10/15 11:53, Stephen Powell wrote:
> On Tue, 13 Oct 2015 04:15:21 -0400 (EDT), Jochen Spieker wrote:
>>
>> Stuart Longland:
>>> On 13/10/15 09:58, Stephen Powell wrote:
Unfortunately, I don't. Attached below is one of the mail delivery
failure notices, which includes the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 14/10/2015 12:53 PM, Stephen Powell wrote:
> No. My id on this mail server is "zlinuxman". I have no idea who
> "thecoughingcanary" is. Nor do I understand why the SMTP server
> would allow "thecoughingcanary" to send out e-mails in my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 14/10/2015 1:09 PM, Stuart Longland wrote:
>> No. My id on this mail server is "zlinuxman". I have no idea
>> who "thecoughingcanary" is. Nor do I understand why the SMTP
>> server would allow "thecoughingcanary" to send out e-mails in my
Stephen Powell writes:
> And that was that. They'll gladly take the money of a Linux user.
> But if you have problems, you're on your own.
Lie. Tell them you're running Windows 95.
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
On Tue, 13 Oct 2015 18:57:58 -0400 (EDT), Brian wrote:
>
> The comment was a general one and directed at all our readers. However,
> earlier you said "Someone discovered my password somehow". You have
> just demolished that guess as having no basis as a likely cause.
On 10/13/2015 09:51 PM, Stephen Powell wrote:
On Tue, 13 Oct 2015 22:09:53 -0400 (EDT), Stuart Longland wrote:
This isn't level 1 helpdesk material, you'll actually need a technical
contact there.
Their level 1 help desk isn't much help anyway, if you're a Linux user.
The last time I called
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Of course ftp, clear text passwords, is also a problem; if it was
this, then every time you update files via ftp, can you then
immediately change your password when done? Mute point if they are
using their own credentials to send mail and not your
On 10/12/2015 04:58 PM, Stephen Powell wrote:
On Mon, 12 Oct 2015 16:53:05 -0400 (EDT), Stuart Longland wrote:
I'd check the backscatter case, as this requires no skill on the part of
the attacker and is the most likely case.
...
It's worth knowing how to read the headers of emails in this
On 13/10/15 16:36, Jimmy Johnson wrote:
> On 10/12/2015 04:58 PM, Stephen Powell wrote:
>> On Mon, 12 Oct 2015 16:53:05 -0400 (EDT), Stuart Longland wrote:
>>>
>>> I'd check the backscatter case, as this requires no skill on the part of
>>> the attacker and is the most likely case.
>>> ...
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Oct 13, 2015 at 01:54:53AM -0700, Jimmy Johnson wrote:
[...]
> >It's a popular client to spoof too.
>
> I'm just saying that there is a possible bot running and the chances
> are it's running in a windows environment, maybe even in a v-box,
On 10/13/2015 12:06 AM, Stuart Longland wrote:
On 13/10/15 16:36, Jimmy Johnson wrote:
On 10/12/2015 04:58 PM, Stephen Powell wrote:
On Mon, 12 Oct 2015 16:53:05 -0400 (EDT), Stuart Longland wrote:
I'd check the backscatter case, as this requires no skill on the part of
the attacker and is
1 - 100 of 510 matches
Mail list logo