Please, I humbly think that you know possibly nothing about Tibet, the
province of China.
A lot of Chinese people, who used to take western medias as the
representation of good will and perhaps democracy, do feel sick of the
misleading news article pieces produced by such medias on this very
topic
..with purchase of one country of equal or greater value?
Seriously though, those cocksuckers in the Chinese gov't are at it
again... wait, they never stopped. Murderous freedom hating ways. Just
not right.
How about a bigger target than Scientology this time?
China's got the Olympics coming up,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===
Ubuntu Security Notice USN-590-1 March 24, 2008
bzip2 vulnerability
CVE-2008-1372
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
===
Ubuntu Security Notice USN-591-1 March 24, 2008
icu vulnerabilities
CVE-2007-4770, CVE-2007-4771
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06
Wanted the below to go to the list.
-
Abe Getchell
[EMAIL PROTECTED]
http://abegetchell.com/
Forwarded Message
> From: Abe Getchell <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: Paul Schmehl <[EMAIL PROTECTED]>
> Subject: Re: [Full-disclosure] OpenID. The future of a
what about usernames? you still need to keep track of your usernames
since sometimes your preferred username is either taken or not
possible or you need to login via email or any other peculiarity the
site supports.
On Mon, Mar 24, 2008 at 2:43 PM, John C. A. Bambenek, GCIH, CISSP
<[EMAIL PROTECTE
comments inlined
On Mon, Mar 24, 2008 at 3:10 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote:
> --On Monday, March 24, 2008 09:13:38 + "Petko D. Petkov"
>
> <[EMAIL PROTECTED]> wrote:
> >>
>
> >> Yes, and convenience is often the enemy of security.
> >>
> >
> > Not always. I think complexity
as I said, some websites ask you for a username regardless whether
that will be an email address. and unfortunately a username is not
unique through out the Web. which means that if your username is
john-bambenek on one system it could be completely different on
another system due the fact that som
When it comes to IT... the user is the *last* person I want empowered.
On Mon, Mar 24, 2008 at 10:21 AM, Petko D. Petkov <
[EMAIL PROTECTED]> wrote:
> on your last comment,
>
> OpenID is exactly design for that! To give the power back to the user!
>
> On Mon, Mar 24, 2008 at 3:10 PM, Paul Schmehl
-- Forwarded message --
From: Markus Krassnitzer <[EMAIL PROTECTED]>
Date: Sat, Mar 22, 2008 at 1:28 PM
Subject: Re: Offensive Security Backtrack Training
To: [EMAIL PROTECTED]
I see postings like this in several mailing lists.
Is offensive-security in need of doing that kind of g
I'm not saying OpenID is more convenient and has benefits... I was just
saying there are conventions to make passwords unique per-site.
So if you don't mind getting past the single point of 0wnership, then OpenID
is good to go. Me, I don't trust technology.
On Mon, Mar 24, 2008 at 10:27 AM, Petk
on your last comment,
OpenID is exactly design for that! To give the power back to the user!
On Mon, Mar 24, 2008 at 3:10 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote:
> --On Monday, March 24, 2008 09:13:38 + "Petko D. Petkov"
>
> <[EMAIL PROTECTED]> wrote:
> >>
>
> >> Yes, and convenience is
Well in my case it's easy... how many people do you know named John Bambenek
(my father doesn't count)? :)
I was just speaking about passwords in that case, presumably people can
remember their email addresses.
On Mon, Mar 24, 2008 at 10:17 AM, Petko D. Petkov <
[EMAIL PROTECTED]> wrote:
> what
comments inlined
On Mon, Mar 24, 2008 at 2:43 PM, Steven Rakick <[EMAIL PROTECTED]> wrote:
> Let's be realistic here. It's not about the technical
> feasibility, it's about an open standard people trust
> and have bought into. This is what Information Cards
> are in my mind, much the same as Op
--On Sunday, March 23, 2008 20:56:54 -0400 Larry Seltzer
<[EMAIL PROTECTED]> wrote:
>>> The correct solution, IMO, would be an encrypted password vault,
> stored on a USB drive and only available through the use of a password
> and some other form of identification (biometric, etc.)
>
> What abou
--On Monday, March 24, 2008 09:13:38 + "Petko D. Petkov"
<[EMAIL PROTECTED]> wrote:
>>
>> Yes, and convenience is often the enemy of security.
>>
>
> Not always. I think complexity is the enemy of security. The simpler
> the system is the less chance to screw up, the more secure it is. It
> i
For the automated low-hanging fruit attacks, they won't crack. They're
simply trawling for passwords and rarely do they even think to cross-check.
For someone to spend the kind of thought and attention the victim has to be
specifically targetted.
Now, to be fair, I only advocate that strategy for
>>For instance, S0m3p4ss!### where ### is a 3-letter acronym for the
site they are accessing. Still need only one password to remember and
you don't necessarily have a single point of 0wnership anymore.
I've never understood this strategy. Once I compromise your
"S0m3p4ss!ama" password for amazon
On Mon, 24 Mar 2008 09:13:38 -, "Petko D. Petkov" said:
> Not always. I think complexity is the enemy of security. The simpler
> the system is the less chance to screw up, the more secure it is. It
> is much easier to secure a single port then a class B network, don't
> you think?
Not always
I would disagree. One could simply create a template password and then salt
it with some acronym for the site in question.
For instance, S0m3p4ss!### where ### is a 3-letter acronym for the site they
are accessing. Still need only one password to remember and you don't
necessarily have a single
Let's be realistic here. It's not about the technical
feasibility, it's about an open standard people trust
and have bought into. This is what Information Cards
are in my mind, much the same as OpenID.
Sure you could go out and create an extension to serve
the same purpose in your own way, but wh
Let's put it this way,
It is easy to prevent phishing attacks against OpenID on the
client-side with browser extensions. In fact, I think that Firefox
will make this feature a default in their upcoming versions. It could
work exactly the same as the current trusted certificate authorities
every si
>>>The correct solution, IMO, would be an encrypted password vault,
> stored on a USB drive and only available through the use of a password
> and some other form of identification (biometric, etc.)
>
> What about kiosks and other situations where it wouldn't be secure to
> allow arbitrary people t
agree :)
On Mon, Mar 24, 2008 at 10:50 AM, Gorn <[EMAIL PROTECTED]> wrote:
> Petko D. Petkov wrote:
> > Indeed but this can be a subsystem, a feature of the OpenID provider.
> > For example, some OpenID providers have the feature to choose
> > different persons depending on the usage. So it wil
Petko D. Petkov wrote:
> Indeed but this can be a subsystem, a feature of the OpenID provider.
> For example, some OpenID providers have the feature to choose
> different persons depending on the usage. So it will be easier to
> safeguard a persona within one openid provider. So for example, in my
Indeed but this can be a subsystem, a feature of the OpenID provider.
For example, some OpenID providers have the feature to choose
different persons depending on the usage. So it will be easier to
safeguard a persona within one openid provider. So for example, in my
current OpenID setup I have two
Petko D. Petkov wrote:
>>
>
> As I said, if you don't trust public OpenID providers, roll your own.
> It is very, very, very easy.
>
You seem to miss one point, in the current online environment you are
not talking about 5 or 6 id/credentials but more like 20 to 30.
(remember each blog you post
Hey Paul,
some valid points indeed but let me inline some of my thoughts. read on.
On Sun, Mar 23, 2008 at 10:37 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote:
> --On March 23, 2008 2:52:53 PM + "Petko D. Petkov"
>
> <[EMAIL PROTECTED]> wrote:
> >
>
> > First of all, OpenID is a very simple but
deer reepex,
every single time. :) yet another prove that you are troll. why don't
you come up with something constructive for a change? the email thread
reads "OpenID. The future of authentication on the web?" not "how to
troll full-disclosure, reepex style". FYI, do you research and
show exa
31 matches
Mail list logo
