My box is ASUS P5LD2-VM
(PentiumD 2.8Ghz, Ram 1gb, Sata 60GB with centos,fedora,freebsd 7 run smoothly).
I would like to try opensolaris express comunity version.
I checked HCL but found that my above motherboard not listed there.
(although many other ASUS motherboards listed).
This means I can
AFAIK cd00r.c and dtrace need root privs, I your
hacker has obtained
root privs you are screwed anyway...
Correct. And in a major way, no less.
And where did the hacker get this password from ?
This is an example. If the attacker found and exploited a zero day
vulnerability in SSH, he
vuthecuong wrote:
My box is ASUS P5LD2-VM
(PentiumD 2.8Ghz, Ram 1gb, Sata 60GB with centos,fedora,freebsd 7 run
smoothly).
I would like to try opensolaris express comunity version.
I checked HCL but found that my above motherboard not listed there.
Try the install check tool:
You example only works if you are actually on the box
already. Sort of silly
really.
It was meant to be silly. It was meant to be silly and highlight that breaking
into a Solaris system can happen in the stupidest ways possible.
Also, I always edit /etc/security/policy.conf to use
MD5
This is an example. If the attacker found and exploited a zero day
vulnerability
in SSH, he would be root, and would need no password for `su -`. I thought that
much was clear.
If, indeed, he exploited a bit of ssh which runs as root as a (large)
part of it does not.
(There are two daemons
I have to dissapoint you again: MD5 has been broken and can no longer be
considered safe:
But that is nearly completely irrelevant for MD5 password hashing.
And even though DES is broken, there are no breaks for original UNIX
crypt which are faster than brute force (though pre-computing all
Hi Richard,
I had the similar issue which seems to be related to pango. Upgrade to
the latest svn could partly fix this. Please also note the bug here:
https://bugzilla.mozilla.org/show_bug.cgi?id=405268 in case you meet the
same stack.
-Alfred
Richard L. Hamilton wrote:
In case you're
Thankfully I run openssh-4.7,REV=2007.12.26_rev=p1 (
from Blastwave.org )
pretty much everywhere and I disable the SunSSH
entirely. It is updated too
slowly for my tastes.
Sun just finished a sync with OpenSSH.
However, one of the problems is that Sun managed to piss Theo off (I'm not
With MD5 key hashes the keyspace is (much) longer and
brute force is still
the only option, yet the algorithm takes longer to
run and the size of the
keyspace makes finding non-trivial passwords much
harder.
According to the paper, it can take as fast as 67 seconds. I wouldn't dismiss
it
On Tue, 8 Jan 2008, UNIX admin wrote:
hi,
Thankfully I run openssh-4.7,REV=2007.12.26_rev=p1 (
from Blastwave.org )
pretty much everywhere and I disable the SunSSH
entirely. It is updated too
slowly for my tastes.
Sun just finished a sync with OpenSSH.
that's correct but
Just hope that any OpenSSH vulnerabilities (which Sun SSH is based upon)
are fixed and your systems patched before you get hit.
Thankfully I run openssh-4.7,REV=2007.12.26_rev=p1 ( from Blastwave.org )
pretty much everywhere and I disable the SunSSH entirely. It is updated too
slowly for my
With MD5 key hashes the keyspace is (much) longer and
brute force is still
the only option, yet the algorithm takes longer to
run and the size of the
keyspace makes finding non-trivial passwords much
harder.
According to the paper, it can take as fast as 67 seconds.
I wouldn't dismiss it
vuthecuong writes:
My box is ASUS P5LD2-VM
(PentiumD 2.8Ghz, Ram 1gb, Sata 60GB with centos,fedora,freebsd 7 run
smoothly).
I would like to try opensolaris express comunity version.
I checked HCL but found that my above motherboard not listed there.
(although many other ASUS motherboards
Does it lock up solid and require a reset, or just
run slow?
Locks up, doesn't even respond to ssh requests from
another machine. Although
sometimes 'locking up' and 'running really really
really slow' are indistingushable :-)
You can try to enable deadman panics, by adding
this to
In my opinion, one of the most worrying hacks that would be
fairly easy to target a UNIX or Solaris system is the well
known xspy hack. If you can get a user to run a program
(perhaps by getting them to click on an attachment, or
convincing a user to download and install some cool new
freware
Alan:
Xspy is so last decade
The fact that this hack has existed for over a decade should
make me feel more comfortable. :) Anyway, I was just trying
to share another, perhaps more practical, example of how easy
it might be to hack a Solaris or UNIX box.
- the accessibility framework
Brian Cameron wrote:
In my opinion, one of the most worrying hacks that would be
fairly easy to target a UNIX or Solaris system is the well
known xspy hack.
Xspy is so last decade - the accessibility framework makes it
much easier to monitor and modify keystrokes going through X,
and required
Thanks for the mdb ::findleaks hint. I only offered
the kernel number as a reference point, I know
OpenSolaris is not the same as the packaged Solaris.
But it is from similar base code and I have had a
ticket open on this problem with Sun for over 2
months, with no progress. So I tried
[ subject line changed to something sane ]
In my opinion, one of the most worrying hacks that would be
fairly easy to target a UNIX or Solaris system is the well
known xspy hack. If you can get a user to run a program
Again, this all depends on some one being on the system already and they
Brian Cameron wrote:
True. However, at least a11y is off by default. You can't run
X and turn off the ability to snoop via xspy. :)
Sure you can - you just need to do a lot of work to setup the
security extension, or use a multi-level desktop like Trusted
Extensions that's done the work for
Hi Mark,
Sorry for the delay in responding..just catching up from the holiday break.
It would be good to see the /tmp/gui-install_log and /tmp/install_log
when this occurs. Obviously, this shouldn't happen.
sarah
Mark Drummond wrote:
I am trying to install SXDE 9/07 in a vmware 6.x vm.
If this is not the right group, tell me.
I have a joyent accelerator and try to build a facebook aplication on
django/python. I have a dependency on pyLucene
(http://pylucene.osafoundation.org/), but I can't compile it.
I have try this for 1 full week now. I have not experience on C/C++/Java
Thanks for following my thread and reply my question.
Now I'm downloading the community express ones.
In fact, I already gave it a try about 6 months ago.
Of course I knew that unlike linux that can be installed at extended partition,
solaris must be installed in primary partition, but right
Hi All,
As I mentioned at the OpenSolaris Developer conference, I've been working
with a couple of laptop
ODMs to try and find a laptop for OpenSolaris vs the other way round. Trying
to get Solaris installed
with drivers missing.
Both ECS and ASUS have supplied me with laptops that
You are right, an RTM reply wouldn't be nice from paid support but with paid
support I shouldn't be the one doing the debugging either. Commercial Solaris
has behaved well enough for long enough that I am out of practice, I haven't
had to do this since the early days, long before Dtrace, back
Hi,
It's going to take a little while to get something like setkeycodes
into OpenSolaris.
Apart from the function key _ Fn key issues everything else is working
on the laptop.
Just finished testing the express pc card slot it's fine.
Henry is the VP Sales for ECS in North America.
Dave
Hi all,
I searched the internet and could not find any good book which explains
about crash dump analysis on Sparc with some good examples. I could find
one for crash dump analysis on x86. Could you suggest me any book?
Regards
Priya,
-Original Message-
From: [EMAIL PROTECTED]
Hi All,
We have a kernel module called IPFS which lies in between VFS and UFS.
We are getting a kernel panic (with the following stack trace) very
frequently on ATCA blades where as the panic is almost rare on CPCI
blades.
sfmmu_tsbmiss_exception+0x54(2a1038555a0, 42001, 31, 0, d5b28,
Hi Dave,
Thanks for the quick reply. Does the ECS (Elitegroup, 精英) notebook come with
e-Sata and HDMI ports? Do they work under Solaris X? Thanks again. (I am
visiting Taipei around the Chinese New Year, maybe I will find time to visit
their notebook HQ in Wu-Gu 五股--Just wish that I could
On Tue, 08 Jan 2008 23:23:15 PST
W. Wayne Liauh [EMAIL PROTECTED] wrote:
Hi Dave,
Thanks for the quick reply. Does the ECS (Elitegroup, 精英) notebook come with
e-Sata and HDMI ports? Do they work under Solaris X? Thanks again. (I am
visiting Taipei around the Chinese New Year, maybe I
30 matches
Mail list logo