Peter Miller wrote:
As a profession, we have two choices:
1. start licensing and accrediting ourselves, with a structure we can
live with, OR
2. wait for Some Really Bad Shit to happen, with a software defect as
the root cause, and have the politicians force something upon us...
something baroqu
On Tue, 2008-06-03 at 10:21 +0800, jam wrote:
> On Tuesday 03 June 2008 08:50:26 [EMAIL PROTECTED] wrote:
> > [...]
> >
> > > The server had ssh access enabled via password entry and fell victim
> > > to a brute force password attack.
>
> First thanks to everyone who contributed to this interes
denyhosts keeps track of failures and locks ips out.
petter chubb mentioned a three strikes and youre out policy.
denyhosts you can choose this threshold, you can also choose for how
long the ip is 'out' (which helps to keep the list size down).
Using keys myself, and very occasionally passwor
[EMAIL PROTECTED] wrote:
Depends how you set it up. Mine has a `three tries and you're out'
policy. And as I use an ssh-agent on my (carry around) laptop,
there's no chance of being locked out accidentally.
I assume three times password fails and you're out, right?
That's interesting.
Can o
> "Rick" == Rick Welykochy <[EMAIL PROTECTED]> writes:
Rick> Dean Hamstead wrote:
>> Denyhosts is a great daemon/cronscript that will manage hosts.allow
>> for your ssh server. you can set thresholds and instant triggers
>> etc which will result in that ip being blocked.
Rick> Also, can't one
Dean Hamstead wrote:
Denyhosts is a great daemon/cronscript that will manage hosts.allow for
your ssh server. you can set thresholds and instant triggers etc which
will result in that ip being blocked.
Also, can't one use a TCP wrapper with ssh? Either way, it does compromise
one of the beaut
I am running a server that was getting heaps of password cracking
attempts on SSH port 22. Since changing the port, the attempts
have stopped.
Denyhosts is a great daemon/cronscript that will manage hosts.allow for
your ssh server. you can set thresholds and instant triggers etc which
will res
On Tue, Jun 03, 2008, Sonia Hamilton wrote:
> jam wrote:
>> First thanks to everyone who contributed to this interesting thread :-)
>
> Isn't it about time this boring thread went onto
> slug-chat?
There's probably additional boredom to be had in saying which bits of
it, but in terms of on-topi
jam wrote:
First thanks to everyone who contributed to this interesting thread :-)
Isn't it about time this boring thread went onto
slug-chat?
:-)
--
Sonia Hamilton.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mai
jam wrote:
Daniel talks about 'brute forcing' a password:
say [EMAIL PROTECTED]&*()_/?] and 6 chars passwords
6**70 umm 70 * log (2) and 10**8 brute forces / sec
thats 10 to the power 60 secs! Sorry the universe went flat.
Or collapsed to a singularity.
As Bruce Schneier points out here:
h
> The the famous Win Mac Linux security shoot off: Win and Mac broken but no
> body wanted the $10,000 and Sony Viao for breaking the linux box. H.
These events are more about reputation and strutting than money. Reckon that
cracking into a Linux machine is going to do more for your rep than
On Tuesday 03 June 2008 08:50:26 [EMAIL PROTECTED] wrote:
> [...]
>
> > The server had ssh access enabled via password entry and fell victim
> > to a brute force password attack.
>
> [...]
>
> > I still do not know how the attacker located the machine. I presume
> > it was probably through a por
Martin Visser wrote:
I have often found that feeding the output of the toaster, back into the
toaster demonstrates an overflow bug, requiring opening all of the
windows and doors.
Funny that. And I have found that feeding the output of Windows
back into Windows often results in toast!
cheers
I have often found that feeding the output of the toaster, back into the
toaster demonstrates an overflow bug, requiring opening all of the windows
and doors.
On Tue, Jun 3, 2008 at 10:53 AM, Sam Gentle <[EMAIL PROTECTED]> wrote:
> On Tue, Jun 3, 2008 at 10:47 AM, Rick Welykochy <[EMAIL PROTECTED
On Tue, Jun 3, 2008 at 10:47 AM, Rick Welykochy <[EMAIL PROTECTED]> wrote:
> Sridhar Dhanapalan wrote:
>>
>> On Mon, 2 Jun 2008 at 14:59, Jason Ball <[EMAIL PROTECTED]> wrote:
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to
Sridhar Dhanapalan wrote:
On Mon, 2 Jun 2008 at 14:59, Jason Ball <[EMAIL PROTECTED]> wrote:
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of Linux and
Doze?
More than likely.
I've seen a range of plausible reasons an
On Monday 02 June 2008 21:43:25 [EMAIL PROTECTED] wrote:
> > Yet there are so many who go nuts when the idea of accreditation is
> > raised.
> >
> > :-) [This cheap shot does not indicate my support for or against the
> > : idea!]
>
> As a profession, we have two choices:
> 1. start licensing and a
At the end of the day... software is judged by whether it works for the
customer or not. Not whether it has a long list of accreditations.
Thats nonsense. Management will continue to buy software and force it
upon their engineers and techs based on the all important
characteristics of...
- m
Adrian Chadd wrote:
The trouble is that the entry barrier for coding is so low, you can
"code" without any "clue".
This very issue gave rise to some heated debate over on the LINK mailing
list, which some of you attend.
Many of us computer "professionals" were peeved by this low barrier to
entr
So how would you develop such a system whilst also allowing for the
freedom and low barrier to entry that signifies the Free and Open
Source
Software movement?
I expect that when regulation is forced upon us, barriers to entry
will be the whole point. Unless we get in first.
Will the parall
On Mon, 2 Jun 2008 at 14:59, Jason Ball <[EMAIL PROTECTED]> wrote:
> > Not wishing to start an OS war, but I rarely if ever have seen a BSD
> > or Sun box compromised. Is this due to sheer numbers of Linux and
> > Doze?
>
> More than likely.
I've seen a range of plausible reasons and hard statisti
On Mon, Jun 02, 2008, Peter Miller wrote:
> Will the parallel be: you get malpractice insurance, or you can have
> your future wages garnished forever if you get sued. Doctors have to
> pay their malpractice insurance to have their pro-bono work covered. I
> expect software folks will too.
If t
Peter Miller wrote:
will be the whole point. Unless we get in first.
Will the parallel be: you get malpractice insurance, or you can have
your future wages garnished forever if you get sued. Doctors have to
pay their malpractice insurance to have their pro-bono work covered. I
expect soft
On Mon, 2008-06-02 at 20:33 +1000, James Purser wrote:
> So how would you develop such a system whilst also allowing for the
> freedom and low barrier to entry that signifies the Free and Open Source
> Software movement?
I expect that when regulation is forced upon us, barriers to entry
will be th
On Mon, 2008-06-02 at 20:21 +1000, Peter Miller wrote:
> On Mon, 2008-06-02 at 16:31 +1000, Jeff Waugh wrote:
> > Yet there are so many who go nuts when the idea of accreditation is raised.
> > :-) [This cheap shot does not indicate my support for or against the idea!]
>
> As a profession, we have
On Mon, 2008-06-02 at 16:31 +1000, Jeff Waugh wrote:
> Yet there are so many who go nuts when the idea of accreditation is raised.
> :-) [This cheap shot does not indicate my support for or against the idea!]
As a profession, we have two choices:
1. start licensing and accrediting ourselves, with
> This one time, at band camp, Adrian Chadd wrote:
>
> > Ah, if only writing software held the same risks and building bridges.
> > :)
>
> You mean engineers don't test their newly-built bridge by driving a dozen
> variously-shaped vehicles across it, before opening it up to all and
> sundry?
On Mon, Jun 02, 2008, Michael Lake wrote:
> Adrian Chadd wrote:
> >Ah, if only writing software held the same risks and building bridges. :)
>
> It does. Here is the classic:
> http://en.wikipedia.org/wiki/Therac-25
> http://catless.ncl.ac.uk/Risks/3.09.html
>
> This dates from way back in 1986.
Adrian Chadd wrote:
Ah, if only writing software held the same risks and building bridges. :)
It does. Here is the classic:
http://en.wikipedia.org/wiki/Therac-25
http://catless.ncl.ac.uk/Risks/3.09.html
This dates from way back in 1986.
Mike
--
Michael Lake
Computational Research Centre of E
This one time, at band camp, Adrian Chadd wrote:
> Ah, if only writing software held the same risks and building bridges. :)
You mean engineers don't test their newly-built bridge by driving a
dozen variously-shaped vehicles across it, before opening it up to all
and sundry?
--
Rev Simon Rumb
This one time, at band camp, Chris Collins wrote:
>> Matt's Script Archive, anyone?
>
> God... no. make it stop!
>
> I was a #perl op on Efnet back in 2000/2001. The channel had officially
> disowned Matt and anything to do with him. The standard recommendation
> being "Don't. Just... don't.
On Mon, Jun 02, 2008, Jeff Waugh wrote:
> Yet there are so many who go nuts when the idea of accreditation is raised.
> :-) [This cheap shot does not indicate my support for or against the idea!]
Heh. They don't suspect the real issue with accreditation?
That suddenly Universities will have to te
On 02/06/2008, at 3:25 PM, Rev Simon Rumble wrote:
This one time, at band camp, Daniel Pittman wrote:
[2] formmail. I say no more.
Matt's Script Archive, anyone?
God... no. make it stop!
I was a #perl op on Efnet back in 2000/2001. The channel had
officially disowned Matt and anyth
> Adrian Chadd wrote:
>
>> The trouble is that the entry barrier for coding is so low, you can
>> "code" without any "clue".
>
> This very issue gave rise to some heated debate over on the LINK mailing
> list, which some of you attend.
>
> Many of us computer "professionals" were peeved by this l
Adrian Chadd wrote:
The trouble is that the entry barrier for coding is so low, you can
"code" without any "clue".
This very issue gave rise to some heated debate over on the LINK
mailing list, which some of you attend.
Many of us computer "professionals" were peeved by this low
barrier to en
On Mon, Jun 02, 2008, Rick Welykochy wrote:
> Daniel Pittman wrote:
>
> >[2] formmail. I say no more.
>
> The perl language has been pretty bullet proof. I do recall
> one string-based exploit in the many many years I have been using
> it.
Shit code can be written on all platforms.
> That sai
Daniel Pittman wrote:
[2] formmail. I say no more.
The perl language has been pretty bullet proof. I do recall
one string-based exploit in the many many years I have been using
it.
That said, yup, scripts like formmail are written by monkeys
in the 11th level hell and sent to torment sys ad
This one time, at band camp, Daniel Pittman wrote:
> [2] formmail. I say no more.
Matt's Script Archive, anyone?
--
Rev Simon Rumble <[EMAIL PROTECTED]>
www.rumble.net
The Tourist Engineer
Just because you're on holiday, doesn't mean you're not a geek.
http://engineer.openguides.org/
"A co
Rick Welykochy <[EMAIL PROTECTED]> writes:
> Mary Gardiner wrote:
>
>> I suspect attacks through web apps like WordPress are pretty common
>> causes of comprise of machines run by essentially knowledgable people
>> at the moment, because there doesn't seem yet to be a good set of
>> best practices
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of Linux and
Doze?
More than likely.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of Linux and Doze?
there are a lot of people out there setting up linux machines who really
havent got the skills to do so.
not listing any names...
ausgamers.com
Dean
Mary Gardiner wrote:
I suspect attacks through web apps like WordPress are pretty common
causes of comprise of machines run by essentially knowledgable people at
the moment, because there doesn't seem yet to be a good set of best
practices for packaging and updating them (upstream tends to aims
This one time, at band camp, Mary Gardiner wrote:
> I suspect attacks through web apps like WordPress are pretty common
> causes of comprise of machines run by essentially knowledgable people at
> the moment, because there doesn't seem yet to be a good set of best
> practices for packaging and upd
I suspect a bunch of people are going to jump into this thread, but to
get in early, some stories:
- a Red Hat 5 box left to rot (this was some time ago now!), became a
host for warez and ended up comprising something like half of its
very substantial network's total traffic.
- a sendmail
44 matches
Mail list logo
