Peter Miller wrote:
As a profession, we have two choices:
1. start licensing and accrediting ourselves, with a structure we can
live with, OR
2. wait for Some Really Bad Shit to happen, with a software defect as
the root cause, and have the politicians force something upon us...
something
On Tue, 2008-06-03 at 10:21 +0800, jam wrote:
On Tuesday 03 June 2008 08:50:26 [EMAIL PROTECTED] wrote:
[...]
The server had ssh access enabled via password entry and fell victim
to a brute force password attack.
First thanks to everyone who contributed to this interesting thread
denyhosts keeps track of failures and locks ips out.
petter chubb mentioned a three strikes and youre out policy.
denyhosts you can choose this threshold, you can also choose for how
long the ip is 'out' (which helps to keep the list size down).
Using keys myself, and very occasionally
quote who=Rick Welykochy
Adrian Chadd wrote:
The trouble is that the entry barrier for coding is so low, you can
code without any clue.
This very issue gave rise to some heated debate over on the LINK mailing
list, which some of you attend.
Many of us computer professionals were peeved
On 02/06/2008, at 3:25 PM, Rev Simon Rumble wrote:
This one time, at band camp, Daniel Pittman wrote:
[2] formmail. I say no more.
Matt's Script Archive, anyone?
God... no. make it stop!
I was a #perl op on Efnet back in 2000/2001. The channel had
officially disowned Matt and
On Mon, Jun 02, 2008, Jeff Waugh wrote:
Yet there are so many who go nuts when the idea of accreditation is raised.
:-) [This cheap shot does not indicate my support for or against the idea!]
Heh. They don't suspect the real issue with accreditation?
That suddenly Universities will have to
This one time, at band camp, Chris Collins wrote:
Matt's Script Archive, anyone?
God... no. make it stop!
I was a #perl op on Efnet back in 2000/2001. The channel had officially
disowned Matt and anything to do with him. The standard recommendation
being Don't. Just... don't.
And a
This one time, at band camp, Adrian Chadd wrote:
Ah, if only writing software held the same risks and building bridges. :)
You mean engineers don't test their newly-built bridge by driving a
dozen variously-shaped vehicles across it, before opening it up to all
and sundry?
--
Rev Simon
Adrian Chadd wrote:
Ah, if only writing software held the same risks and building bridges. :)
It does. Here is the classic:
http://en.wikipedia.org/wiki/Therac-25
http://catless.ncl.ac.uk/Risks/3.09.html
This dates from way back in 1986.
Mike
--
Michael Lake
Computational Research Centre of
On Mon, Jun 02, 2008, Michael Lake wrote:
Adrian Chadd wrote:
Ah, if only writing software held the same risks and building bridges. :)
It does. Here is the classic:
http://en.wikipedia.org/wiki/Therac-25
http://catless.ncl.ac.uk/Risks/3.09.html
This dates from way back in 1986.
Oh yes,
On Mon, 2008-06-02 at 20:33 +1000, James Purser wrote:
So how would you develop such a system whilst also allowing for the
freedom and low barrier to entry that signifies the Free and Open Source
Software movement?
I expect that when regulation is forced upon us, barriers to entry
iwill be the
quote who=Rev Simon Rumble
This one time, at band camp, Adrian Chadd wrote:
Ah, if only writing software held the same risks and building bridges.
:)
You mean engineers don't test their newly-built bridge by driving a dozen
variously-shaped vehicles across it, before opening it up to
On Mon, 2008-06-02 at 20:21 +1000, Peter Miller wrote:
On Mon, 2008-06-02 at 16:31 +1000, Jeff Waugh wrote:
Yet there are so many who go nuts when the idea of accreditation is raised.
:-) [This cheap shot does not indicate my support for or against the idea!]
As a profession, we have two
On Mon, 2008-06-02 at 16:31 +1000, Jeff Waugh wrote:
Yet there are so many who go nuts when the idea of accreditation is raised.
:-) [This cheap shot does not indicate my support for or against the idea!]
As a profession, we have two choices:
1. start licensing and accrediting ourselves, with a
Peter Miller wrote:
iwill be the whole point/i. Unless we get in first.
Will the parallel be: you get malpractice insurance, or you can have
your future wages garnished forever if you get sued. Doctors have to
pay their malpractice insurance to have their pro-bono work covered. I
expect
On Mon, Jun 02, 2008, Peter Miller wrote:
Will the parallel be: you get malpractice insurance, or you can have
your future wages garnished forever if you get sued. Doctors have to
pay their malpractice insurance to have their pro-bono work covered. I
expect software folks will too.
If the
On Mon, 2 Jun 2008 at 14:59, Jason Ball [EMAIL PROTECTED] wrote:
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of Linux and
Doze?
More than likely.
I've seen a range of plausible reasons and hard statistics to
So how would you develop such a system whilst also allowing for the
freedom and low barrier to entry that signifies the Free and Open
Source
Software movement?
I expect that when regulation is forced upon us, barriers to entry
iwill be the whole point/i. Unless we get in first.
Will the
Adrian Chadd wrote:
The trouble is that the entry barrier for coding is so low, you can
code without any clue.
This very issue gave rise to some heated debate over on the LINK mailing
list, which some of you attend.
Many of us computer professionals were peeved by this low barrier to
entry
At the end of the day... software is judged by whether it works for the
customer or not. Not whether it has a long list of accreditations.
Thats nonsense. Management will continue to buy software and force it
upon their engineers and techs based on the all important
characteristics of...
-
On Monday 02 June 2008 21:43:25 [EMAIL PROTECTED] wrote:
Yet there are so many who go nuts when the idea of accreditation is
raised.
:-) [This cheap shot does not indicate my support for or against the
: idea!]
As a profession, we have two choices:
1. start licensing and accrediting
Sridhar Dhanapalan wrote:
On Mon, 2 Jun 2008 at 14:59, Jason Ball [EMAIL PROTECTED] wrote:
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of Linux and
Doze?
More than likely.
I've seen a range of plausible reasons and
On Tue, Jun 3, 2008 at 10:47 AM, Rick Welykochy [EMAIL PROTECTED] wrote:
Sridhar Dhanapalan wrote:
On Mon, 2 Jun 2008 at 14:59, Jason Ball [EMAIL PROTECTED] wrote:
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of
I have often found that feeding the output of the toaster, back into the
toaster demonstrates an overflow bug, requiring opening all of the windows
and doors.
On Tue, Jun 3, 2008 at 10:53 AM, Sam Gentle [EMAIL PROTECTED] wrote:
On Tue, Jun 3, 2008 at 10:47 AM, Rick Welykochy [EMAIL PROTECTED]
Martin Visser wrote:
I have often found that feeding the output of the toaster, back into the
toaster demonstrates an overflow bug, requiring opening all of the
windows and doors.
Funny that. And I have found that feeding the output of Windows
back into Windows often results in toast!
On Tuesday 03 June 2008 08:50:26 [EMAIL PROTECTED] wrote:
[...]
The server had ssh access enabled via password entry and fell victim
to a brute force password attack.
[...]
I still do not know how the attacker located the machine. I presume
it was probably through a port scan which
quote who=jam
The the famous Win Mac Linux security shoot off: Win and Mac broken but no
body wanted the $10,000 and Sony Viao for breaking the linux box. H.
These events are more about reputation and strutting than money. Reckon that
cracking into a Linux machine is going to do more for
jam wrote:
Daniel talks about 'brute forcing' a password:
say [EMAIL PROTECTED]*()_/?] and 6 chars passwords
6**70 umm 70 * log (2) and 10**8 brute forces / sec
thats 10 to the power 60 secs! Sorry the universe went flat.
Or collapsed to a singularity.
As Bruce Schneier points out here:
jam wrote:
First thanks to everyone who contributed to this interesting thread :-)
Isn't it about time this opinionboring/opinion thread went onto
slug-chat?
:-)
--
Sonia Hamilton.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs:
On Tue, Jun 03, 2008, Sonia Hamilton wrote:
jam wrote:
First thanks to everyone who contributed to this interesting thread :-)
Isn't it about time this opinion boring/opinion thread went onto
slug-chat?
There's probably additional boredom to be had in saying which bits of
it, but in terms
I am running a server that was getting heaps of password cracking
attempts on SSH port 22. Since changing the port, the attempts
have stopped.
Denyhosts is a great daemon/cronscript that will manage hosts.allow for
your ssh server. you can set thresholds and instant triggers etc which
will
Dean Hamstead wrote:
Denyhosts is a great daemon/cronscript that will manage hosts.allow for
your ssh server. you can set thresholds and instant triggers etc which
will result in that ip being blocked.
Also, can't one use a TCP wrapper with ssh? Either way, it does compromise
one of the
Rick == Rick Welykochy [EMAIL PROTECTED] writes:
Rick Dean Hamstead wrote:
Denyhosts is a great daemon/cronscript that will manage hosts.allow
for your ssh server. you can set thresholds and instant triggers
etc which will result in that ip being blocked.
Rick Also, can't one use a TCP
[EMAIL PROTECTED] wrote:
Depends how you set it up. Mine has a `three tries and you're out'
policy. And as I use an ssh-agent on my (carry around) laptop,
there's no chance of being locked out accidentally.
I assume three times password fails and you're out, right?
That's interesting.
Can
I suspect a bunch of people are going to jump into this thread, but to
get in early, some stories:
- a Red Hat 5 box left to rot (this was some time ago now!), became a
host for warez and ended up comprising something like half of its
very substantial network's total traffic.
- a
This one time, at band camp, Mary Gardiner wrote:
I suspect attacks through web apps like WordPress are pretty common
causes of comprise of machines run by essentially knowledgable people at
the moment, because there doesn't seem yet to be a good set of best
practices for packaging and
Mary Gardiner wrote:
I suspect attacks through web apps like WordPress are pretty common
causes of comprise of machines run by essentially knowledgable people at
the moment, because there doesn't seem yet to be a good set of best
practices for packaging and updating them (upstream tends to aims
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of Linux and Doze?
there are a lot of people out there setting up linux machines who really
havent got the skills to do so.
not listing any names...
ausgamers.com
Not wishing to start an OS war, but I rarely if ever have seen a BSD
or Sun box compromised. Is this due to sheer numbers of Linux and
Doze?
More than likely.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs:
Rick Welykochy [EMAIL PROTECTED] writes:
Mary Gardiner wrote:
I suspect attacks through web apps like WordPress are pretty common
causes of comprise of machines run by essentially knowledgable people
at the moment, because there doesn't seem yet to be a good set of
best practices for
This one time, at band camp, Daniel Pittman wrote:
[2] formmail. I say no more.
Matt's Script Archive, anyone?
--
Rev Simon Rumble [EMAIL PROTECTED]
www.rumble.net
The Tourist Engineer
Just because you're on holiday, doesn't mean you're not a geek.
http://engineer.openguides.org/
A
Daniel Pittman wrote:
[2] formmail. I say no more.
The perl language has been pretty bullet proof. I do recall
one string-based exploit in the many many years I have been using
it.
That said, yup, scripts like formmail are written by monkeys
in the 11th level hell and sent to torment sys
On Mon, Jun 02, 2008, Rick Welykochy wrote:
Daniel Pittman wrote:
[2] formmail. I say no more.
The perl language has been pretty bullet proof. I do recall
one string-based exploit in the many many years I have been using
it.
Shit code can be written on all platforms.
That said, yup,
Adrian Chadd wrote:
The trouble is that the entry barrier for coding is so low, you can
code without any clue.
This very issue gave rise to some heated debate over on the LINK
mailing list, which some of you attend.
Many of us computer professionals were peeved by this low
barrier to entry
44 matches
Mail list logo
