On Wed, 2015-02-11 at 09:27 -0500, James B. Byrne wrote:
> Most phishing sites do not resemble anything like what one might
> expect. That is why they work. Truly, with network security you
> really, really have to develop a pathological paranoia about files
> with unknown origins or you might
On 02/11/2015 09:27 AM, James B. Byrne wrote:
PDFs are known vectors for malware. They have been exploited in the
past and no doubt will be exploited in the future. ...
That said, I readily admit that the risk posed by this particular
example is low. But, it is not zero.
As an example, I found
On Tue, February 10, 2015 18:28, Always Learning wrote:
>
> 3. The Russian's web site is that of a devote cyclist. Most of the
> films on his web site are of cycling or about cycling. Most of the
> oldish PDF files are about Linux and in Russian. I do not consider
> his site presents a malicious d
On Tue, 2015-02-10 at 21:04 -0700, Chris Murphy wrote:
> What libraries offer is not only legal, it's important to keep this
> intact. Publishers have variably been very unreasonable abrogating the
> first-sale doctrine when it comes to ebook versions. It's a case where
> I believe in no shade of
On Tue, Feb 10, 2015 at 8:55 PM, Always Learning wrote:
> Before an unnecessary riot starts perhaps I should mention I've borrowed
> 'The Book' from a public library :-)
FYI my comments are restricted the PDF floating around of the
recommended UNIX and Linux System Admin book. That's definitely
On Tue, 2015-02-10 at 21:32 -0600, Valeri Galtsev wrote:
> Indeed I should have said "allegedly pirated" not just "pirated". As I
> don't care to go into details if it is or it isn't. I also would recommend
> to finish this discussion and those who feel so get themselves some
> fundamental book
On Tue, February 10, 2015 7:36 pm, Always Learning wrote:
>
> On Tue, 2015-02-10 at 19:19 -0600, Valeri Galtsev wrote:
>
>
>> Just to make it clear: I recommended the book itself without pointing to
>> any source of it, and when pirate copy was mentioned by somebody else, I
>> had to say I do not
On Tue, Feb 10, 2015 at 6:29 PM, Always Learning wrote:
>
> On Tue, 2015-02-10 at 17:14 -0800, John R Pierce wrote:
>
>> On 2/10/2015 4:58 PM, Always Learning wrote:
>> > You have absolutely no prima facie evidence to support your assertion.
>>
>> Seriously? from page 5 of said PDF.
>>
>> Co
On Tue, Feb 10, 2015 at 5:39 PM, John R Pierce wrote:
> On 2/10/2015 3:28 PM, Always Learning wrote:
>>
>> 3. The Russian's web site is that of a devote cyclist.
>
>
> oh, well, I'm glad that makes the copyright violation of stealing an authors
> work OK in your book.
This thread has gone quite o
On 02/10/2015 05:29 PM, Always Learning wrote:
Legal point 1: you do not know the source of the Russian's PDF.
Legal point 2: you can not determine with certainty that the said PDF is
*not* a lawful copy.
Legal point 3: you can not establish the Russian's possession of the PDF
is *not* lawful.
On 2/10/2015 5:29 PM, Always Learning wrote:
Legal point 1: you do not know the source of the Russian's PDF.
doesn't matter.
Legal point 2: you can not determine with certainty that the said PDF is
*not* a lawful copy.
I know that *I* don't have the rights to read that PDF, and I suspect
On Tue, 2015-02-10 at 19:19 -0600, Valeri Galtsev wrote:
> Just to make it clear: I recommended the book itself without pointing to
> any source of it, and when pirate copy was mentioned by somebody else, I
> had to say I do not recommend that source and would recommend to buy the
> book on amaz
On Tue, 2015-02-10 at 17:14 -0800, John R Pierce wrote:
> On 2/10/2015 4:58 PM, Always Learning wrote:
> > You have absolutely no prima facie evidence to support your assertion.
>
> Seriously? from page 5 of said PDF.
>
> Copyright © 2011 Pearson Education, Inc. All rights reserved.
>
On Tue, 2015-02-10 at 17:59 -0700, Warren Young wrote:
> > On Feb 10, 2015, at 4:28 PM, Always Learning wrote:
> >
> > 2. PDFs can be created by *NON-ADOBE* software.
>
> And SWFs can be generated by non-Adobe software, and JARs can be generated by
> non-Oracle software. What’s your point?
On Tue, February 10, 2015 6:58 pm, Always Learning wrote:
>
> On Tue, 2015-02-10 at 16:39 -0800, John R Pierce wrote:
>> On 2/10/2015 3:28 PM, Always Learning wrote:
>> > 3. The Russian's web site is that of a devote cyclist.
>>
>> oh, well, I'm glad that makes the copyright violation of stealing
On 2/10/2015 4:58 PM, Always Learning wrote:
You have absolutely no prima facie evidence to support your assertion.
Seriously? from page 5 of said PDF.
Copyright © 2011 Pearson Education, Inc. All rights reserved.
Printed in the United States of America. This publication is
protecte
> On Feb 10, 2015, at 4:28 PM, Always Learning wrote:
>
> 2. PDFs can be created by *NON-ADOBE* software.
And SWFs can be generated by non-Adobe software, and JARs can be generated by
non-Oracle software. What’s your point? Is it that only Evil Corporations can
create software that can be us
On Tue, 2015-02-10 at 16:39 -0800, John R Pierce wrote:
> On 2/10/2015 3:28 PM, Always Learning wrote:
> > 3. The Russian's web site is that of a devote cyclist.
>
> oh, well, I'm glad that makes the copyright violation of stealing an
> authors work OK in your book.
Another bored expert despera
On Tue, 2015-02-10 at 16:24 -0800, Keith Keller wrote:
> On 2015-02-10, Always Learning wrote:
> >
> > My decisions are based on what I know. Those decisions can be called
> > "informed decisions".
>
> Calling them "informed decisions" doesn't automatically make them
> informed decisions.
This
On 2/10/2015 3:28 PM, Always Learning wrote:
3. The Russian's web site is that of a devote cyclist.
oh, well, I'm glad that makes the copyright violation of stealing an
authors work OK in your book.
--
john r pierce 37N 122W
somewhere on the middle of the
On 2015-02-10, Always Learning wrote:
>
> My decisions are based on what I know. Those decisions can be called
> "informed decisions".
Calling them "informed decisions" doesn't automatically make them
informed decisions.
--keith
--
kkel...@wombat.san-francisco.ca.us
_
On Tue, 2015-02-10 at 23:28 +, Always Learning wrote:
> 3. The Russian's web site is that of a *devout* cyclist.
--
Regards,
Paul.
England, EU. Je suis Charlie.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/lis
Valeri and Warren,
My decisions are based on what I know. Those decisions can be called
"informed decisions".
I am not abdicating anything to you two gentlemen.
--
Regards,
Paul.
England, EU. Je suis Charlie.
___
CentOS mailing list
CentOS@c
On Tue, 2015-02-10 at 15:04 -0700, Warren Young wrote:
> > On Feb 9, 2015, at 12:12 PM, John R Pierce wrote:
> >
> > On 2/9/2015 11:06 AM, Always Learning wrote:
> >> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
> >> shows every page appears to be readable. 11 pages
On Tue, February 10, 2015 4:04 pm, Warren Young wrote:
>> On Feb 9, 2015, at 12:12 PM, John R Pierce wrote:
>>
>> On 2/9/2015 11:06 AM, Always Learning wrote:
>>> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the
>>> PDF
>>> shows every page appears to be readable. 11 pages de
> On Feb 9, 2015, at 12:12 PM, John R Pierce wrote:
>
> On 2/9/2015 11:06 AM, Always Learning wrote:
>> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
>> shows every page appears to be readable. 11 pages devoted to BASH.
>> Information on other interesting topics too.
>
On 02/09/2015 11:11 PM, Kahlil Hodgson wrote:
> On 10 February 2015 at 16:39, Pete Travis wrote:
>> Officially, no, the "Fedora Documentation" bz product isn't there for
>> Red Hat guides. If you want to file a bug against a RHEL guide, choose
>> your version of RHEL then look for the guide's com
On 02/09/2015 11:11 PM, Kahlil Hodgson wrote:
> On 10 February 2015 at 16:39, Pete Travis wrote:
>> Officially, no, the "Fedora Documentation" bz product isn't there for
>> Red Hat guides. If you want to file a bug against a RHEL guide, choose
>> your version of RHEL then look for the guide's com
On 10 February 2015 at 16:39, Pete Travis wrote:
> Officially, no, the "Fedora Documentation" bz product isn't there for
> Red Hat guides. If you want to file a bug against a RHEL guide, choose
> your version of RHEL then look for the guide's component - these days,
> they all start with "doc-",
On 02/09/2015 04:25 PM, PatrickD Garvey wrote:
> On Mon, Feb 9, 2015 at 3:23 PM, Kahlil Hodgson
> wrote:
>> On 10 February 2015 at 10:15, PatrickD Garvey
wrote:
>>> Please allow me to make sure I am perceiving this correctly,
>>> reports of errors found in RedHat documentation are to be reported
On Mon, Feb 09, 2015 at 10:10:35PM +, Always Learning wrote:
> Keith neither of us know whether or not the Russian man obtained his PDF
> copy of the book lawfully. In my book-publishing opinion, the PDF
> appears to have originated from the book's publisher, so the original
> source must have
On Mon, Feb 9, 2015 at 3:23 PM, Kahlil Hodgson
wrote:
> On 10 February 2015 at 10:15, PatrickD Garvey
> wrote:
>> Please allow me to make sure I am perceiving this correctly,
>> reports of errors found in RedHat documentation are to be reported
>> against the Fedora Documentation product type in
On 10 February 2015 at 10:15, PatrickD Garvey wrote:
> Please allow me to make sure I am perceiving this correctly,
> reports of errors found in RedHat documentation are to be reported
> against the Fedora Documentation product type in the RedHat bugzilla?
> and
> reports of errors found in Fedora
On Mon, Feb 9, 2015 at 3:11 PM, Kahlil Hodgson
wrote:
> On 10 February 2015 at 10:08, Kahlil Hodgson
> wrote:
>> I think you can simply submit a bug report under fedora documentation.
>
> Via bugzilla:
>
> https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation
>
On 10 February 2015 at 10:08, Kahlil Hodgson
wrote:
> I think you can simply submit a bug report under fedora documentation.
Via bugzilla:
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation
___
CentOS mailing list
CentOS@centos.or
On 10 February 2015 at 09:53, PatrickD Garvey wrote:
> I'd like to know how a member of
> the CentOS project submits improvements to something in the RedHat
> documentation. Can you provide guidance in that regard?
I think you can simply submit a bug report under fedora documentation.
Note, the
On Mon, Feb 9, 2015 at 2:06 PM, Les Mikesell wrote:
> On Mon, Feb 9, 2015 at 3:42 PM, Valeri Galtsev
> wrote:
>> >
>> Still, there are many knowledgeable people on the list, they may give
>> different recommendation, which will create some pool of choices. I asked
>> John and Jonathan, I'd like t
On Mon, 2015-02-09 at 15:54 -0600, Valeri Galtsev wrote:
> Still, as I stressed in my original suggestion: to get proficient in
> anything one has to learn fundamentals, so I would forget about blogs,
> web posts, and would begin with a really good book. Unless you are
> already an expert in a se
On Mon, 2015-02-09 at 13:28 -0800, Keith Keller wrote:
> > On Mon, 2015-02-09 at 11:12 -0800, John R Pierce wrote:
> >>
> >> on a site hosted in Russia which appears to be FULL of copyright
> >> violations.
> On 2015-02-09, Always Learning wrote:
> >
> > Probably not really a software pirate
On Mon, Feb 9, 2015 at 3:42 PM, Valeri Galtsev
wrote:
> >
> Still, there are many knowledgeable people on the list, they may give
> different recommendation, which will create some pool of choices. I asked
> John and Jonathan, I'd like to ask also Les Mikesell and Mr. SilverTip257:
> what would yo
On Mon, February 9, 2015 3:28 pm, Keith Keller wrote:
> On 2015-02-09, Always Learning wrote:
>>
>> On Mon, 2015-02-09 at 11:12 -0800, John R Pierce wrote:
>>
>>> On 2/9/2015 11:06 AM, Always Learning wrote:
>>> > The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the
>>> PDF
>>> >
On Mon, February 9, 2015 3:14 pm, PatrickD Garvey wrote:
> On Mon, Feb 9, 2015 at 11:12 AM, John R Pierce
wrote:
>> On 2/9/2015 11:06 AM, Always Learning wrote:
>>> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the
PDF
>>> shows every page appears to be readable. 11 pages devot
On 2015-02-09, Always Learning wrote:
>
> On Mon, 2015-02-09 at 11:12 -0800, John R Pierce wrote:
>
>> On 2/9/2015 11:06 AM, Always Learning wrote:
>> > The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
>> > shows every page appears to be readable. 11 pages devoted to BASH.
On Mon, Feb 9, 2015 at 11:12 AM, John R Pierce wrote:
> On 2/9/2015 11:06 AM, Always Learning wrote:
>>
>> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
>> shows every page appears to be readable. 11 pages devoted to BASH.
>> Information on other interesting topics too.
On Mon, Feb 9, 2015 at 11:13 AM, Jonathan Billings wrote:
> On Mon, Feb 09, 2015 at 07:06:11PM +, Always Learning wrote:
>> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
>> shows every page appears to be readable. 11 pages devoted to BASH.
>> Information on other in
On Mon, 2015-02-09 at 11:12 -0800, John R Pierce wrote:
> On 2/9/2015 11:06 AM, Always Learning wrote:
> > The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
> > shows every page appears to be readable. 11 pages devoted to BASH.
> > Information on other interesting topics t
On Mon, February 9, 2015 1:51 pm, Peter Lawler wrote:
> On 10/02/15 04:31, Valeri Galtsev wrote:
>> UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi
>> Nemeth and Garth Snyder
>
> Yeah buy this book. Skimping is not acceptable.
>
+1
Yes, good people have to feed their fami
On 10/02/15 04:31, Valeri Galtsev wrote:
> UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi
> Nemeth and Garth Snyder
Yeah buy this book. Skimping is not acceptable.
I do hope the Niña is found in my lifetime http://nina7.org
___
On Mon, February 9, 2015 1:13 pm, Jonathan Billings wrote:
> On Mon, Feb 09, 2015 at 07:06:11PM +, Always Learning wrote:
>> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
>> shows every page appears to be readable. 11 pages devoted to BASH.
>> Information on other i
On Mon, Feb 09, 2015 at 07:06:11PM +, Always Learning wrote:
> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
> shows every page appears to be readable. 11 pages devoted to BASH.
> Information on other interesting topics too.
>
> Although I have a natural preference
On 2/9/2015 11:06 AM, Always Learning wrote:
The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF
shows every page appears to be readable. 11 pages devoted to BASH.
Information on other interesting topics too.
on a site hosted in Russia which appears to be FULL of copyright
On Mon, 2015-02-09 at 11:31 -0600, Valeri Galtsev wrote:
> I guess, this discussion (about security of your system and what affects
> it) should be ended by the reference to fundamental book on Unix system
> [administration]. One thing I learned: you can not become proficient in
> any subject jus
On Mon, February 9, 2015 10:55 am, Bowie Bailey wrote:
> On 2/5/2015 8:20 PM, Always Learning wrote:
>> On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:
>>
>>> On 6 February 2015 at 10:23, Always Learning
>>> wrote:
Logically ?
1. to change the permissions on shadow from -r
On 2/5/2015 8:20 PM, Always Learning wrote:
On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:
On 6 February 2015 at 10:23, Always Learning wrote:
Logically ?
1. to change the permissions on shadow from -rw-x-- or from
-- to -rw-r--r-- requires root permissions ?
2. if so,
For those interested, a ticket has been opened with FESCo.
https://fedorahosted.org/fesco/ticket/1412
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
___
CentOS mai
On Tue, 03 Feb 2015 20:44:33 +, Always Learning wrote:
[]
> There should be a basic defence that when the password is wrong 'n'
> occasions the IP address is blocked automatically and permanently unless
> it is specifically allowed in IP Tables. If specifically allowed in IP
> Table
On 02/06/2015 12:50 AM, Kahlil Hodgson wrote:
On 6 February 2015 at 10:23, Always Learning wrote:
Logically ?
1. to change the permissions on shadow from -rw-x-- or from
-- to -rw-r--r-- requires root permissions ?
2. if so, then what is the advantage of changing those permissions
On 02/03/2015 04:56 AM, Les Mikesell wrote:
> On Mon, Feb 2, 2015 at 4:17 PM, Warren Young wrote:
>>>
>> Let’s flip it around: what’s your justification *for* weak passwords?
>>
> You don't need to write them down. Or trust some 3rd party password
> keeper to keep them.Whereas when 'not weak'
On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:
> On 6 February 2015 at 10:23, Always Learning wrote:
> > Logically ?
> >
> > 1. to change the permissions on shadow from -rw-x-- or from
> > -- to -rw-r--r-- requires root permissions ?
> >
> > 2. if so, then what is the advan
Jonathan Billings billings at negate.org Tue Feb 3 20:35:44 UTC 2015
> Honestly, of all the faults and foibles in the Red Hat/CentOS installer,
> I'm
> amazed that someone is complaining about that.
Someone is trying to keep the scope of such faults and foibles on topic,
otherwise they'd easil
On Thu, 2015-02-05 at 17:36 -0600, Valeri Galtsev wrote:
> > Logically ?
> >
> > 1. to change the permissions on shadow from -rw-x-- or from
> > -- to -rw-r--r-- requires root permissions ?
> >
> > 2. if so, then what is the advantage of changing those permissions when
> > the entity
On 2015-02-05, Valeri Galtsev wrote:
>
> On Thu, February 5, 2015 5:23 pm, Always Learning wrote:
>>
>> On Thu, 2015-02-05 at 16:39 -0600, Valeri Galtsev wrote:
>>
>>> >>>
>>> >>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
>>
>>> Be it me, I would consider box compromised. All done on/f
Warren Young wyml at etr-usa.com Tue Feb 3 00:32:15 UTC 2015
> Are you telling me you cannot memorize a series of 8 characters that do
> not violate those rules?
Keep in mind the original context isn't for production computers, it's
testing Fedora. Many testers do dozens of installs per week, so
On 6 February 2015 at 10:23, Always Learning wrote:
> Logically ?
>
> 1. to change the permissions on shadow from -rw-x-- or from
> -- to -rw-r--r-- requires root permissions ?
>
> 2. if so, then what is the advantage of changing those permissions when
> the entity possessing root auth
On Thu, February 5, 2015 5:23 pm, Always Learning wrote:
>
> On Thu, 2015-02-05 at 16:39 -0600, Valeri Galtsev wrote:
>
>> >>>
>> >>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
>
>> Be it me, I would consider box compromised. All done on/from that box
>> since probable day it happened c
On Thu, Feb 5, 2015 at 5:29 PM, Valeri Galtsev
wrote:
>
>>> Be it me, I would consider box compromised. All done on/from that box
>>> since probable day it happened compromised as well. If there is no way
>>> to
>>> establish the day, then since that system originally build. With full
>>> blown sw
On Thu, February 5, 2015 5:07 pm, Les Mikesell wrote:
> On Thu, Feb 5, 2015 at 4:39 PM, Valeri Galtsev
> wrote:
>>
>>>
>>> Yes, /etc/shadow would have always been readable only by root by
>>> default. The interesting question here is whether an intruder did
>>> it, clumsily leaving evidence beh
On 2/5/2015 10:59 AM, Lamar Owen wrote:
However, another password with similar characteristics would be fine.
You just never want to use it on more than one server to be safe.
there's a very useful tool built into centos's 'expect' package...
$ mkpasswd -l 15 -d 3 -C 5
5ufkpX@SDxa2DF3
On Thu, 2015-02-05 at 16:39 -0600, Valeri Galtsev wrote:
> >>>
> >>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
> Be it me, I would consider box compromised. All done on/from that box
> since probable day it happened compromised as well. If there is no way to
> establish the day, then
On Thu, Feb 5, 2015 at 4:39 PM, Valeri Galtsev
wrote:
>
>>
>> Yes, /etc/shadow would have always been readable only by root by
>> default. The interesting question here is whether an intruder did
>> it, clumsily leaving evidence behind, or whether it is just a local
>> change from following some
On Thu, February 5, 2015 4:29 pm, Les Mikesell wrote:
> On Thu, Feb 5, 2015 at 4:19 PM, Keith Keller
> wrote:
>
>>> On C5 the default appears to be:-
>>>
>>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
>>
>> It is much more likely that someone has screwed up your system. I think
>> eve
On Thu, 2015-02-05 at 14:19 -0800, Keith Keller wrote:
> On 2015-02-04, Always Learning wrote:
> > On C5 the default appears to be:-
> >
> > -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
>
> It is much more likely that someone has screwed up your system. I think
> even CentOS 4 had shado
On Thu, Feb 5, 2015 at 4:19 PM, Keith Keller
wrote:
>> On C5 the default appears to be:-
>>
>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
>
> It is much more likely that someone has screwed up your system. I think
> even CentOS 4 had shadow as 400. And what on earth would the point b
On 2015-02-04, Always Learning wrote:
> On C5 the default appears to be:-
>
> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
It is much more likely that someone has screwed up your system. I think
even CentOS 4 had shadow as 400. And what on earth would the point be
in having a world-rea
On Thu, 2015-02-05 at 13:59 -0500, Lamar Owen wrote:
> On 02/05/2015 10:34 AM, Always Learning wrote:
> > Surely its time for the Feds to arrest and change them ?
> The Feds in which country?
The USA for a start. The USA's law enforcement is never slow at working
with foreign countries law enfo
On Thu, 2015-02-05 at 12:35 -0600, Valeri Galtsev wrote:
> On Thu, February 5, 2015 10:08 am, Always Learning wrote:
> > On Thu, 2015-02-05 at 09:41 -0600, Valeri Galtsev wrote:
> >> I know, I know, everybody is reasonable, it is just I didn't have my
> >> coffee yet...
> > Your logic is amazin
On Thu, February 5, 2015 12:45 pm, m.r...@5-cent.us wrote:
> Valeri Galtsev wrote:
>> On Thu, February 5, 2015 10:08 am, Always Learning wrote:
>
I know, I know, everybody is reasonable, it is just I didn't have my
coffee yet...
>>>
>>> Your logic is amazingly good for a coffee drinker.
On 02/05/2015 10:34 AM, Always Learning wrote:
On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote:
Those crackers who build these botnets are the ones who rent out
botnet time to people who just was to get the work done. There is a
large market in botnet time.
Surely its time for the Feds t
On Thu, February 5, 2015 10:08 am, Always Learning wrote:
>
> On Thu, 2015-02-05 at 09:41 -0600, Valeri Galtsev wrote:
>
>> >> > wac4140SoeTer'#621strAAt0918;@@
>> >
>> > Gee thanks. I'll use it for root on every server ;-)
>
>> I know this is joke. Yet (in a slim chance someone out there
On Thu, 2015-02-05 at 10:10 -0600, Les Mikesell wrote:
> On Thu, Feb 5, 2015 at 9:59 AM, Always Learning wrote:
> Or unless you have some sort of proof that a current Windows 2012
> server is less secure or stable than a Linux distro.
Not every 'home' or business user uses, or can afford to p
On Wed, February 4, 2015 17:55, Warren Young wrote:
>
> But of course the same people fighting this move to more secure
> password minima are the same ones that turn off SELinux.
>
Ah. Sorry, NO.
First, we are not talking about a more secure password minima. We are
discussing an arbitrary chang
On Thu, Feb 5, 2015 at 9:59 AM, Always Learning wrote:
>
> Foolish and stupid implicit trust in a third party. Just look at the
> Windoze world ever since Win95 (first edition of many) materialised.
> Trust M$ and get a free virus every time !
I wouldn't go there unless you want to compare agains
On Thu, 2015-02-05 at 09:41 -0600, Valeri Galtsev wrote:
> >> > wac4140SoeTer'#621strAAt0918;@@
> >
> > Gee thanks. I'll use it for root on every server ;-)
> I know this is joke. Yet (in a slim chance someone out there can follow it
> with seriousness) I would strongly suggest:
>
> Don't do i
On Thu, 2015-02-05 at 09:27 -0600, Valeri Galtsev wrote:
> .. I feel like
> there is brave new world of admins who feel it right to have
> "iPad-like" everything, i.e. boxes cooked up and sealed by vendor, and
> you have no way even to look inside, not to say re-shape interior to
> you
On Wed, February 4, 2015 17:16, Lamar Owen wrote:.
>
> Now, I have seen this happen, on a system in the wild, where the very
> first thing the attacker did was grab a copy of /etc/shadow, even with
> an interactive reverse shell and root access being had. So even when
> you recover your system fro
On Thu, Feb 5, 2015 at 9:27 AM, Valeri Galtsev
wrote:
>
> ... there seem to be many
> "Windows" brew people up on the top of IT ladder these days). I feel like
> there is brave new world of admins who feel it right to have "iPad-like"
> everything, i.e. boxes cooked up and sealed by vendor, and yo
On Thu, February 5, 2015 9:34 am, Always Learning wrote:
>
> On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote:
>
>> On 02/04/2015 07:55 PM, Always Learning wrote:
>> > Rent ? That costs money. Just crack open some Windoze machines and do
>> > it for free. That is what many hackers do.
>>
>> Th
On Thu, February 5, 2015 12:49 am, Keith Keller wrote:
> On 2015-02-04, Valeri Galtsev wrote:
>>
>> I'm neutral to sudo (even though I was taught "the smaller number of
>> SUID/SGID files you have, the better). Yet, I'm considering it less safe
>> to have regular user who can log in with GUI inte
On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote:
> On 02/04/2015 07:55 PM, Always Learning wrote:
> > Rent ? That costs money. Just crack open some Windoze machines and do
> > it for free. That is what many hackers do.
>
> Those crackers who build these botnets are the ones who rent out bot
On 02/04/2015 05:55 PM, Warren Young wrote:
On Feb 4, 2015, at 3:16 PM, Lamar Owen wrote:
There have been remotely exploitable vulnerabilities where an arbitrary file
could be read
CVEs, please?
CVE-2006-3392 for one. As this one was against Webmin, well, webmin by
nature has to have root a
On 02/04/2015 07:55 PM, Always Learning wrote:
Rent ? That costs money. Just crack open some Windoze machines and do
it for free. That is what many hackers do.
Those crackers who build these botnets are the ones who rent out botnet
time to people who just was to get the work done. There is a
On Thu, February 5, 2015 9:06 am, James B. Byrne wrote:
>
> On Wed, February 4, 2015 16:55, Warren Young wrote:
>>> On Feb 4, 2015, at 12:16 PM, Lamar Owen wrote:
>>>
>>> Again, the real bruteforce danger is when your /etc/shadow is
>>> exfiltrated by a security vulnerability
>>
>> Unless you hav
On Wed, February 4, 2015 16:55, Warren Young wrote:
>> On Feb 4, 2015, at 12:16 PM, Lamar Owen wrote:
>>
>> Again, the real bruteforce danger is when your /etc/shadow is
>> exfiltrated by a security vulnerability
>
> Unless you have misconfigured your system, anyone who can copy
> /etc/shadow alr
On 2015-02-04, Valeri Galtsev wrote:
>
> I'm neutral to sudo (even though I was taught "the smaller number of
> SUID/SGID files you have, the better). Yet, I'm considering it less safe
> to have regular user who can log in with GUI interface, and likely to be
> doing regular user stuff to have alm
On Wed, Feb 4, 2015 at 8:43 PM, Warren Young wrote:
>> On Feb 4, 2015, at 7:23 PM, Les Mikesell wrote:
>>
>> On Wed, Feb 4, 2015 at 6:32 PM, Warren Young wrote:
>>>
>>> An LPE can only be used against your system by logged-in users.
>>
>> Or any running program - like a web server.
>
> That’s no
> On Feb 4, 2015, at 7:23 PM, Les Mikesell wrote:
>
> On Wed, Feb 4, 2015 at 6:32 PM, Warren Young wrote:
>>
>> An LPE can only be used against your system by logged-in users.
>
> Or any running program - like a web server.
That’s not what LPE means. “L” = “local”, meaning you are logged-in
On Wed, Feb 4, 2015 at 6:32 PM, Warren Young wrote:
>
>>> Most such vulns are against Apache, PHP, etc, which do not run as root.
>>
>> Those are common. Combine them with anything called a 'local
>> privilege escalation' vulnerability and you've got a remote root
>> exploit.
>
> Not quite. An
On Wed, 2015-02-04 at 18:14 -0700, Warren Young wrote:
> Nothing is free. Just as with my analogy with safes, we’re not
> talking about absolute security. We just need to make an attack
> *costly enough* that it will never succeed, if we do our part. (Like
> not saying chmod 644 /etc/shadow !
On 5 February 2015 at 12:09, Scott Robbins wrote:
> On Thu, Feb 05, 2015 at 09:56:30AM +1100, Kahlil Hodgson wrote:
>> I just had a peek at the anaconda source for Fedora 21. Apparently
>> you can waive the password strength tests (and the non-ASCII tests) by
>> simply clicking "Done" twice.
>
>
> On Feb 4, 2015, at 5:55 PM, Always Learning wrote:
>
> On Wed, 2015-02-04 at 17:50 -0700, Warren Young wrote:
>
>>> rent time on a 6,000 machine botnet.
>
> Rent ? That costs money. Just crack open some Windoze machines and do
> it for free. That is what many hackers do.
Acquiring your own
1 - 100 of 241 matches
Mail list logo
