On Thu, Nov 15, 2001 at 11:09:41PM -0800, Craig Dickson wrote:
> Wade Richards wrote:
> > >I still say the bottom line is, if you don't trust root, don't use his
> > >machine.
> > This is the sort of absolutist nonsense that gives security experts a
> > bad name. After all, anyone armed with a ch
On Thu, Nov 15, 2001 at 10:17:39PM -0800, Wade Richards wrote:
> Also, what makes you thing root "knows what he's doing?" I suspect that
> many people with the "root" password could not install a tty sniffer or
> any other spying tool unless they could type "apt-get install ttysniffer".
du
Which reminds me to ask, are the "www.kerneli.org" cryptographic patches
applied to the pre-compiled kernels, eg kernel-2-4-14-AMDK6.deb?
-Original Message-
From: Florian Bantner [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 16:26
To: [EMAIL PROTECTED]
Subject: Re: Mutt & tmp
On Thu, Nov 15, 2001 at 10:17:39PM -0800, Wade Richards wrote:
[snip]
> Some security is better than no security. More security is
> better than less security. If you find a security flaw in a
> system, you should try to fix that flaw, even if the system is
> not otherwise perfect.
>
[snip]
> A
On Fre, 16 Nov 2001, Howland, Curtis wrote:
> As has been said many times, many ways, once "root" is compromised, all
> bets are off. Also, the only computer that isn't vulnerable is the one
> that isn't connected to a network, and can't be physically touched.
>
> Did anyone else see that awful
Wade Richards wrote:
> >I still say the bottom line is, if you don't trust root, don't use his
> >machine.
>
> This is the sort of absolutist nonsense that gives security experts a
> bad name. After all, anyone armed with a chainsaw can cut through a
> solid oak door in a matter of hours, so wh
Hi Craig,
Sorry to pick on your response, it was only one of many that said
basically the same thing.
On Thu, 15 Nov 2001 10:52:35 PST, Craig Dickson writes:
>[...] Even if those keys
>are encrypted and require the user to enter a passphrase every time
>they're used, root can get the passphras
As has been said many times, many ways, once "root" is compromised, all
bets are off. Also, the only computer that isn't vulnerable is the one
that isn't connected to a network, and can't be physically touched.
Did anyone else see that awful Wesley Snipes movie, where he plays a
black-bag (pun in
Florian Bantner wrote:
> > Hmm, have you considered ramdisks?
>
> That's the idea I was looking for. Heard also today of the
> possibility to encrypt whole filessystems. In the moment I'm
> thinking about that. A combination was nice. When I'm right this
> would make it even for root hard to do s
On Don, 15 Nov 2001, Moritz Schulte wrote:
> Florian Bantner <[EMAIL PROTECTED]> writes:
>
> > Second and more important: When a file is created on disk it
> > occupies physikal space on the disk. When its deleted again, the
> > space is in no way 'cleaned', but stays on the disk until it is
> >
Florian Bantner <[EMAIL PROTECTED]> writes:
> Second and more important: When a file is created on disk it
> occupies physikal space on the disk. When its deleted again, the
> space is in no way 'cleaned', but stays on the disk until it is
> accidentaly overwritten.
With 'cleaned' you mean that t
As has been said many times, many ways, once "root" is compromised, all
bets are off. Also, the only computer that isn't vulnerable is the one
that isn't connected to a network, and can't be physically touched.
Did anyone else see that awful Wesley Snipes movie, where he plays a
black-bag (pun in
Florian Bantner wrote:
> > Hmm, have you considered ramdisks?
>
> That's the idea I was looking for. Heard also today of the
> possibility to encrypt whole filessystems. In the moment I'm
> thinking about that. A combination was nice. When I'm right this
> would make it even for root hard to do
On Don, 15 Nov 2001, Moritz Schulte wrote:
> Florian Bantner <[EMAIL PROTECTED]> writes:
>
> > Second and more important: When a file is created on disk it
> > occupies physikal space on the disk. When its deleted again, the
> > space is in no way 'cleaned', but stays on the disk until it is
> >
Florian Bantner <[EMAIL PROTECTED]> writes:
> Second and more important: When a file is created on disk it
> occupies physikal space on the disk. When its deleted again, the
> space is in no way 'cleaned', but stays on the disk until it is
> accidentaly overwritten.
With 'cleaned' you mean that
* vdongen <[EMAIL PROTECTED]> [2001.11.15 19:30:35+0100]:
> accualy, root can also read you gpg key.
> so a simple copy of you mail and a gpg decoding using your key would be
> much easyer
except there is a passphrase! which can be obtained with a hacked
version of mutt or gpg, obviously...
> ro
* Bryan Andersen <[EMAIL PROTECTED]> [2001.11.15 12:51:01-0600]:
> B... Wrong.
>
> If you don't trust root, your hosed. Root can change the app so he
> has your keys... Root can also change the tty drivers so they are
> all silently logged. There is no way to secure it fully unless you
> > When writing a new mail which I intend to encrypt via gpg, mutt
> > creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
> > 'comunicate' with Vim.
>
> Or emacs, or whatever editor you prefer, yes.
>
> > This file lasts as long the vim-session is
> > running. Vim then saves the cha
martin f krafft wrote:
> * Craig Dickson <[EMAIL PROTECTED]> [2001.11.15 10:28:33-0800]:
> > Also note that root owns sendmail, or whatever MTA you're using. If he
> > really wants to read your mail, it would be much easier for him to do it
> > by configuring the MTA to silently copy him on all yo
martin f krafft wrote:
>
> * Craig Dickson <[EMAIL PROTECTED]> [2001.11.15 10:28:33-0800]:
> > Also note that root owns sendmail, or whatever MTA you're using. If he
> > really wants to read your mail, it would be much easier for him to do it
> > by configuring the MTA to silently copy him on all
if it's to unsecure u have 2 ways:
- choose another emailprogramm where u don't know the risk that root can read
the mails
- write them direct on ur smtp server ...
btw: root of ur mailserver can read ur incoming mails too !
// jens
* Craig Dickson <[EMAIL PROTECTED]> [2001.11.15 10:28:33-0800]:
> Also note that root owns sendmail, or whatever MTA you're using. If he
> really wants to read your mail, it would be much easier for him to do it
> by configuring the MTA to silently copy him on all your messages, so all
> this conce
Florian Bantner wrote:
> I am recently busy with email-security. I'm using Mutt and GnuPG
> which works greate for me. But one point did attract my attention:
>
> When writing a new mail which I intend to encrypt via gpg, mutt
> creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
> 'c
Hi,
I am recently busy with email-security. I'm using Mutt and GnuPG
which works greate for me. But one point did attract my attention:
When writing a new mail which I intend to encrypt via gpg, mutt
creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
'comunicate' with Vim. This file
* vdongen <[EMAIL PROTECTED]> [2001.11.15 19:30:35+0100]:
> accualy, root can also read you gpg key.
> so a simple copy of you mail and a gpg decoding using your key would be
> much easyer
except there is a passphrase! which can be obtained with a hacked
version of mutt or gpg, obviously...
> r
* Bryan Andersen <[EMAIL PROTECTED]> [2001.11.15 12:51:01-0600]:
> B... Wrong.
>
> If you don't trust root, your hosed. Root can change the app so he
> has your keys... Root can also change the tty drivers so they are
> all silently logged. There is no way to secure it fully unless you
> > When writing a new mail which I intend to encrypt via gpg, mutt
> > creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
> > 'comunicate' with Vim.
>
> Or emacs, or whatever editor you prefer, yes.
>
> > This file lasts as long the vim-session is
> > running. Vim then saves the ch
martin f krafft wrote:
> * Craig Dickson <[EMAIL PROTECTED]> [2001.11.15 10:28:33-0800]:
> > Also note that root owns sendmail, or whatever MTA you're using. If he
> > really wants to read your mail, it would be much easier for him to do it
> > by configuring the MTA to silently copy him on all y
martin f krafft wrote:
>
> * Craig Dickson <[EMAIL PROTECTED]> [2001.11.15 10:28:33-0800]:
> > Also note that root owns sendmail, or whatever MTA you're using. If he
> > really wants to read your mail, it would be much easier for him to do it
> > by configuring the MTA to silently copy him on all
if it's to unsecure u have 2 ways:
- choose another emailprogramm where u don't know the risk that root can read the mails
- write them direct on ur smtp server ...
btw: root of ur mailserver can read ur incoming mails too !
// jens
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
* Craig Dickson <[EMAIL PROTECTED]> [2001.11.15 10:28:33-0800]:
> Also note that root owns sendmail, or whatever MTA you're using. If he
> really wants to read your mail, it would be much easier for him to do it
> by configuring the MTA to silently copy him on all your messages, so all
> this conc
Florian Bantner wrote:
> I am recently busy with email-security. I'm using Mutt and GnuPG
> which works greate for me. But one point did attract my attention:
>
> When writing a new mail which I intend to encrypt via gpg, mutt
> creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
> '
Hi,
I am recently busy with email-security. I'm using Mutt and GnuPG
which works greate for me. But one point did attract my attention:
When writing a new mail which I intend to encrypt via gpg, mutt
creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
'comunicate' with Vim. This file
debian-user@lists.debian.org is the right list for such questions.
Please use it in the future.
<[EMAIL PROTECTED]> writes:
> After installing Apache-SSL, Do I have to make additional java
> source code to operate server or Do I have to do Something else?
> Otherwise, Does just installing Apach-S
The proper english spelling is Herostratus
On Wednesday 14 November 2001 01:59 pm, Dmitriy Kropivnitskiy wrote:
> The name was Gerastrat :)
This is fairly strange, since scanning ports 20-25 + OS fingerprint should
have generated something like... 20-25 messages. My IDS tends to accumulate
that amount of scans/exploits/other crap in about 2-3 hours. Your firewall
must be invisible or something because when I say IDS I mean it is ins
[EMAIL PROTECTED] is the right list for such questions.
Please use it in the future.
<[EMAIL PROTECTED]> writes:
> After installing Apache-SSL, Do I have to make additional java
> source code to operate server or Do I have to do Something else?
> Otherwise, Does just installing Apach-SSL enable
The proper english spelling is Herostratus
On Wednesday 14 November 2001 01:59 pm, Dmitriy Kropivnitskiy wrote:
> The name was Gerastrat :)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
This is fairly strange, since scanning ports 20-25 + OS fingerprint should
have generated something like... 20-25 messages. My IDS tends to accumulate
that amount of scans/exploits/other crap in about 2-3 hours. Your firewall
must be invisible or something because when I say IDS I mean it is in
On Thu, Nov 15, 2001 at 11:31:15AM +0100, Boris Bierwald wrote:
> I would assume that your DROP default policy causes the delay. At least
> most smtp- and ftp-servers will send an ident query back to your host
> if you try to connect to them. If you simply ignore the queries, those
> servers will w
phadell wrote on Nov 15 at 02:44 :
> I think I was not so clear. Sorry, but my english is poor.
> I'll try to explain better.
>
> my policy is drop all INPUT, OUTPUT and FORWARD.
> So, I must to open all the services that I'm using, that are:
> ssh, ftp, ftp-data, smtp, pop3, http, https
>
> In a
On Thu, Nov 15, 2001 at 11:31:15AM +0100, Boris Bierwald wrote:
> I would assume that your DROP default policy causes the delay. At least
> most smtp- and ftp-servers will send an ident query back to your host
> if you try to connect to them. If you simply ignore the queries, those
> servers will
Ethan Benson <[EMAIL PROTECTED]> writes:
> On Wed, Nov 14, 2001 at 12:42:10PM +0100, Goswin Brederlow wrote:
> >
> > People with such old hardware are probably better of with bo or hamm
> > or potato. They probably need the low-mem target too.
>
> which are not (or will not in potato's case) be
phadell wrote on Nov 15 at 02:44 :
> I think I was not so clear. Sorry, but my english is poor.
> I'll try to explain better.
>
> my policy is drop all INPUT, OUTPUT and FORWARD.
> So, I must to open all the services that I'm using, that are:
> ssh, ftp, ftp-data, smtp, pop3, http, https
>
> In
Ethan Benson <[EMAIL PROTECTED]> writes:
> On Wed, Nov 14, 2001 at 12:42:10PM +0100, Goswin Brederlow wrote:
> >
> > People with such old hardware are probably better of with bo or hamm
> > or potato. They probably need the low-mem target too.
>
> which are not (or will not in potato's case) be
Packages: linux-ftpd_0.11-8potato.2, linux-ftpd_0.17-8
since the inclusion of PAM support in this package, when used with "-l*"
command line option, syslog(3) uses the facility LOG_AUTH (setup by PAM)
instead of LOG_FTP (setup by ftpd and as stated in the man page).
i've looked at the code and do
46 matches
Mail list logo
