Hello everyone
Thanks for yours opinions. Yes, I know that AppArmor is
available in Debian. That's good. It's just fine, that there
is a possibilities to choose between SELinux and AppArmor.
Unfortunately, I can help only with creating profiles for a
various applications. For now, I'm trying to
Hello everyone,
Michael web site with a statistic I've watching for time to
time. Also *Debian* Hardening wiki page I studied a couple of
time.
*>*
*There is a lintian check for setuid binaries (...) **>*
* There isn't really any group effort tackling or monitoring **>*
* the assortment of useful
Hi Moritz,
90 percent of the hardening via '*dpkg-buildflags*'? That's
a good information. I'd hoped, that the majority of all base
packages and that's security-sensitive will be protected
well. It's really a huge satisfaction.
One more thing - does Debian include something like e.g.
Ubuntu or op
Hello everyone,
Before Wheezy release we could find a web site, which
contained notices about update as many packages as
possible to use security hardening build flags via
'dpkg-buildflags'. Also, there could be found a note about
packages that should have build flags enabled before
the Wheezy rel
Hi Rolf.
>> *The information about connections is stored in
*
*>> /proc/net/ip_conntrack. The maximum connections
*
*>> (...) in /proc/sys/net/ipv4/netfilter/ip_conntrack_max*
I checked these values and it looks this way;
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
55740
# cat /proc/net/
; On 2013-04-10, at 11:34 AM, Daniel Curtis wrote:
>
> > Hi Mr Rolf
> >
> > Okay, I will check these values; /proc/net/ip_conntrack etc.
> > Generally it is normal, that there are INVALID connections, right?
> >
> > Yes, I'm seeing this syslog tag. Should I remove it from my iptables
> > script (e.g. -j LOG --log-prefix etc.)?
>
>
Hi Mr Rolf
Okay, I will check these values; /proc/net/ip_conntrack etc.
Generally it is normal, that there are INVALID connections, right?
Yes, I'm seeing this syslog tag. Should I remove it from my iptables
script (e.g. -j LOG --log-prefix etc.)?
Hi andika.
Another INVALID packet description. I read a lot of
information and I don't know what is the truth. Frankly,
the first time I see a description, which concerns RAM memory.
So, I have a 1 GB of RAM memory. Just for example; free -m
command result;
used: 640, free: 230
and top command;
Hi
As we know iptables INVALID state means, that
the packet is associated with no known connection,
right? So, if I have a lot of INVALID entries in my
log files, does it means, that something is wrong?
Hidden process etc.?
An example of logged entries;
t4 kernel: [18776.221378] [INVALID in] IN=
Hi Mr Edwin
Yes, I have this rule and is responsible for the
established/related connections. This rule is almost
at the very end of the INPUT chain.
*>> (...) before the rule that logs/drops your packets?*
Do you mean those strange packages mentioned in the first
mail, right? Frankly, not; This
Hi Mr Erwan
Let's summarize: these logs are normal and are not
something... *bad*. Even if there are many IP's connections
(*INVALID*) probes.
I understand, that I should have not contact with the servers.
Okay, but if those servers are providing e.g. a website, which
I visit? How to avoid them? I
Hi Mr Erwan
So, everything is okay? Even these strange logs
mentioned earlier? I'm still curious about this rule;
*SYN,RST, ACK,FIN, PSH,URG, SYN,RST,ACK,
FIN,PSH,URG*
What do you mean by writing, that I should not contact servers?
Best regards!
Hi Mr Mestnik
I'm just curious why Debian does not publish updated versions
of the packages as soon as possible. Especially, when it comes
to the security updates. Other distributions are doing it much faster.
Personally, I do not like to use the applications that I know, it is
vulnerable.
As I a
Hi
Whether the Iceweasel 10.0.11 ESR package can be updated a little faster due
to several security issues? On January 8 Mozilla published about 20
Security Advisories[1]. Many distributions already have updated Firefox to
the
latest 18 and 10.0.12 ESR versions[2]. According to the website for
dev
Hi Mr Cyril,
Thank you for pointing out this website. I completely forgot
about it and definitely, I should look there first, before writing
a message here.
I did not look over this web site (Changlelog for 3.2.X) for a long
time, because for now, I am still using a linux-2.6 on all of my systems.
Hi,
Kernel 3.7 is officially out. This Linux release includes many improvements
practically in every aspect. Many changes also concerns security. Very
interesting are: Cryptographically-signed kernel modules and - long awaited
-
symlink and hardlink restrictions (already in Linux 3.6), but it brok
> > (...) so a good umask may be set there for init.
>
Hi, and a good setting for umask is? I know that it depends
on many things, but what do you think?
Cheers
Hi Thijs! Okay now everything is clear. Regards!
Hi,
Thank You, I should look there first (Security Tracker). But I see,
that two of three CVE's are marked as 'vulnerable' for all branches;
stable, testing and unstable. Frankly, only first CVE is Fixed for Squeeze.
It is normal?
Regards!
Hi,
I would like to inform about a new stack-based buffer overflow
vulnerability for MySQL. The following CVEs have been assigned
to track this MySQL vulnerability:
CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
CVE-20
On 12/07/02 17:43, Tim van Erven wrote:
On Sat, Dec 07, 2002 at 04:39:54PM -0500, "Christopher W. Curtis" <[EMAIL
PROTECTED]> wrote:
On 12/07/02 12:54, Tim van Erven wrote:
2) How are the passwordhashes in /etc/shadow generated from the
salt+password? I can't use '
On 12/07/02 17:43, Tim van Erven wrote:
On Sat, Dec 07, 2002 at 04:39:54PM -0500, "Christopher W. Curtis" <[EMAIL PROTECTED]> wrote:
On 12/07/02 12:54, Tim van Erven wrote:
2) How are the passwordhashes in /etc/shadow generated from the
salt+password? I can't use '
On 12/07/02 12:54, Tim van Erven wrote:
[much stuff I didn't read]
/etc/virtualusers just contains the names of the virtual users I want
to allow.
- The current permissions for the mailboxes
/home/virtual/popa3d/127.0.0.1/mail/${local_part} are like:
-rw-rw1 mail mail
On 12/07/02 12:54, Tim van Erven wrote:
[much stuff I didn't read]
/etc/virtualusers just contains the names of the virtual users I want
to allow.
- The current permissions for the mailboxes
/home/virtual/popa3d/127.0.0.1/mail/${local_part} are like:
-rw-rw1 mail mail
so easy you don't have to be a good admin to run it? Not
necessarily.
-C
--
Curtis Ireland XIST Information Services & Technology Inc.
Network Administrator phone: (613)234-9621 X231 fax: (613)234-9564
[EMAIL PROTECTED] 1-888-ASK-XIST - http://xist.com
s admins? Yes
NT/2000 so easy you don't have to be a good admin to run it? Not
necessarily.
-C
--
Curtis Ireland XIST Information Services & Technology Inc.
Network Administrator phone: (613)234-9621 X231 fax: (613)234-9564
[EMAIL PROTECTED] 1-888-ASK-XIST - http://xist
Then how are the packages so stored elsewhere differentiated?
Or are the packages under the debian-non-US directory distributed under the
other headings when grabbing from this particular server?
> Previously Aurelio Turco wrote:
> > Furthermore:
> >
> > http://security.debian.org/debian-non-
> On Thu, 25 Jul 2002 at 01:08:29AM +0200, martin f krafft wrote:
> > least as usable and stable, and until potato->woody is guaranteed to
> > progress without any problems...
> >
> Problems? What problems? Just A LOT of tweaks
I can't upgrade, it would require restarting and that would b
I humbly beseech the Debian list maintainers to make this list "subscriber only
may post."
Thank you.
Curt-
> -Original Message-
> From: Phillip Hofmeister [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 19, 2002 2:03 AM
> To: debian-security@lists.debian.org
> Subject: Re: Didn't we ha
Whoever did this, thank you.
Curt-
> -Original Message-
> From: Italyminutes [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 18, 2002 06:02
> To: debian-security@lists.debian.org
> Subject: You've Been Removed!
>
>
> This message is to confirm the removal of your
> email address: debia
This kind of dialog is important, because people find out what tools are
available. It's convinced me to give procmail/spamassassin a try (soon...) even
though I only get about 50 spam messages a day, easily and quickly deleted in
elm without hazard of super-smart virii or HTML scripts. I love h
If I remember correctly, doesn't that require sendmail?
As for "bounce", while Kmail has that feature it does require a real reply-to
address. For the vast majority of spam, the reply-to is deliberately obfuscated.
> apt-get install spamassassin
>
> It trapped that one for me as well as 99% of
> What bothers me in all of this is that Debian lists are
> managed so poorly
> to let this happen.
The Debian lists are deliberately not "subscriber only may post" on the theory
that it's better to press DEL than to prevent someone from posting.
However, "subscriber only" is a simple config op
Unlike most "spam", this one has actually resulted in some arrests.
Well, not "this one" specifically, it's been going on for a while with
multiple different people/groups attempting the "Spanish Prisoner" con
game.
Thanks for the email address for the Fed.Gov investigation.
Curt-
> > If anyone
Try connecting in verbose mode for debugging, I think it's "ssh -v" or even "-v
-v" as I saw someone suggest recently.
Something changed. The goal is to find out what.
Also try "ssh -1 ..." to force version 1 access and see if that works.
Curt-
> > First question:
> >
> > Has it worked before
First question:
Has it worked before now?
Second question:
What did you change between then and now?
Curt-
> Dear All,
>
> I have a problem with my ssh, when i try to connect to our
> server using
> ssh have an error like this :
>
> ssh -l [EMAIL PROTECTED]
> 2f65 7463 2f73 7368
> Disconnec
Not "security updates" as such, but since the software has been changed,
doesn't testing have its package replaced with the new version?
I can't imagine that a known hole would be deliberately left in a
package when an update has already been compiled. This is "testing", not
Hamm".
> Testing does
I noticed the same thing when doing the 3.3 thing two days ago that I commented
on on this list.
The security server is in my apt.sources list, but when I executed "apt-get
upgrade", it said "0 new, 0 to be removed, 1 package(s) not updated".
Dselect showed the ssh package as ready to be update
Alvin,
If the cracker can get in as a user, it's merely a matter of time before they
can worm their way into becoming root. Defenses against this are difficult, the
NSA version "SELinux" deliberately places great restrictions on user abilities
to try to prevent just such things. But I don't thi
I like both. The server gets "stable", but a firewall or at least firewall
rules on the "public" interface.
Preferrably duel interface, one "inside" on private IP, one "public", and no
packet forwarding.
And I couldn't agree more about the remarkable efforts of the Debian team
members.
Curt-
> > Debian was the first Linux I installed, from floppies, in 1986.
>
> Do you mean 1996?
Ah, yep. Brain fart. Thanks for noticing.
> I personnaly use Linux since 1994, version 0.99pl14, was SLS
> distribution.
Neat. In 1995, a network engineer and systems admin associate of mine said, "I
hav
> On Tue 11 Jun 2002 19:54, Noah L. Meyerhans wrote:
> > There is a lot of collaboration between the respective security
> > teams for the major Linux distributions. As a result of this,
> > they all tend to release necessary security updates at the same
> > time. Known security updates are rarel
How about group access privileges on the offending executables?
Seems to me to be the natural method of restricting access to stuff.
Curt-
> I have a question. Is there any way to restrict outbound
> access for all but
> a few users? I know with iptables you can block outbound
> traffic com
How about group access privileges on the offending executables?
Seems to me to be the natural method of restricting access to stuff.
Curt-
> I have a question. Is there any way to restrict outbound
> access for all but
> a few users? I know with iptables you can block outbound
> traffic com
Hoopy Froods always know where their towel is.
> Could be handy I spose if a server caught on fire, could
> throw a couple
> of towels on top to smoother the fire :)
>
> Nathan
>
> On Wednesday, May 15, 2002, at 06:01 PM, Peter Obermeier wrote:
>
> > Hi all,
> >
> > it is a very courios form
Hoopy Froods always know where their towel is.
> Could be handy I spose if a server caught on fire, could
> throw a couple
> of towels on top to smoother the fire :)
>
> Nathan
>
> On Wednesday, May 15, 2002, at 06:01 PM, Peter Obermeier wrote:
>
> > Hi all,
> >
> > it is a very courios form
Where might one find documentation on this bf2.4 kernel?
> Javier Fernández-Sanguino Peña wrote:
> > Now that I think of it this might be an issue with
> self-installed
> > kernels. I'm going to document this behavior in the Manual,
> commit the
> > changes and close the bug. Of course, woo
Where might one find documentation on this bf2.4 kernel?
> Javier Fernández-Sanguino Peña wrote:
> > Now that I think of it this might be an issue with
> self-installed
> > kernels. I'm going to document this behavior in the Manual,
> commit the
> > changes and close the bug. Of course, wo
I know this may sound like a silly question, but did it work before you applied
the TCP wrappers?
If you remove the all:all from hosts.deny, does it work?
It's been a while since I last set up wrappers, but in all other systems I make
sure it works first, then apply changes one by one and test
I know this may sound like a silly question, but did it work before you applied the
TCP wrappers?
If you remove the all:all from hosts.deny, does it work?
It's been a while since I last set up wrappers, but in all other systems I make sure
it works first, then apply changes one by one and test
Stef,
I've noticed during the boot sequence of 2.4.18, after the ramdisk is loaded
there is a 5 second pause during which time you can get a root shell.
Do you get this opportunity? I realize it asks for a password, but it is one
more thing to try.
Other than that, using a rescue disk or the i
Stef,
I've noticed during the boot sequence of 2.4.18, after the ramdisk is loaded there is
a 5 second pause during which time you can get a root shell.
Do you get this opportunity? I realize it asks for a password, but it is one more
thing to try.
Other than that, using a rescue disk or the i
> From: Tim Freeman [mailto:[EMAIL PROTECTED]
...
> But whose reputation?
The package maintainer directly, the Debian project indirectly.
I'm not really talking about individuals, I'm talking about generalities.
On a really secure machine, you're not going to be installing games, or
utilities
> From: Tim Freeman [mailto:[EMAIL PROTECTED]]
...
> But whose reputation?
The package maintainer directly, the Debian project indirectly.
I'm not really talking about individuals, I'm talking about generalities.
On a really secure machine, you're not going to be installing games, or utilities
> I don't see a clear path to doing this the "right" way, where chaos is
> prevented by something more substantial than a social convention.
>
> I have to admit that the social convention is working very well at the
> moment, though.
> > --
> Tim Freeman
> [EMAIL PROTECTED]
At some poi
> I don't see a clear path to doing this the "right" way, where chaos is
> prevented by something more substantial than a social convention.
>
> I have to admit that the social convention is working very well at the
> moment, though.
> > --
> Tim Freeman
> [EMAIL PROTECTED]
At some poi
> Nathan Norman - Micromuse Ltd. mailto:[EMAIL PROTECTED]
> Gil-galad was an Elven-king.| The Fellowship
> Of him the harpers sadly sing: |of
> the last whose realm was fair and free | the Ring
> between the Mountains and the Sea. | J.R.R. Tolkien
A king o
> Nathan Norman - Micromuse Ltd. mailto:[EMAIL PROTECTED]
> Gil-galad was an Elven-king.| The Fellowship
> Of him the harpers sadly sing: |of
> the last whose realm was fair and free | the Ring
> between the Mountains and the Sea. | J.R.R. Tolkien
A king
I would bet that the vast majority of "flame wars" begin because someone
mistakes "terse" or "concise" for hostility.
The reverse, being the endless spewing of meaningless words, all the while
saying nothing at all or even the opposite of what it sounds like, is the art
of politicians and diplo
I would bet that the vast majority of "flame wars" begin because someone mistakes
"terse" or "concise" for hostility.
The reverse, being the endless spewing of meaningless words, all the while saying
nothing at all or even the opposite of what it sounds like, is the art of politicians
and dipl
I'm impressed. Even here in Tokyo, where "a cop on ever street corner" is not
just an Orwellian slur, the only people who get that kind of service are the
ones who directly pay their salaries.
Seriously, the only person you can rely on is you. You're the one on the scene,
be it a mugging or a c
I'm impressed. Even here in Tokyo, where "a cop on ever street corner" is not just an
Orwellian slur, the only people who get that kind of service are the ones who directly
pay their salaries.
Seriously, the only person you can rely on is you. You're the one on the scene, be it
a mugging or a
Many ISP's do not know enough to filter the RFC1918 space, or only do so on the
border routers and not internally.
Another good idea is to filter out-going packets by source address, allowing
through only those whose source is supposed to be inside the network.
Anything with a source of address
Many ISP's do not know enough to filter the RFC1918 space, or only do so on the border
routers and not internally.
Another good idea is to filter out-going packets by source address, allowing through
only those whose source is supposed to be inside the network.
Anything with a source of address
Markus Kolb wrote:
Laurent Luyckx <[EMAIL PROTECTED]> wrote on 01/02/2002 (16:30) :
In exim.conf, put hosts_accept_relay with a list of authorized IP.
ex:
hosts_accept_relay = localhost:192.168.0.0/24
^^^
why this IP?
Markus Kolb wrote:
>>Laurent Luyckx <[EMAIL PROTECTED]> wrote on 01/02/2002 (16:30) :
>>
>>>In exim.conf, put hosts_accept_relay with a list of authorized IP.
>>>ex:
>>>
>>>hosts_accept_relay = localhost:192.168.0.0/24
>>>
>> ^^^
>>
For the non-mathmatical, or rather gramatical, style to say it, I use the
phrase:
"Security is Inconvenient."
The first time I say it to someone, they usually pause for a moment, digest it,
and it really helps in further discussions about "what to do about...".
It's my answer, for instance, wh
For the non-mathmatical, or rather gramatical, style to say it, I use the phrase:
"Security is Inconvenient."
The first time I say it to someone, they usually pause for a moment, digest it, and it
really helps in further discussions about "what to do about...".
It's my answer, for instance, wh
09, 2002 16:16
> To: Howland, Curtis
> Cc: [EMAIL PROTECTED]; Debian-Security
> Subject: RE: IPTABLES
>
>
> Just the other way around, 2.2.x == ipchains, 2.4.x == iptables.
>
> Craig, just look at your kernel, and make sure every
> netfilter/iptables
> module is compi
Please flame me if I have this backwards, but I believe ip_tables only works
under 2.2.x and earlier kernels, and the 2.4.x kernel introduced ip_chains and
is incompatible with ip_tables.
You have to use the right one, even thought the package/module for both shows
up (at least in Woody) and lo
09, 2002 16:16
> To: Howland, Curtis
> Cc: [EMAIL PROTECTED]; Debian-Security
> Subject: RE: IPTABLES
>
>
> Just the other way around, 2.2.x == ipchains, 2.4.x == iptables.
>
> Craig, just look at your kernel, and make sure every
> netfilter/iptables
> module is compi
Please flame me if I have this backwards, but I believe ip_tables only works under
2.2.x and earlier kernels, and the 2.4.x kernel introduced ip_chains and is
incompatible with ip_tables.
You have to use the right one, even thought the package/module for both shows up (at
least in Woody) and l
> -Original Message-
> From: Gary MacDougall
>
> I'm gong to get flamed like hell for this, but I think the general
> attitude of people that consider themselves "Linux Security
> Guru's" sucks!
> If you've ever visited #linux on IRC or talked with people in
> a chat room
> about Linux
> -Original Message-
> From: Gary MacDougall
>
> I'm gong to get flamed like hell for this, but I think the general
> attitude of people that consider themselves "Linux Security
> Guru's" sucks!
> If you've ever visited #linux on IRC or talked with people in
> a chat room
> about Linux
l Message-
> From: Gary MacDougall [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 26, 2001 11:47
> To: Howland, Curtis; Ralf Dreibrodt
> Cc: debian-security@lists.debian.org
> Subject: Re: Secure 2.4.x kernel
>
>
> Actually your point of view basically states tha
l Message-
> From: Gary MacDougall [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 26, 2001 11:47
> To: Howland, Curtis; Ralf Dreibrodt
> Cc: [EMAIL PROTECTED]
> Subject: Re: Secure 2.4.x kernel
>
>
> Actually your point of view basically states that its "ok
A major point concerning "laws" is that they prevent nothing. Laws against
murder have been around since the idea of "laws" was invented, yet murder still
happens. Sometimes in new and spectacular ways.
Individual security, be it physical or logical, must be considered an
individual responsibil
A major point concerning "laws" is that they prevent nothing. Laws against murder have
been around since the idea of "laws" was invented, yet murder still happens. Sometimes
in new and spectacular ways.
Individual security, be it physical or logical, must be considered an individual
responsibi
This may seem an obvious question, but have you coordinated that "ipchains"
works with the 2.2.x kernels, and "iptables" with the 2.4.x kernels?
Woody standard kernel is still 2.2.x.
Curt-
> -Original Message-
> From: Jeff [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 25, 2001 12:
This may seem an obvious question, but have you coordinated that "ipchains" works with
the 2.2.x kernels, and "iptables" with the 2.4.x kernels?
Woody standard kernel is still 2.2.x.
Curt-
> -Original Message-
> From: Jeff [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 25, 2001 12
http://www.cnn.com/2001/TECH/internet/12/17/cert.plug.holes.idg/index.ht
ml
Reading this sort of article reminds me of another really good thing
about apt, dselect, and the (forgive me please) Debian Way:
I don't have to be told that there is an SSH security fix in order to
fix it.
Every time I
http://www.cnn.com/2001/TECH/internet/12/17/cert.plug.holes.idg/index.ht
ml
Reading this sort of article reminds me of another really good thing
about apt, dselect, and the (forgive me please) Debian Way:
I don't have to be told that there is an SSH security fix in order to
fix it.
Every time I
And pleanty of open relay servers, too.
obSec: You do have your SMTP transfer agent configured not to act as a
relay, right?
Curt-
-Original Message-
From: Petro [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 18, 2001 03:09
To: Yooseong Yang
Cc: k l u r t; debian-security@lists.debian
And pleanty of open relay servers, too.
obSec: You do have your SMTP transfer agent configured not to act as a
relay, right?
Curt-
-Original Message-
From: Petro [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 18, 2001 03:09
To: Yooseong Yang
Cc: k l u r t; [EMAIL PROTECTED]
Subject:
Any PGPG keys used by package maintainers will themselves be signed and
trusted by the Debian official community. What a "secure apt" must do is
alert if the key used is not so trusted, even if it uses the same name
and email address as it "should".
This assumes that the crackers PGPG key has, som
Any PGPG keys used by package maintainers will themselves be signed and
trusted by the Debian official community. What a "secure apt" must do is
alert if the key used is not so trusted, even if it uses the same name
and email address as it "should".
This assumes that the crackers PGPG key has, som
This is one remnant of the "trusted" world of Unix, and the legacy that
Linux has to deal with. It's ipchains/iptables to the rescue.
I do not have NFS turned on in the kernel modules, nor the package
installed. Yet this port is still open *to the outside world*. Can
anyone suggest a reason why th
This is one remnant of the "trusted" world of Unix, and the legacy that
Linux has to deal with. It's ipchains/iptables to the rescue.
I do not have NFS turned on in the kernel modules, nor the package
installed. Yet this port is still open *to the outside world*. Can
anyone suggest a reason why th
The article I read about it on the Register...
http://www.theregister.co.uk/content/4/23082.html
"The hole affects thousands of users of virtually
every Linux release.
Because of the wide implications, Core, working with
CERT, and, at
on
The article I read about it on the Register...
http://www.theregister.co.uk/content/4/23082.html
"The hole affects thousands of users of virtually
every Linux release.
Because of the wide implications, Core, working with
CERT, and, at
on
Just FYI, Slashdot has a discussionn up on encrypted file systems that
might be of interest to folks who partisipated in the discussion here.
This direct link might work:
http://slashdot.org/article.pl?sid=01/11/28/1549252&mode=thread
Curt-
---
Curt Howland +81-3-5772-5832
Just FYI, Slashdot has a discussionn up on encrypted file systems that
might be of interest to folks who partisipated in the discussion here.
This direct link might work:
http://slashdot.org/article.pl?sid=01/11/28/1549252&mode=thread
Curt-
---
Curt Howland +81-3-5772-5832
Excuse me if this is old hat, has anyone else heard of a vulnerability
like this?
If it's on the FreeBSD lists, it must be well known...
Curt-
-Original Message-
>From: Kondou, Katsuhiro (IDC)
Sent: Wednesday, November 28, 2001 22:16
To: Hu, Geng; Howland, Curtis
Subject: Fw:
Excuse me if this is old hat, has anyone else heard of a vulnerability
like this?
If it's on the FreeBSD lists, it must be well known...
Curt-
-Original Message-
>From: Kondou, Katsuhiro (IDC)
Sent: Wednesday, November 28, 2001 22:16
To: Hu, Geng; Howland, Curtis
Subject: Fw:
Is there a "drop from..." command as well? I much prefer simply
black-holing packets rather than giving back to the perp "I'm here, but
I know about you" data by "deny". Or is that what the Apache "deny"
does?
Curt-
-Original Message-
From: Christoph Moench-Tegeder [mailto:[EMAIL PROTECT
While this may be whipping a greasy stain on the road, it is true that
3DES was created "by the government" back when private cryptology was
difficult or unknown. I believe it is prudent to consider that it was
allowed to be used because of practical cracking available to the crypto
experts.
I'm
Is there a "drop from..." command as well? I much prefer simply
black-holing packets rather than giving back to the perp "I'm here, but
I know about you" data by "deny". Or is that what the Apache "deny"
does?
Curt-
-Original Message-
From: Christoph Moench-Tegeder [mailto:[EMAIL PROTECT
While this may be whipping a greasy stain on the road, it is true that
3DES was created "by the government" back when private cryptology was
difficult or unknown. I believe it is prudent to consider that it was
allowed to be used because of practical cracking available to the crypto
experts.
I'm
There is also this How-To:
http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO.
html
I've been thinking that a 100 or 500MB encrypted loop device per user,
mounted as a subdirectory under the individual users home, would be
effective. It doesn't encrypt the entirety of the dis
There is also this How-To:
http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO.
html
I've been thinking that a 100 or 500MB encrypted loop device per user,
mounted as a subdirectory under the individual users home, would be
effective. It doesn't encrypt the entirety of the dis
1 - 100 of 146 matches
Mail list logo
