On Sunday 08 June 2008 14:04:14 Jim Popovitch wrote:
> On Sun, Jun 8, 2008 at 7:02 AM, Nico Golde <[EMAIL PROTECTED]>
wrote:
> > Yep this is lighttpd and it's mod_status.
>
> OK (if true), I still question the need for posing as IIS, and
> therefore I question the mirror operator's
> intent/reason
On Sun, 08 Jun 2008, Jim Popovitch wrote:
> I would think that neither of those cases immediately passes muster
> with concerned security minded folks. And, just because you are OK
> with it, it doesn't mean I have to be. ;-)
Clearly the people in charge are. Can we move on to relevant stuff no
On Sun, Jun 8, 2008 at 7:00 PM, Jacob Appelbaum <[EMAIL PROTECTED]> wrote:
> Your thoughts on this subject are really fascinating. Because while I
> agree that the idea of "security by obscurity" as the only line of
> defense is flawed, you're making assumptions and value judgments that
> seem beyo
2008/6/9 Anderson Kaiser <[EMAIL PROTECTED]>:
[...]
>
> [EMAIL PROTECTED]:~# ping ike.egr.msu.edu
> PING ike.egr.msu.edu (35.9.37.225) 56(84) bytes of data.
> 64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=1 ttl=39 time=315 ms
> 64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=2 ttl=39
2008/6/8 Joey Hess <[EMAIL PROTECTED]>:
> Jim Popovitch wrote:
> > Here's my issue, please correct me if I am wrong. .debs and sigs both
> > exist on the same server. If the Windows box/network is compromised,
> > then the sigs and debs can be modified and who would know?
>
> The security provid
Jim Popovitch wrote:
> Here's my issue, please correct me if I am wrong. .debs and sigs both
> exist on the same server. If the Windows box/network is compromised,
> then the sigs and debs can be modified and who would know?
The security provided by a gpg signature is the difficulty in forging
t
Jim Popovitch wrote:
> On Sun, Jun 8, 2008 at 5:30 PM, Simon Valiquette <[EMAIL PROTECTED]> wrote:
>> Jim Popovitch un jour écrivit:
>>> If they want to do this, fine. But should they continue to be in
>>> rotation for ftp.us.debian.org?
>> Personnaly, I would have chosen to impersonate another w
On Sun, Jun 8, 2008 at 5:30 PM, Simon Valiquette <[EMAIL PROTECTED]> wrote:
> Jim Popovitch un jour écrivit:
>>
>> If they want to do this, fine. But should they continue to be in
>> rotation for ftp.us.debian.org?
>
> Personnaly, I would have chosen to impersonate another web server than
> IIS,
Quoting Simon Valiquette ([EMAIL PROTECTED]):
> Personnaly, I would have chosen to impersonate another web server than
> IIS, but except for that I see no problem with what they have done.
It also could be just a case of the sysadmin amusing him/herself: Back
in the day, I used to edit /etc/{is
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Jim Popovitch un jour écrivit:
>>
>> Yep this is lighttpd and it's mod_status.
>
> OK (if true), I still question the need for posing as IIS, and
> therefore I question the mirror operator's
> intent/reasons/capabilities/interests/ as well as
* Message by -Jim Popovitch- from Sun 2008-06-08:
> On Sun, Jun 8, 2008 at 12:30 PM, Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> > In article <[EMAIL PROTECTED]> you wrote:
> >> It's mirror's like that, that make me paranoid about Debian Security.
> >
> > Why is that? IIS is the second most used w
Jim Popovitch wrote:
> On Sun, Jun 8, 2008 at 7:02 AM, Nico Golde <[EMAIL PROTECTED]> wrote:
>> Yep this is lighttpd and it's mod_status.
>
> OK (if true), I still question the need for posing as IIS, and
> therefore I question the mirror operator's
> intent/reasons/capabilities/interests/ as
On Sun, 2008-06-08 at 14:58 -0400, Jim Popovitch wrote:
> On Sun, Jun 8, 2008 at 12:30 PM, Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> > In article <[EMAIL PROTECTED]> you wrote:
> >> It's mirror's like that, that make me paranoid about Debian Security.
> >
> > Why is that? IIS is the second most
On Sun, Jun 8, 2008 at 7:02 AM, Nico Golde <[EMAIL PROTECTED]> wrote:
> Yep this is lighttpd and it's mod_status.
OK (if true), I still question the need for posing as IIS, and
therefore I question the mirror operator's
intent/reasons/capabilities/interests/ as well as security
capabilites.
On Sun, Jun 8, 2008 at 12:30 PM, Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]> you wrote:
>> It's mirror's like that, that make me paranoid about Debian Security.
>
> Why is that? IIS is the second most used web server on the market. And since
> mirrors are not a trust
In article <[EMAIL PROTECTED]> you wrote:
> It's mirror's like that, that make me paranoid about Debian Security.
Why is that? IIS is the second most used web server on the market. And since
mirrors are not a trusted part of software distribution anyway, I dont see
an issue here.
Gruss
Bernd
--
Hi Henri,
* Henri Salo <[EMAIL PROTECTED]> [2008-06-08 12:34]:
> On Sun, 8 Jun 2008 01:27:06 -0600
> "JD. Brown" <[EMAIL PROTECTED]> wrote:
[...]
> > It looks like they were running Debian before and switched this month.
> > Seems very weird to me.
> >
>
> That server looks like lighttpd.
Yep t
On Sun, 8 Jun 2008 01:27:06 -0600
"JD. Brown" <[EMAIL PROTECTED]> wrote:
> On Sun, Jun 8, 2008 at 12:05 AM, <[EMAIL PROTECTED]> wrote:
> >> Well, I thought I had seen it all... but this takes the cake.
> >>
> >> http://ike.egr.msu.edu/debian/pool/
>
> For the heck of it, Here is some info about
On Sun, Jun 8, 2008 at 12:05 AM, <[EMAIL PROTECTED]> wrote:
>> Well, I thought I had seen it all... but this takes the cake.
>>
>> http://ike.egr.msu.edu/debian/pool/
For the heck of it, Here is some info about them.
http://toolbar.netcraft.com/site_report?url=http://ike.egr.msu.edu
&
http://p
> Well, I thought I had seen it all... but this takes the cake.
>
> http://ike.egr.msu.edu/debian/pool/
>
>
> -Jim P.
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
>
this is weird. but, somehow it is hard to believe.
On Sun, Jun 8, 2008 at 2:05 AM, <[EMAIL PROTECTED]> wrote:
> this is weird. but, somehow it is hard to believe. it is possible to change
> the identification string to anything right? maybe it is apache but trying
> to be IIS???
That would be nice if true... but I seriously doubt that to be the c
Well, I thought I had seen it all... but this takes the cake.
http://ike.egr.msu.edu/debian/pool/
-Jim P.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
22 matches
Mail list logo
