Quoting Blu ([EMAIL PROTECTED]):
> Are you suggesting then, that we should not relay mail at all?, not even
> to/from our customers?
I'm quite non-plussed at this question, since it seems to suggest that you
weren't following the thread.
Earlier, I mentioned (to summarise and review) that I take
Quoting Michael Stone ([EMAIL PROTECTED]):
> I'm sure the guy who got joe jobbed is happy that you can point out the
> source of his misforture. Must be real comforting and all.
Was there a particular part of the immediately preceding reference to
SPF that you didn't get, or was it the concept as
Quoting Blu ([EMAIL PROTECTED]):
> If my relay server (not open, but relay for customers) has no means to
> verify recipients, what to do when the destination server rejects that
> mail already accepted by my server?. Bounce.
(Implicit assumption that you have no option but to accept forged-send
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 04:24:35PM -0700, Rick Moen wrote:
> >One can pretend that the matter's open for debate, but that would be a
> >waste of time: It's happening.
>
> Sure it is. How do you manage to sleep, fixing
Quoting Michael Stone ([EMAIL PROTECTED]):
> The end result is the same in a lot of cases.
I'm sorry, what part of "fixing local problems first, and understanding
the scope of one's responsibility" are you not quite getting?
> The point is that you shouldn't take a holier-than-thou attitude abou
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 05:32:17PM -0700, Rick Moen wrote:
> >Was there a particular part of the immediately preceding reference to
> >SPF that you didn't get, or was it the concept as a whole?
>
> I get the concept of vaporw
Quoting Bernd Eckenfels ([EMAIL PROTECTED]):
> If you relay mail from your customers, you have to deliver them their
> bounces if they spam.
Well, that's the trick, isn't it? If they're sending spam (either
deliberately or -- much more likely of late -- because customer hosts have
been zombifi
Quoting Phillip Hofmeister ([EMAIL PROTECTED]):
> While I am sure finding out whose is bigger is exciting to you. I
> feel comfortable in speaking for the rest of the list when I say this
> thread has become WAY OT.
I'm surprised that an allegation that SPF -- highly relevant to SMTP
security
Quoting Michael Stone ([EMAIL PROTECTED]):
> Well, it is vaporware. Until it's used by a noticable percentage of
> hosts, it's irrelevant.
(1) Where I come from, the term "vapourware" means software touted far
in advance of its availability. As noted, such is most emphatically not
the case, here
Quoting Michael Stone ([EMAIL PROTECTED]):
> yeah, aol's pleased as punch about it. they also don't have much
> interest in customers sending email with @aol from off their own system
> unless they use an obnoxious webmail client. same goes for hotmail.
> anyone with users who isn't aol and whose
Quoting Michael Stone ([EMAIL PROTECTED]):
> There's a line between advocacy and zealotry.
Still stuck in name-calling mode? Pity.
> It's fine for a home user to implement it quickly but it's not so easy
> for a lot of large organizations that currently allow people to send
> mail from offsite
Quoting Michael Stone ([EMAIL PROTECTED]):
> What name calling? There's a difference.
Cute.
Ah, well.
> You're assuming unrestricted outbound connections. Might even be true in
> your environment.
It's true that there will be interim problems with corporate firewalls
(etc.) closing off outb
Quoting Michael Stone ([EMAIL PROTECTED]):
> No, I'm not.
You _weren't_ ignoring the point I just made and changing the subject?
Then, some villain apparently snuck into your MTA and substituted
different text that did, for the original message you tried to send.
You should sue! ;->
> I'm poin
Quoting Michael Stone ([EMAIL PROTECTED]):
> You're talking about SPF. That's a concept, not an implementation.
Implementation details have already been posted.
> Effective use of SPF requires widespread adoption. Until/unless
> widespread adoption happens the promises of SPF are vaporware.
Re
Quoting Russell Coker ([EMAIL PROTECTED]):
> Some of the anti-spam people are very enthusiastic about their work. I
> wouldn't be surprised if someone writes a bot to deal with CR systems.
A bot to detect C-R queries and add them to the refused-mail ACL list
would be most useful. ;->
--
To
e oversight works for that sysadmin's local system. Caveat
user.
--
Cheers, "Transported to a surreal landscape, a young girl kills the first
Rick Moen woman she meets, and then teams up with three complete strangers
[EMAIL PROTECTED] to kill again." -- Rick P
Knoppix at any given point appears to be not-quite-sid, with maybe 10%
stable and 10% Something Else Entirely. (I applaud your enthusiasm, and
don't mean to denigrate what you're using. I'm just trying to describe
it accurately.)
--
Cheers, Founding member of the Hyphena
w if xpdf takes (or can be made to
take) the same sort of precautions? After all, a PDF is basically just
a PS file, so I imagine the same sorts of attack are possible.
A run through the manpage was unenlightening.
(Ah, I see Kevin has the same concern.)
--
Cheers,
Rick Moen
NAI decided they liked Changelogs).
--
Cheers, "That scruffy beard... those suspenders... that smug ex-
Rick Moen pression You're one of those condescending Unix users!"
[EMAIL PROTECTED] "Here's a nickel, kid. Get yourself a real computer."
lingering IDEA problem (limiting only compatiblity with
some PGP 2.x users) are all I'm aware of. PGPi, unlike GnuPG, _does_
include IDEA code by default.
--
Cheers,There are only 10 types of people in this world --
Rick Moen those who understand binary arithmetic and
--
Cheers, Founding member of the Hyphenation Society, a grassroots-based,
Rick Moen not-for-profit, locally-owned-and-operated, cooperatively-managed,
[EMAIL PROTECTED] modern-American-English-usage-improvement association.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Quoting Florian Weimer ([EMAIL PROTECTED]):
> * Henrique de Moraes Holschuh:
>
> >> Why non-free? The code is available under a DFSG-free copyright
> >> license.
> >
> > The one I have here isn't, but if you have one that is entirely DFSG-free,
> > that's much better.
>
> An older version is ava
Quoting Florian Weimer ([EMAIL PROTECTED]):
> I once worked on an OpenPGP implementation vulnerability matrix, but
> this topic isn't very interesting anymore. For me at least, there's
> just GnuPG.
Just out of curiosity, are there now, or have there been in the past,
any _other_ implementations
Quoting James Renken ([EMAIL PROTECTED]):
> Agreed - but some of my customers, even after I've pointed out the risks,
> just don't want to go through the trouble of changing from their preferred
> Telnet programs.
ObNivenAndPournelle: "Think of it as evolution in action.
he cynics among us might say: "We laugh,
Rick Moen monkeyboys -- Linux IS the mainstream UNIX now!
[EMAIL PROTECTED] MuaHaHaHa!" but that would be rude. -- Jim Dennis
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Quoting Richard A Nelson ([EMAIL PROTECTED]):
[Snip MVS mainframe priesthood standing in way of OpenSSH installation.]
> I typically use cygwin on *MY* laptop, but when away from that -
> I try not to install random software on other's boxen
The usual remedy is to pull down putty.exe (tiny) and
led with a 23,000 volt line, today. The results
Rick Moen blacked out 1400 homes and, of course, one raccoon."
[EMAIL PROTECTED] -- Steel City News
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Quoting Jan Minar ([EMAIL PROTECTED]):
> Unfortunately, scp requires a shell access
http://www.sublimation.org/scponly/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
g at your own feet.
--
Cheers,
Rick Moen This .signature intentionally left blank.
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
Cheers, The Viking's Reminder:
Rick Moen Pillage first, _then_ burn.
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
of version numbers, then it is making a common
elementary error.
> At last there was this error messages:
>
> Incorrect MD5 checksums: 6
Which ones? And on what basis is it saying they're incorrect? You
don't say.
--
Cheers, There are 10 kinds of people in the
Quoting David Mandelberg ([EMAIL PROTECTED]):
> Do you mean to say that opening "message.txt\t\t\t.desktop" which
> happens to be a freedesktop.org compliant launcher for the program "rm
> -rf $HOME" is safe because it's designed for people running one of the
> F/OSS products GNOME or KDE on a F/O
Quoting David Mandelberg ([EMAIL PROTECTED]):
> Attached.
>
> Save to your GNOME/KDE desktop (like many newbies do) and double click
> the new icon. .desktop files (currently) don't need the x bit set to
> work, so no chmod'ing is necessary.
I'm sorry, but the question was:
Please advise this
lease"
mutt extension. Maybe someone can file an ITP for it, as package mutt-fod
(for Friends of Darwin). ;->
--
Cheers, Hardware: The part you kick.
Rick MoenSoftware: The part you boot.
[EMAIL PROTECTED]
--
T
ain to the original poster, get a better MUA, running on a
> better OS.
Quite.
--
Cheers, Hardware: The part you kick.
Rick MoenSoftware: The part you boot.
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL
Quoting Florian Weimer ([EMAIL PROTECTED]):
> mutt and Gnus are, in typical configurations. Most distributions
> kindly add all these helpful mailcap entries.
Perhaps you need assistance comprehending the word "specific" (used
twice in my question)? I await with interest your achieving that
rar
Quoting David Mandelberg ([EMAIL PROTECTED]):
> You also asked a question about something I didn't say (I said that
> the person had to open it).
Actually, no, you didn't. (Presumably you intended to, though.)
Your question spoke of "opening" a particularly-named attachment: You
left unstated
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> I like using non-modular kernels to prevent LKMs
http://www.phrack.org/phrack/58/p58-0x07
In this paper, we will discuss way of abusing the Linux kernel
(syscalls mostly) without help of module support or System.map at all,
so that we assume
Quoting Harald Krammer ([EMAIL PROTECTED]):
> I saw in Debian the package kernel-patch-grsecurity2. My questions is,
> is this patch always up-to date or is it necessary to track all security
> issue for grsecurity without DSA messages ?
You can check here:
http://packages.qa.debian.org/k/kernel-
Quoting Radu Spineanu ([EMAIL PROTECTED]):
> Has anyone heard of an implementation, or at least a whitepaper related
> to creating some kind of secure zone where i can keep these keys ?
Mine is called a PalmPilot with Keyring (3DES password store) installed,
where I'm careful about what I install
Quoting Edward Faulkner ([EMAIL PROTECTED]):
> I do the same thing with my passwords, but that doesn't quite answer
> the question. Radu wants a place to keep GPG keys safe - not just
> their passwords.
Yes, good point.
I don't have a good answer to Radu's situation other than don't use the
pas
earch/comedy -- yes, it really was both at the same time -- on this
subject: http://www.linux.com/articles/42031
--
Cheers, Crypto lets someone say "Hi! I absolutely definitely have
Rick Moena name somewhat like the name of a large familiar
r...@linuxmafia.com
al poster is seeking.)
--
Cheers, Notice: The value of your Hofstadter's Constant
Rick Moen(the average amount of time you spend each month
r...@linuxmafia.com thinking about Hofstadter's Constant) has just
McQ! (4x80)
Quoting Mark (m...@freedomisnothingtofear.com):
> Have a look at anything that uses OTR:
>
> [m...@resolve ~]% apt-cache search Off-The-Record
> irssi-plugin-otr - Off-the-Record Messaging Plugin for Irssi
> libotr2 - Off-the-Record Messaging library
> libotr2-bin - toolkit for Off-the-Record Me
Quoting john (lists.j...@gmail.com):
> I see that there is another null pointer dereference flaw being talked about.
> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
>
> It looks like we can take step in Debian 5.0 to mitigate this threat by
> setting
> echvm.mmap_min_addr =
Quoting Naja Melan (najame...@gmail.com):
> Some weeks ago I decided to have a look at debian and quite soon ran into
> questions and problems considering the security of debian. I would like to
> share some of those questions, remarks in this mail in the hope of
> stimulating a discussion[...]
I
Quoting Laurentiu Pancescu (lpance...@googlemail.com):
> I was wondering if we're not losing perspective of what is realistic
> in a certain situation, especially for people without previous
> experience in handling such attacks and whose job is not necessarily
> a full-time system administrator.
Quoting Jutta Zalud (j...@netzwerklabor.at):
> Sounds fine. Was maybe reality ten or fifteen years ago. Nowadays
> ninetysomething percent of all people who are running some kind of *ix
> have just downloaded and installed Ubuntu or Mint or Debian or some
> other easy to install distribution (myse
Quoting Volker Birk (v...@pibit.ch):
> Really?
>
> How do you detect, if maintainer's patches contain backdoors? If I would
> want to attack Debian, I would try to become the maintainer of one of
> the most harmless, most used packages. And believe me, you wouldn't see
> at the first glance, that
bnotes:
http://lwn.net/Articles/282038/
http://www.links.org/?p=327
http://www.links.org/?p=328
--
Cheers, Actually, time flies hate a banana.
Rick Moen-- Micah Joel
r...@linuxmafia.com
McQ! (4x80)
--
T
Quoting E Frank Ball III (fra...@efball.com):
> Last fall there was a debian 64-bit / nginx rootkit going around,
> now I've been hit with what sounds similar but on 32-bit wheezy.
I hope you're aware that -- at least in the standard usage of the word
'rootkit' -- a rootkit doesn't 'go around', b
eers, "Learning Java has been a slow and tortuous process for me. Every
Rick Moen few minutes, I start screaming 'No, you fools!' and have to go
[EMAIL PROTECTED] read something from _Structure and Interpretation of
Computer Programs_ to de-stress." --
.
Sounds reasonable, at a first glance.
>> I have an honest face. ;->
>
> [Well since I pray to DJB before bed, I'd of course disagree. :-) ]
Far be it from me to claim your kink isn't OK. ;->
(I hope and assume you're not calling me dishonest.)
--
Cheers,
to contemplate the threat model. If you're
talking about trojaned packages placed on a mirror, it's unlikely
they'd remain past the next rsync remirror.
--
Cheers, There are only 10 types of people in this world --
Rick Moen those who understand binary arithmetic a
)
are in the format required.
Above summary is guaranteed to be shallow: Browsing the debian-dpkg
thread suggests that issues abound, and that (no surprise) careful
thinking about process and threat models is needed.
--
Cheers,There are only 10 types of people in this world --
Rick Moen
r possibly --no-debsig, which you'll
> want to check).
~ $ dpkg --help | grep verify
--no-debsigDo no try to verify package signatures
--
Cheers,There are only 10 types of people in this world --
Rick Moen those who understand binary arithmetic and tho
, instead? As Mike Renfro
points out, you're creating an intermachine dependency between the
bastion host and the inside machine no matter how you do it, but at
least, with those, the mount and resource-access traffic is not as
exposed.
--
Cheers,"Linux means never having to
utlook. Outlook is really just a security
Rick Moenhole with a small e-mail client attached to it."
[EMAIL PROTECTED]-- Brian Trosko in r.a.sf.w.r-j
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
rne in mind for future consideration.
--
Cheers,Remember: The day after tomorrow is the third day
Rick Moen of the rest of your life.
[EMAIL PROTECTED]
Quoting martin f krafft ([EMAIL PROTECTED]):
> which is why /tmp is mounted with noexec, just like /home
Well, so much for ~/bin directories.
--
Cheers, "Azathoth need not be present to win."
Rick Moen -- Charles
eers, "Learning Java has been a slow and tortuous process for me. Every
Rick Moen few minutes, I start screaming 'No, you fools!' and have to go
[EMAIL PROTECTED] read something from _Structure and Interpretation of
Computer Programs_ to de-stress." -- The Cube, www.forum3000.org
.
Sounds reasonable, at a first glance.
>> I have an honest face. ;->
>
> [Well since I pray to DJB before bed, I'd of course disagree. :-) ]
Far be it from me to claim your kink isn't OK. ;->
(I hope and assume you're not calling me dishonest.)
--
Cheers,
201 - 262 of 262 matches
Mail list logo
