which
is not included in the GENERIC kernel, therefore the kernel itself was
not updated and does not reflect the patch level.
DES
--
Dag-Erling Smørgrav - d...@freebsd.org
is this something that needs to be
> addressed?
The base system unbound is meant to be used with a configuration
generated by `local-unbound-setup`, which never enables the `ede` option
which is a prerequisite for the DoS attack described in CVE-2024-1931.
DES (speaking only for himself)
--
y (whether from base or ports) does not load
liblzma, and if it did, it would not be able to load a Linux version of
the library.
DES
--
Dag-Erling Smørgrav - d...@freebsd.org
you set it +sappnd, it can be written to, and newsyslog will be able
to rotate it; an attacker with superuser privileges will also be able to
replace it with a doctored file.
There is no way to allow one without the other. The usual solution is
to log to a remote machine.
DES
--
Dag-Erling Smørgrav - d...@freebsd.org
void writes:
> What's the proper way then, for intel?
>
> 1. install sysutils/cpupdate and enable it in rc.conf ?
> 2. microcode_update_enable="yes" in rc.conf ?
Sorry, I thought we were talking about devcpu-data, which uses the
service name "microcode_update&qu
Eugene Grosbein writes:
> cpupdate_enable="YES" # in /etc/rc.conf should be enough
You mean
microcode_update_enable="yes"
DES
--
Dag-Erling Smørgrav - d...@freebsd.org
Natalino Picone writes:
> Is there an ETA for this OpenSSL update to reach the base?
Last Tuesday.
DES
--
Dag-Erling Smørgrav - d...@freebsd.org
money, and
> those devices all have different threat/failure/admin models
> than simple paper.
Neither HOTP nor TOTP require dedicated devices. HOTP codes are
sequential and can be pre-generated and printed if that's what you
prefer.
DES
--
Dag-Erling Smørgrav - d...@des.no
I will be removing OPIE from the main branch within the next few days.
It has long outlived its usefulness. Anyone still using it should look
into OATH HOTP / TOTP instead (cf. security/pam_google_authenticator).
https://reviews.freebsd.org/D36592
DES
--
Dag-Erling Smørgrav - d...@des.no
Mark Johnston writes:
> The message has to come from a host on the same layer 2 broadcast domain
> as the recipient. Routers don't forward neighbour solicitation messages
> but a hub will.
s/hub/switch/
DES
--
Dag-Erling Smørgrav - d.
ccount enumeration”
would suggest.
DES
--
Dag-Erling Smørgrav - d...@freebsd.org
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
11 has OpenSSH
7.5, which is not.
DES
--
Dag-Erling Smørgrav - d...@freebsd.org
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Konstantin Belousov writes:
> Dag-Erling Smørgrav writes:
> > Ah, I see. The port used sed to edit the file in-place instead of using
> > a tool that understands Elf and would have adjusted the section length.
> Really this cannot be done, as well as overriding the interpret
Konstantin Belousov writes:
> Dag-Erling Smørgrav writes:
> > The string isn't just unterminated, though. It's actually longer than
> > the section. To be precise, "/lib/ld-linux.so.2" is 18 characters long,
> > plus NUL makes 19. The section is suppos
NUL makes 19. The section is supposed to be 17 bytes long. I
don't mind forgiving a missing NUL, but I'm not comfortable with reading
past the end of the section, and it worries me that Linux doesn't care.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
John-Mark Gurney writes:
> I believe that there are patches/review for making the default password
> hash algorithm configurable via login.conf or something similar...
You mean like r64918?
DES
--
Dag-Erling Smørgrav - d...@des.no
___
f
Dag-Erling Smørgrav writes:
> Basically the IPv6 equivalent of https://127.0.0.1/. “[::]” is the
> bracketed literal representation of the IPv6 localhost address.
Hang on a sec — localhost should be [::1], not [::], which is the
equivalent of 0.0.0.0. My guess is a software bug. Jails
Roger Marquis writes:
> Not necessarily BSD-related though this was discovered via a proxy
> server jail's process table.
Basically the IPv6 equivalent of https://127.0.0.1/. “[::]” is the
bracketed literal representation of the IPv6 localhost address.
DES
--
Dag-Erling Smørgrav -
Brahmanand Reddy writes:
> My last question on this , recently "Replaced the kernel RC4(arc4random)
> with Chacha20" on 11.0 kernel should we apply on 10.4 kernel ??
This has not yet been merged to 11 and will not be merged to 10, which
is now in maintenance mode.
DES
--
Dag
uite well, allowing an attacker to read kernel memory at speeds of
up to 500 kB/s. But I guess you know better...
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd
but that may have been the result of undisclosed
features of the specific CPU they tested on.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe
wrong”?
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
then checking how they affect the cache.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
ding to Google, Chrome 64
(to be released in a few days) includes countermeasures against it. I
don't have any further details.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailm
rs as well
and have no known workaround.
So far, it has been shown that an unprivileged process can read data
from the kernel (Meltdown) and other processes (Spectre), and that a
privileged process in a VM can read data from the host and presumably
also from other VMs on the same host (Spectre).
DES
-
Michelle Sullivan writes:
> Dag-Erling Smørgrav writes:
> > Banks and financial institutions have whole teams working 24/7 [...]
> No.
I was describing a fact, not opining or speculating. I know these
people, I talk to them regularly and meet with them at industry events.
Sorry to
"Poul-Henning Kamp" writes:
> "Dag-Erling Smørgrav" writes:
> > Your suggestion does not remove implicit and possibly misplaced
> > trust, it just moves it from one place to another. Instead of
> > trusting a certificate authority and DNS, you tr
possibly misplaced trust,
it just moves it from one place to another. Instead of trusting a
certificate authority and DNS, you trust the source of the public key,
and probably also DNS. As always, it boils down to a) key distribution
is hard and b) what's your threat model?
DES
--
Dag-Erlin
gery”, for some
definition of “obvious”.
TL;DR: yes, banks are held liable for losses attributable to phishing.
Source: I do this for a living (although not at a bank).
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mai
n't have the latter without the former. Assertion of identity is
the only protection against MITM eavesdropping or tampering.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman
Big Lebowski writes:
> Dag-Erling Smørgrav writes:
> > There are decades of history here of which you are clearly unaware.
> > You may have the best of intentions, but nothing good will come of
> > raising this topic here and now. Just drop it.
> Des, please, stop doi
g this topic here and now. Just drop it.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi
Dirk Engling writes:
> have those findings officially been reported? Is someone working on
> them?
Speaking as a secteam member but not on behalf of so@, we are aware of
these issues but did not get sufficient advance notice to fix them in
time for DefCon.
DES
--
Dag-Erling Smørgr
Konstantin Belousov writes:
> Dag-Erling Smørgrav writes:
> > Wouldn't it be possible to just set up the page entry but leave it
> > unmapped, so that it is paged in (and zeroed if necessary) on first
> > access? Thus, a process that uses arc4random() and fork()s wou
processes would be useful
for more than just arc4random.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-sec
ing single variable, as it already done for threaded lib.
fork() and vfork() and pdfork() and... From a security point of view, I
prefer to have it in a single place.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
y be illegal and / or a firing offense. Simply browsing it
online may or may not be safe; get legal advice before you do. IANAL.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo
heasley writes:
> Dag-Erling Smørgrav writes:
> > You know what would be even sadder? If the OpenSSH developers had
> > to continue to devote significant resources to maintaining a rat's
> > nest of legacy code [...]
> I was not suggesting that openssl maintain
heasley writes:
> Dag-Erling Smørgrav writes:
> > FreeBSD 10 supports SSHv1 and will continue to do so. FreeBSD 11
> > and 12 do not, and neither does the openssh-portable port. I'm
> > afraid you will have to find some other SSH client.
> That is sad;
You know w
D 11 and 12
do not, and neither does the openssh-portable port. I'm afraid you will
have to find some other SSH client.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listin
hat calls it and see what happens immediately
before openpam_dispatch() logs that "system error" message.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebs
Ronny Forberger writes:
> My /var/log/debug.log only says:
>
> Nov 13 17:31:59 macy sudo: in openpam_dispatch(): /usr/local/lib/pam_sss.so:
> pam_sm_authenticate(): authentication error
There's a whole lot missing here. It should start with "calling
pam_sm_authenticate()
n your PAM
policy, OpenPAM will log every call to the pam_sss module, everything it
does on behalf of that module, and the outcome of the call through
syslog (by default, it should go to /var/log/debug.log).
DES
--
Dag-Erling Smørgrav - d...@des.no
__
kexkill: [03] received kexinit
kexkill: [03] read(): Connection reset by peer
[...]
^C
Remove -n1 to actually (attempt to) attack the system rather than just
probe it.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
Mark Picone writes:
> Since the security team have had the procedure of publishing security
> advisories for vulnerabilities once a fix available:
> https://www.freebsd.org/doc/handbook/security-advisories.html
Not for local denial of service.
DES
--
Dag-Erling Smørgrav - d.
t plug
them without making the system useless for its intended purpose.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
CeDeROM writes:
> Dag-Erling Smørgrav writes:
> > CeDeROM writes:
> > > I think it would be nice to have something like CIS Benchmark for
> > > FreeBSD.
> > https://benchmarks.cisecurity.org/downloads/multiform/
> Perfect :-) This is the place for benchmarki
CeDeROM writes:
> I think it would be nice to have something like CIS Benchmark for
> FreeBSD.
https://benchmarks.cisecurity.org/downloads/multiform/
Right between "Docker" and "FreeRadius"
DES
--
Dag-Erling Smørgrav - d...@des.no
_
CeDeROM writes:
> Dag-Erling Smørgrav writes:
> > [...] there are a million ways for a trusted unprivileged user to
> > cause a DoS, and most of them aren't even bugs. Some of them can be
> > mitigated using quotas or resource limits, but far from all.
> Maybe a d
tas or resource limits, but far from all.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
certificate authority that issued the
certificate and ask, but I doubt they'd answer (if they even know), and
in Let's Encrypt's case, there isn't anyone you can ask.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freeb
y cryptography so it can be established
> that the exchange is end to end, and not broken into two separate
> exchanges.
Assuming you can trust the public key, which is what CAs are for, but
CAs can be hacked, deceived or coerced.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
likely/expected to be fixed)
> * Implicit (probable) vulnerability (by way of EoL, no fixes/support,
> may have CVE (forever), port/pkg deleted, etc)
In theory, these are not identical. In practice, there is no way to
tell the difference given the sources and resources we have.
DES
--
Slawa Olhovchenkov writes:
> IMHO, ntp.conf need to include some numeric IP of public ntp servers.
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
DES
--
Dag-Erling Smørgrav - d...@des
my hunch is correct, the bug is
somewhere in the codepath for RSA, so newer versions (which default to
ECDSA) will be less likely to trigger it, but it will also depend on the
server version and whether the server has an ECDSA host key.
DES
--
Dag-Erling Smørgrav - d...@des.no
_
Roger Marquis writes:
> I'm wondering if FreeBSD base has ever been analyzed for patterns of
> suspicious commits[4]?
No, but the Heartbeat commit was not suspicious, regardless of that the
Wall Street Journal wants you to believe.
DES
--
Dag-Erling Smørgrav -
the bug before it affected you. No hard feelings?
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-
Slawa Olhovchenkov writes:
> Dag-Erling Smørgrav writes:
> > In the meantime, you can try something like this in .bashrc or
> > whatever:
> Imposible. For accessing .bashrc on kerberoized NFS need correct
> /tmp/krb5cc_.
/etc/profile, then.
DES
--
Dag-Erling S
en
if mv "${KRB5CCNAME}" "${krb5ccuid}" ; then
export KRB5CCNAME="${krb5ccuid}"
else
echo "Unable to rename krb5 credential cache" >&2
fi
fi
unset krb5ccuid
DES
--
Dag-Erling Smørgrav -
Kevin Oberman writes:
> Dag-Erling Smørgrav writes:
> > Julian Elischer writes:
> > > what is the internal window size in the new ssh?
> > 64 kB.
> Are you sure of this?
Sorry, I was thinking of 6.6 (in stable/10). The buffer code in 7.1
supports dynamically-sized b
Julian Elischer writes:
> what is the internal window size in the new ssh?
64 kB.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, s
intended to reduce the impact of upstream
changes on existing systems.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
Robert Ames writes:
> On my 9.3-RELEASE machine I don't have /usr/src/amd64 or /usr/src/i386.
> Are the correct directories /usr/src/sys/amd64/linux32 and
> /usr/src/sys/i386/linux?
Yes.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
fr
an existing
one.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
/libssh.so.5
usr/lib/private/libssh.so
% tar tf 11.0/FreeBSD-11.0-CURRENT-amd64-20151102-r290273-disc1.iso | egrep -w
'lib(private)?ssh'
usr/lib/libprivatessh.a
usr/lib/libprivatessh.so.5
usr/lib/libprivatessh.so
DES
--
Dag-Erling Smørgrav - d...@des.no
__
rhi writes:
> When I do openssl s_client -showcerts -host my.server -port 443, I get
> "Verify return code: 20 (unable to get local issuer certificate)", i.e. the
> certificate can't be verified.
It works on 10.2. I'm not sure at what point it changed.
DES
--
Dag-
e developers in
> question are being paid to work on other things, there is no real
> timeline for the release.
Given this state of affairs, it might not be unreasonable to consider
switching back for 11. There should be enough time, provided our
Kerberos maintainers have some spare cycles.
H and apply the output of that workflow to the source
tree instead of working entirely within the source tree.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-
We switched from MIT to Heimdal at some point in the past for some
reason I don't remember. MIT and Heimdal are *not* interchangeable at
the source or binary level, so switching back is not trivial.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
l
haven't upgraded OpenSSH, but to the best of my knowledge, it is far
less intrusive than HPN.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To uns
ed HPN
and lack the CPU power to perform encryption at line speed.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to &q
noticed this thread.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Julian Elischer writes:
> Bob Bishop writes:
> > Is removing HPN going to impact the performance of tunnelled X
> > connexions?
> yes if your rtt is greater than about 85 mSec
With an RTT of 85 ms, X is unusable with or without HPN.
DES
--
Dag-Erling Smør
HPN is so important to you, is there a reason
why you can't use the port?
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any m
side code (IIRC, one place where it printed only the
hardcoded version instead of the variable string). I'll try again.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/li
as so old it didn't
> have AESNI and would soon be retired, using the NONE cipher sped up
> the transfer significantly.
In that scenario, you don't need ssh at all. Just set up rsyncd on the
backup server.
DES
--
Dag-Erling Smørgrav - d...@des.no
Willem Jan Withagen writes:
> "Dag-Erling Smørgrav" writes:
> > Willem Jan Withagen writes:
> > > Are they still willing to accept changes to the old version that
> > > is currently in base?
> > No, why would they do that?
> Exactly my question...
ktop at work and
FreeBSD 10 desktop at home).
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
to the old version that is
> currently in base?
No, why would they do that?
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail
resses instead of hostnames? Just turn off
UseDNS. It is off by default since 6.8.
If you mean adding IP addresses or hostnames to messages that don't
already have them, try suggesting it on the openssh-portable mailing
list (openssh-unix-...@mindrot.org).
DES
--
Dag-Erling
them to the openssh-portable port, which has
them as a default option. I would also like to remove the NONE cipher
patch, which is also available in the port (off by default, just like in
base).
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-sec
7;size_t' (aka 'unsigned long') [-Wformat]
> > /usr/src/usr.sbin/ntp/libntp/../../../contrib/ntp/libntp/authreadkeys.c:257:4:
> > warning: format specifies type 'unsigned int' but the argument has type
> > 'unsigned long'
Dag-Erling Smørgrav writes:
> Please try these patches instead:
> https://people.freebsd.org/~des/SA-15:25/
New patches out with RAWDCF re-enabled.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
Derek Schrock writes:
> 403 on all those files (patch/asc)
Damnit! The price of paranoia (umask 027 instead of the default 022).
Fixed, thanks.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
ht
Dag-Erling Smørgrav writes:
> Please try these patches instead:
>
> https://people.freebsd.org/~des/SA-15:25/
Some people have had issues with these patches due to mismatched
$FreeBSD$ tags. I have uploaded a new set which should work for
everyone. I have tested them on releng/* f
Please try these patches instead:
https://people.freebsd.org/~des/SA-15:25/
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any
"Herbert J. Skuhra" writes:
> So can anyone confirm that the ntp patches in the SA are correct and we
> are just too stupid to use patch?
I looked at the SA-15:25 patch, and it is incorrect. I will work with
the so@ to get correct patches released.
DES
--
Dag-Erling Smørgr
KERNCONF=GENERIC KODIR=/boot/head
# nextboot -k head
# shutdown -r now
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "fr
not. I assume Herbert is
used to GNU patch(1) and used -p0 out of habit. It is harmless, but not
necessary.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-sec
Dmitry Morozovsky writes:
> Dag-Erling Smørgrav writes:
> > freebsd-update will most likely be gone in 11.
> Are there any published plans available?
The plan is for 11 to have a fully packaged base system. There should
be some information in developer summit reports on the wiki.
Slawa Olhovchenkov writes:
> Dag-Erling Smørgrav writes:
> > freebsd-update will most likely be gone in 11.
> What is planed for replacement?
Packaged base.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailin
r d in lib/libssh */s* ; do (cd $d && make cleandir && make obj && make
depend all install) ; done
# service sshd restart
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.f
Slawa Olhovchenkov writes:
> freebsd-update builds is inreproducible by the freebsd-update-server bug[s].
freebsd-update will most likely be gone in 11.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
ht
Mark Felder writes:
> Dag-Erling Smørgrav writes:
> > Daniel Feenberg writes:
> > > Is there a reason to encrypt something that is completely public?
> > Watering hole attacks.
> Watering hole attack describes the *site* being compromised because it's
> popu
Daniel Feenberg writes:
> Is there a reason to encrypt something that is completely public?
Watering hole attacks.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listi
nd Fedora are or have been working on it but with
no success to date.
> Can we get a wiki project page and some traction on this?
https://wiki.freebsd.org/ReproducibleBuilds
https://wiki.freebsd.org/PortsReproducibleBuilds
Are you volunteering?
DES
--
Dag-
It is possible that they
still sell the cards you used under a different name.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any m
;. Might that help ?
You want the security team to take a vacation after each release so we
can maintain the illusion, at least for a couple of weeks, that there
are no bugs or vulnerabilities in FreeBSD?
DES
--
Dag-Erling Smørgrav - d...@des.no
e ENs and
SAs published on 2015-08-25 were either unknown or still in the very
early investigation phase at the time of the release.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailm
://blog.des.no/2015/08/openssh-pam-and-user-names/
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebs
1 - 100 of 422 matches
Mail list logo
