On Thu, Jun 22, 2017 at 01:14:33PM +0200, Michelle Sullivan wrote:
> I know, but with potentially serious issues even M$ issue patches for
> older release...
Microsoft even has 114,000 employees [1]. There are billions of paying
customers, so Microsoft has staff and money to test and backport pat
On Fri, Jan 27, 2017 at 05:30:17PM +, heasley wrote:
> I do appreciate fbsd's and openssh's altruism with the removal of v1 support.
> But, the fact is that there is equipment in the wild that does not support
> v2 and never will and otherwise works perfectly fine, yet sshv1 is still a
> better
On Sun, Jul 28, 2013 at 12:03:43PM +0300, Kimmo Paasiala wrote:
> A question related to this:
>
> What is it that prevents BIND from being removed from the base when
> there are very well working ports of BIND already that are far easier
> to update when vulnerabilities are found. Is it the dig(1)
On Mon, Jun 11, 2012 at 10:51:45AM +0200, Dag-Erling Smørgrav wrote:
> Damian Weber writes:
> > *collision* attacks are relatively easy these days, but against 1 MD5,
> > not against 1000 times MD5
>
> I'm not talking about collision attacks, I'm talking about brute-forcing
> hashes.
>
> > ther
On Fri, Jun 08, 2012 at 02:51:55PM +0200, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default inste
