Robert Simmons writes:
> Yes, to reduce the code base complexity so that resources can be focused on
> a smaller code base.
Might I suggest you begin by rolling back LLVM?
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/li
Thinking about how the contents of these files affects the behavior of
the ftp DIR command caused me to realize that I actually would prefer
it if there were some some option available for ftpd which would cause
it to display only something like where it currently attempts to
print either a u
> On Jun 30, 2016, at 1:56 PM, Ronald F. Guilmette
> wrote:
>
> And to anybody who wishes to retort "Yea, but software doesn't kill
> people!" I respectfully suggest that you first google for "Therac-25".
Followed by "always mount a scratch monkey."
___
... and it's not going to get any better till someone steps up and volunteers
to improve it. Can we count on you?
I've brought this up at least three times over the past 10(+?) years, and
been blown off every time. So yes, I'm volunteering, again. Can I count on
you?
--lyndon
___
(And yes, this is a bit of an irony considering that I used to be the
maintainer of the base-system Kerberos code in the long-ago krb4
days. But my job requires me to administer MIT Kerberos, so I need
the MIT kadmin utility and not the Heimdal one.)
Aren't the reasons for the Heimdal distribut
> Granted, if somebody is not specifically targeting you and is just scanning
> ranges to find sshd on 22 they will pass you right up since that port will
> be closed.
The port change was intended only to avoid the port scanners.
___
freebsd-security@fr
> Personally I tend to either firewall the OpenSSH daemon, or leave it
> wide open. I don't really see the point in changing ports, as long as
> they are still publicly available.
The ssh bots only seem to probe port 22. In well over a year of
running my ssh servers on a different (very low n
My use case is primarily to log in from highly untrusted and
malware infested systems. OPIE has been a usable solution to
that problem. I'm primarily worried about keyloggers and USB
memory stick content dumpers. OPIE fits that bill quite well.
It does, but *only* if you are running your own
Right, but that's not the problem they're trying to solve. They're trying to
solve the problem of logging in _from_ an untrusted machine, to a trusted
machine.
Okay, I got it backawrds.
So, an alternative might be to carry around a USB key with a one-time private
key, different from your nor
While I agree that OPIE can be improved, I think that the current
OPIE implementation is still much better than having to use
passwords from untrusted machines. I also prefer current OPIE to
copying SSH private keys to untrusted machines. So until there
is a more secure alternative, I really don
On 2008-Jul-17, at 00:54 , Robert Watson wrote:
FWIW, I have some work in progress on the capability front, but it's
a highly complex issue that will take years to work through
properly. Unfortunately, the real issue isn't so much the OS
primitives as building up a non-trivial application
Take a look at /usr/ports/security/bruteforceblocker. It monitors the
system log for failed ssh logins, and blocks the sites via pf. It's
reasonably configurable, and works very well. I've been running it for
months without trouble.
Note that it lets you whitelist specific hosts to prevent
12 matches
Mail list logo
