On 1/29/2025 10:57 AM, mike tancsa wrote:
It is marked low
https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
Any plans to bring in the new version ?
I guess no new version, just patches for now
https://groups.google.com/a/openssl.org/g/openssl-announce/c/kV3rF1Zd9RU
It is marked low
https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
Any plans to bring in the new version ?
---Mike
On 9/4/2024 9:27 AM, Wall, Stephen wrote:
Possible denial of service in X.509 name checks (CVE-2024-6119)
Is this something we need to concern ourselves with?
Since no one else is chiming in, I'll provide my feeble thoughts. As I read
it, it primarily affects outgoing TLS connections. I.e.,
Oh, I didnt see the earlier email for some reason. Thanks Gordon for the
email clarification!
---Mike
On 3/29/2024 2:22 PM, mike tancsa wrote:
From the redhat advisory,
What is the malicious code?
The malicious injection present in the xz versions 5.6.0 and 5.6.1
libraries is obfuscated
From the redhat advisory,
What is the malicious code?
The malicious injection present in the xz versions 5.6.0 and 5.6.1
libraries is obfuscated and only included in full in the download
package - the Git distribution lacks the M4 macro that triggers the
build of the malicious code. The second
On 12/19/2023 4:33 PM, FreeBSD Security Advisories wrote:
with 12.4 are encouraged to either implement the documented workaround or
leverage an up to date version of OpenSSH from the ports/pkg collection.
Hi,
Is the version of security/openssh-portable not vulnerable to this issue
too ? I don
On 7/27/2023 4:42 PM, Jung-uk Kim wrote:
Can you please the attached patch? Sorry about the trouble.
thank you for all the help! Looks good on RELENG_12 now
% gmake
nasm -O0 -felf64 -o zenleak.o zenleak.asm
cc -O0 -ggdb3 -march=znver2 -c -o pattern.o pattern.c
cc -O0 -ggdb3 -march=znver2
On 7/27/2023 4:03 PM, Jung-uk Kim wrote:
Please try the attached patch. It should fix the sched_getcpu() issue.
Jung-uk Kim
Thank you for helping me with this. However, still the following error
on RELENG_12 from a few days ago
% git clone "https://git.hardenedbsd.org/shawn.webb/zenble
On 7/27/2023 1:38 PM, Jung-uk Kim wrote:
I guess you checked out a wrong branch. Please see the attached
minimal patch I made for FreeBSD. I think it will work on any
supported FreeBSD branches. Note the original exploit is available
from here:
https://lock.cmpxchg8b.com/files/zenbleed-v5.
On 7/26/2023 5:46 PM, Shawn Webb wrote:
On Wed, Jul 26, 2023 at 08:34:56PM +, 0x1eef wrote:
Hello,
I was curious if there are plans to apply the "chicken bit"
workaround for the Ryzen line of processors. A firmware
update is not scheduled to be released until Nov or Dec
at the earliest. Tha
On 11/30/2022 5:38 PM, Brooks Davis wrote:
It's probably also worth considering it as a local privilege escalation
attack. The attacker will need to control a ping server, but it's often
the case that enough ICMP traffic is allowed out for that to work and in
that case they have unlimited tries
On 11/30/2022 4:58 PM, Dev Null wrote:
Easily to exploit in a test environment, but difficult to be exploited
in the wild, since the flaw only can be exploited in the ICMP reply,
so the vulnerable machine NEEDS to make an ICMP request first.
The attacker in this case, send a short reader in
How likely is this bug exploited ? I am guessing Man-in-the-middle
makes this a little more of an issue potentially
---Mike
On 11/29/2022 7:46 PM, FreeBSD Security Advisories wrote:
=
FreeBSD-SA-22:15.ping Secur
On 7/12/2022 3:51 PM, mike tancsa wrote:
Just wondering how this might impact FreeBSD ?
Forgot to include the link
https://news.ycombinator.com/item?id=32071949
https://comsec.ethz.ch/research/microarch/retbleed/
Just wondering how this might impact FreeBSD ?
On 10/1/2021 6:51 PM, John-Mark Gurney wrote:
> mike tancsa wrote this message on Fri, Oct 01, 2021 at 10:31 -0400:
>> I was hoping people with expertise on this issue could chime in about
>> the implications of running with this patch on FreeBSD 11 which I know
>>
I was hoping people with expertise on this issue could chime in about
the implications of running with this patch on FreeBSD 11 which I know
is now out of support.
This patch is inspired from
https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/032_cert.patch.sig
with caveats from
https://www.o
On 8/25/2021 11:22 AM, Gordon Tetlow wrote:
> Hi All,
>> Was reading the original advisory at
>> https://www.google.com/url?q=https://www.openssl.org/news/secadv/20210824.txt&source=gmail-imap&ust=163049755200&usg=AOvVaw21BGr3aGIh9CKIH3efYzY4
>> and it says
>>
>> "OpenSSL versions 1.0.2y a
On 8/24/2021 4:53 PM, FreeBSD Security Advisories wrote:
>
> Branch/path Hash Revision
> -
> stable/13/ 9d31ae318711 stable/13-n246940
> releng/13.
On 4/14/2021 12:20 PM, Shawn Webb wrote:
> The commit that fixed the vulnerability is
> 8f594d4355a16f963e246be0b88b9fba8ad77049, made on 31 Aug 2020. That's
> over a half a year ago.
Thanks, thats what I thought. Wasnt sure why this was being presented as
new ?!
---Mike
I heard about this on the ISC stormcast podcast this AM, but I cant
quite make heads or tails of if/when what was patched with respect to
FreeBSD.
https://www.forescout.com/company/blog/forescout-and-jsof-disclose-new-dns-vulnerabilities-impacting-millions-of-enterprise-and-consumer-devices/
They
Hi,
I was thinking with the 2 intel CPU SAs, there would be an SA fo
libarchive issue ?
https://nvd.nist.gov/vuln/detail/CVE-2019-18408
Or is FreeBSD not vulnerable to this particular issue ? I think as fix was
__FBSDID("$FreeBSD:
stable/12/contrib/libarchive/libarchive/archive_read_support
Does anyone have any more details about the implication of this ? e.g.
does a daemon need to be listening on a target device ? Is it merely the
act of forwarding such packets ? Can a non root user open such a daemon ?
Thanks,
---Mike
> ===
On 7/2/2019 8:49 PM, FreeBSD Security Advisories wrote:
> Special note: This update also adds the -z flag to fsck_ffs to have it scrub
> the leaked information in the name padding of existing directories. It only
> needs to be run once on each UFS/FFS filesystem after a patched kernel is
> install
Hi all,
With respect to the bugs describe in
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
*
*
SACK Slowness (FreeBSD 12 using the RACK TCP Stack)
*Description:* It is possible to send a crafted sequence of SACKs which
will fragment the RAC
On 5/15/2019 10:27 AM, Borja Marcos wrote:
>
>> On 15 May 2019, at 15:32, mike tancsa wrote:
>>
>> Actually, just tried this on RELENG_11 (r347613) and I get
>>
>> don't know how to load module '/boot/firmware/intel-ucode.bin'
>>
>&
On 5/15/2019 8:18 AM, Wall, Stephen wrote:
>> New CPU microcode may be available in a BIOS update from your system vendor,
>> or by installing the devcpu-data package or sysutils/devcpu-data port.
>> Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14.
>>
>> If using the pa
mitigate the issue on i386).
>
> On Wed, Mar 14, 2018 at 7:06 AM, Mike Tancsa <mailto:m...@sentex.net>> wrote:
>
> On 3/14/2018 12:29 AM, FreeBSD Security Advisories wrote:
> > Affects: All supported versions of FreeBSD.
>
ust AMD64 ? Or does it fix it on i386 as well ?
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
___
freebsd
On 1/12/2018 1:07 PM, Brett Glass wrote:
> All:
>
> The fix in this patch appears to be unconditional.
The original email said
"The code will be selectable via a tunable which ..." Perhaps wait for
the final product.
---Mike
--
-------
Mike Tancsa,
Thanks very much for the updates!
---Mike
On 1/8/2018 12:57 PM, Gordon Tetlow wrote:
> By now, we're sure most everyone have heard of the Meltdown and Spectre--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet servic
ublication date of patches."
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security
1 interface (e.g. eToken) or tpm ?
---Mike
>
> I realize it's not a perfect solution by far, but it would provide some
> level of mitigation (especially for things like GELI) that could hold
> people over until they can replace their hardware.
--
---
I am guessing this will impact FreeBSD as well ?
http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge
I have been testing a box against the qualys PCI scanner. For whatever
reason, RELENG 10 comes up vulnerable still to
CVE-2004-0230
Any idea why this might show as being an issue still ? Is it an issue or
just a false positive ?
---Mike
--
---
Mike Tancsa, tel +1 519
On 8/27/2015 3:24 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> I know RELENG_8 is no longer supported, but does this issue impact
>> FreeBSD 8.x ?
>
> Note that of the three issues mentioned here, one is not exploitable by
> an attacker and the other two pres
; All supported versions of FreeBSD.
I know RELENG_8 is no longer supported, but does this issue impact
FreeBSD 8.x ?
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge,
On 7/17/2015 3:19 PM, Mike Tancsa wrote:
> --
> https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
> With this vulnerability an attacker is able to request as many password
> prompts li
e ssh client allows only three password entries
per default).
With this vulnerability an attacker is able to request as many password
prompts limited by the “login graced time” setting, that is set to two
minutes by default."
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Comm
91
>> CVE-2015-1792, CVE-2015-4000
>
> I see a regression in the port for OpenSSL 1.0.2b:
There is also an ssh issue it seems ?
http://marc.info/?l=openssh-unix-dev&m=143412504002151&w=2
---Mike
--
---
Mike Tancsa, tel +1 5
On 5/5/2015 9:32 AM, Mike Tancsa wrote:
and then restarted the scan.
Sure enough, it comes up vulnerable. I have placed the 2 pcaps, and the
reports in http://www.tancsa.com/jail
I setup a similar target environment for RELENG_10 but the scan seems to
think RELENG_10 is just plain
*:*
#
and then restarted the scan.
Sure enough, it comes up vulnerable. I have placed the 2 pcaps, and the
reports in http://www.tancsa.com/jail
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994
On 4/29/2015 6:07 PM, Mike Tancsa wrote:
The IP being scanned is in a jail. If I run the scan to an IP not
associated with the jail, the scan does not complain. Its only on the
jailed IP that the scan flags as problematic for this vulnerability.
If this is a false positive, how can I be sure
n others.
It should be noted that while a number of vendors have confirmed this
issue in various products, investigations are ongoing and it is likely
that many other vendors and products will turn out to be vulnerable as
the issue is investigated further.
--
---
Mike T
reebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Could be worse, could be better
https://www.openssl.org/news/secadv_20150319.txt
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org
On 1/27/2015 2:55 PM, FreeBSD Security Advisories wrote:
IV. Workaround
No workaround is available.
If SCTP is NOT compiled in the kernel, are you still vulnerable ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing
1 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
./bashcheck: line 18: 19749 Segmentation fault (core dumped) bash
-c "true $(printf '< /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Varia
mped) bash
-c "true $(printf '< /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
---Mike
--
---
Mike Tancsa, tel +1 5
option that will work, or is
scrub fragment reassemble
sufficient ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org
those advisories.
Issues affecting the FreeBSD Ports Collection are covered in
http://vuxml.freebsd.org/
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
S be *well* reviewed before getting committed. IIRC there was a quick
fix to an openssl bug in the past that then had to be fixed again.
* What is stopping people who care about security from joining, or
following this mailing list ?
---Mike
--
---
Mike Tancsa, tel +1 51
On 4/8/2014 10:09 AM, Merijn Verstraaten wrote:
On Apr 8, 2014, at 15:45 , Mike Tancsa wrote:
Hi,
I am trying to understand the implications of this bug in the context
of a vulnerable client, connecting to a server that does not have this
extension. e.g. a client app linked against
-Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org mailing list
time.
Hi,
The webpage lists
FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c)
I take it this is only if you installed from the ports no ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since
legeSeparation yes
as it sounds like you have hardware crypto on the box and you are using
UsePrivilegeSeparation sandbox
which is broken
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.se
edly
fixes this regression issue.
http://www.openssl.org/source/exp/CHANGES
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http:/
Three of them it seems
http://www.openssl.org/news/secadv_20130205.txt
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com
On 1/7/2013 1:48 AM, Patrick Proniewski wrote:
> On 06 janv. 2013, at 23:46, Mike Tancsa wrote:
>
>> Hi,
>> Thanks for the reply! Where can I find setaudit ?
>
> you might find some useful info here too:
>
> http://forums.freebsd.org/showthread.php?t=2371
On 1/6/2013 5:25 PM, Patrick Proniewski wrote:
> On 06 janv. 2013, at 23:11, Mike Tancsa wrote:
>
>> But if I make a simple php script to try and connect out, again, pflog0
>> blocks it and logs it, but it does not show up in the audit logs
>>
>>
>> Any i
105073, win 65535, options [mss
1460,nop,wscale 3,sackOK,TS val 177324430 ecr 0], length 0
Any idea what I am missing ?
This is a RELENG_8 box from this week.
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet se
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd
On 6/11/2012 10:00 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> Dag-Erling Smørgrav writes:
>>> Mike Tancsa writes:
>>>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
>>>> currently not there.
>>> "n
On 6/11/2012 4:48 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
>> currently not there.
>
> "not there" as in "not supported by crypt(3)"?
If you put in sha256|sha512 in pas
stuser:$2a$04$veZKfUGwqsrxWZOb/wbes.RdgQhLL.kfqyQ8Cv044rjJdFI0nSVXy:1004:1004::0:0:User
&:/home/testuser:/bin/sh
0(cage2)#
Note the $2a$
Other place to do it is in auth.conf, but I usually do it in login.conf
as shown above.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html
---Mike
--
-
uences).
>
> default:\
> - :passwd_format=md5:\
> + :passwd_format=sha512:\
> :copyright=/etc/COPYRIGHT:\
> :welcome=/etc/motd:\
> :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
>
> DES
--
---
Mike Tancs
Are there any security reasons as to why
http://www.freebsd.org/cgi/query-pr.cgi?pr=142258 ([patch] rtld(1): add
ability to log or print rtld errors)
would not have been committed to the tree ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m
On 11/30/2011 8:37 PM, Mike Tancsa wrote:
> On 11/30/2011 8:16 PM, Xin LI wrote:
>>
>> Sorry I patched at the wrong place, this one should do.
>>
>> Note however this is not sufficient to fix the problem, for instance
>> one can still upload .so's that run arb
gh to see its not an easy fix. In the mean time, I was just
looking for ways to protect the few boxes I have that run proftpd.
Right now running with "rootrevoke on" seems to be the safest, but that
has the side effect of killing active connections.
---Mike
--
---
On 11/30/2011 8:16 PM, Xin LI wrote:
> On 11/30/11 17:01, Mike Tancsa wrote:
>> On 11/30/2011 7:01 PM, Xin LI wrote:
>>>
>>>> BTW. This vulnerability affects only configurations, where
>>>> /etc/ftpchroot exists or anonymous user is allowed to
und that.
Now to prod the proftpd folks
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
__
1002 79 Nov 30 16:34 t.c
-rwxr-xr-x 1 0 1002 24 Nov 30 16:37 t.sh
226 Transfer complete.
ftp>
the file created is root
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Camb
Saw this on FD... Anyone know any more details about this ?
http://lists.grok.org.uk/pipermail/full-disclosure/2011-November/084372.html
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994
mail/svn-src-stable-8/2011-November/006315.html
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://ww
On 9/20/2011 5:39 PM, Corey Smith wrote:
> On Tue, Sep 20, 2011 at 4:08 PM, Mike Tancsa wrote:
>> Seems to die in the function policy_check in sudo.c
>
> I am able to reproduce it as well on 8.2-RELEASE amd64,
> pam_ssh_agent_auth-0.9.3 and sudo-1.8.2.
>
I posted the ques
);
}
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freeb
On 9/19/2011 2:00 PM, Mike Tancsa wrote:
> On 9/16/2011 3:10 PM, Corey Smith wrote:
>> On 09/16/2011 11:05 AM, Dag-Erling Smørgrav wrote:
>>> My question is: which ones?
>>
>> security/pam_ssh_agent_auth
>>
>> It is BSD licensed and handy for sudo.
>
t;XMODIFIERS GTK_IM_MODULE QT_IM_MODULE
QT_IM_SWITCHER"
+
+Defaults env_keep += SSH_AUTH_SOCK
+
+
I must be missing something obvious?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sente
ChallengeResponseAuthentication no
I wonder if other apps that make use of PAM can trigger the bug as well ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
On 12/15/2010 6:36 AM, Andy Kosela wrote:
>
> Some of you probably already read this:
>
> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
>
> Interesting...I wonder what is the impact of all this on FreeBSD code.
> We may very well suppose that any government or corporation funded code
>
..@freebsd.org"
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Internet since 1994www.sentex.net
Cambri
At 06:59 AM 3/5/2010, Dag-Erling Smørgrav wrote:
"Poul-Henning Kamp" writes:
> Mike Tancsa writes:
> > While getting a box ready for deployment, I noticed on two
> > occasions, I would get some exception reports flagging all files as
> > the underlying de
At 03:51 PM 3/4/2010, Dag-Erling Smørgrav wrote:
Mike Tancsa writes:
> While getting a box ready for deployment, I noticed on two occasions,
> I would get some exception reports flagging all files as the
> underlying device number through reboots had changed. Is this
> "nor
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Internet since 1994www.sentex.net
Cambridge, Onta
At 08:51 AM 12/2/2009, Poul-Henning Kamp wrote:
In message <200912021324.nb2doc58001...@lava.sentex.ca>, Mike Tancsa writes:
>At 07:51 AM 12/2/2009, Mohd Fazli Azran wrote:
>The only way to deal with them I found [...]
A very efficient measure: Move your sshd to another port num
ent: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksWYrsACgkQNF5f3mz2bZm2QwCfTZhxaAu586n66tGoAoX2DzjH
Wd0AmgMQyxsmJ+eoeDEgJOdXMk2SxiaB
=Ymfg
-END PGP SIGNATURE-
----
Mike Tan
At 08:44 PM 12/1/2009, Brett Glass wrote:
At 12:09 PM 12/1/2009, Mike Tancsa wrote:
http://isc.sans.org/trends.html
and
http://isc.sans.org/port.html
Do not seem to show any increase.
Do those stats account for the fact that the attackers may first be
fingerprinting servers to see if
ot seem to show any increase.
---Mike
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Inte
i,
Just wondering if there is any update on this issue ?
---Mike
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Inte
Just wondering if this impacts FreeBSD's version in any significant way ?
http://www.openssl.org/news/secadv_20090325.txt
---Mike
Mike Tancsa, tel +1 519 651 3400
S
At 04:45 PM 1/3/2009, O. Hartmann wrote:
followed by a obligatory "cap_mkdb" seems to do something - changing
root's password results in different hashes when selecting different
hash algorithms like des, md5, sha1, blf or even sha256.
Well, I never digged deep enough into the source code to re
everything in /usr/local ? Also, do you use hx509 at all and certs
for pre-auth ?
---Mike
On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote:
> We are looking at deploying Kerberos for better user management (SSO)
> and 2 factor authentication via pkcs#11 etokens. The
matter
regulation wise. Is one better maintained than the other ? There are
no legacy v4 apps
Thanks,
---Mike
Mike Tancsa, tel +1 519 651 3400
Sentex Communications
At 04:37 PM 8/21/2008, Brooks Davis wrote:
On Thu, Aug 21, 2008 at 10:10:42PM +0200, Rink Springer wrote:
> On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
> > Finally, consider moving to pf instead, if you really feel ipfw is
> > what's causing your machine to crash. You might
At 06:54 AM 7/9/2008, Oliver Fromme wrote:
Andrew Storms wrote:
> http://www.isc.org/index.pl?/sw/bind/bind-security.php
I'm just wondering ...
ISC's patches cause source ports to be randomized, thus
making it more difficult to spoof response packets.
But doesn't FreeBSD already randomize sou
At 11:24 PM 2/17/2008, Jim Bryant wrote:
One line summary:
Too many files in a top-level UFS-2 filesystem directory will
cause a panic on mount.
How to repeat the problem:
Compile and run the following as instructed:
umount that filesystem.
Hi,
I tried this on RELENG_7 and RELENG_6 an
At 12:22 AM 1/15/2008, Mark Andrews wrote:
>
> For the "usual suspects" of applications running, (e.g. sendmail,
> apache, BIND etc) would it be possible to pass crafted packets
> through to this function remotely via those apps ? ie how easy
is this to do
> ?
The usual suspects don'
At 06:09 PM 1/14/2008, FreeBSD Security Advisories wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-08:02.libc Security Advisory
1 - 100 of 120 matches
Mail list logo
