Re: Querying entropy state

2018-05-15 Thread RW via freebsd-security
On Tue, 15 May 2018 15:54:44 +0100 RW wrote: > On Tue, 15 May 2018 12:17:28 +0100 > Chris Rees wrote: > > > Hello all, > > > > Since the new random device has been put in, sysutils/monitorix no > > longer has a sysctl to poll to view the current state of entropy > > (i.e. kern.random.sys.seeded

Re: Querying entropy state

2018-05-15 Thread RW via freebsd-security
On Tue, 15 May 2018 12:17:28 +0100 Chris Rees wrote: > Hello all, > > Since the new random device has been put in, sysutils/monitorix no > longer has a sysctl to poll to view the current state of entropy > (i.e. kern.random.sys.seeded). > > I have come to the understanding that it is no longer

Re: http subversion URLs should be discontinued in favor of https URLs

2017-12-05 Thread RW via freebsd-security
On Tue, 5 Dec 2017 14:08:49 -0800 Gordon Tetlow wrote: > Using this as a reason to not move to HTTPS is a fallacy. We should do > everything we can to help our end-users get FreeBSD in the most secure > way. I think it's more a question of whether all users should be forced onto https even if it

Re: Intel / AMD CPU Microcode Updates Required For Security

2017-05-28 Thread RW via freebsd-security
On Sun, 28 May 2017 17:53:01 -0400 grarpamp wrote: > Blobs that fix exploitable things may be slightly better than blobs. > Awareness should be raised, and updates applied to systems. > > # sysutils/devcpu-data New Microcode Released for Intel / AMD > https://bugs.freebsd.org/bugzilla/show_bug.cg

Re: Two Dumb Questions

2016-09-26 Thread RW via freebsd-security
On Sun, 25 Sep 2016 23:42:34 -0700 Ronald F. Guilmette wrote: > Here's my point: If you really have already managed to become > the man-in-the-middle anyway, then couldn't you just dummy up > any and all responses, including those for DNS, in such a way > as to make it all appear to the victim t

Re: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread RW via freebsd-security
On Fri, 29 Jul 2016 03:49:39 + Martin Schroeder wrote: > I've been analyzing the document extensively since then. The targets > are as follows: > > [1] portsnap via portsnap vulnerabilities > [2] portsnap via libarchive & tar anti-sandboxing vulnerabilities > [3] portsnap via bspatch vulnera

Re: FreeBSD - a lesson in poor defaults?

2016-07-13 Thread RW via freebsd-security
On Wed, 13 Jul 2016 12:25:21 +0200 (CEST) Simon Krenz wrote: > IMHO I can agree with most of the statements written down in this > text. I can not understand why I need ntpd or sendmail activated in > default installations. ntpd isn't activated by default. ___

Re: Leap Second

2015-07-02 Thread RW via freebsd-security
On Wed, 1 Jul 2015 21:52:46 -0400 Garrett Wollman wrote: > < said: > > > ntpd(8) has provision for specifying a leapsecond file which > > presumably makes it leap-second aware. I haven't looked into the > > details. > > The current NTP protocol, as implemented by ntpd, distributes > leap-secon