during my time as FreeBSD Security Officer.
--
Regards,
Simon L. B. Nielsen
FreeBSD Security Officer Emeritus
signature.asc
Description: OpenPGP digital signature
g off ports SVN -> CVS export. It was
previously missed that this (yet another automated system we run)
needed to be updated as well.
--
Simon L. B. Nielsen
Hat: FreeBSD.org clusteradm team / FreeBSD Security Team
___
freebsd-security@freebsd.org mail
ports have, making it more painful.
In the past we also had a number of the tools which let one simpler
grep for package names, but those require infrastructure which doesn't
exist anymore.
--
Simon L. B. Nielsen
___
freebsd-security@freebsd.o
On 23 November 2012 00:11, Simon L. B. Nielsen wrote:
> On 23 November 2012 00:01, FreeBSD Security Advisories
> wrote:
>
> =
>> FreeBSD-SA-12:06.bind
reeBSD Project
>
> Topic: Multiple Denial of Service vulnerabilities with named(8)
Just to make two points clear (since I suspect people might ask).
- These fixes are exported to CVS/CVSup.
- No, these SA's had nothing to do with the recent security incident.
--
Si
) was not implemented.
I can't comment on the implementation details (don't know much about
VM system), but do you have tests to show that the new code actually
works in preventing users from mlocking more than 8MB by default?
--
Simon L. B. Nielsen
_
Security@ is an alias for secteam (to avoid accidentally leaking
confidential reports).
--
Simon L. B. Nielsen
Via mobile - sorry about the top posting
On 4 Sep 2012 13:29, "Dag-Erling Smørgrav" wrote:
> Doug Barton writes:
> > Please do ... probably security@ is the r
On Tue, Aug 21, 2012 at 1:05 PM, Ulrich Spörlein wrote:
> On Mon, 2012-08-20 at 22:24:56 +0100, Simon L. B. Nielsen wrote:
>> Hello,
>>
>> If you are not using geli(4) on -CURRENT (AKA FreeBSD 10) you can safely
>> ignore this mail. If you are, please read on!
>
st the signature in the freebsd-update
>> master repository could turn this tool into something of a integrity
>> checking tool.
>>
>
> Sounds good if you have a just a few systems. In a large environment,
> snmp is quite common to collect release informati
en't been
able to find docs on how your initialize or administer them.
http://www.safenet-inc.com/products/data-protection/two-factor-authentication/etoken-pass/
They are sort of programable too if you really want:
https://www.youtube.com/watch?v=QiTNlSgk-xY :-)
--
On 19 Aug 2012, at 13:33, Jilles Tjoelker wrote:
> On Sat, Aug 11, 2012 at 09:05:44PM +0200, Dag-Erling Smørgrav wrote:
>> "Simon L. B. Nielsen" writes:
>>> This has been discussed a number of time, but there are no nice and
>>> simple solution.
>
>&
-CURRENT isn't
supported by the FreeBSD Security Team, we are not releasing an
advisory, just this heads up.
--
Simon L. B. Nielsen
FreeBSD Security Officer
signature.asc
Description: OpenPGP digital signature
ple solution. There is a simple solution if we just update the
kernel always, but that's a hack IMO.
While the problem seems rather simple, there are many corner cases
making it hard to solve. It should be solved so people can get this
information, personally I just haven't had the time t
pdate the port shortly.
>
> Thank you!
>
>> VuXML entry will have to follow separately, as it is unclear whether new CVE
>> number will be assigned or not.
>
> You can do the VuXML without a CVE for now and update it when/if one is
> assigned
what is their support? When I
looked at their website I found nothing about security support, branch
handling etc. and nobody has replied to that part in these threads
(unless I missed it - I just rescanned thread without seeing a reply).
--
Simon L. B. Nielsen
_
On Tue, Jul 3, 2012 at 9:39 PM, Doug Barton wrote:
> On 07/03/2012 05:39, Dag-Erling Smørgrav wrote:
>> Doug Barton writes:
>>> The correct solution to this problem is to remove BIND from the base
>>> altogether, but I have no energy for all the whinging that would happen
>>> if I tried (again) t
On 19 Jun 2012, at 19:15, Steven Chamberlain wrote:
> On 18/06/12 22:37, Simon L. B. Nielsen wrote:
>> Note that this is ONLY for FreeBSD 8.1. Other branches are OK.
>
> Having seen the correct fix now, I'm starting to wonder if the commit to
> RELENG_7_4 was rea
On Jun 19, 2012 3:16 PM, "Maxim Khitrov" wrote:
>
> On Tue, Jun 19, 2012 at 10:10 AM, ian ivy wrote:
> > Hello,
> >
> > By default FreeBSD uses MD5 to encrypt passwords. MD5 is believed to be
> > more secure than e.g. DES but less than e.g. SHA512. Currently several
> > major Linux distributions,
cooperating
and I would rather fix the issue than battle with a mail program.
--
Simon L. B. Nielsen
FreeBSD Security Officer
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send
On Fri, Jun 15, 2012 at 7:11 PM, Matt Piechota wrote:
> On 06/15/2012 01:40 PM, Simon L. B. Nielsen wrote:
>>
>> On Jun 11, 2012 1:22 AM, "Robert Simmons" wrote:
>>>
>>> Would it be possible to make FreeBSD's bootcode aware of geli encrypted
f a USB flash key. Then your entire drive can be encrypted.
--
Simon L. B. Nielsen
Mobile
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
On Mon, Jun 11, 2012 at 11:44 AM, Lev Serebryakov wrote:
> Hello, Simon.
> You wrote 10 июня 2012 г., 14:02:50:
>
> SLBN> Has anyone looked at how long the SHA512 password hashing
> SLBN> actually takes on modern computers?
> Modern computers are not what should you afraid. Modern GPUs are.
>
On Sun, Jun 10, 2012 at 3:53 PM, Gleb Kurtsou wrote:
> On (10/06/2012 11:02), Simon L. B. Nielsen wrote:
>>
>> On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote:
>>
>> > We still have MD5 as our default password hash, even though known-hash
>> > attacks aga
ormat used by
Linux, other BSD's etc?
--
Simon L. B. Nielsen
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
ngs along these lines, I strongly suggest
trying to rope in some OpenSSL people, e.g. benl@.
> Patches are good to commit, IMHO.
Thanks for giving the patch more eyes.
--
Simon L. B. Nielsen
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Hey,
Bleh, even I forget at times that security@ != freebsd-security@ :-).
Begin forwarded message:
> From: "Simon L. B. Nielsen"
> Subject: Upgrade port audit now!
> Date: 11 March 2012 21:40:26 GMT
> To: po...@freebsd.org, secur...@freebsd.org
>
> Hey,
>
&g
d system and 'manually' apply fixes for the OpenSSL security issues we
certainly don't build OpenSSL unmodified.
I never had a reason to look at OpenSSL FIPS, so I don't really know if it's
possible to get it working on FreeBSD, but it's possible you can m
27 matches
Mail list logo
