On 4/9/2014 8:25 AM, Dag-Erling Smørgrav wrote:
Pawel Biernacki writes:
I understand that this is voluntary role and you have another (real
life) responsibilities that’s why I'd like to propose an idea of (at
least partially) paid position of Security Officer, because we all
need quick and eff
On 4/9/2014 9:21 AM, Zoran Kolic wrote:
Advisory claims 10.0 only to be affected. Patches to
branch 9 are not of importance on the same level?
Zoran
9 (and before) were only impacted if you loaded the newer OpenSSL from
ports. A fair number of people did, however
On 4/9/2014 9:47 AM, Steven Hartland wrote:
- Original Message - From: "Karl Denninger"
On 4/9/2014 9:21 AM, Zoran Kolic wrote:
Advisory claims 10.0 only to be affected. Patches to
branch 9 are not of importance on the same level?
9 (and before) were only impacted if
hese attacks are going to be loaded into your machine
through a _*running*_ modern BSD-style system? I suspect the answer is
"few" and a false sense of security is worse than none at all.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
smime.p7s
Description: S/MIME Cryptographic Signature
privilege escalation is not your only problem; corruption of
data headed to the disk, specifically with filesystems like ZFS, in many
ways can be worse because that can result in corruption that the system
CANNOT detect.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/T
e still using that in the wild. Not a huge
number, but a material number. On several relatively large systems I
monitor the "in the wild" user count for Windows XP is still around 4%
of all users to the sites.
Same problem with RC4. I'd love to lock that out too, but see above --
ell, that's
exactly the situation you're now in.
Incidentally, has anyone yet figured out if this vector works on a
network configured for machine certificates instead of a PSK? I'm not
certain from what I've looked at yet, and that is bothering me a LOT for
what should be ob
i-virus products
will, by default, do exactly this sort of intentional interception on
IMAP server traffic aimed at port 993 in an attempt to detect trojans
and viruses that are attached to email messages.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/
for #2 on an inherent basis
and this debate is thus about trying to use a tool that allegedly does
three things when we really only need one of them.
Maybe it's time to move toward something that can for source
distribution to the public (e.g. Git) instead of trying to abuse
something that
users.
It is NOT forced. You can use SVN now over http OR https.
>> This was just to give an example of why one would prefer to use HTTP
>> over HTTPS, and how as highlighted by Karl Denninger a system which does
>> too much may actually be harmful.
> I disagree with this. The imp
the same as the bits on the FreeBSD project's machines!*
Solve the problem at the correct location -- either fix svn to sign and
verify updates or dump it for something that can and use that existing
mechanism (e.g. git)
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
On 12/12/2017 08:28, Poul-Henning Kamp wrote:
>
> In message , Karl
> Denninger
> writes:
>
>> Now the question becomes this -- is the proper means to handle this via
>> TLS (using that root cert) OR should the *transport* be fixed so that
>> https doesn
of FreeBSD on some device and use that." Can we
avoid that being the answer, as it became with the browser issues?
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
13 matches
Mail list logo
