At 11:49 AM 06/04/2005, Martin McCormick wrote:
We have been noticing flurries of sshd reject messages in
which some system out there in the hinterlands hits us with a flood of
ssh login attempts. An example:
Apr 6 05:41:51 dc sshd[88763]: Did not receive identification
string fro
At 04:32 AM 17/04/2005, Vicky Shrestha wrote:
Dear all,
I am running IPSEC and l2tpd in FreeBSD 4.9.
mtu 1400
mru 1400
It sounds like you have the PMTU issue covered, but it also sounds like an
MTU issue. Can you try and generate some large ping packets and see if
they are being fragmented prop
e people interested in "racoon2". It is still pre-alpha version,
not satisfied with users. I will concentrate developping "racoon2"
to be stable. It needs more than one year at least.
//Shoichi Sakane
----
Mike Tanc
At 09:45 AM 17/05/2005, mohan chandra wrote:
Hi,
I have tried to enable IPSec support for my
FreeBSD( 4.11-RELEASE) system.
Hi,
You need to reboot after installing the new kernel.
---Mike
___
freebsd-security@freebsd.org mailing lis
At 06:08 PM 02/10/2005, Don Lewis wrote:
> practical, everyone limit SSH logins to the minimum possible number
> of users via the "AllowUsers" directive. We also have a log monitor
> that watches the logs (/var/log/auth.log in particular) and
> blackholes hosts that seem to be trying to break in
At 10:13 AM 12/10/2005, Ivan Voras wrote:
Tobias Roth wrote:
On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote:
And you cannot expect the port maintainers
to backport security fixes if the upstream provider chose to release the
fix only together with a new version.
Yes you can, ask these
At 06:21 PM 09/02/2006, Garance A Drosihn wrote:
Are other people here running nessus (2.2.6) with the "registered
plugins"? (not the commercial registration).
Hi,
I am running the same sort of setup, with registered plugins
but with the X-client. Typically, I shut down the daemon,
Hi,
The patches apply cleanly on RELENG_4, but sendmail does not
compile properly using
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install
rm -f .depend
mkdep -f .depend
-a-I
At 08:57 AM 23/03/2006, Oleg Khomichenko wrote:
=
> Announced: 2006-03-22
> Affects:All FreeBSD releases.
15:33 [EMAIL PROTECTED]:/usr/src>uname -a
FreeBSD .xxx.xx 4.11-STABLE FreeBSD 4.11-STABL
At 10:27 AM 24/04/2006, Pawel Jakub Dawidek wrote:
On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote:
+> Winston Tsai <[EMAIL PROTECTED]> wrote:
+> > I got roughly the same performance results when I use the openssl speed
+> > test with and without a hifn 7956 cryto card
+> > [...]
?
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambr
At 04:05 PM 11/07/2006, Poul-Henning Kamp wrote:
In message <[EMAIL PROTECTED]>, Chuck Swiger writes:
>Checksumming the device image is a fine way of checking the
integrity of it,
>assuming it is read-only. The only thing you might want to do is
use two or
>three checksum algorithms (ie, use
At 04:34 PM 11/07/2006, Ruslan Ermilov wrote:
> >
> With respect to prepending a random salt to the image, can you expand
> what you mean ?
>
It means that every time you want to checksum it, you send some
random bits to be prepended to the image, then compute the
checksum(s). You then do the sa
At 04:45 PM 11/07/2006, R. B. Riddick wrote:
--- Poul-Henning Kamp <[EMAIL PROTECTED]> wrote:
> Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."'
> when you thing you're running sha256 would be trivia.
>
But what if the trojan copies its files to the RAM disc and waits for this
Does anyone know the practicality of this attack ? i.e. is this trivial to do ?
---Mike
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL
At 10:53 AM 9/5/2006, Mike Tancsa wrote:
Does anyone know the practicality of this attack ? i.e. is this
trivial to do ?
Also, for RELENG_6, can someone confirm the patch referenced in
http://www.openssl.org/news/patch-CVE-2006-4339.txt
be applied with the one change of
+{ERR_REASON
Is the version in FreeBSD vulnerable ?
http://www.openssh.com/txt/release-4.4
I know version 1 is disabled by default, but if its not, does it
impact the daemon ?
---Mike
Mike Tancsa
At 05:43 PM 9/28/2007, Stefan Esser wrote:
I did not see any commits to the OpenSSL code, recently; is anybody
going to commit the fix?
See http://www.securityfocus.com/archive/1/480855/30/0 for details ...
How serious is this particular issue ? Is it easily exploitable, or
difficult to do ?
At 12:05 PM 10/5/2007, Simon L. Nielsen wrote:
On 2007.10.03 19:49:31 -0400, Mike Tancsa wrote:
> At 05:43 PM 9/28/2007, Stefan Esser wrote:
>> I did not see any commits to the OpenSSL code, recently; is anybody
>> going to commit the fix?
>>
>> See http://www.securit
i config #
wpa=1
wpa_passphrase=xxx
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED
At 06:09 PM 1/14/2008, FreeBSD Security Advisories wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-08:02.libc Security Advisory
At 12:22 AM 1/15/2008, Mark Andrews wrote:
>
> For the "usual suspects" of applications running, (e.g. sendmail,
> apache, BIND etc) would it be possible to pass crafted packets
> through to this function remotely via those apps ? ie how easy
is this to do
> ?
The usual suspects don'
At 11:24 PM 2/17/2008, Jim Bryant wrote:
One line summary:
Too many files in a top-level UFS-2 filesystem directory will
cause a panic on mount.
How to repeat the problem:
Compile and run the following as instructed:
umount that filesystem.
Hi,
I tried this on RELENG_7 and RELENG_6 an
At 06:54 AM 7/9/2008, Oliver Fromme wrote:
Andrew Storms wrote:
> http://www.isc.org/index.pl?/sw/bind/bind-security.php
I'm just wondering ...
ISC's patches cause source ports to be randomized, thus
making it more difficult to spoof response packets.
But doesn't FreeBSD already randomize sou
At 04:37 PM 8/21/2008, Brooks Davis wrote:
On Thu, Aug 21, 2008 at 10:10:42PM +0200, Rink Springer wrote:
> On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
> > Finally, consider moving to pf instead, if you really feel ipfw is
> > what's causing your machine to crash. You might
matter
regulation wise. Is one better maintained than the other ? There are
no legacy v4 apps
Thanks,
---Mike
Mike Tancsa, tel +1 519 651 3400
Sentex Communications
everything in /usr/local ? Also, do you use hx509 at all and certs
for pre-auth ?
---Mike
On Sun, Sep 07, 2008 at 07:55:26AM -0400, Mike Tancsa wrote:
> We are looking at deploying Kerberos for better user management (SSO)
> and 2 factor authentication via pkcs#11 etokens. The
At 04:45 PM 1/3/2009, O. Hartmann wrote:
followed by a obligatory "cap_mkdb" seems to do something - changing
root's password results in different hashes when selecting different
hash algorithms like des, md5, sha1, blf or even sha256.
Well, I never digged deep enough into the source code to re
Just wondering if this impacts FreeBSD's version in any significant way ?
http://www.openssl.org/news/secadv_20090325.txt
---Mike
Mike Tancsa, tel +1 519 651 3400
S
i,
Just wondering if there is any update on this issue ?
---Mike
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Inte
ot seem to show any increase.
---Mike
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Inte
At 08:44 PM 12/1/2009, Brett Glass wrote:
At 12:09 PM 12/1/2009, Mike Tancsa wrote:
http://isc.sans.org/trends.html
and
http://isc.sans.org/port.html
Do not seem to show any increase.
Do those stats account for the fact that the attackers may first be
fingerprinting servers to see if
ent: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksWYrsACgkQNF5f3mz2bZm2QwCfTZhxaAu586n66tGoAoX2DzjH
Wd0AmgMQyxsmJ+eoeDEgJOdXMk2SxiaB
=Ymfg
-END PGP SIGNATURE-
----
Mike Tan
At 08:51 AM 12/2/2009, Poul-Henning Kamp wrote:
In message <200912021324.nb2doc58001...@lava.sentex.ca>, Mike Tancsa writes:
>At 07:51 AM 12/2/2009, Mohd Fazli Azran wrote:
>The only way to deal with them I found [...]
A very efficient measure: Move your sshd to another port num
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Internet since 1994www.sentex.net
Cambridge, Onta
At 03:51 PM 3/4/2010, Dag-Erling Smørgrav wrote:
Mike Tancsa writes:
> While getting a box ready for deployment, I noticed on two occasions,
> I would get some exception reports flagging all files as the
> underlying device number through reboots had changed. Is this
> "nor
At 06:59 AM 3/5/2010, Dag-Erling Smørgrav wrote:
"Poul-Henning Kamp" writes:
> Mike Tancsa writes:
> > While getting a box ready for deployment, I noticed on two
> > occasions, I would get some exception reports flagging all files as
> > the underlying de
..@freebsd.org"
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Internet since 1994www.sentex.net
Cambri
On 12/15/2010 6:36 AM, Andy Kosela wrote:
>
> Some of you probably already read this:
>
> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
>
> Interesting...I wonder what is the impact of all this on FreeBSD code.
> We may very well suppose that any government or corporation funded code
>
ChallengeResponseAuthentication no
I wonder if other apps that make use of PAM can trigger the bug as well ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
t;XMODIFIERS GTK_IM_MODULE QT_IM_MODULE
QT_IM_SWITCHER"
+
+Defaults env_keep += SSH_AUTH_SOCK
+
+
I must be missing something obvious?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sente
On 9/19/2011 2:00 PM, Mike Tancsa wrote:
> On 9/16/2011 3:10 PM, Corey Smith wrote:
>> On 09/16/2011 11:05 AM, Dag-Erling Smørgrav wrote:
>>> My question is: which ones?
>>
>> security/pam_ssh_agent_auth
>>
>> It is BSD licensed and handy for sudo.
>
);
}
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freeb
On 9/20/2011 5:39 PM, Corey Smith wrote:
> On Tue, Sep 20, 2011 at 4:08 PM, Mike Tancsa wrote:
>> Seems to die in the function policy_check in sudo.c
>
> I am able to reproduce it as well on 8.2-RELEASE amd64,
> pam_ssh_agent_auth-0.9.3 and sudo-1.8.2.
>
I posted the ques
mail/svn-src-stable-8/2011-November/006315.html
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://ww
Saw this on FD... Anyone know any more details about this ?
http://lists.grok.org.uk/pipermail/full-disclosure/2011-November/084372.html
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994
1002 79 Nov 30 16:34 t.c
-rwxr-xr-x 1 0 1002 24 Nov 30 16:37 t.sh
226 Transfer complete.
ftp>
the file created is root
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Camb
und that.
Now to prod the proftpd folks
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
__
On 11/30/2011 8:16 PM, Xin LI wrote:
> On 11/30/11 17:01, Mike Tancsa wrote:
>> On 11/30/2011 7:01 PM, Xin LI wrote:
>>>
>>>> BTW. This vulnerability affects only configurations, where
>>>> /etc/ftpchroot exists or anonymous user is allowed to
gh to see its not an easy fix. In the mean time, I was just
looking for ways to protect the few boxes I have that run proftpd.
Right now running with "rootrevoke on" seems to be the safest, but that
has the side effect of killing active connections.
---Mike
--
---
On 11/30/2011 8:37 PM, Mike Tancsa wrote:
> On 11/30/2011 8:16 PM, Xin LI wrote:
>>
>> Sorry I patched at the wrong place, this one should do.
>>
>> Note however this is not sufficient to fix the problem, for instance
>> one can still upload .so's that run arb
Are there any security reasons as to why
http://www.freebsd.org/cgi/query-pr.cgi?pr=142258 ([patch] rtld(1): add
ability to log or print rtld errors)
would not have been committed to the tree ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m
uences).
>
> default:\
> - :passwd_format=md5:\
> + :passwd_format=sha512:\
> :copyright=/etc/COPYRIGHT:\
> :welcome=/etc/motd:\
> :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
>
> DES
--
---
Mike Tancs
stuser:$2a$04$veZKfUGwqsrxWZOb/wbes.RdgQhLL.kfqyQ8Cv044rjJdFI0nSVXy:1004:1004::0:0:User
&:/home/testuser:/bin/sh
0(cage2)#
Note the $2a$
Other place to do it is in auth.conf, but I usually do it in login.conf
as shown above.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html
---Mike
--
-
On 6/11/2012 4:48 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
>> currently not there.
>
> "not there" as in "not supported by crypt(3)"?
If you put in sha256|sha512 in pas
On 6/11/2012 10:00 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> Dag-Erling Smørgrav writes:
>>> Mike Tancsa writes:
>>>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
>>>> currently not there.
>>> "n
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd
105073, win 65535, options [mss
1460,nop,wscale 3,sackOK,TS val 177324430 ecr 0], length 0
Any idea what I am missing ?
This is a RELENG_8 box from this week.
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet se
On 1/6/2013 5:25 PM, Patrick Proniewski wrote:
> On 06 janv. 2013, at 23:11, Mike Tancsa wrote:
>
>> But if I make a simple php script to try and connect out, again, pflog0
>> blocks it and logs it, but it does not show up in the audit logs
>>
>>
>> Any i
On 1/7/2013 1:48 AM, Patrick Proniewski wrote:
> On 06 janv. 2013, at 23:46, Mike Tancsa wrote:
>
>> Hi,
>> Thanks for the reply! Where can I find setaudit ?
>
> you might find some useful info here too:
>
> http://forums.freebsd.org/showthread.php?t=2371
Three of them it seems
http://www.openssl.org/news/secadv_20130205.txt
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com
edly
fixes this regression issue.
http://www.openssl.org/source/exp/CHANGES
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http:/
legeSeparation yes
as it sounds like you have hardware crypto on the box and you are using
UsePrivilegeSeparation sandbox
which is broken
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.se
time.
Hi,
The webpage lists
FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c)
I take it this is only if you installed from the ports no ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since
-Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org mailing list
On 4/8/2014 10:09 AM, Merijn Verstraaten wrote:
On Apr 8, 2014, at 15:45 , Mike Tancsa wrote:
Hi,
I am trying to understand the implications of this bug in the context
of a vulnerable client, connecting to a server that does not have this
extension. e.g. a client app linked against
S be *well* reviewed before getting committed. IIRC there was a quick
fix to an openssl bug in the past that then had to be fixed again.
* What is stopping people who care about security from joining, or
following this mailing list ?
---Mike
--
---
Mike Tancsa, tel +1 51
those advisories.
Issues affecting the FreeBSD Ports Collection are covered in
http://vuxml.freebsd.org/
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org
option that will work, or is
scrub fragment reassemble
sufficient ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com
mped) bash
-c "true $(printf '< /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
---Mike
--
---
Mike Tancsa, tel +1 5
1 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
./bashcheck: line 18: 19749 Segmentation fault (core dumped) bash
-c "true $(printf '< /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Varia
On 1/27/2015 2:55 PM, FreeBSD Security Advisories wrote:
IV. Workaround
No workaround is available.
If SCTP is NOT compiled in the kernel, are you still vulnerable ?
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org
Could be worse, could be better
https://www.openssl.org/news/secadv_20150319.txt
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http
reebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
n others.
It should be noted that while a number of vendors have confirmed this
issue in various products, investigations are ongoing and it is likely
that many other vendors and products will turn out to be vulnerable as
the issue is investigated further.
--
---
Mike T
On 4/29/2015 6:07 PM, Mike Tancsa wrote:
The IP being scanned is in a jail. If I run the scan to an IP not
associated with the jail, the scan does not complain. Its only on the
jailed IP that the scan flags as problematic for this vulnerability.
If this is a false positive, how can I be sure
*:*
#
and then restarted the scan.
Sure enough, it comes up vulnerable. I have placed the 2 pcaps, and the
reports in http://www.tancsa.com/jail
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994
On 5/5/2015 9:32 AM, Mike Tancsa wrote:
and then restarted the scan.
Sure enough, it comes up vulnerable. I have placed the 2 pcaps, and the
reports in http://www.tancsa.com/jail
I setup a similar target environment for RELENG_10 but the scan seems to
think RELENG_10 is just plain
91
>> CVE-2015-1792, CVE-2015-4000
>
> I see a regression in the port for OpenSSL 1.0.2b:
There is also an ssh issue it seems ?
http://marc.info/?l=openssh-unix-dev&m=143412504002151&w=2
---Mike
--
---
Mike Tancsa, tel +1 5
e ssh client allows only three password entries
per default).
With this vulnerability an attacker is able to request as many password
prompts limited by the “login graced time” setting, that is set to two
minutes by default."
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Comm
On 7/17/2015 3:19 PM, Mike Tancsa wrote:
> --
> https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
> With this vulnerability an attacker is able to request as many password
> prompts li
; All supported versions of FreeBSD.
I know RELENG_8 is no longer supported, but does this issue impact
FreeBSD 8.x ?
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge,
On 8/27/2015 3:24 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> I know RELENG_8 is no longer supported, but does this issue impact
>> FreeBSD 8.x ?
>
> Note that of the three issues mentioned here, one is not exploitable by
> an attacker and the other two pres
I have been testing a box against the qualys PCI scanner. For whatever
reason, RELENG 10 comes up vulnerable still to
CVE-2004-0230
Any idea why this might show as being an issue still ? Is it an issue or
just a false positive ?
---Mike
--
---
Mike Tancsa, tel +1 519
I am guessing this will impact FreeBSD as well ?
http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge
1 interface (e.g. eToken) or tpm ?
---Mike
>
> I realize it's not a perfect solution by far, but it would provide some
> level of mitigation (especially for things like GELI) that could hold
> people over until they can replace their hardware.
--
---
ublication date of patches."
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
___
freebsd-security
Thanks very much for the updates!
---Mike
On 1/8/2018 12:57 PM, Gordon Tetlow wrote:
> By now, we're sure most everyone have heard of the Meltdown and Spectre--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet servic
On 1/12/2018 1:07 PM, Brett Glass wrote:
> All:
>
> The fix in this patch appears to be unconditional.
The original email said
"The code will be selectable via a tunable which ..." Perhaps wait for
the final product.
---Mike
--
-------
Mike Tancsa,
ust AMD64 ? Or does it fix it on i386 as well ?
---Mike
--
-------
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
___
freebsd
mitigate the issue on i386).
>
> On Wed, Mar 14, 2018 at 7:06 AM, Mike Tancsa <mailto:m...@sentex.net>> wrote:
>
> On 3/14/2018 12:29 AM, FreeBSD Security Advisories wrote:
> > Affects: All supported versions of FreeBSD.
>
On 5/15/2019 8:18 AM, Wall, Stephen wrote:
>> New CPU microcode may be available in a BIOS update from your system vendor,
>> or by installing the devcpu-data package or sysutils/devcpu-data port.
>> Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14.
>>
>> If using the pa
On 5/15/2019 10:27 AM, Borja Marcos wrote:
>
>> On 15 May 2019, at 15:32, mike tancsa wrote:
>>
>> Actually, just tried this on RELENG_11 (r347613) and I get
>>
>> don't know how to load module '/boot/firmware/intel-ucode.bin'
>>
>&
Hi all,
With respect to the bugs describe in
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
*
*
SACK Slowness (FreeBSD 12 using the RACK TCP Stack)
*Description:* It is possible to send a crafted sequence of SACKs which
will fragment the RAC
On 7/2/2019 8:49 PM, FreeBSD Security Advisories wrote:
> Special note: This update also adds the -z flag to fsck_ffs to have it scrub
> the leaked information in the name padding of existing directories. It only
> needs to be run once on each UFS/FFS filesystem after a patched kernel is
> install
Does anyone have any more details about the implication of this ? e.g.
does a daemon need to be listening on a target device ? Is it merely the
act of forwarding such packets ? Can a non root user open such a daemon ?
Thanks,
---Mike
> ===
Hi,
I was thinking with the 2 intel CPU SAs, there would be an SA fo
libarchive issue ?
https://nvd.nist.gov/vuln/detail/CVE-2019-18408
Or is FreeBSD not vulnerable to this particular issue ? I think as fix was
__FBSDID("$FreeBSD:
stable/12/contrib/libarchive/libarchive/archive_read_support
I heard about this on the ISC stormcast podcast this AM, but I cant
quite make heads or tails of if/when what was patched with respect to
FreeBSD.
https://www.forescout.com/company/blog/forescout-and-jsof-disclose-new-dns-vulnerabilities-impacting-millions-of-enterprise-and-consumer-devices/
They
1 - 100 of 120 matches
Mail list logo
