Re: [FD] Skype Debian package: allows complete machine takeover for Microsoft

On Tue, Sep 25, 2018 at 07:04:18PM +0200, Enrico Weigelt, metux IT consult wrote: > Operator's workaround: > [..] > c) use apt pinning to restrict the Microsoft repo to only the > package 'skypeforlinux' Please note that the Debian package pre/post inst/rm scripts run with full root privil

Re: [FD] end of useable crypto in browsers?

On Sat, Apr 09, 2016 at 11:34:26AM +0200, Árpád Magosányi wrote: > Browser developers are dropping support for X509 key generation. > Yes, have its problems. But window.crypto - which is meant to > replace it - have no way to save keys in the browser's keystore. > [..] > Any ideas on how to make t

Re: [FD] Critical bash vulnerability CVE-2014-6271

On Thu, Sep 25, 2014 at 01:54:31PM -0700, Paul Vixie wrote: > no. the problem occurs when /bin/sh is bash, or when a network invokable > script begins with the line #!/bin/bash. it has nothing to do with the > user's shell. rather, it's the shell used by popen() and system() and of > course (execl,

Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

On Fri, Apr 11, 2014 at 01:09:37PM +0200, Reindl Harald wrote: > interesting, i have until now 3 mail client-IPs triggering that rules on > 993 and 995 one of them is our own external office, the other two are > using AppleMail too > > anybody an idea why Mail.app is using Heartbeat packets on POP