On 17 Feb 2016, at 14:07, Chris Bennett wrote:
> On Wed, Feb 17, 2016 at 07:51:28PM +0100, Tobias Ulmer wrote:
>>
>> The only thing wrong with lpd is nobody tedu'ed it yet.
>>
>> No really, it is outdated beyond rescue. If you want to write a new
>> print job queueing system, sure, have fun. Maybe
On 23 Jul 2015, at 17:38, Marc Espie wrote:
Not surprisingly, as the patch clearly shows, the problem is right
smack
in the middle of USE_PAM code.
I wouldn't call that an OpenSSH bug. I would call it a systemic design
flaw
in PAM. As usual. LOTS of security holes in authentication systems
On 23 Jul 2015, at 13:33, Theo de Raadt wrote:
>
>> My freebsd boxes do *not* have the problem, but that's because I have
>> set 'ChallengeResponseAuthentication no'.
>> I don't even remember why I set that on my freebsd boxes. I change very
>> few settings, but for some reason I decided to change
On 23 Jul 2015, at 10:06, Emilio Perea wrote:
To me it looks like a mistimed April Fools' joke, but hope somebody
more
knowledgeable will respond:
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
It is a real
4 matches
Mail list logo
