On Thu, Apr 09, 2020 at 04:24:34PM +0100, Kevin Chadwick wrote:
>
> > Now this whole debate boils down to "how much effort is someone willing to
> > invest
> > into hacking Cord's computers?", and that's something I can't answer.
>
> And how competent Cord is at defending his computer because t
> Now this whole debate boils down to "how much effort is someone willing to
> invest
> into hacking Cord's computers?", and that's something I can't answer.
And how competent Cord is at defending his computer because they may not be able
to if he is competent enough, which is my point; It is
> Conversely, if everything was easily hackable then we probably wouldn't use
> computers, at all.
Being hacked is a risk everybody is ready to accept, some knowingly, some
unknowingly.
There may be people here, who have never done business with any of these
entities
listed here, but they are ce
On 2020-04-09 10:55, Rudolf Leitgeb wrote:
> My point was, that security is an ongoing effort. Flaws and new
> exploit venues are discovered. There will be different numbers
> of flaws for different operating systems, but none remains unscathed
> for years. As soon as your server does anything usef
On 09.04.20 11:55, Rudolf Leitgeb wrote:
> As soon as your server does anything useful, it will
> present an attack vector to the outside world, and one needs to
> be aware of it.
>
just to add to your argument: your server does not even have to do
anything ... the interface driver or just the tc
On Wed, 2020-04-08 at 13:55 -0400, Allan Streib wrote:
> My (default) smtpd.conf says:
>
> listen on lo0
>
> So how might that be remotely exploitable?
I can disable all network connections on an unpatched Windows 95
laptop - oh, this would make it s secure ... Hint: a server,
which provid
Claus Assmann writes:
> On Wed, Apr 08, 2020, Kevin Chadwick wrote:
>
>> OpenSMTPD does not listen to the internet, by default and even if you do set
>> it
>
> From: Qualys Security Advisory
> To: oss-secur...@lists.openwall.com
> Message-ID: <20200224184538.GF17396@localhost.localdomain>
>
> -
Claus Assmann wrote:
> > Qualsys chose to call that remote, at a stretch. Either way, it does not
> > change
>
> It seems to be similar to "if you visit a compromised website"...
Which is not remote, either.
> Anyway, it doesn't seem to be productive to argue terminology etc,
> hence: sorry f
On Wed, Apr 08, 2020, Kevin Chadwick wrote:
> You missed some out. I assume on purpose.
Wrong "assumption"; I did it to keep it short -- I included the
info how someone could find the details.
> So it does require internal users to make an action and a MITM or outbound
> connection to an attacke
On 2020-04-08 18:39, Claus Assmann wrote:
> - Client-side exploitation: This vulnerability is remotely exploitable
> in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
You missed some out. I assume on purpose.
Client-side exploitation: This vulnerability is remotely exploitabl
On Wed, Apr 08, 2020, Kevin Chadwick wrote:
> OpenSMTPD does not listen to the internet, by default and even if you do set
> it
From: Qualys Security Advisory
To: oss-secur...@lists.openwall.com
Message-ID: <20200224184538.GF17396@localhost.localdomain>
- Client-side exploitation: This vulnera
11 matches
Mail list logo