Displaying 19 results from an estimated 19 matches for "guessabl".
Did you mean:
guessable
2006 May 24
2
PDF Writing without Cached File
...an
output the PDF on-the-fly to the browser rather than having a temporary
PDF file?
I just can''t have these files laying around since they contain sensitive
information. I thought about just generating the PDF file and naming it
the session ID or something that''s not easily guessable, but I''d rather
just generate it in memory and dump it to the browser if possible.
--
Posted via http://www.ruby-forum.com/.
2009 Mar 26
1
Is there a public blacklist of hackers' IPaddresses?
...going to be a lot faster than attempting
a brute-force mathematical attack against MD5... and switching from
MD5 to SHA-1 provides no significant defense against dictionary
attacks.
The only good way to keep passwords secure against dictionary attacks,
is to make sure that the passwords aren't guessable by that means...
no common words, no names, no simple permutations or birthdates or
anything like that. Use a decent random-number generator and
number-to-character conversion algorithm to generate SIP passwords
that are sufficiently long and very DTR8FBWF_==F?Z@\.-+!N$ and you'll
be well def...
2009 Jan 07
9
''zfs recv'' is very slow
On Wed 07/01/09 20:31 , Carsten Aulbert carsten.aulbert at aei.mpg.de sent:
> Brent Jones wrote:
> >
> > Using mbuffer can speed it up dramatically, but
> > this seems like a hack> without addressing a real problem with zfs
> > send/recv.> Trying to send any meaningful sized snapshots
> > from say an X4540 takes> up to 24 hours, for as little as 300GB
2008 Dec 09
8
pop3 attack
I was looking at my maillog and it looks like someone is trying to get
into my pop3 server.
Dec 9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
Dec 9 15:29:08 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
Dec 9
2010 Jul 25
2
using Lazy_Expunge to enforce retention policy
Hi,
I've been experimenting with using Lazy_Expunge as a tool to enforce
document retention policies (by keeping users from deleting emails
forever, instead expiring them after a set time). My problem is, how do
I keep the user from deleting/expunging mails *inside the expunge folder
itself*?
I am using dovecot-1.2.10 built from FreeBSD's ports tree, and I am
using the following
2001 Jun 02
1
ssh-keygen(1) misinfo: English prose entropy 0.6 - 1.3 b/char!
Quoth manpage:
otherwise easily guessable (English prose has only 1-2 bits of entropy
per word, and provides very bad passphrases). The passphrase can be
Whoever wrote that manpage is either possessed of some
amazing human insight to which I am not privvy, chose a very
non-representative sample of English prose, or is just plain
wrong....
2002 Dec 29
1
Deleted from partition table
I accidentally removed an ext3 partition from the partition table. I know
roughly where it started. Is there any way of finding the superblock and
reconstructing it?
TIA,
Dave
(Yes I have a backup of the important stuff!)
2009 Jul 29
1
Misunderstood thing
Hello,
I'm novice on the SIP protocol also on Asterisk. Could someone explain
me why the Asterisk is using username and secret config on peer connection?
Does Asterisk can send call to peer without username and secret
configuration ?
Sincerely,
Tseveen.
2001 Aug 02
1
AIM can't find "Application Data" folder
when I try to run aim.exe under wine, i get the following error:
err:shell:SHGetSpecialFolderPathA Failed to create directory
'C:\WINNT\Application Data'.
why is it looking for that folder there? The partition is a win2k
install, so it would find it under "C:\Documents and
Settings\Administrator\Application Data". How do I make it look there?
Erik
2009 Nov 19
7
AXVoice Server Hacked.. accounts info leaked
AXvoice server hacked. Here are few working accounts
USE XLITE to make calls....
Registrar/Proxy
magnum.axvoice.com:9060
Free Sample account....
username=xMaxwellSmartx
secret=thanksapache
username=woodsy
type=friend
secret=haramikuttasala
username=wumingzi
type=friend
secret=kickyourass
Enjoy!
B.R
BaBa Jigger
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2010 Jun 23
6
one for your filters
Some !@$#@@# in the Czech Republic used one of our SIP accounts to place
four thousand calls to what appears to be a toll number in Zimbabwe last
night. Filter 82.150.165.5.
A more overriding problem for me is how do we know what *destinations* to
filter so this idea of war dialing a toll number is something we can
cutoff before it gets to our upstream provider? Is there some collected
2024 Jun 18
7
Call for testing: openssh-9.8
...by the same client address will accrue greater
penalties, up to a configurable maximum. Address ranges may be
exempted from penalties using the PerSourcePenaltyExemptList
option.
We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself. This option is enabled by default.
* ssh(8): allow the HostkeyAlgorithms directive to disable the
implicit fallback from certificate host key to plain host keys.
Bugfixes
--------
* misc: fix a number of inaccuracies in the PROTOCOL.*
docu...
2010 Jun 11
7
How to stop intruder from registering sip?
This is a small 12 line system, internal extensions 150 - 180. I didn't
have a phone on 151. Here's the sip.conf stanza:
;;[151]
;;type=friend
;;context=longdistance
;;callerid="Conf Room" <151>
;;secret=0000
;;host=dynamic
;;qualify=yes
;;dtmfmode=rfc2833
;;allow=all
;;defaultuser=151
;;nat=yes
;;canreinvite=no
There's no DISA. And then somehow (how???) ip address
2004 Aug 13
6
sequences in the auth.log
Hi all,
I found similar sequences in the
/var/auth.log files of freebsd boxes, I supervise.:
Aug 13 13:56:08 www sshd[26091]: Illegal user test from 165.21.103.20
Aug 13 13:56:11 www sshd[26093]: Illegal user guest from 165.21.103.20
Aug 13 13:56:15 www sshd[26096]: Illegal user admin from 165.21.103.20
Aug 13 13:56:18 www sshd[26103]: Illegal user admin from 165.21.103.20
Aug 13 13:56:21 www
1998 May 09
4
Apparent SNMP remote-root vulnerability.
I just had a remote root break-in on my machine (x86 running Red Hat Linux
5.0 with all the updates except for kernel-2.0.32-3) this morning at
06:03:28 EDT. From what I''ve been able to gather, it appears to have been
through snmpd, which I missed when I was weeding out unused daemons.
Sorry for the feeble message, but all I know (or at least strongly
suspect) is that there''s a
2018 Nov 03
7
Log ssh sessions using open source tools
Hi,
Are there any open source tools to keep track of ssh sessions? For example,
if a specific user is ssh logging to remote server and what commands or
scripts are being run. Basically, i need to log all users sessions.
Thanks in Advance and i look forward to hearing from you.
Best Regards,
Kaushal
2014 Nov 10
7
[Bug 2311] New: simple attack when control channel muxing is used
https://bugzilla.mindrot.org/show_bug.cgi?id=2311
Bug ID: 2311
Summary: simple attack when control channel muxing is used
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P3
Component: ssh
Assignee: unassigned-bugs at
2006 Feb 13
11
ssh attack
Hi,
I get ssh connect attempts all the time, to my servers at home and at
work. I've noticed lately they come from a certain ip address, hitting
every 3 or 4 seconds, trying 50 or 100 different user names and
passwords. And I get these sweeps from 2 or 3 ip addresses a day. I
guess this is an automated attempt to guess a user/pass and break into a
system.
I tried to secure ssh better by
2005 May 06
17
FYI: watch out for google's web accelerator - can empty your app of data
Hi All,
A co-worker passed this info on to me:
http://37signals.com/svn/archives2/google_web_accelerator_hey_not_so_fast_an_alert_for_web_app_designers.php
The Skinny: Google has a "Web Accelerator" that pre-caches pages by
following url''s. If you have any plain/simple URL''s that don''t take
paramaters (like what often happens in rails apps), it will try to