search for: guessable

...an output the PDF on-the-fly to the browser rather than having a temporary PDF file? I just can''t have these files laying around since they contain sensitive information. I thought about just generating the PDF file and naming it the session ID or something that''s not easily guessable, but I''d rather just generate it in memory and dump it to the browser if possible. -- Posted via http://www.ruby-forum.com/.

...going to be a lot faster than attempting a brute-force mathematical attack against MD5... and switching from MD5 to SHA-1 provides no significant defense against dictionary attacks. The only good way to keep passwords secure against dictionary attacks, is to make sure that the passwords aren't guessable by that means... no common words, no names, no simple permutations or birthdates or anything like that. Use a decent random-number generator and number-to-character conversion algorithm to generate SIP passwords that are sufficiently long and very DTR8FBWF_==F?Z@\.-+!N$ and you'll be well defe...

On Wed 07/01/09 20:31 , Carsten Aulbert carsten.aulbert at aei.mpg.de sent: > Brent Jones wrote: > > > > Using mbuffer can speed it up dramatically, but > > this seems like a hack> without addressing a real problem with zfs > > send/recv.> Trying to send any meaningful sized snapshots > > from say an X4540 takes> up to 24 hours, for as little as 300GB

I was looking at my maillog and it looks like someone is trying to get into my pop3 server. Dec 9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9 15:29:08 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2 Dec 9

Hi, I've been experimenting with using Lazy_Expunge as a tool to enforce document retention policies (by keeping users from deleting emails forever, instead expiring them after a set time). My problem is, how do I keep the user from deleting/expunging mails *inside the expunge folder itself*? I am using dovecot-1.2.10 built from FreeBSD's ports tree, and I am using the following

Quoth manpage: otherwise easily guessable (English prose has only 1-2 bits of entropy per word, and provides very bad passphrases). The passphrase can be Whoever wrote that manpage is either possessed of some amazing human insight to which I am not privvy, chose a very non-representative sample of English prose, or is just plain wrong....

I accidentally removed an ext3 partition from the partition table. I know roughly where it started. Is there any way of finding the superblock and reconstructing it? TIA, Dave (Yes I have a backup of the important stuff!)

Hello, I'm novice on the SIP protocol also on Asterisk. Could someone explain me why the Asterisk is using username and secret config on peer connection? Does Asterisk can send call to peer without username and secret configuration ? Sincerely, Tseveen.

when I try to run aim.exe under wine, i get the following error: err:shell:SHGetSpecialFolderPathA Failed to create directory 'C:\WINNT\Application Data'. why is it looking for that folder there? The partition is a win2k install, so it would find it under "C:\Documents and Settings\Administrator\Application Data". How do I make it look there? Erik

AXvoice server hacked. Here are few working accounts USE XLITE to make calls.... Registrar/Proxy magnum.axvoice.com:9060 Free Sample account.... username=xMaxwellSmartx secret=thanksapache username=woodsy type=friend secret=haramikuttasala username=wumingzi type=friend secret=kickyourass Enjoy! B.R BaBa Jigger -------------- next part -------------- An HTML attachment was scrubbed... URL:

Some !@$#@@# in the Czech Republic used one of our SIP accounts to place four thousand calls to what appears to be a toll number in Zimbabwe last night. Filter 82.150.165.5. A more overriding problem for me is how do we know what *destinations* to filter so this idea of war dialing a toll number is something we can cutoff before it gets to our upstream provider? Is there some collected

...by the same client address will accrue greater penalties, up to a configurable maximum. Address ranges may be exempted from penalties using the PerSourcePenaltyExemptList option. We hope these options will make it significantly more difficult for attackers to find accounts with weak/guessable passwords or exploit bugs in sshd(8) itself. This option is enabled by default. * ssh(8): allow the HostkeyAlgorithms directive to disable the implicit fallback from certificate host key to plain host keys. Bugfixes -------- * misc: fix a number of inaccuracies in the PROTOCOL.* docum...

This is a small 12 line system, internal extensions 150 - 180. I didn't have a phone on 151. Here's the sip.conf stanza: ;;[151] ;;type=friend ;;context=longdistance ;;callerid="Conf Room" <151> ;;secret=0000 ;;host=dynamic ;;qualify=yes ;;dtmfmode=rfc2833 ;;allow=all ;;defaultuser=151 ;;nat=yes ;;canreinvite=no There's no DISA. And then somehow (how???) ip address

Hi all, I found similar sequences in the /var/auth.log files of freebsd boxes, I supervise.: Aug 13 13:56:08 www sshd[26091]: Illegal user test from 165.21.103.20 Aug 13 13:56:11 www sshd[26093]: Illegal user guest from 165.21.103.20 Aug 13 13:56:15 www sshd[26096]: Illegal user admin from 165.21.103.20 Aug 13 13:56:18 www sshd[26103]: Illegal user admin from 165.21.103.20 Aug 13 13:56:21 www

I just had a remote root break-in on my machine (x86 running Red Hat Linux 5.0 with all the updates except for kernel-2.0.32-3) this morning at 06:03:28 EDT. From what I''ve been able to gather, it appears to have been through snmpd, which I missed when I was weeding out unused daemons. Sorry for the feeble message, but all I know (or at least strongly suspect) is that there''s a

Hi, Are there any open source tools to keep track of ssh sessions? For example, if a specific user is ssh logging to remote server and what commands or scripts are being run. Basically, i need to log all users sessions. Thanks in Advance and i look forward to hearing from you. Best Regards, Kaushal

https://bugzilla.mindrot.org/show_bug.cgi?id=2311 Bug ID: 2311 Summary: simple attack when control channel muxing is used Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P3 Component: ssh Assignee: unassigned-bugs at

Hi, I get ssh connect attempts all the time, to my servers at home and at work. I've noticed lately they come from a certain ip address, hitting every 3 or 4 seconds, trying 50 or 100 different user names and passwords. And I get these sweeps from 2 or 3 ip addresses a day. I guess this is an automated attempt to guess a user/pass and break into a system. I tried to secure ssh better by

Hi All, A co-worker passed this info on to me: http://37signals.com/svn/archives2/google_web_accelerator_hey_not_so_fast_an_alert_for_web_app_designers.php The Skinny: Google has a "Web Accelerator" that pre-caches pages by following url''s. If you have any plain/simple URL''s that don''t take paramaters (like what often happens in rails apps), it will try to