search for: nsa

...on fails. I have tried the domain username/password, and I have tried local Linux accounts (even root!) but I always get "The specified network password is not correct", which shows as access denied in the Samba logs (see below). C:\Users\lomaxd>net use x: \\192.168.84.253\fs$ /user:NSA\lomaxd Enter the password for 'NSA\lomaxd' to connect to '192.168.84.253': System error 86 has occurred. The specified network password is not correct. I think what is happening is that the file server for some reason cannot authenticate the username/password because the reques...

On Mon, Oct 19, 2015 at 11:28:04AM +0200, Florent B wrote: > Have you read this article from ars technica ? > > http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ Yes. > What I understand is that 1024-bits Diffie-Hellman keys are broken by NSA. More precisely, they can spend a lot of effort to break Diffie-Hellman for a small number of primes. Unfortunately, most implementations only use a small...

This was just posted on the Postfix list. Centos 7 ships with: postfix-2.10.1-6.el7 Has this cert advisory been applied to the Centos build of Postfix? thank you -------- Forwarded Message -------- Subject: Obsolete NSA exploit for Postfix 2.0 - 2.2 Date: Sun, 9 Apr 2017 16:18:06 -0400 (EDT) From: Wietse Venema <wietse at porcupine.org> To: Postfix users <postfix-users at postfix.org> CC: Postfix announce <postfix-announce at postfix.org> A recent twitter post reveals the existence of an e...

...>> OpenSSH uses Curve25519 for ECDSA which has documented reasons for the >> parameters chosen and thus are far less likely to be nefariously chosen. >> >> At least that's my understanding of the situation, which could be flawed. > > Oh, are those the ones with the NSA backdoor curve? > Allegedly they might. I use ecdsa certs on most of my websites, using secp384r1 I formerly used secp521r1 but suddenly Google with no warning stopped supporting it in chrome. That company is too powerful. The only other option (that has both browser and CA support) is prim...

...a 10G > card. You do know that Samba 3.x.x is dead, this probably means that your Proxmox needs updating. > In /var/log/samba/log.192.168.84.101: > > [2020/05/13 16:28:04.654299, 2] > ../auth/auth_log.c:610(log_authentication_event_human_readable) > Auth: [SMB2,(null)] user [NSA]\[lomaxd] at [Wed, 13 May 2020 > 16:28:04.654290 BST] with [NTLMv1] status [NT_STATUS_WRONG_PASSWORD] 'NTLMv1' ? You do know that this is insecure. > My /etc/samba/smb.conf: > (My file share is fs$) > > [global] > > ## Browsing/Identification ### > > vfs objec...

I have tried compiling wine versions 1.2.1, 1.2.2, and 1.3.12 on caos NSA 0.9 x86_64. All versions have the same behavior when I try to compile them. During configuration I get configure: error: FreeType 32-bit development files not found. Fonts will not be built. Use the --without-freetype option if you really want this. This occurs even though freetype.i386, and free...

...lient logs on, the password is used to unlock users server side private key. > If mail arrives from MTA or any other source, mail is encrypted with users public key. > Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported. > This is for the situation if NSA or other organizations asks admin for > users mail insistently, So ... exactly which security threat are you thinking about preventing here? This won't protect against: * NSA listening in on the mails when they arrive. * NSA taking a backup of your mails and wait for your first attempt to...

...h identity I. He also has a ssh-agent to which he has ssh-added work.key and linux.key He has access to kernel.org, and occasionally he wants to transfer files between kernel.org and linux.org, and thus set up an authorized_keys file on linux.org that trusts linux.key. He also has access to work1.nsa.gov, and occasionally he wants to transfer files between work1.nsa.gov and work2.nsa.gov (for which he uses work.key) However, while he trusts kernel.org's admin not to attempt to hack his way into linux.org, he wouldn't be so sure about him hacking into work1.nsa.gov, so access to work.ke...

...egular DNS nowadays? * I removed the domain line from resolv.conf, although I'm still not sure what it does :-) * I removed the nameserver entry for the gateway, and added 2 nameserver entries with each of the DCs IPs. Question ... I configured my gateway (pfsense) to delegate DNS lookups for nsa.int to the DCs. Does that mean I can keep all machines pointing their DNS lookups to the gateway? Or do domain members need to make the DCs their first port-of-call for DNS lookups? I've always scratched my head over trying to understand what are the samba options applicable to the latest ver...

On 10/04/17 12:08, Robert Moskowitz wrote: > This was just posted on the Postfix list. Centos 7 ships with: > postfix-2.10.1-6.el7 > > Has this cert advisory been applied to the Centos build of Postfix? > > This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed > 11 years ago in Postfix 2.2.11 and later. 2.10.1 is way later than 2.2.11, this bug was never in

I found a bug in Webmin when using Webmin with SELinux in Permissive Mode. The author of Webmin, asked me, in their bug tracker on SourceForge: > Ok, thanks ... I see the problem. Webmin opens the log file > /var/webmin/miniserv.error and connects STDERR to it, then runs other > commands like iptables, which inherits the STDERR file descriptor. > This is generally a good thing, as any

Hello Alice, On Wed, 2016-10-19 at 14:22 -0700, Alice Wonder wrote: > I formerly used secp521r1 but suddenly Google with no warning stopped > supporting it in chrome. That company is too powerful. Actually this is something the NSA insists on: https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf&WpKes=aF6woL7fQp3dJiC4qaMYyEVfFwN9wmQ9umeApa Q: To whom is the CNSS Advisory Memorandu...

Content-Description: Undelivered Message From: Luke Kenneth Casson Leighton <lkcl at lkcl.net> To: Damien Miller <djm at mindrot.org> Cc: openssh-unix-dev at mindrot.org, pam-list at redhat.com, SE-Linux <selinux at tycho.nsa.gov>, hartmans at debian.org Subject: Re: Debian / SE/Linux - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193664 Mail-Followup-To: Damien Miller <djm at mindrot.org>, openssh-unix-dev at mindrot.org, pam-list at redhat.com, SE-Linux <selinux at tycho.nsa.gov>, hartmans at debi...

When a message with zero length is sent to xenstore, the body of the message was not processed until the socket or ring had more data to read; this will cause deadlocks if the requestor is waiting on a response to continue. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- tools/xenstore/xenstored_core.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 5d308ca..9e6c2c7 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -1297,...

Not wishing to extend this thread further, but ... > There are conspiracy theories out there that the NSA is involved with > bringing systemd to Linux so they can have easy access to *"unknown"* > bugs - aka backdoors - to all Linux installations using systemd *[1]*. They're conspiracy theories, and that's it. The bottom line is that in general people don't like not unde...

This is a very KGB / NSA / InterPOL / CIA type question, but if I have a recorded file (G.711, no compression) can I feed it into standard in of an application and have it recreate the fax that was send? I don't know enough about the Fax handshaking to understand this. -------------- next part --------------...

...quot;#define efi_runtime_call(x) efi_compat_runtime_call(x)" on line 15 of xen/arch/x86/x86_64/platform_hypercall.c to cause the above compile error. (At least, that is what I think is happening.) Renaming the XSM struct member fixes the problem. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> --- arch/x86/platform_hypercall.c | 2 +- include/xsm/xsm.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff -r 0312575dc35e xen/arch/x86/platform_hypercall.c --- a/xen/arch/x86/platform_hypercall.c Thu Sep 08 15:13:06 2011 +0100 +++ b/xen/arch/x86/pla...

...ries' modify 'ClientAliveInterval' modify 'ClientAliveCountMax' Gnome: disable Gnome user list Console: Remove reboot, halt poweroff from /etc/security/console.app Applying security best practises from various compliance perspective, e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure configuration guide to get some insight or use it as a baseline. The members of the community who are interested in this SIG or are willing to contribute are: Leam Hall Corey Henderson Jason Pyeron You can find the post here [0] We will really like to get SIG approved by the CentOS...

...ors at the same time kill people based on metadata and targed Angry Birds. So we should do all we can to minimize revealing metadata by default, or at least have the option to do so. Over in Debian, there's a similar Bug [0], which states that this version string "is used as a selector in NSA's XKEYSCORE queries in conjunction with the metadata database of potentially exploitable services (BLEAKINQUIRY) by the NSA group 'S31176' for targeted exploit and compromise [1][2]". I respect the argument, that it might be "necessary to use the version for protocol compatib...

Well them plus CIA, NSA, Barney the Dinosaur and Teletubbies. Brian Bernard On Apr 2, 2015 5:58 PM, "????????? ????????" <nevis2us at infoline.su> wrote: > One thing I forgot to mention: I also always recommend AGAINST using >> kasperski. Kasperski is KGB guy (*cough* *cough* retired. You know i...