Displaying 20 results from an estimated 331 matches for "nsa".
Did you mean:
isa
2020 May 13
2
Multi-homed Samba 4 file server on Samba 4 AD domain - cross network authentication
...on fails. I have
tried the domain username/password, and I have tried local Linux accounts
(even root!) but I always get "The specified network password is not
correct", which shows as access denied in the Samba logs (see below).
C:\Users\lomaxd>net use x: \\192.168.84.253\fs$ /user:NSA\lomaxd
Enter the password for 'NSA\lomaxd' to connect to '192.168.84.253':
System error 86 has occurred.
The specified network password is not correct.
I think what is happening is that the file server for some reason cannot
authenticate the username/password because the reques...
2015 Oct 19
0
Article : NSA can break trillions of encrypted VPN connections
On Mon, Oct 19, 2015 at 11:28:04AM +0200, Florent B wrote:
> Have you read this article from ars technica ?
>
> http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/
Yes.
> What I understand is that 1024-bits Diffie-Hellman keys are broken by NSA.
More precisely, they can spend a lot of effort to break Diffie-Hellman
for a small number of primes. Unfortunately, most implementations only
use a small...
2017 Apr 10
2
Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2
This was just posted on the Postfix list. Centos 7 ships with:
postfix-2.10.1-6.el7
Has this cert advisory been applied to the Centos build of Postfix?
thank you
-------- Forwarded Message --------
Subject: Obsolete NSA exploit for Postfix 2.0 - 2.2
Date: Sun, 9 Apr 2017 16:18:06 -0400 (EDT)
From: Wietse Venema <wietse at porcupine.org>
To: Postfix users <postfix-users at postfix.org>
CC: Postfix announce <postfix-announce at postfix.org>
A recent twitter post reveals the existence of an e...
2016 Oct 19
2
SSH Weak Ciphers
...>> OpenSSH uses Curve25519 for ECDSA which has documented reasons for the
>> parameters chosen and thus are far less likely to be nefariously chosen.
>>
>> At least that's my understanding of the situation, which could be flawed.
>
> Oh, are those the ones with the NSA backdoor curve?
>
Allegedly they might.
I use ecdsa certs on most of my websites, using secp384r1
I formerly used secp521r1 but suddenly Google with no warning stopped
supporting it in chrome. That company is too powerful.
The only other option (that has both browser and CA support) is prim...
2020 May 13
0
Multi-homed Samba 4 file server on Samba 4 AD domain - cross network authentication
...a 10G
> card.
You do know that Samba 3.x.x is dead, this probably means that your
Proxmox needs updating.
> In /var/log/samba/log.192.168.84.101:
>
> [2020/05/13 16:28:04.654299, 2]
> ../auth/auth_log.c:610(log_authentication_event_human_readable)
> Auth: [SMB2,(null)] user [NSA]\[lomaxd] at [Wed, 13 May 2020
> 16:28:04.654290 BST] with [NTLMv1] status [NT_STATUS_WRONG_PASSWORD]
'NTLMv1' ? You do know that this is insecure.
> My /etc/samba/smb.conf:
> (My file share is fs$)
>
> [global]
>
> ## Browsing/Identification ###
>
> vfs objec...
2011 Jan 26
1
Wine fails to compile on Caos NSA 0.9 x86_64
I have tried compiling wine versions 1.2.1, 1.2.2, and 1.3.12 on caos NSA 0.9 x86_64. All versions have the same behavior when I try to compile them. During configuration I get
configure: error: FreeType 32-bit development files not found. Fonts will not be built.
Use the --without-freetype option if you really want this.
This occurs even though freetype.i386, and free...
2013 Nov 11
2
server side private/public key
...lient logs on, the password is used to unlock users server side
private key.
> If mail arrives from MTA or any other source, mail is encrypted with
users public key.
> Key pair should be located in LDAP or SQL server. PGP and S/MIME
should be supported.
> This is for the situation if NSA or other organizations asks admin for
> users mail insistently,
So ... exactly which security threat are you thinking about preventing here?
This won't protect against:
* NSA listening in on the mails when they arrive.
* NSA taking a backup of your mails and wait for your first attempt to...
2011 Sep 11
2
[Bug 1937] New: Make it possible to give a give an ssh session only access to a limit subset of ssh-agent keys
...h identity I. He also has a
ssh-agent to which he has ssh-added work.key and linux.key
He has access to kernel.org, and occasionally he wants to transfer
files between kernel.org and linux.org, and thus set up an
authorized_keys file on linux.org that trusts linux.key.
He also has access to work1.nsa.gov, and occasionally he wants to
transfer files between work1.nsa.gov and work2.nsa.gov (for which he
uses work.key)
However, while he trusts kernel.org's admin not to attempt to hack his
way into linux.org, he wouldn't be so sure about him hacking into
work1.nsa.gov, so access to work.ke...
2020 May 14
1
Multi-homed Samba 4 file server on Samba 4 AD domain - cross network authentication
...egular DNS nowadays?
* I removed the domain line from resolv.conf, although I'm still not sure what it does :-)
* I removed the nameserver entry for the gateway, and added 2 nameserver entries with each of the DCs IPs.
Question ... I configured my gateway (pfsense) to delegate DNS lookups for nsa.int to the DCs. Does that mean I can keep all machines pointing their DNS lookups to the gateway?
Or do domain members need to make the DCs their first port-of-call for DNS lookups?
I've always scratched my head over trying to understand what are the samba options applicable to the latest ver...
2017 Apr 10
0
Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2
On 10/04/17 12:08, Robert Moskowitz wrote:
> This was just posted on the Postfix list. Centos 7 ships with:
> postfix-2.10.1-6.el7
>
> Has this cert advisory been applied to the Centos build of Postfix?
>
> This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed
> 11 years ago in Postfix 2.2.11 and later.
2.10.1 is way later than 2.2.11, this bug was never in
2007 Aug 30
4
SELinux question - to fix bug in Webmin
I found a bug in Webmin when using Webmin with SELinux in Permissive
Mode. The author of Webmin, asked me, in their bug tracker on
SourceForge:
> Ok, thanks ... I see the problem. Webmin opens the log file
> /var/webmin/miniserv.error and connects STDERR to it, then runs other
> commands like iptables, which inherits the STDERR file descriptor.
> This is generally a good thing, as any
2016 Oct 20
0
SSH Weak Ciphers
Hello Alice,
On Wed, 2016-10-19 at 14:22 -0700, Alice Wonder wrote:
> I formerly used secp521r1 but suddenly Google with no warning stopped
> supporting it in chrome. That company is too powerful.
Actually this is something the NSA insists on:
https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf&WpKes=aF6woL7fQp3dJiC4qaMYyEVfFwN9wmQ9umeApa
Q: To whom is the CNSS Advisory Memorandu...
2004 May 30
0
Debian / SE/Linux (resend due to html bounce)
Content-Description: Undelivered Message
From: Luke Kenneth Casson Leighton <lkcl at lkcl.net>
To: Damien Miller <djm at mindrot.org>
Cc: openssh-unix-dev at mindrot.org, pam-list at redhat.com,
SE-Linux <selinux at tycho.nsa.gov>, hartmans at debian.org
Subject: Re: Debian / SE/Linux - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193664
Mail-Followup-To: Damien Miller <djm at mindrot.org>,
openssh-unix-dev at mindrot.org, pam-list at redhat.com,
SE-Linux <selinux at tycho.nsa.gov>, hartmans at debi...
2011 Oct 31
3
[PATCH] xenstored: Fix processing of zero-length messages
When a message with zero length is sent to xenstore, the body of the
message was not processed until the socket or ring had more data to
read; this will cause deadlocks if the requestor is waiting on a
response to continue.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
tools/xenstore/xenstored_core.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 5d308ca..9e6c2c7 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -1297,...
2017 Apr 15
5
OT: systemd Poll - So Long, and Thanks for All the fish.
Not wishing to extend this thread further, but ...
> There are conspiracy theories out there that the NSA is involved with
> bringing systemd to Linux so they can have easy access to *"unknown"*
> bugs - aka backdoors - to all Linux installations using systemd *[1]*.
They're conspiracy theories, and that's it. The bottom line is that in
general people don't like not unde...
2006 May 03
13
Can I recreate a Fax from a recorded file?
This is a very KGB / NSA / InterPOL / CIA type question, but if I have a
recorded file (G.711, no compression) can I feed it into standard in of
an application and have it recreate the fax that was send?
I don't know enough about the Fax handshaking to understand this.
-------------- next part --------------...
2011 Sep 14
1
[PATCH] xen/xsm: Compile error due to naming clash between XSM and EFI runtime
...quot;#define
efi_runtime_call(x) efi_compat_runtime_call(x)" on line 15 of
xen/arch/x86/x86_64/platform_hypercall.c to cause the above compile
error. (At least, that is what I think is happening.)
Renaming the XSM struct member fixes the problem.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
arch/x86/platform_hypercall.c | 2 +-
include/xsm/xsm.h | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff -r 0312575dc35e xen/arch/x86/platform_hypercall.c
--- a/xen/arch/x86/platform_hypercall.c Thu Sep 08 15:13:06 2011 +0100
+++ b/xen/arch/x86/pla...
2015 Apr 22
6
SIG - Hardening
...ries'
modify 'ClientAliveInterval'
modify 'ClientAliveCountMax'
Gnome:
disable Gnome user list
Console:
Remove reboot, halt poweroff from /etc/security/console.app
Applying security best practises from various compliance perspective,
e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure
configuration guide to get some insight or use it as a baseline. The
members of the community who are interested in this SIG or are willing
to contribute are:
Leam Hall
Corey Henderson
Jason Pyeron
You can find the post here [0]
We will really like to get SIG approved by the CentOS...
2015 Jul 10
0
[Bug 764] fully remove product and version information
...ors at the same time kill people based on metadata and targed Angry
Birds. So we should do all we can to minimize revealing metadata by
default, or at least have the option to do so.
Over in Debian, there's a similar Bug [0], which states that this
version string "is used as a selector in NSA's XKEYSCORE queries in
conjunction with the metadata database of potentially exploitable
services (BLEAKINQUIRY) by the NSA group 'S31176' for targeted exploit
and compromise [1][2]".
I respect the argument, that it might be "necessary to use the version
for protocol compatib...
2015 Apr 02
1
OT: Recommended anti-virus for Windows
Well them plus CIA, NSA, Barney the Dinosaur and Teletubbies.
Brian Bernard
On Apr 2, 2015 5:58 PM, "????????? ????????" <nevis2us at infoline.su> wrote:
> One thing I forgot to mention: I also always recommend AGAINST using
>> kasperski. Kasperski is KGB guy (*cough* *cough* retired. You know i...