search for: seifri

...n has been going on "offline" with an occasional CC to linux-security. By the time I got around to do another "moderation round" this one was the latest. Everyone is keeping good context, so I think you all will be able to follow the discussion. --REW] >>>>> <seifried@seifried.org> writes: >> The only thing I can see coming out of a "checklist" security setup >> is a false sense of security. The moment poor Joe User does >> something unanticipated or tricky, he'll be both unaware of his >> problem and unable to handle...

...com [199.183.24.247]) by ferryman.ocn.nl (8.6.13/8.6.9) with SMTP id IAA23067 for <r.e.wolff@BitWizard.nl>; Wed, 8 Jul 1998 08:19:52 +0200 Received: (qmail 6509 invoked by uid 501); 8 Jul 1998 06:28:23 -0000 Received: (qmail 6485 invoked from network); 8 Jul 1998 06:28:21 -0000 Received: from seifried-gateway.powersurfr.com (HELO gateway-seifried.seifried.org) (24.108.11.202) by mail2.redhat.com with SMTP; 8 Jul 1998 06:28:21 -0000 Received: from localhost (seifried@localhost) by gateway-seifried.seifried.org (8.8.7/1.0.2) with SMTP id AAA01231 for <linux-security@redhat.com>; Wed, 8...

Hi everyone, every comment about this: http://xforce.iss.net/xforce/xfdb/16264 Didn't find any hint or patch on http://www.xfree86.org/security/. Best regards Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ GWDG / __/______ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/

...puters running through a SOCKS5 firewall system. There are about 120 > computers that are running on this firewall on a daily basis through 10/100 > mbit network connections. The system it is runing is only a P133 with a > SCSI hardrive. I run this at home also, and it works very well. Seifried <seifried@seifried.org> pointed out that the 2.1 kernels seem to have better network performance. Dave Cinge specifically mentioned the Linux Router Project (http://www.linuxrouter.org/) and their work in this area. He points out that traffic characteristics seem to have a significant imp...

...puters running through a SOCKS5 firewall system. There are about 120 > computers that are running on this firewall on a daily basis through 10/100 > mbit network connections. The system it is runing is only a P133 with a > SCSI hardrive. I run this at home also, and it works very well. Seifried <seifried@seifried.org> pointed out that the 2.1 kernels seem to have better network performance. Dave Cinge specifically mentioned the Linux Router Project (http://www.linuxrouter.org/) and their work in this area. He points out that traffic characteristics seem to have a significant imp...

I was wondering if anyone here has or knows how to implement ttysnoop w/ssh ?

...elbing <flo@rommel.stw.uni-erlangen.de> Graham Mainwaring <graham@mhn.org> Horms <horms@vergenet.net> Iain Wade <iwade@optusnet.com.au> JP Vossen <vossenjp@netaxs.com> Jakub Skopal <jakub.skopal@sorcerer.cz> Jamie Beverly <jamie@www.how-toresource.com> Kurt Seifried <listuser@seifried.org> Matthew B. Henniges <matt@axl.net> Michael H. Warfield <mhw@wittsend.com> Peter H. Lemieux <phl@cyways.com> Petr Sulla <xsulla@informatics.muni.cz> Ren Sauceda, Computer Systems Engineer (kvsauceda@lbl.gov) Shawn Robinson <srobins1@tps.tci....

---------- Forwarded message ---------- Date: Tue, 30 Jun 1998 15:10:47 +0800 From: David Luyer <luyer@UCS.UWA.EDU.AU> To: BUGTRAQ@NETSPACE.ORG Subject: Serious Linux 2.0.34 security problem I just saw this mentioned on linux-kernel and confirmed it; #include <fcntl.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int

Hallo! I just started working with R to do the statistical analyses for my diploma thesis. I got two sets of data. Both contain repeated measures. One has only one within-subject factor with four levels. The other has one within-subject factor with two levels and one between-factor with two levels. I want to compute a Mauchly test for both sets and a Levene test for the second set. I

Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools

ALL, Our Primary DNS has been broken into twice in the last week. The first time it happened I noticed the hacker used named for means of gaining entry. This guy was good at hiding his/her tracks so we reinstalled the OS and left a minimum install to see if it was done again. We logged all goings on from a secure remote machine. We got the hacker''s IP address and even some of what

...cal users may gain privileged access for OpenSSH < 3.3 No privileged access is possible for OpenSSH with UsePrivsep enabled. 3. Solution: Apply the following patch and replace radix.c with http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/radix.c?rev=1.18 4. Credits: kurt at seifried.org for notifying the OpenSSH team. http://mantra.freeweb.hu/ Appendix: Index: bufaux.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/bufaux.c,v retrieving revision 1.24 diff -u -r1.24 bufaux.c --- bufaux.c 26 Mar 2002 15:23:40 -0000 1.24 ++...

...cal users may gain privileged access for OpenSSH < 3.3 No privileged access is possible for OpenSSH with UsePrivsep enabled. 3. Solution: Apply the following patch and replace radix.c with http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/radix.c?rev=1.18 4. Credits: kurt at seifried.org for notifying the OpenSSH team. http://mantra.freeweb.hu/ Appendix: Index: bufaux.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/bufaux.c,v retrieving revision 1.24 diff -u -r1.24 bufaux.c --- bufaux.c 26 Mar 2002 15:23:40 -0000 1.24 ++...

>>>>> <seifried@seifried.org> writes: > I was looking around for a book specifically on Linux security a week or > two ago, and couldn''t find any. I wanted something Linux specific as > opposed to say O''Reilly''s yellow safe book. There are actually Linux-specific details...

Someone I was speaking with this evening claimed they have installed the latest named rpms yet they are still getting exploited daily and being hacked. Do the latest rpm''s for the named 4.9.x stuff fix all the root exploits or is this person just an idiot who probably has holes elsewhere in the system?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I really do not agree with adding it to the base system. Just because you guys use sudo does not mean other people do. In fact many people do not have a use for sudo at all. Not every one gives out root accounts. You are only adding another utility In that can possibly be used to escalate privileges. Every time I secure a system I spend some time

Hello, Questions, observations, and curiosities. Maybe this is something stupid or maybe I'm doing something wrong... But... In light of the Kurt Seifried paper on SSH and SSL, I was looking for the finger prints on my various servers and known hosts files to have a little crib sheet and maybe plug the list into a database on my palm pilot. I found that ssh-keygen lists out the fingerprints of the RSA keys just fine but fails when I try to list out...

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

...uld also appreciate anyone else who has experiemented with IPSec under Linux to do likewise. It''s rather simplistic to say but basically true that using IPSec would solve many many security problems and risks that we currently suffer (have you ever tried implimenting kerberoes? not fun). -seifried

...> RESOLUTION > ========== > > The attached patch against qemu-xen-traditional > (qemu-xen-4.*-testing.git) resolves this issue. > > $ sha256sum xsa19-qemu-all.patch > 19fc5ff9334e7e7ad429388850dc6e52e7062c21a677082e7a89c2f2c91365fa xsa19-qemu-all.patch > - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQSOgkAAoJEBYNRVNeJnmTonAP/3BTawvHhQX3HOScXFSUiIuO S...