search for: threatpost

Lest anyone think STARTTLS MITM doesn't happen, https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Not only for security, I prefer port 993/995 as it's just plain simpler to initiate SSL from the get-go rather than to do some handshaking that gets you to the same point. Joseph Tam <jtam.home at gmail.com>

...> > Aki > Tath's help! But something still missing :( $ sudo doveadm -D -o imapc_user=tovis -o imapc_password=<password> -o imapc_host=nusi -R -u tovis imapc: Exited with messages (excerption - too many private information exposed): dsync(tovis): Debug: brain M: Mailbox INBOX.threatposts: local=00000000000000000000000000000000/0/0, remote=a557d4d9d858c0ceceef5cd10a973bdc/0/1: mailbox not selectable yet dsync(tovis): Debug: brain M: Mailbox INBOX.todo: local=00000000000000000000000000000000/0/0, remote=891e2fe9dc8874c0a19e496acf802566/0/1: mailbox not selectable yet dsync(tovis): D...

I see there's a release today or so from Oracle of a new zero-day vulnerability. Any idea how soon we'll have an update? <https://threatpost.com/en_us/blogs/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413> mark

...nal Message ? From: s.arcus at open-t.co.uk Sent: August 21, 2017 3:07 PM To: dovecot at dovecot.org Reply-to: dovecot at dovecot.org Subject: Re: pop 110/995, imap 143/993 ? On 21/08/17 22:18, Joseph Tam wrote: > > Lest anyone think STARTTLS MITM doesn't happen, > >????? https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > > Not only for security, I prefer port 993/995 as it's just plain simpler > to initiate SSL from the get-go rather than to do some handshaking that > gets you to the same point. Frankly, after reading the ab...

On 21/08/17 22:18, Joseph Tam wrote: > > Lest anyone think STARTTLS MITM doesn't happen, > > https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > > Not only for security, I prefer port 993/995 as it's just plain simpler > to initiate SSL from the get-go rather than to do some handshaking that > gets you to the same point. Frankly, after reading the ab...

The CentOS team has been looking at the issue called out in these stories: http://threatpost.com/en_us/blogs/trivial-password-flaw-leaves-mysql-databases-exposed-061112 http://arstechnica.com/information-technology/2012/06/security-flaw-in-mysql-mariadb-allows-access-with-any-password-just-keep-submitting-it/ http://www.net-security.org/secworld.php?id=13076 According to the upstream pr...

On 22.08.2017 03:56, Peter wrote: >>> Lest anyone think STARTTLS MITM doesn't happen, >>> >>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > Right, the attack does happen, but it can be prevented by properly > configuring the server and client. Dovecot, by default, requires STARTTLS before accepting plaintext authentication when SSL is configured and you are...

...etter still, written it? > > It seems to me that something like this should be in /contrib, but that's just me. > > My ears are open. > > -Dan > > *(http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-key) > http://threatpost.com/apache-site-hacked-through-ssh-key-compromise-082809/ > > -- > > --------Dan Mahoney-------- > Techie,? Sysadmin,? WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144?? AIM: LarpGM > Site:? http://www.gushi.org > --------------------------- > > ___________...

...s anyone come across something like this? Better still, written it? It seems to me that something like this should be in /contrib, but that's just me. My ears are open. -Dan *(http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-key) http://threatpost.com/apache-site-hacked-through-ssh-key-compromise-082809/ -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------

>> Lest anyone think STARTTLS MITM doesn't happen, >> >> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Right, the attack does happen, but it can be prevented by properly configuring the server and client. >> Not only for security, I prefer port 993/995 as it's just plain >> simpler to initiate SSL from the get-...

> > >> On 30 Sep 2019, at 13.13, tovises via dovecot <dovecot at dovecot.org> >> wrote: >>> >> WOW! - amazing quickly, I'm really grateful. >> >> I was using: -u tovis imapc: nusi but still something wrong. >> Patstebin: https://pastebin.com/tH4wzJka >> The most relevant part (I think) is: >>