search for: uncompromised

As you may have noticed, cran.us.r-project.org has been down for a while due to a security incident. This is the same machine that carries the R source repository. The R sources appear to be uncompromised, but we have had to move developer logins and everything to another machine, with various configuration issues to sort out. The upshot is that there is currently no way of doing the automatic beta snapshots (I can build them, but not easily ship them since the webservice has been shut down.) None...

Hi list, I do not known, if this is really an issue but i noticed that when connecting to a remote ssh host with the standard linux openssh client using a private key, that there is no line of text indicating when the local key-passwd process was completed and the connection session was established. On a compromised host, the login shell could write the line 'Enter passphrase for key

...f but | | | in a tool that Asterisk uses, there will be no new | | | releases made; however, users who are affected by the | | | Debian OpenSSL vulnerability are strongly encouraged to | | | upgrade their package of OpenSSL to an uncompromised | | | version (version 0.9.8c-4 or later) and regenerate all | | | keys used by Asterisk. | +------------------------------------------------------------------------+ +-----------------------------------------------------...

I'm not really a developer, but was considering if there is a key vulnerability in geli given that when you change a key there isn't a disk update. Consider the scenario where a new file system is created and populated with some files. At a later time the original key is changed because someone has gained access to the key and passphrase. A new key is generated and attached, but none of

Hello, I'd like to propose an extension to the function summary.aov. In Splus (2000, I don't know about other versions), summary.aov allows a parameter ssType to be set to 1 or 3 (defaults to 1) to choose the type of Sums of Squares. I know I can get Type III SS in R with drop1(model), but including the functionality into summary.aov would, in my opinion, - yield a more usable table

I'm running 1.0.13 If I run dovecot for a while, I see a /var/run/dotvecot folder created with the following: drwxr-xr-x 3 root root 4096 2008-05-18 13:30 dotvecot drwxr-xr-x 3 root root 4096 2008-05-18 13:47 . drwxr-xr-x 18 root root 4096 2008-05-18 13:47 .. srw------- 1 root root 0 2008-05-18 13:47 auth-worker.15138 srwxrwxrwx 1 root root 0

...based on my experience, for use in all non-certified enterprise operations (large and small) on general-purpose computers. RHEL is, of course, the better alternative when you require the upstream vendor's certified platform, certified and tested integrated solutions, industry-leading support, or customized solutions. Their offerings are a bargain when you consider the benefits they provide

As halflife demonstrated in Phrack 50 with his linspy project, it is trivial to patch any system call under Linux from within a module. This means that once your system has been compromised at the root level, it is possible for an intruder to hide completely _without_ modifying any binaries or leaving any visible backdoors behind. Because such tools are likely to be in use within the hacker

George Brown sent this to my private Email address instead of to the list. Because I forwarded it, my addres is in the header. Roger. ----- Forwarded message from root ----- >From root@bull.bullnet.co.uk Mon Aug 24 16:20:29 1998 Received: from dutepp0.et.tudelft.nl by rosie.BitWizard.nl (fetchmail-4.2.9 POP3 run by wolff) for <wolff@localhost> (single-drop); Mon Aug 24

Woops... this didn't show up here but it did on BugTraq. Questions answered! -- Chuck Mead, CTO, MoonGroup Consulting, Inc. <http://moongroup.com> Mail problems? Send "s-u-b-s-c-r-i-b-e mailhelp" (no quotes and no hyphens) in the body of a message to mailhelp-request@moongroup.com. Public key available at: wwwkeys.us.pgp.net ----------