Displaying 20 results from an estimated 50000 matches similar to: "No subject"
2004 Feb 21
2
a story of compromise and an idea
There is a cluster of machines which I have an account on which was
recently compromised. the machines have thousands of users and the only
access is via ssh.
via some mechanism (probably a weak password) the attacker was able to
compromise a single account and use a local-root exploit to hijack lots
of ssh-agents and any unpassword protected keys. they next tried to
repeat the process for every
2007 May 30
1
Three scenarios for simplifying NUT configuration on Linux
Scenario 1: Package-centric
Have the .deb package for NUT install a single-user/single-UPS
configuration, with the .deb asking for the UPS type and dispatching
on that to set up ups.conf for the correct driver. Package
installation could even create a nut user and group, so there wouldn't
even be a security compromise.
I don't know how to do the equivalent with RPM, because RPM
2005 Nov 15
0
SSH with authentication and no privacy
Previous threads have discussed the now deprecated NONE cipher and the
rationale for its removal. Recent posts on FCC compliance indicate
the usefulness of authentication without privacy for packet radio.
I also find this useful for transfers between IPsec protected
endpoints. Authentication is then useful for user
administration/privileges but encryption is not necessary given the
IPsec
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> On 21/08/17 13:39, Robert Wolf wrote:
> >
> > On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> >
> > >
> > > On 21/08/17 10:37, Gedalya wrote:
> > > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
> > > > > is there a 'preferred way'? should I tell users to use 143 over
2017 Aug 21
1
pop 110/995, imap 143/993 ?
On 21/08/17 16:25, Robert Wolf wrote:
> On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>
>> On 21/08/17 13:39, Robert Wolf wrote:
>>>
>>> On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>>>
>>>>
>>>> On 21/08/17 10:37, Gedalya wrote:
>>>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
>>>>>> is there a
2000 Feb 24
1
Making password driven SSH 'immune' to MTM attacks.
[I know this is the 'port' list, but I can't find a better place to post
this, and with the garbage going on @slashdot I figured I'd get this out.
This belongs on sci.crypt or a general OpenSSH mailing list]
First, a quick rehash of stuff everyone here already knows,
OpenSSH can use two major forms of authentication:
1. Password
2. RSA keys
The RSA method is good because it
2018 Nov 14
1
different TLS protocols on different ports
On 11/14/2018 4:08 PM, Michael A. Peters wrote:
> Honestly that violates the concept of KISS.
>
> Given that TLS 1.2 is now a decade old, do you really need to
> still allow clients not capable of TLS 1.0/1.1 ???
>
> I still do but only allow cipher suites with Forward Secrecy.
>
> I don't run huge mail server, but from quick look at my logs I
> don't even see
1998 Apr 02
4
samba and pam
Since I now have something which at least pretends to work, I suppose an
announcement is in order.
Those among you who track samba development are probably aware that samba
1.9.18p4 includes support for synchronising a unix database when changing
an SMB password. I'm currently working on a PAM module which will provide
similar functionality for all applications compiled with PAM support:
2018 Nov 14
0
different TLS protocols on different ports
On 11/14/2018 01:46 PM, Joseph Tam wrote:
> On Wed, 14 Nov 2018, Aki Tuomi wrote:
>
>>> I'm providing IMAP+Starttls on port 143 for users with legacy MUA.? So
>>> I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to
>>> enable TLS1.2 and TLS1.3 only.
>>>
>>> Is this possible with dovecot-2.2.36 / how to setup this?
>>
2007 Nov 28
2
Billing/Call Control engine : AGI scripts/ AstMan API
Hello ppl,
Have implemented a really nice Billing engine using AGI scripts. So far
it works fine, tho haven't yet put it in the torture cell.
The AGI scripts have been written in PHP, using MySQL for the billing
and profile information.
The major disadvantages I see using AGI scripts :
1. A new process(invocation of PHP scripts) on every new call.
2. MySQL connections on every instance of
2014 Dec 18
2
CentOS 6 - httpd 2.2.29
On 16/12/14 18:15, Alexander Dalloz wrote:
> Am 16.12.2014 um 16:03 schrieb For at ll:
>> On 15.12.2014 12:50, Steve Clark wrote:
>>> On 12/15/2014 05:51 AM, For at ll wrote:
>>>> Hi
>>>>
>>>> I had a two repo for cento6 where I can download httpd 2.2.29,
>>>> (baseurl=http://centos.alt.ru/repository/centos/6/$basearch/) and
2008 May 11
0
winbind, mod_auth_pam, and plaintext passwords
We have a working samba file server using winbind to authenticate with a
Win2003 server in native mode.
[2008/05/10 18:22:54, 5]
nsswitch/winbindd_cm.c:set_dc_type_and_flags(1651)
set_dc_type_and_flags: domain STARTREK is in native mode.
[2008/05/10 18:22:54, 5]
nsswitch/winbindd_cm.c:set_dc_type_and_flags(1654)
set_dc_type_and_flags: domain STARTREK is running active directory.
I now want to
2003 Nov 27
0
[Announce] GnuPG's ElGamal signing keys compromised
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GnuPG's ElGamal signing keys compromised
==========================================
Summary
=======
Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing. Note that
2010 Apr 25
0
Can't mount samba shares
Honestly, it's enough to make you scream. :-(
I can't seem to mount a samba share:
$ mount -t smbfs //workhorse/OldHome /network -o
username=DACRIB+turgon,password=xxxxxx
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
(I'm logging into this laptop as the domain user DACRIB+turgon, domain =
DACRIB. That part works perfectly.)
I have
2000 Feb 16
1
a protocol weakness at the user-interface level
I'm afraid I'm not at all involved with OpenSSH development, so
perhaps this attack has been discussed in the past. It's something
that seems difficult to search for in mailing list archives.
I found myself reflecting on the following, mildly serious, protocol
weakness at the user-interface level. In a nutshell, the OpenSSH
client (at least as of version 1.2.2) fails to provide
1997 Dec 05
2
No subject
> Date: Thu, 4 Dec 1997 07:03:49 -0800
> From: "Jorge Silva (Jorge Gomes da Silva)" <jorgesil@microsoft.com>
> To: "'samba@samba.anu.edu.au'" <samba@samba.anu.edu.au>
> Subject: /etc/passwd - Domain Controller Synchronization
> Message-ID: <A1A4DA3CD56ECF11973200805F685F1680F51B@LIS-01-MSG>
>
> Hello,
>
> I don't know
2014 Dec 18
0
CentOS 6 - httpd 2.2.29
On Thu, December 18, 2014 00:31, Jake Shipton wrote:
>
> Hi Alex,
>
> In this situation 2.2.29 actually does offer an advantage over CentOS
> version 2.2.15.
>
> The version provided by CentOS does not support Forward Secrecy for SSL
> or TLS 1.2.
>
> Version 2.2.24+ of upstream Apache includes patches which enable both
> Forward Secrecy and TLS 1.2.
>
> Now
2013 Sep 24
3
2048-bit Diffie-Hellman parameters
Currently, dovecot generates two primes for Diffie-Hellman key
exchanges: a 512-bit one and a 1024-bit one. In light of recent
events, I think it would be wise to add support for 2048-bit primes as
well, or even better, add a configuration option that lets the user
select a file (or files) containing the DH parameters
In recent years, there has been increased interest in DH especially in
its
2006 Jan 25
2
Setting up deployment scenario
I am familiar with using RoR in a pure development environment, that is
to say that I can create a local project, access it via a web browser,
update the database, etc. However, I''m having trouble figuring out how
to best set up things with actual deployment in mind. Forgive me if this
has been asked before, I couldn''t find it easily.
Right now I have a subversion repository
2007 Oct 16
1
CALEA enforcement guidelines according to Comcast
Sounds like Comcast's manual for CALEA compliance was leaked. Pretty
interesting read if you are curious:
http://www.fas.org/blog/secrecy/
Direct link (PDF):
http://www.fas.org/blog/secrecy/docs/handbook.pdf
--
Kristian Kielhofner