similar to: WineHQ database compromise

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url:

There is a cluster of machines which I have an account on which was recently compromised. the machines have thousands of users and the only access is via ssh. via some mechanism (probably a weak password) the attacker was able to compromise a single account and use a local-root exploit to hijack lots of ssh-agents and any unpassword protected keys. they next tried to repeat the process for every

1] not using secure http for log-ins seems a bit 20th century. 2] to join this mailing list, I needed to send my new credentials over unsecured http - see 1] above. 3] to change password from the compromised reset password, I need to use unsecured http - see 1] above. My point here is that if you are saddened, upset or concerned about the compromise, might the 3 above points also be on the list

> > We would also include a secure random number generator which links > > against OpenSSL. This would of course be an optional module disabled > > by default, but is necessary so the randomization is cryptographically > > secure and useful in security applications. > > I am not sure why you need this feature. You can provide LLVM with a > SEED value that can be

It appears to be a low-level attack, not so frequent as to be banned permanently, just a number of times a day. I did google on this, and I gather it's looking for phpmyadmin. We've been getting one from one specific network in Russia for weeks Here are more information about 91.201.64.24: [Querying whois.ripe.net] [whois.ripe.net] <snip> % Information related to '91.201.64.0

On Mon, Aug 26, 2013 at 9:14 PM, Todd Jackson <quantum.skyline at gmail.com>wrote: > > > We would also include a secure random number generator which links >> > against OpenSSL. This would of course be an optional module disabled >> > by default, but is necessary so the randomization is cryptographically >> > secure and useful in security applications.

Hi All, I want to know thoughts on if I am being to paranoid/security conscious. CentOS 5.6, Apache, MySQL, running an Firewall in front of everything and obviously the built-in firewall on the box. I have ssh on a different port and starting to use Keys instead of password authentication. I host an intensive website and I am getting about 150 unique visitors per day. What I am seeing is

Hello! I'd just like to run this by some people who are more familiar with the RSA and DSA algorithms and their use within (Open)SSH. I've been using OpenSSH happily with the assumption that using key-based authentication (RSA or DSA public keys pushed to .ssh/authorized_keys on remote hosts) provides a number of benefits, including an important security-related one -- Logging in to a

Hi, I'm looking for an audio player with native support for flac embedded pictures. I use Amarok (http://amarok.kde.org/) in linux, but I can't find any player in Windows that has this same native support for embedded flac pictures. I hope somebody can help me thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi list, I do not known, if this is really an issue but i noticed that when connecting to a remote ssh host with the standard linux openssh client using a private key, that there is no line of text indicating when the local key-passwd process was completed and the connection session was established. On a compromised host, the login shell could write the line 'Enter passphrase for key

Hi All, This past Wine conference, while great fun as always, was not as well attended as Wine conferences in the past. So I would like to stir up trouble by suggesting we rethink WineConf. For those that have not attended, the Wine conference has been a mostly annual affair since 2002. It is open to all, but is advertised as being aimed at Wine developers. About 35 people attend each year.

I think it would be interesting to add multilanguage support to the entire site (spanish is my home language and only the front page appears translated). For example, the entries and forms for test data in the AppDB could be displayed in the language of each user, so anyone else could understand. This would increase the user base of Wine, as many non-English speakers could understand the entries

https://bugzilla.mindrot.org/show_bug.cgi?id=1463 Summary: Running nohup sleep 70 & and then exiting shell, hangs ssh Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component:

So I have this nice, simple web server up running. Its purpose is to allow me external testing with HIP, and to provide some files for external distribution. Of course, there it is sitting on port 80 and the attacks are coming in per logwatch report. Examples from the report include: Requests with error response codes 404 Not Found //phpMyAdmin-2.5.1/scripts/setup.php: 1

OpenSSH 7.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

Hey. So I am completely new to WineHQ. But reading the FAQ for bloodline champions, it said it could probably run using WineHQ. As I said, I have a mac. But I have no idea what package I need, how to configure it for BLC, etc. Can anyone help a major noob? http://www.bloodlinechampions.com/ "On what platforms will Bloodline Champions be released? The game is using the Microsoft XNA

Hi, I'm running Plesk 11.0.9 on a Centos 5.5. A website on that box got hacked last week and malicious code got inserted into some html/php files. So I went to find out what happened... I found no back doors by using rkhunter or manually searching for suspicious files in /tmp, etc. No activity at all in the php logs at the time of the attack. I also analysed of course the system logs

Hi, Dan, Thanks for your email. And please kindly see my comments below: Reply to topic 1):It is true that it is not leaglly suitable to copy MS fonts, however the open-source fonts (Wenquanyi, http://wenq.org/enindex.cgi) has been available for very long period, which also are probalble used by Fedora &amp; Ubuntu as default Chinese fonts (even Asian/CJK fonts(maybe CKJ means "Chinese

I am trying to write a module for tripwire. I need to push out the twcfg.txt and twpol.txt files only if the tw.cfg and tw.pol files do not currently exist. How can do I this with File{}? I''m can''t seem to find a way to do it. In general times, how can you deploy file A only when file B does not exist? And... tripwire... what a mess. I am trying to use push out the site key,

Hello @ all The libvirt-daemon compromises the packet-filtering-rules at daemon-startup, before any VM is started. To prevent this, I first have create a hook-script which deletes existing rules, but apparently these rules are set after the hook. Removing the defined networks was no solution either. Worst of all is, a service restart of the daemon may even completely neutralize the firewall.