Displaying 20 results from an estimated 700 matches similar to: "Fedora change that will probably affect RHEL"
2015 Jul 28
3
Fedora change that will probably affect RHEL
On Jul 28, 2015, at 2:46 PM, Chris Murphy <lists at colorremedies.com> wrote:
>
> My dad will absolutely stop using his iPad if it ever
> requires him to use anything more than 4 numeric digits for his
> password. The iPad never leaves the house.
iPads can?t be coopted into a botnet. The rules for iPad passwords must necessarily be different than for CentOS.
> the Mac has
2015 Jul 28
3
Fedora change that will probably affect RHEL
> On Jul 28, 2015, at 11:27, Warren Young <wyml at etr-usa.com> wrote:
>
> On Jul 25, 2015, at 6:22 PM, Bob Marcan wrote:
>>
>> 1FuckingPrettyRose
>> "Sorry, you must use no fewer than 20 total characters."
>> 1FuckingPrettyRoseShovedUpYourAssIfYouDon'tGiveMeAccessRightFuckingNow!
>> "Sorry, you cannot use punctuation."
2015 Jul 29
0
Fedora change that will probably affect RHEL
On Jul 28, 2015, at 4:37 PM, Nathan Duehr <denverpilot at me.com> wrote:
>
>> On Jul 28, 2015, at 11:27, Warren Young <wyml at etr-usa.com> wrote:
>>
>> So no, your local password quality policy is not purely your own concern.
>
> Other than DDoS which is a problem of engineering design of how the network operates (untrusted anything can talk to untrusted
2015 Jul 28
11
Fedora change that will probably affect RHEL
Once upon a time, Warren Young <wyml at etr-usa.com> said:
> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords.
Since most of that crap comes from Windows hosts, the security of Linux
SSH passwords seems hardly relevant.
> Your freedom to use
2015 Jul 30
2
Fedora change that will probably affect RHEL
On Thu, Jul 30, 2015 at 12:20 PM, Warren Young <wyml at etr-usa.com> wrote:
> On Jul 29, 2015, at 5:40 PM, Chris Murphy <lists at colorremedies.com> wrote:
>>
>> On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote:
>>
>>> Security is *always* opposed to convenience.
>>
>> False. OS X by default runs only signed
2015 Jul 30
3
Fedora change that will probably affect RHEL
> On Jul 28, 2015, at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote:
>
> On Jul 28, 2015, at 4:37 PM, Nathan Duehr <denverpilot at me.com> wrote:
>>
>>> On Jul 28, 2015, at 11:27, Warren Young <wyml at etr-usa.com> wrote:
>>>
>>> So no, your local password quality policy is not purely your own concern.
>>
>> Other than
2015 Feb 05
2
Another Fedora decision
On 02/04/2015 07:55 PM, Always Learning wrote:
> Rent ? That costs money. Just crack open some Windoze machines and do
> it for free. That is what many hackers do.
Those crackers who build these botnets are the ones who rent out botnet
time to people who just was to get the work done. There is a large
market in botnet time.
>
> Is this safe enough ?
>
>
2013 Aug 22
3
Logging passwords on auth failure/dealing with botnets
Hi,
Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs.
Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log
2015 Jul 29
1
Fedora change that will probably affect RHEL
On Tue, Jul 28, 2015 at 5:29 PM, Warren Young <wyml at etr-usa.com> wrote:
> On Jul 28, 2015, at 2:27 PM, Chris Murphy <lists at colorremedies.com> wrote:
>>
>> On Tue, Jul 28, 2015 at 11:27 AM, Warren Young <wyml at etr-usa.com> wrote:
>>
>>> Your freedom to use any password you like stops at the point where exercising that freedom creates a risk to
2015 Feb 05
2
Another Fedora decision
> On Feb 4, 2015, at 5:43 PM, Warren Young <wyml at etr-usa.com> wrote:
>
> SSH as shipped on CentOS doesn?t allow 1,000 guesses per second, as this calculator assumes
Hmm, just thought of a counterattack:
If CentOS?s SSH currently allows 10 guesses per minute *per IP*, all you need to do to get 1,000 guesses per second is to rent time on a 6,000 machine botnet.
2019 Aug 02
3
[OT] odd network question
On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote:
>
> > This is just the first screen of it, there are many more. The data
> > compiled here is for the last month (rsyslog is keeping the current
> > log plus four older logs). I find it disturbing that there were 12251
> > attempts at telnet during that time, 2154 on 8080, and so forth. either
> > I'm
2015 Jul 29
4
Fedora change that will probably affect RHEL
On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote:
> Security is *always* opposed to convenience.
False. OS X by default runs only signed binaries, and if they come
from the App Store they run in a sandbox. User gains significant
security with this, and are completely unaware of it. There is no
inconvenience.
What is the inconvenience of encrypting your device
2015 Jul 30
1
Fedora change that will probably affect RHEL
On 07/28/2015 03:06 PM, Chris Adams wrote:
> Once upon a time, Warren Young <wyml at etr-usa.com> said:
>> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords.
> Since most of that crap comes from Windows hosts, the security of Linux
>
2015 Aug 02
0
Fedora change that will probably affect RHEL
On Thu, July 30, 2015 14:20, Warren Young wrote:
>
> Did you see my exchange with James Byrne? His bogus counter to my
> claim that iPads can???t be turned into botnet conscripts was to point
> (very indirectly) to a paper where some researchers found a way to
> jump through a whole bunch of hoops to bypass all the security Apple
> had placed in the path of app sideloading.
2017 Nov 06
2
How to detect botnet user on the server ?
Hello guys,
Whats is the best way to identify a possible user using a botnet with php
in the server? And if he is using GET commands for example in other server.
Does apache logs outbound conections ?
If it is using a file that is not malicious the clam av would not identify.
Thanks
2015 Jul 30
0
Fedora change that will probably affect RHEL
On 07/30/2015 12:35 PM, Chris Murphy wrote:
> No fail2ban, no firewall rules, sshd by default, challengeresponseauth
> by default,
ChallengeResponseAuth is not on by default, on Red Hat derived systems.
I'm pretty sure that was already clarified, much earlier in this thread.
> and a 9 character (even random) passphrase, and that shit
> is going to get busted into. Against a
2017 Nov 06
1
How to detect botnet user on the server ?
Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than
2015 Jul 28
5
Fedora change that will probably affect RHEL
On Tue, Jul 28, 2015 at 11:27 AM, Warren Young <wyml at etr-usa.com> wrote:
> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords.
>
> Your freedom to use any password you like stops at the point where exercising that freedom creates a risk
2009 Feb 13
2
[LLVMdev] llvm-gcc4.2-2.4 build failure in /gcc/java/lang.c
Hi, every body,
I get stuck when trying to build llvm-gcc4.2-2.4 on x86_64 Linux with
GCC-4.3.3. I meet this error:
make[3]: Entering directory `/home/wangtielei/TOOLS/llvm/llvm-gcc-obj/gcc'
/home/wangtielei/TOOLS/llvm/llvm-gcc-obj/./prev-gcc/xgcc
-B/home/wangtielei/TOOLS/llvm/llvm-gcc-obj/./prev-gcc/
-B/usr/local/x86_64-unknown-linux-gnu/bin/ -c -g -O2 -DIN_GCC -W -Wall
-Wwrite-strings
2009 Feb 13
0
[LLVMdev] llvm-gcc4.2-2.4 build failure in /gcc/java/lang.c
On Feb 12, 2009, at 11:25 PM, Tielei Wang wrote:
> Hi, every body,
>
> I get stuck when trying to build llvm-gcc4.2-2.4 on x86_64 Linux with
> GCC-4.3.3. I meet this error:
Make sure to follow the README.LLVM file in the llvm-gcc distro. llvm-
gcc doesn't support gcj yet at all.
-Chris