Slashback: OpenSSH, Bio, Timeliness

Welcome to Slashback, with updates (below) on a handful of recent Slashdot posts. Most importantly, a message regarding OpenSSH 3.3 could save your system from attack -- read it; you might need to pass the word on to your vendor, too.

Things that make you want to bring back thumbscrews. A few days ago, we mentioned the release of OpenSSH 3.3; compared to previous versions, the biggest change in 3.3 is increased emphasis on privilege separation. Today, Theo de Raadt sent word of an OpenSSH vulnerability being worked on by ISS and the OpenBSD team, details of which are expected to be published early next week.

In an announcement sent to bugtraq, he wrote: "However, I can say that when OpenSSH's sshd(8) is running with priv separation, the bug cannot be exploited.

OpenSSH 3.3p was released a few days ago, with various improvements but in particular, it significantly improves the Linux and Solaris support for priv sep. However, it is not yet perfect. Compression is disabled on some systems, and the many varieties of PAM are causing major headaches.

However, everyone should update to OpenSSH 3.3 immediately, and enable priv separation in their ssh daemons, by setting this in your /etc/ssh/sshd_config file:

UsePrivilegeSeparation yes

Depending on what your system is, privsep may break some ssh functionality. However, with privsep turned on, you are immune from at least one remote hole. Understand?

3.3 does not contain a fix for this upcoming bug.

If priv separation does not work on your operating system, you need to work with your vendor so that we get patches to make it work on your system. Our developers are swamped enough without trying to support the myriad of PAM and other issues which exist in various systems. You must call on your vendors to help us."

Theo emphasizes the role of vendor cooperation in making privilege separation work on the full range of systems on which OpenSSH runs. "If the vendors don't start pulling their part," he says in an email, "by the time the bug is posted their customers will be left unprotected. These vendors who do not do the right job and instead just 'sell sell sell' are starting to become annoying. On a lot of systems today, privsep does NOT work well at all. The vendors have not been helping!"

A patched version of OpenSSH could be released as soon as Friday, incorporating vendor patches received by this Thursday.

Read More on Stallman. Vamphyri writes: "Sam Williams, author of 'Free as in Freedom', biography of GNU/Linux founder Richard M. Stallman has gone live with the online free version 1.0 of FAIFzilla.org. The paper pulp version publishers O'Reilly & Associates agreed under the terms of the GNU Free Document License and have their own version up at their site. Williams' site allows for content and corrections to be submitted by readers. He hopes for contributions to be included in later editions of the O'Reilly bio. Also: CGI coders wanted for site enhancement, paragraph and line numbering, searches etc. Maybe a CVS Tree is in order? :)"

"Urpmi Norton" doesn't work for some reason. MrResistor writes "Upon logging in to my computer at work this morning, I was greeted by a virus update notice from McAfee SecurityCenter. The update for today includes W97M/Melissa@MM, and of course McAfees newly manuf^H^H^H^H^Hdiscovered threat, the W32/Perrun JPEG virus (which was also highlighted in yesterdays update). All of the updates in the last week or so have been rated Low or No Threat (except for Perrun, which is "Low On Watch". It seems that in addition to manufacturing new threats, they're also rehashing old threats to keep subscription renewals up. Perhaps it's time for Slashdot to add an Ethics topic?"

Re:Hat TricK?

Amen!

Nth P057!!!

Nth P057!! H4H4H4H4H4! 1 0WN 411 Y0UR P0575!!

Here's an amateur quickie...

News.com did an interview with CmdrTaco.

Re:Here's an amateur quickie...

Fuck you troll.

Re:Here's an amateur quickie...

HOLLAND, Michigan (AP) -- Two gay men are expecting to become parents of quadruplets after a surrogate mother gives birth in August.

Rob Malda and Michael Sims enlisted the help of a 23-year-old woman who agreed to help the domestic partners have a baby through in vitro fertilization.

''Raising children is the most important thing you can do,'' Sims said.

Malda and Sims said they want to keep the surrogate mother's identity secret. They said they fear stress from publicity might hurt her, the quadruplets, or her own three children, who include twin toddlers.

Growing Generations, a California company that works with gays and surrogate mothers, says there have been triplet births among the company's 200 clients, but no quadruplets.

Shirley Zager, director of the Illinois-based Organization of Parents through Surrogacy, said that to her knowledge, no quadruplets have been born to a surrogate and a gay man through in vitro fertilization.

Quadruplets are uncommon under any circumstances. In Michigan, only 18 sets have been born since 1975, state records show.

The surrogate did authorize a spokeswoman for Central Baptist Hospital to confirm that she was pregnant with quadruplets conceived through in vitro fertilization.

Malda and Sims said they're concerned that publicity will somehow interfere with their plans to become the best possible parents.

They said they know many people don't think gay men and lesbians should raise children. They also don't want their children to become the center of media attention.

Pursuing fatherhood
Sims and Malda met in Holland in 1998. By 2000, they were busy building a hair-salon business, but their home seemed empty, and they decided to pursue fatherhood.

Last fall, a 23-year-old woman came into the salon with three children.

Malda thought the children were adorable. He kidded the woman about taking them home. Then he heard her say she felt as if she had been given a calling: to become a surrogate mother.

She agreed to help Sims and Malda. Working through a Holland fertility clinic, she became pregnant in January.

The men said they are following Michigan law in paying her only for medical and living expenses. Those costs run $1,000 each month.

"Michael will be 'Dad,' because he's the biological father," Malda said. "I'll be 'Rob.'"

Sims and Malda said the surrogate mother has told them she doesn't want to be involved in raising the children on a regular basis. But the men said they will always let her know how the babies are doing.

Pr3P4r3 t0 b3 R0X()RFDq

vb nb n

Ethics Topic?

[Ex-Parrot]

I don't think I need or want Slashdot to tell me what is or isn't ethical.

Re:Hat TricK?

[Phist+Phucker]

Congratulations on your phist post. Honor the PHIST.

Re:Ethics Topic?

[Lemmy+Caution]

Then they don't need or want you telling them that it isn't ethical for them to tell you what is or isn't ethical.

Link goes to interview

[sideshow]

and does not redirect to goatse.

Re:Link goes to interview

and you are an idiot.

Re:Christ...

Ah, I see. Big asshole. Definitely a BSD user. Unless I am getting a false positive from your bologna sandwich.

Re:OpenBSD remote hole?

This is very bad news for *BSD. It may be the final blow. Consider that because they use Mach, MacOS will not benefit from SMPng in the BSD kernels. The embedded systems supplier (I will not name them cause I despise them) that bought BSDi has no interest in SMP or in servers really ... and a truckload of people who loved working with Walnut Creek and BSDi as contributors will not be working with the project any longer.

Now that BSDi is dead ARE there any companies left that are dedicated to developing BSD as a kernel and OS as part of their core business activities anymore ?? No. Except Wasabi which is pretty small still only able to meet payroll by borrowing more money. Pretty heavy in debt.

The reason it's delayed a year is because BSD development has had a serious accident and needs to be hospitalized to get itself back together. With BSDi defunct relying on Apple, Wasabi and a band of merry volunteer hackers to get SMP done means it AIN'T gonna happen.

Hello Yahoo??!! Can Yahoo afford to hire a few SMPng hackers for a year??? Oh yeah I forgot Yahoo is broke too.

At this point SMP is owned by Linux and Solaris and in a distant third Microsoft .

On 4 way and 8 way machines BSD is simply not in the running at this stage and even on 2 way systems out of the box RedHat7.1 is a better choice for SMP. What's more threading work done by IBM is gonna improve Linux even more on this front - even Caldera (which bought SCO Unix a quite good SMP system up to 8 ways) admits that Linux will likely overtake the SCO kernel.

BSD dying? Quite likely.

Re:For FreeBSD users:

Fuck off dude, Debian already sent an email announcement about this SSH hole and posted .debs, too.

WARNING GOATSE Link in above post

Not a goatse link, but a goatse award.

good GOD man!

How can you post such a disgusting picture (goatse.cx)?

I frown at your filthy post. I unclog my nose on you. I fart in your general direction.

Answer to the banner advert I got on this page:

[Graspee_Leemoor]

Q: "Where do Linux Experts go when they need Windows Hosting ?"

A: A mental institution.

Thank you very much for reading, and a sweet good-night to all.

graspee

RedHat 7.0-7.2 Errata

[peterdaly]

RedHat has an OpenSSH errata security fix from 5/22 HERE. Anyone know if this is the bug in question?

-Pete

Here's an idea

Go fuck yourself!

Why They Fear White Pride

Why do so many countries fear the message of White Pride?

Any idea brought forth in an open society is should also be exposed to criticism. If I claim to be able to make psychic predications, it should come as no suprise that many people will seek to prove otherwise, or just outright laugh at me. If I want to make a statement that I believe blue shirts cause violence, people are going to want to see statistics and evidence, right?

Almost no idea is censored in western countries today. The few extreme elements of society like drug-users, pedophiles, and homosexuals are each day considered more and more mainstream, and many of their ideas are becoming the "norm." While countries work to legalize things like prostitution and drug usage, at the same time they make stricter and stricter laws against so-called "hate speech."

Why? Why is information about White Pride censored when virtually anything else is published openly?

The fact is Jews, liberals, and people in power know exactly what our message means and how powerful it is. Unlike their attempts at social engineering, our message is based on fact and reason. This is what makes it dangerous to them. It doesn't matter how much propaganda about "equality," "reparations," and "holocaust" they hammer us with. When people see the evidence, and evaluate the facts for themselves, they will come to the same conclusions that other informed White people have. No amount of Jewish lies will stop the truth. They know this and fear it.

So what should you do about this? Open your mind, and visit White Pride web sites like www.natvan.com and www.stormfront.org. Read what they have to say and make your own conclusions -- does what they say agree with the evidence available? Have your own experiences verified what they are saying? No one is going to tell you what to think, it is up to you to make your own decisions.

Try asking yourself questions like:

• Why do we send billions of dollars of "aid" and weaponry to Israel every year?
• Why do non-whites commit far more crimes than whites even after all these years of affirmative action and welfare handouts?
• Are racial quotas in the workplace fair?
• Why are we told there are no differences between blacks and whites when we can clearly see the physical differences in their bodies?
• Why is Africa still in the stone age?
• Why is illegal immigration accepted and encouraged in the USA?
• What does the evidence really say about the holo-caust?
• Why is news about the Israeli spy ring caught in the USA only reported in foreign newspapers?
• Why is the government afraid to report the truth about the Anthrax letters?
• Why is the government continually increasing its control over our lives?
• Why is our media so dedicated to corrupting our children's morals?
• And so on....

The truth will not be stopped!

Re:Christ...

Ahahahahahahahahahahahahahahahahahahaha!!!!

Tom7, you suck.

Re:OpenSSH moderation

Just because I don't have any karma doesn't mean I'm a troll.
Hmm, he posts at score:0, must mod him down.

zapper.
--
I wannabe a karma whore.
no wait, I'd just settle for positive karma.

Re:And PAM is a gruesome hack

If there is a remote hole in sshd, there are 1000 holes in PAM.
How is this flamebait?
This is most likely a fact, at the very least an exagerration of one.

you give someone mod points and they lose all reason

Cripes, what an inane interview

Whoops, there goes my karma

Re:OpenSSH

Do you really expect us to believe that you have a girlfriend?

Re:For FreeBSD users:

Hehe. At least one person gets the READ, DAMMIT joke. Half the linux users freaked out when they saw that. Hahaha *snort*.

Re:The Alternative to OpenSSH or SSH (commerical)

[Tadghe]

Flamebait?

I *really* fail to see how this is flamebait... For that I would (IMHO) had to add in a few comments like *BSD is dead (not as far as I can tell)....

Ethics?

[NanoGator]

"Perhaps it's time for Slashdot to add an Ethics topic?"

I'd appreciate it. I'd submit an article on some of the moderations I've recieved lately. Heh.

Re: offtopic (been warned)

[fferreres]

Moderation is not a measure of how much you agree with someone's post.

I know, that's true. But then what does insightfull mean? Or interesting? If you don't agree something is interesting then why should it be? If you don't think it's insightfull (and you actually think it's real bullshit) how can you leave it like that?

It's very difficult to walk the thin line between:

Ok, i don't agree or find it usefull, but maybe someone else does so i don't metamod

Mh, it's full of crap (or trivial)

Anyway, i guess modding up and only ridicule cases down is what's best (for me)...