"BGP lies on top of TCP so if you are able to kill the underlying TCP session I don't think MD5 authentication protects against this. Anyone care to enlighten me?"
The MD5 protection happens at the TCP layer. Each TCP segment is verified. TCP MD5 could be used for other things than BGP. So yes, TCP MD5 would mitigate the attack sufficiently for now.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
When this license is finished it will apply to all software that bears the above notice.
The ports collection does much more than packages do. Can a package install dependencies? Can a package download everything you need for you?
Yes. Witness the Debian APT package tool. You specify a package to install and it automatically fetches all dependencies.
When upgrading it also upgrades dependencies if needed.
I mean, the whole point of a security audit is so that you fix the stuff that's (become) broken, right?
Being no OpenBSD expert, I guess what the OpenBSD guys try to do is more proactive -- they want to find and fix all the holes before they get found out about by others. They don't want to fix it after someone else has found the hole and it has been widely publicised. I believe they have a number of techniques in place to make the OS overall less vulnerable to certain types of problems.
Well, I think all the scandinavian countries that are members of the European Union have signed the Wassenaar agreement, which classifies strong crypto as heavy arms (though I think each country make their own laws on this. In DK strong crypto in source form is legal at least). Though I expect that all the fuss about Echelon and NSA is going to push crypto very much forward in all of Europe (and the rest of the world for that matter). The Danish government is on the brink of throwing out their newly acquired NT system because the NSA has 16bits of the 56bits they use for encrypting emails, making it *very* easy to decrypt sensitive internal mail. This is a serious threat to national security. Therefore the.DK government is likely to fund development of danish crypto tools (not worked out yet).
If I were a crypto company or Theo De Raadt, I'd move to Finland or Switzerland which, I believe, are two most independent and unemcumbered countries in Europe. Neither are members of the EU or NATO (not 100% sure about.ch and NATO).
We need a Transmeta slashbox that tracks every change on http://www.transmeta.com/. Btw, it is interesting to note that the site runs Apache/1.1.1. It's a while since that version was released. I wonder what kernel version it is running..
(* Debian is a truly free ditribution that puts GNU into Linux and will be embracing the egcs compiler with the upcoming 2.2 (potato) release.)
Funny, there is no egcs anymore in unstable, it's already at gcc-2.95. BTW: potato is supposed to freeze Nov. 1st if things are working out as they should.
Here in Copenhagen it was only an 80% eclipse, but there was a visible difference in ambient light, kind of like wearing very weak sunglasses, also the shadows on the ground had a significantly altered form.
A standard (perhaps an RFC?) would be good. Then developers wouldn't need to spend time on reverse-engineering protcols like what is the case with icq.
Slashdot Mirror
"BGP lies on top of TCP so if you are able to kill the underlying TCP session I don't think MD5 authentication protects against this. Anyone care to enlighten me?"
The MD5 protection happens at the TCP layer. Each TCP segment is verified. TCP MD5 could be used for other things than BGP. So yes, TCP MD5 would mitigate the attack sufficiently for now.
See jailNG
There is an audio track on one of the CDs. Has anyone heard it? MP3?
Why this music theme?
http://come.to/hatten
ad4: 39266MB <IC35L040AVER07-0> [79780/16/63] at ata2-master tagged UDMA100
ad6: 29314MB <IBM-DTLA-307030> [59560/16/63] at ata3-master tagged UDMA100
Should I expect any of these drives to burst in to flames soon? Which models are affected?
you need slashdot.h and libame.
fprintf is not a syscall. It's a C library function.
Erm, actually it's chattr in Linux. You seem to not understand the difference between file flags/attributes and the chmod security mechanism.
The GPLV2 says:
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
When this license is finished it will apply to all software that bears the above notice.
Hvem skal i kloster?
The ports collection does much more than packages do. Can a package install dependencies? Can a package download everything you need for you?
Yes. Witness the Debian APT package tool. You specify a package to install and it automatically fetches all dependencies.
When upgrading it also upgrades dependencies if needed.
Thanks, thanks, thanks for your input. Could you tell me how and where the language-specific strings are stored?
I'm in the middle of doing a big site in php and actually thought of emulating gettext, not knowing the support was there in the first place.
What?!! Did you think BSD was a car?
I mean, the whole point of a security audit is so that you fix the stuff that's (become) broken, right?
Being no OpenBSD expert, I guess what the OpenBSD guys try to do is more proactive -- they want to find and fix all the holes before they get found out about by others.
They don't want to fix it after someone else has found the hole and it has been widely publicised. I believe they have a number of techniques in place to make the OS overall less vulnerable to certain types of problems.
Score:3 Insightful?
I think we should machinegun the moderators instead.
You are asking for some Tom Jenkins (aka Squarepusher, Chaos AD ao.) and some Luke Vibert (aka Plug, Wagonchrist ao.).
Well, I think all the scandinavian countries that are members of the European Union have signed the Wassenaar agreement, which classifies strong crypto as heavy arms (though I think each country make their own laws on this. In DK strong crypto in source form is legal at least). Though I expect that all the fuss about Echelon and NSA is going to push crypto very much forward in all of Europe (and the rest of the world for that matter). .DK government is likely to fund development of danish crypto tools (not worked out yet).
.ch and NATO).
The Danish government is on the brink of throwing out their newly acquired NT system because the NSA has 16bits of the 56bits they use for encrypting emails, making it *very* easy to decrypt sensitive internal mail. This is a serious threat to national security.
Therefore the
If I were a crypto company or Theo De Raadt, I'd move to Finland or Switzerland which, I believe, are two most independent and unemcumbered countries in Europe. Neither are members of the EU or NATO (not 100% sure about
We need a Transmeta slashbox that tracks every change on http://www.transmeta.com/.
Btw, it is interesting to note that the site runs Apache/1.1.1. It's a while since that version was released. I wonder what kernel version it is running..
Add
to yourThey had 1.1.2 days ago. There are also binary KDE 2.0 snapshots available there.
When will gcc be able to produce efficient code for Merced? I heard it was tricky to exploit the new features in Merced.
Debian potato: a new gcc every week
Funny, there is no egcs anymore in unstable, it's already at gcc-2.95.
BTW: potato is supposed to freeze Nov. 1st if things are working out as they should.
For more streams and general eclipse info see http://www.solar-eclipse.org/
what did you think of the book?
A standard (perhaps an RFC?) would be good. Then developers wouldn't need to spend time on reverse-engineering protcols like what is the case with icq.