As you know, it is trivial to gain "full" root if you can freely run mount or apt-get. Of course, restricting for example the mount command to specific safe parameters is possible, but might be hard..
Hmm, this is a major bummer. Until now, this whole DMCA hassle didn't affect me as an european at all. But now I have no idea whether there is need to upgrade all our servers:-(
Has anyone got a clue whether there are other security problems than the recent problems with ptrace() ? Can you tell from the patch ?
The worst remote hole I've had to deal with in
my sysadmin 'career' so far has clearly been the
remote SSH exploits last winter. Exploits in BIND are of course very serious since the very backbones of the Internet are running it, but in
my network _every_ machine had openssh running without any TCP wrappers.
Atleast i learned that not even the services that have 'secure' in their name are to be trusted completely:-)
Some decoder rings (the ones used by libow) are supported by keymgr. Another fine feature: when forwarding your authentication agent and a remote host asks for your key, a GTK-app pops up and asks whether to give it or not. Mostly agent-forwarding is done 'in the dark', and you have no idea when your agent gives out your key.
Re:IRC Clients can be relatively secure
on
Secure IRC?
·
· Score: 1
IDEA-encryption is actually already implemented on
many clients: irssi, irchat and ircii too (can't find a link though). This is technically far more better than SSL-encryption to the server since it encrypts end-point to end-point.
Even if the slashdot.org spammer didnt get his addresses from distributed.net listings, the way d.net lists its participants is very friendly for spammers. It`s very easy to get thousands of addresses listed, and probably most point to "real", frequently used inboxes.
A better solution might be to only list names, or to show team member listings only if you are a team member (i.e. you know the password for a team participiant)
I didn`t receive the spam message, and i dont send my blocks for the Slashdot team.
> Does that invulnerability work both ways? Could the sender of the mail be spammed just as he has spammed others? I like that: > "Spam not unto others lest ye be spammed."
As spam.abuse.net says, don't follow up to spam postings, lest your posting also become spam. Nothing is gained by fighting evil with evil, we should hold the high moral ground in these issues.
> They moved/opt (where KDE is located) off / and into/usr. I like this
This is stupid, they should use the Filesystem Hierarchy Standard, which includes/opt, if they want their distro to be interoperable. Most of the distros are already doing this.
Slashdot Mirror
As you know, it is trivial to gain "full" root if you can freely run mount or apt-get. Of course, restricting for example the mount command to specific safe parameters is possible, but might be hard..
Debian has no "default" desktop environment.
Hmm, this is a major bummer. Until now, this whole DMCA hassle didn't affect me as an european at all. But now I have no idea whether there is need to upgrade all our servers :-(
Has anyone got a clue whether there are other security problems than the recent problems with ptrace() ? Can you tell from the patch ?
Atleast i learned that not even the services that have 'secure' in their name are to be trusted completely :-)
Some decoder rings (the ones used by libow) are supported by keymgr. Another fine feature: when forwarding your authentication agent and a remote host asks for your key, a GTK-app pops up and asks whether to give it or not. Mostly agent-forwarding is done 'in the dark', and you have no idea when your agent gives out your key.
IDEA-encryption is actually already implemented on many clients: irssi, irchat and ircii too (can't find a link though). This is technically far more better than SSL-encryption to the server since it encrypts end-point to end-point.
They should've called it Five :-)
Even if the slashdot.org spammer didnt get his addresses from distributed.net listings, the way d.net lists its participants is very friendly for spammers. It`s very easy to get thousands of addresses listed, and probably most point to "real", frequently used inboxes.
A better solution might be to only list names, or to show team member listings only if you are a team member (i.e. you know the password for a team participiant)
I didn`t receive the spam message, and i dont send my blocks for the Slashdot team.
> Does that invulnerability work both ways? Could the sender of the mail be spammed just as he has spammed others? I like that:
> "Spam not unto others lest ye be spammed."
As spam.abuse.net says, don't follow up to spam postings, lest your posting also become spam. Nothing is gained by fighting evil with evil, we should hold the high moral ground in these issues.
> They moved /opt (where KDE is located) off / and into /usr. I like this
/opt, if they want their distro to be interoperable.
This is stupid, they should use the Filesystem Hierarchy Standard, which includes
Most of the distros are already doing this.
> Traditionally /local and /opt are for local and optional software installed by the user.
/opt is reserved for the installation of add-on application software packages, and there /local directory.
Wrong,
is no "official"