As stated in the advisory, the two-character limit applies to the encrypted password field in/etc/passwd. So, if you have an entry that reads something like:
bin:NP:1:1:bin:/bin:/dev/null
you are vulnerable. (Obviously, telnetd, popd, and others will read this as "no password" and unconditionally deny logins.)
Time and again, ssh.com's product has exhibited embarrassingsecurityflaws. It's about time for the company to re-evaluate their strategy. Since OpenSSH has outclassed the ssh.com software in every way ever since the release of OpenSSH 2.0, ssh.com needs to just bite the bullet, make peace with the OpenSSH folks, and sell support for the superior product. There was a time when they could have made a good business out of developing SSH, but that time is passed and all that they are managing to do nowadays is sell snake oil. And the last thing that the internet needs nowadays is another pathetic "security company" that sells insecure products. It's good for script kiddies, bad for admins, bad for the net, and bad for the reputation of UNIX-like systems.
NuSphere is obviously trying to delude people into thinking they are responsible for MySQL AB's product. Quoted from mysql.org:
mySQL.org is dedicated to the promotion and improvement of the fast, free, and flexible MySQL database. We provide the Open Source community a center for free downloads, information and communication, as well as all the files you need to build applications based on MySQL, the #1 open source database.
mySQL.org is a free service to the Open Source development community. You may browse our site freely, but become a member so that we can keep you posted on new site initiatives. mySQL.org offers easy access to the best binaries and source available to database programmers.
We are looking for talented individuals to contribute to the community. For those willing to help maintain the code, documentation, or support resources, please email support@mysql.org.
They have their little spat with MySQL AB, and want to steal control of the software as payback. It reeks of opportunism. MySQL AB is doing an excellent job on their database and they don't need NuSphere stealing their work and trying to take credit for it. NuSphere can develop its derivative products just fine without trying to take the open source mysql away from its authors.
Doesn't inserting potentially millions of tiny, one-time-use files onto the Freenet risk corrupting the namespace? Is there an advantage to having your chess moves live forever? Seems to me like TCP/IP or HTTP are much better choices, because the transferred data doesn't take up space once the game is over.
Why is it that the same crowd that proudly proclaims that "I will not run software for which I have no source" thinks that they have a God-given right to run whatever they please on their employer's computers, security and property rights be damned?
Grow up, kiddies. Don't work for a critical infrastructure provider if you want to run your company-owned PC your own way.
Slashdot Mirror
bin:NP:1:1:bin:/bin:/dev/null
you are vulnerable. (Obviously, telnetd, popd, and others will read this as "no password" and unconditionally deny logins.)
--The Shortcut
--The Shortcut
mySQL.org is dedicated to the promotion and improvement of the fast, free, and flexible MySQL database. We provide the Open Source community a center for free downloads, information and communication, as well as all the files you need to build applications based on MySQL, the #1 open source database.
mySQL.org is a free service to the Open Source development community. You may browse our site freely, but become a member so that we can keep you posted on new site initiatives. mySQL.org offers easy access to the best binaries and source available to database programmers.
We are looking for talented individuals to contribute to the community. For those willing to help maintain the code, documentation, or support resources, please email support@mysql.org.
They have their little spat with MySQL AB, and want to steal control of the software as payback. It reeks of opportunism. MySQL AB is doing an excellent job on their database and they don't need NuSphere stealing their work and trying to take credit for it. NuSphere can develop its derivative products just fine without trying to take the open source mysql away from its authors.
--The Shortcut
That's true but they are well on their way. When they come out with DDR-supporting chipsets they will be on the right track again. Look out AMD!
Doesn't inserting potentially millions of tiny, one-time-use files onto the Freenet risk corrupting the namespace? Is there an advantage to having your chess moves live forever? Seems to me like TCP/IP or HTTP are much better choices, because the transferred data doesn't take up space once the game is over.
Grow up, kiddies. Don't work for a critical infrastructure provider if you want to run your company-owned PC your own way.
--Shortcut to CmdrTaco