| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 2002/3/13 [Computer/SW/Security] UID:24092 Activity:high |
3/12 sshd has got vulnerabilities, fixes, and potential future
vulnerabilities. If I TCP wrap and use hosts.allow/deny for sshd
and other apps, so only listed hosts can connect, does that prevent
intruders from exploiting future holes?
That is, as long as it's TCP-wrapped or restricted by hosts.* files,
even if I was running an exploitable version of sshd, nobody can
break in via sshd, true?
Same with all inetd.conf daemons, right? I only run one.
(This assumes the hosts in my hosts.allow file are secure)
\_ Here is a thought. Run sshd on a high number port as sshd rather
than root. Then use your fw/nat/pat box redir 22 to the high
number port. This way even if there is a breakin, they don't
get root (assuming root can't login via ssh).
\_ Assuming no holes in tcpwrappers, probably. ssh uses libwrap,
which is a little different than being wrapped in inetd.conf,
and possibly is less secure. -tom
\_ why dont you just upgrade/patch ssh?
\_ "potential future vulnerabilities", i.e. undiscovered bugs.
\_ well then, why dont you jsut remove ssh. even safer,
unplug your machine from the net. Nothing safer from network
attacks than an airwall.
\_ You're an idiot. -tom
\_ No s/he has a point. If the OP is so afraid of being on
the net that they want to be 'safe' from the future,
they're on the wrong net. They need to power down and
idiot." because that requires no thought or effort.
go read a book in a park if they want that level of
safety. No one can protect your net from unknown future
bugs. If it was that easy everyone would be doing it.
Of course it's much easier to just post "You're an
idiot." because that requires no thought or effort. -i2
\_ Oh, and posting "disconnect from the net if you
want to feel safe" requires effort? Guess what--
you're an idiot, too. -tom
\_ i don't give a rats ass about this thread,
i'm just going to point out that tom has
proven himself to be a total idiot about
a hundred times over on the motd.
\_ Does that include his anonymous postings?
\_ clearly you're dead to sarcasm.
\_ "Sarcasm is hard! Let's go shopping!"
\_ The post above by "i2" is not sarcasm. If you
are i2 then you are a liar, if you are not
then, Guess what -- -!tom
\_ Wow... let it go. Time to move on. Try
Prozac or Ritalin or something.
\_ IP Spoofing isn't that hard and you will also need to ensure
all of the hosts in your list are never compromised. If you are
concerned about security you need to set up your network in
a manner that is secure.
\_ Isn't the known hole in ssh quite hard to exploit?
\_ Yes, and that too only if you have a local account
with a valid passwd and shell. |
| 2002/3/13 [Uncategorized] UID:24093 Activity:high |
3/12 is there something can be done with the following? Obviously it's
an hoax/fraud. Is it important enuf for the FBI to follow?
\_ Don't we have enough spams and scams already? Do you have to put
that on the motd? Get a life.
\_ see you freak'n asshole, people wants to read it. YOU should
go get a life instead of sitting there editing other's mesg.
why are you so fuck'n anal you dumb shit! =D
\_ am i really really dumb, or did the above poster not post
anything?
\_ it was edited
\_ then un-edit it. i want to read it.
\_ it was just the nigerian scam with a minor twist
\_ is that the thing where someone says they need to
sneak something like $50M into the country? ...or
am I thinking of another spam/scam.
\_ Yeah it was something like that. |
| 2002/3/13 [Reference/Military] UID:24094 Activity:very high |
3/12 Fire with Fire:
http://www.omaha.com/index.php?u_np=0&u_pg=36&u_sid=336167
\_ That's fucking hilarious! --scotsman
\_ I'd go to every game just so I could root against them. It would
just be too much fun for me to yell derogatory things about the
the team mascot all game long.
\_ the "what people are saying" is pretty funny too.
\_ AFAIK, the "reds" slaughtered the "fighting whites" at the
battle of little big horn. Wouldn't it be ironic if the
"reds" won this time around as well?
\_ I don't get how the name Fighting Whitie is offensive. Maybe
Horny Whities or Greedy Land Owning Whities, but Fighting Whities?
Gimme a break
\_ how about Manifest Destiny Whities or Small Pox Spreading
Whities or Xeno Killing Whities?
\_ Why not Fighting Nazis? Fighting Klansmen? Fighting Niggers?
Fighting Chinks? Fighting WhItey is not offensive or
attention-getting at all
\_ What if you were a historically subjugated minority and then had
to see a belligerent caricature of your ethnic group all over
national television? Do you think that'd make you feel good?
Hell no. Damn Notre Dame.
\_ so judging by the above posts, do people generally not see
the native american sports team names as a bad thing at all? |
| 2002/3/13 [Uncategorized] UID:24095 Activity:nil |
3/12 Restored. Why do people bother? |
| 2002/3/13 [Computer/SW/WWW/Browsers] UID:24096 Activity:high |
3/12 what do you think about listening to internet radio or mp3s using
computer at work?
\_ how does this differ from bringing your CD player to work
and listening to music?
\_ depends on what work you are doing. Tech Support? Software
Engineering?
\_ I think it's a fine idea.
\_ Are you questioning a bandwidth or noise polution policy, or
a time waster policy. The former are valid concerns. The
latter is just stupid. If the employee is being productive,
taking away their music would be vindictive and pointy-haired.
If they're not being productive, music is probably not their
only problem. --scotsman
\_ on a somewhat related topic, will this XM radio idea ever
take off?
\_ are you willing to pay $9.99 a month for it?
\_ work shud never be fun.. stop fukn around and work.. -shac |
| 2002/3/13 [Computer/SW/SpamAssassin] UID:24097 Activity:high |
3/12 Have any other people got the RessumeRabbit spam from "Daniel
Johnson"? I want to respond to tell him to leave me alone but I'm
worried this will just confirm my email as active... has anyone
else replied to this? ... what happened? - rory
\_ It's spam. Why would anyone reply? You used a throw away email
address for your job hunting and resume posting... right? You
wouldn't do some newbie thing like use your real address in a forum
that you *know* is getting put into 500000 million databases which
get sold and resold to idiots like that... right? You *do* have
tons of throwaway addresses because you're smart... right?
\_ Got one from Todd Fisher |
| 2002/3/13-14 [Computer/SW/Unix] UID:24098 Activity:very high |
3/13 Lets say your / is getting full quickly for some off reason... where
could the culprit be? I already looked at /var/adm/log and stuff...
\_ /tmp?
\_ And if you're desperate 'find' with the right options might show
you a single file on the partition that's huge (and growing). Or
a 'du' if you're *Really* desperate or lazy.
\_ lsof can work wonders here. What can sometimes happen is that a
file can be deleted (or hidden because you mount something over
the directory where it exists), and you neglect to HUP a daemon
that's writing to it. The file won't actually go away until the
daemon closes it's filehandle. find will never find such a file.
lsof will. -dans
\_ What's wrong with du? du -hx -d1, then choose the largest
directory and go from there.
\_ Not all versions of du are the same. Just like not all
versions of find are the same, etc. My reply assumed a
base level version of each command that didn't have all the
zillions of options that the latest gnu has. I did say if
they have the right options, etc. Man pages are your friend.
My local base install is older and doesn't have a 'dont cross
file system boundary' option. I have the gnuer version also
but that was my choice to install it. The OP may not have.
Besides, du can be ugly and slow. It's an act of desperation
for only when a quick bit of manual snooping in the obvious
/tmp and log directory type places doesn't work.
\_ /var/mail and /var/spool
\_ /homes/user/pr0n |
| 2002/3/13 [Uncategorized] UID:24099 Activity:nil |
3/13 "SPECIAL OFFER: For a limited time only, you will receive a FREE
personal brass hookah with the Ultimate Herbaceous Intro Offer as our
gift to you. This hookah has a retail value of $25.00."
I'm *sooo* glad that domain ownership records are public. Sure this
got pre-filtered into my crap folder but really.... |
| 2002/3/13 [Uncategorized] UID:24100 Activity:nil |
3/13 Post 9/11: Are there still bomb threats at Berkeley? Evans Hall?
\_ Hopefully. |
| 2002/3/13-15 [Uncategorized] UID:24101 Activity:high |
3/13 I'm writing a program called diff_tex which takes 2 tex files,
OLD and NEW, and produces a version of NEW with changes
highlighted in some manner. At first I tried putting
\begin{bf} and \end{bf} enclosing lines where changes had
occured but this can cause problems inside equation, align,
or tabbing environments. Does anyone know of a way to highlight
something (bold, italics, red, whatever) such that it will work
in most latex environments? Thanks. -emin
\- i am not sure what you are setting out to accomplish but i am
not sure it is feasible. i mean tex can be a full blown
language and just looking at text diff probably wont cut it.
e.g. if macro are redefined etc. --psb
\_ put boxes around it?
\_ Do you mean with \fbox? The \fbox command seems even less
robust than other things like \begin{bf} ... \end{bf}.
Are there tricks for making \fbox robust? Thanks. -emin
\_ I think green boxes with reddish brown flowers on a bed of darker
green grass or maybe clovers....
\_ We started out with boxes but they're too much work. We've settled
on good old fashioned, herbicide-sucking turf.
\_ We started out with boxes but they're too much work. We've
settled on good old fashioned, herbicide-sucking turf.
\_ Maybe a nice red brick pathway lined by dasies would put the
right touch to it.
\_ Hmmm. That's not a bad idea. We'll just have be careful not
to mow the flowers when we mow the lawn. Maybe putting in a
wire border high enough to stop the fender...
\_ Well the flowers go "back" a bit from the edge so it'll
be hard to mow the flowers by mistake. You only need
about 6 inches of clearance between the edge and the
plants. Good luck with it! Post pics when you're done.
\_ I don't know any tricks for \fbox. What if you just
delimited all changes with special characters?
e.g. ***** something that was changed ****** |
| 2002/3/13-14 [Politics/Domestic/California, Politics/Domestic/President/Bush] UID:24102 Activity:moderate |
3/13 http://www.nytimes.com/2002/03/13/international/13CND-ZIMB.html oh, the irony: In Washington, a statement by Secretary Powell said "Mugabe can claim victory but not democratic legitimacy." \_ What's the irony in that? \_ The touchy feely gore lover who posted this believes that bush and co did not win the election in a democratic way because they didn't let "every vote be counted" and had a bunch of cronies in the sc rule in thier favor. \_ Oh. Is this that nonsense about stealing the election even though no matter how they counted and recounted it afterwards the best they could do was a three (3) vote win for Gore under some extremely unlikely and bizarre circumstances? You mean that election where every vote got counted so many times the chad was falling out of ballots all over the floor and tables? Thanks. Now I know. |
| 2002/3/13-14 [Politics/Foreign/Asia/China] UID:24103 Activity:high |
3/13 Now blocking entire *.tw and *.cn at home. .kr is going in there too
if I ever get spammed from there.
\_ Why is it that a lot of Chinese flock to get rich quick schemes?
- Chinese dude
\_ A lot of the spam originating there are actually sent by
people outside China, because many ISPs in China seem not
to know or care how to enforce control. Maybe some sodan
should get a job there.
\_ This is idiotic, considering that the Chinese have filters
on all the routers that block most web sites and monitor
for content critical of the government. The more likely
analysis is that the communist Chinese just don't care. |
| 4/14 |