Berkeley CSUA MOTD:Entry 14400
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/24 [General] UID:1000 Activity:popular
5/24    

1998/7/27-29 [Computer/SW/Security, Computer/SW/Unix] UID:14400 Activity:high
7/27    One of the instructional computers was found cracked and was
        possibly running a sniffer. Since the machine in question was
        on the 43 net, soda accounts might have been compr[o]mised.
        \_ are there political problems w/ turning off rsh telnet and
          so on (in favor of ssh)
          \_ Is that a pretty elitist point of view?  Maybe we should just
             leave rsh/telnet enabled, but force them to use a one-time-use
             password scheme.
          \_ lots of people don't access to ssh.
          \_ lots of people don't [have] access to ssh.
          \_ SSH does not work well with some corporate firewalls
          \_ A more 3l33t plan would be to unplug soda's net connection, and
             have all interaction with the machine be via hardwired TVI 920
             terminals.  All the terminals would be in the same room as soda
             (to make sure that hackurs from the outside don't splice their
             way into the wiring), and that room would be TEMPEST shielded.
             \_ and what would we use soda for it it had no net connection?
        \_ Don't use telnet.  Don't use telnet.  Don't use telnet.
           (I have said it thrice; what I tell you three times is true.)
                \_...or ftp, or pop3...
           \_ Kerberized telnet?  telnet -x otherhost
                \_ not to soda
           \_ sometimes we have to connect to soda from devices that don't
              support anything BUT telnet. Like routers and access servers.
              We need one-time-passwords  on telnetd. -ERic
        \_ but was the snark a boojum?
           \_ The snark WAS a boojum, you see.
                \_ If your firewall is lame-ass (i.e. run by BBN because
                   some marketroid thought it would be a good idea) and
                   you are forced to use telnet, do what you can to set up
                   one-time passwords via s/key.  There is a free WinBlows
                   one-time password computer available out there (I got
                    my copy from somewhere on <DEAD>ftp.msri.org<DEAD>) and if you want
                   to port it to another UNIX then we have source here on
                   soda.  Doesn't solve all problems, but at least prevents
                   scriptkiddies from grabbing your real password.
                   rtfm on skey(1) for more info.  -- tmonroe
                   \_ Might want to check out OPIE instead of S/Key. --dim
                      \_ urlP
                         \_ ftp://ftp.nrl.navy.mil/pub/security/opie or
                            ftp://ftp.inner.net/pub/opie  --dim
                   \_ One-time passwords are somewhat limited compared to
                      SSH, though, since they don't typically encrypt the
                      contents of your session (thus preventing you from
                      safely typing other passwords from within telnet).
                      Better than nothing, though.
                      \_ The point was not everyone can use ssh.
                      \_ ssh is also much better than telnet for dealing
                         with flaky connections that drop a lot of packets
                         for extended periods of time, if you don't want
                         to lose link.  For some reason.  Can someone
                         explain this?  I'm curious.  -John
                         \_ TCP_KEEPALIVES-- telnet uses them, ssh doesn't.
                            odd that the SO_KEEPALIVE would cause to lose
                            connections in a lossy network, but thats how
                            it works. -ERic
        \_ Since the 43-net runs through public access labs that anyone can
           bring their laptop into and start sniffing, always assume packets
           to soda are being sniffed.
           \_ Why isn't access at the public access labs run on switches?
              Is there a reason to expose the communications "backbone"?
                \_ What's the notation for "current PID" in most shells and
                   Perl?  There's your answer.
                        \_ Geek.  Just say $$.  Sheesh.  Had to be "clever"?
                \_ Switches cost money - the dept's just barely finishing
                    converting Cory Hall - Soda Hall is scheduled to be
                    converted as soon as they figure out who's paying for it.
                    \_ the cost difference between switched and shared is
                        negligible these days.  -tom
                        \_ But they already have shared and already paid.
                           Also, maybe they want to wait for Fast Ethernet?
                \_ Because the university by its nature is always behind.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/24 [General] UID:1000 Activity:popular
5/24    

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil
7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...
2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil
4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...
2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil
5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...
2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil
2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...
2012/3/29-6/4 [Computer/HW/Memory, Computer/HW/CPU, Computer/HW/Drives] UID:54351 Activity:nil
3/29    A friend wants a PC (no mac). She doesn't want Dell. Is there a
        good place that can custom build for you (SSD, large RAM, cheap video
        card--no game)?
        \_ As a side note: back in my Cal days more than two decades ago when
           having a 387SX made me the only person with floating-point hardware,
           most machines were custom built.
	...
2012/1/27-3/26 [Computer/SW/Unix] UID:54299 Activity:nil
1/27    Interesting list of useful unix tools. Shout out to
        cowsay even!
        http://www.stumbleupon.com/su/3428AB/kkovacs.eu/cool-but-obscure-unix-tools
        \_ This is nice.  Thanks.
	...
2011/10/26-12/6 [Computer/SW/Unix] UID:54202 Activity:nil
10/24  What's an easy way to see if say column 3 of a file matches a list of
       expressions in a file? Basically I want to combine "grep -f <file>"
       to store the patterns and awk's $3 ~ /(AAA|BBB|CCC)/ ... I realize
       I can do this with "egrep -f " and use regexp instead of strings, but
       was wondering if there was some magic way to do this.
       \_ UNIX has no magic. Make a shell script to produce the ask or egrep
	...
2010/3/10-30 [Computer/SW/Mail] UID:53751 Activity:nil
3/10    What email program do people in Cal CS use nowadays?  In my school days
        people used /usr/bin/mail, then RMail in emacs, then VMail in emacs.
        After my days people used Elm, Pine, Mutt (I forgot which order).  In
        my first two jobs we could tell the seniority of fellow engineers based
        on which email program they use at work, because everyone used what
        they used to use in their school years.  In my last two jobs though,
	...
2009/11/13-30 [Computer/SW/Unix] UID:53523 Activity:nil
11/12   How does one find out if a system has rootkit installed?
        \_ Unix or m$?
           \_ Unix. On M$ I always assume it's compromised.
              \_ Install Tripwire before you plug your server into The Net?
                 The only other answer I can think of is to reinstall the
                 OS from scratch on another server and do an md checksum
	...
2009/9/4-12 [Computer/SW/OS/FreeBSD] UID:53331 Activity:kinda low
9/4     I'm seriously very happy Soda no longer runs FreeBSD.
        FreeBSD is really going down the tubes
        http://freebsdgirl.com/2009/08/its-a-dirty-job-but-someone-ha.html
        \_ funny, I dont remember it geting pwned anywhere near as many tmies
           as it has since the switch to Linux.  And that blog post is
           only abou the installer, not the running OS
	...