Entry 16614 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 16614

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/24 [General] UID:1000 Activity:popular

5/24

1999/9/28-30 [Computer/SW/WWW/Server, Computer/SW/Security] UID:16614 Activity:high

9/28    Hi -- say Im using apache+openssl, but Im using basic (not digest)
        http authentication for a dir under https;  is that initial password
        transaction encryped over ssl?  In other words, do I make basic http
        auth more secure (non-sniffable) by using openssl, or am I still
        screwed.  Yes, I could sniff the packets, but Im lazy:)
        \_ Get your lazy ass outta your chair, pick up your Visa, and buy
           Stronghold!
              \_ apache+openssl is working fine and free -- I just had the
              above question, that's all.  Do ya know the answer?
                \_ And illegal in the US, but who cares about that...
        \_ if you're too damn lazy to run "tcpdump 443 | strings", you
                        \_ They can have my STRONG CRYPTO when they pry
                           it out of my cold, dead hands!!!!~@~@!!!@~@!@!
                           \_ You'd be the first to give up your strong crypto
                              when the MIB show at your door.  Talk is cheap.
                                \_ It's not the men in black coming after you
                                   it's RSA's lawyers with patent infringement
                                   lawsuits.
                                   \_ What color suits do lawyers tend to wear
                                      these days?
        \_ if you're too damn lazy to run "tcpdump port 443 | strings", you
           deserve to get hacked, then fired.
           \_ I think a more important issue (it turns out) is client
              caching of the password, so it's a bad idea anyway....
        \_ I thought it was legal as long as you didn't use any of the
           patented crypto code like idea and rsa. --marc
                \_ I refuse to use anything unless my use is considered a
                   violation of patent, copyright, or arms control laws.

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/24 [General] UID:1000 Activity:popular

5/24

You may also be interested in these entries...

2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil

6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2009/7/8-16 [Computer/SW/OS/Linux, Computer/SW/Unix] UID:53124 Activity:nil

7/7     what happened to our web presence? http://www.csua.berkeley.edu
        not working
    \_ That would be because we've yet to set them up afaik. Steven *does* have
    a job after all. The idea is that we want a separate computer mounting the
    web directories, so that if an exploit compromises the webserver, the shell
    server (soda) itself will be insulated from the attack.
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089

6/28    Hello everyone,
Logins to soda are back open.  The new ssh key is
2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Please allow public key authentication since it is more secure
than plain password. Also if you see this posting, it means
anybody could have posted the annoucement.  Because  the
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083

6/29    Please allow public key authentication since it is more
        secure than plain password.  If you see this posting, it
        means anybody could have posted the annoucement.  Because
        the official csua web site is still down., this makes it a
        little suspicious to the truly paranoid.
        p.s.  this web entry format is counter intuitive.  And how come
	...

2009/3/19-23 [Computer/HW/Drives] UID:52735 Activity:low

3/19    Pres. Obama's gift of DVDs doesn't even play in England
        http://www.telegraph.co.uk/news/newstopics/mandrake/5011941/Gordon-Brown-is-frustrated-by-Psycho-in-No-10.html
        \_ maybe it's a crypto-protest against region'd DVDs
	...