Berkeley CSUA MOTD:Entry 18847
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/25 [General] UID:1000 Activity:popular
5/25    

2000/8/2-3 [Computer/SW/Security] UID:18847 Activity:kinda low
8/1     The java SSH client we have running does not use https:// so i
        assume that when i put in my password it gets sent plain text.
        isn't the whole idea of dis-allowing telnet was to aviod the
        sending of plain text passwords?
        \_ nothing to do with it.  the http part is just to download
           the ssh client locally.  from there, you run ssh which
           creates a secure connection to the remote host (which is
           where your password gets transmitted).
           \_ What (s)he said.  Of course, if you're really paranoid, you
              should care that you didn't download the java ssh client via
              https, because someone who noticed you fetch it a lot could
              hijack your download and replace the safe app with a compromised
              one.  Unlikely?  Sure!  But then again... you're using ssh
              instead of telnet, so....
              \_ I thought this would be a problem too. But when running
                 unsigned Java applets, aren't network connections
                 restricted to the host that the applet was loaded from?
                 This wouldn't eliminate the vulnerability, but it would
                 at least limit it. (A rogue program would have to be
                 set up on the web server which listened for connections
                 from hacked ssh clients.)
                 \_ That's the theory.  You trust it in practice?
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/25 [General] UID:1000 Activity:popular
5/25    

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil
4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...
2009/7/8-16 [Computer/SW/OS/Linux, Computer/SW/Unix] UID:53124 Activity:nil
7/7     what happened to our web presence? http://www.csua.berkeley.edu
        not working
    \_ That would be because we've yet to set them up afaik. Steven *does* have
    a job after all. The idea is that we want a separate computer mounting the
    web directories, so that if an exploit compromises the webserver, the shell
    server (soda) itself will be insulated from the attack.
	...
2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089
6/28    Hello everyone,
Logins to soda are back open.  The new ssh key is
2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Please allow public key authentication since it is more secure
than plain password. Also if you see this posting, it means
anybody could have posted the annoucement.  Because  the
	...
2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083
6/29    Please allow public key authentication since it is more
        secure than plain password.  If you see this posting, it
        means anybody could have posted the annoucement.  Because
        the official csua web site is still down., this makes it a
        little suspicious to the truly paranoid.
        p.s.  this web entry format is counter intuitive.  And how come
	...
2009/2/10-13 [Computer/SW/Security, Computer/SW/Unix] UID:52552 Activity:nil
2/10    I have an sh file that does a mount.. the mount does an
        authentication. I previosly stored the username and password
        from zenity prompts. However, I can't get a return on the password
        field. The following only works on the username:
        mount -t davfs "http://blahblah.com/BLahUser11" /mountdir << EOF
        ${username}
	...
2009/1/15-23 [Computer/SW/Languages/Java, Computer/SW/Security] UID:52394 Activity:nil
1/15    http://cwe.mitre.org/top25
        2009 CWE/SANS Top 25 Most Dangerous Programming Errors
        \_ "Avoid inconsistent messaging that might accidentally tip off
           an attacker about internal state, such as whether a username
           is valid or not."  Really?  Fuck you buddy.  I don't always
           remember what my goddamn username was on your stupid fucking
	...
2009/1/5-8 [Computer/SW/Unix] UID:52313 Activity:kinda low
1/3     no hurry but do you know of:
        $ chsh
        Password:
        Enter the new value, or press return for the default
         Login Shell [/usr/local/bin/bash]: /bin/zsh
        failed: Insufficient access
	...
2009/1/2 [Computer/SW/Security] UID:52311 Activity:nil
1/1     Is email still down?  My outgoing email seems to be not working.
        Also ssh password login seems to be not working (but certificate works).
        Thanks and Happy New Year.
	...