Berkeley CSUA MOTD:Entry 20447
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/16 [General] UID:1000 Activity:popular
7/16    

2001/1/27-28 [Computer/SW/Security] UID:20447 Activity:moderate
1/26    anyone ever heard of a linux kernel patch that prevents
        non root users from seeing the processes of other users?
        what's it called?
        \_ it's called "stupid"
           \_ What's "stupid" about it?  Gosh, maybe this is for something
              "stupid" like an ISP that allows shell access but wants to do
              some stuff to keep users from invading each other's privacy?
              Yeah, that's really "stupid".  You're right.  Who would want
              something "stupid" like that?
        \_ it's called uclink2
           \_ reference to "uclink2" shows one's age.  guess what?
              there's no Web under Evans anymore either!
        \_ http://www.openwall.com
        \_ I don't think you need to patch the kernel.. I think this is the
           default behavior if you make ps, top, and whatnot !setuid
           root/mem/whatever.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/07/16 [General] UID:1000 Activity:popular
7/16    

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil
9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
Cache (4622 bytes)
www.openwall.com
You are encouraged to use the mirrors, but be sure to verify the 40 signatures on software you download. We publish 41 security advisories, do 42 presentations, offer a number of 43 services, and accept 44 donations. We also maintain a 45 wordlists collection for use with password crackers such as 46 John the Ripper and with password recovery utilities, and a collection of pointers to 47 password recovery resources on the Net. The proper English explanations of requirements for strong passwords will now be generated for a wider variety of possible settings. October 10, 2003 An extensive 70 wordlists collection with wordlists for 20+ human languages and lists of common passwords is now available for download or 71 purchase on a CD (also 72 with UPS delivery options). September 15, 2003 There's a new development version of 73 John the Ripper featuring an event logging framework. John now logs how it proceeds through stages of each of its cracking modes. April 27, 2003 77 msulogin is now available separately from Owl. February 9, 2003 We're making public the 83 updated Openwall GNU/*/Linux presentation slides as used at FOSDEM, the third Free and Open source Software Developers' European Meeting, on February 8-9, in Brussels, Belgium. There's also the pre-FOSDEM 84 interview with Solar Designer available on 85 the conference web site. January 11, 2003 The 86 PAM modules and the 87 tcb suite that were originally developed for 88 Owl are now also conveniently linked from this web site. December 16, 2002 A popa3d Maildir support patch has been added to the contributed patches list on the 89 popa3d homepage. DAT) when running on any of the supported platforms, due to patches and VMS executables contributed by 92 Jean-loup Gailly. October 7, 2002 A 96 Russian translation of the Owl documentation and web pages is available. August 30, 2002 It is now possible to 100 order Owl on a CD. May 3, 2002 We're making public the 103 updated Openwall GNU/*/Linux presentation slides as used at CanSecWest/core02 information security conference on May 1-3, in Vancouver, Canada. April 18, 2002 New versions of 104 pam_passwdqc, the password strength checking PAM module, and 105 popa3d, the POP3 server, are available. February 27, 2002 We're making public our NordU2002 presentation slides on 107 Openwall GNU/*/Linux and on 108 SSH Traffic Analysis (which is just an updated version of the HAL2001 presentation). This version adds support for Solaris with native pam_unix. Please refer to the 113 Owl change log for information on the vulnerabilities and how they affect 114 Owl. It also adds certain bits of functionality that previously were missing or available as third-party patches only. Please test and report any problems you may have with this development version, especially on less common platforms, as popa3d is approaching a stable release. August 22, 2001 We're making available our HAL2001 presentation slides on SSH traffic analysis, conveniently linked from the 117 advisories page. August 6, 2001 We've updated our 118 security advisory on Passive Analysis of SSH (Secure Shell) Traffic with additional vendor fix information for TTSSH and for affected Cisco products. The updated advisory includes a bugfixed and improved version of SSHOW, the tiny SSH traffic analysis tool we use to demonstrate the attacks. Another recent addition is the OpenBSD-like change logs for both the 120 current and the 121 stable branch. The license for the entire package has been relaxed, and popa3d should be smaller and more portable now. May 12, 2001 After months of development we're making public a prerelease of 124 Owl, our security-enhanced server platform with 125 Linux and 126 GNU software as its core. It adds two functions and a manual page describing the programming interfaces, including on systems based on the GNU C Library with crypt_blowfish patched into libcrypt. The cracker is based on analysis by Thomas Roessler and Ian Goldberg. March 19, 2001 We've just published a 131 security advisory entitled Passive Analysis of SSH (Secure Shell) Traffic. This advisory demonstrates several weaknesses in implementations of SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. Fix information, patches to reduce the impact of traffic analysis, and a tool to demonstrate the attacks are provided. February 9, 2001 Updated 132 Linux kernel patches have been released, which include fixes for the two recently announced Linux kernel vulnerabilities, both of which can result in a local root compromise.