Entry 29342 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 29342

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/07/08 [General] UID:1000 Activity:popular

7/8

2003/8/14-15 [Computer/SW/Security] UID:29342 Activity:high

8/13    Read your Soda mail on the web: http://dev1.bnet.org/imp
        No warranties, but you can mail me w/ questions/comments.
        IMP does this semi-securely(?) using IMAPS (port 993). -abe
        \_ so wait, it uses imap-ssl but you suggest we login via
           plain text http? brilliant. why not just use something
           like http://www.mail2web.com instead?
        \_ who would trust your site anyway? if people want something like
           \_ and to connect to it over straight http...
           this, csua should just install squirrelmail or something.
        \_ Which could very easily be used to gather passwords.  Come on,
           people... SSH tunnels and IMAPS are really not that hard to set up.
           --scotsman
           \_ Not that easy if you are on some webterminal while on vacation.
                \_ I found that going to the putty download page and running
                   from there often worked to ssh in.
        \_ Of course I could easily use it to gather passwords. CSUA *should*
           install something like IMP (or squirrelmail, or whatever), but they
           haven't, so this is an alternative. of course, you have to trust
           me and my server (which I probably wouldn't). -op
           \_ not for "you" to gather passwords.  for a man-in-the-middle
              between you and the hapless user. --scotsman
           \_ I guess it's about like http://csua.org/u but it's a potential
              security/privacy hazard.  So, if I may speak for the motd,
              we thank you but respectfully decline.
              \_ Um.  It's nothing like http://csua.org/u  the url shortener doesn't
                 have anything to do with your login on soda.  and it doesn't
                 \_ um. the reading comprehension thing again. -not 2 up
                 open you up to having your account nabbed by a sniffer.
                 Again I say come on... --scotsman
                 \_ um. the reading comprehension thing again. -not 2 up
        \_ Wow that's great!  It uses my MSPassPort(c), right?  I use my
           MSPassPort(c) for everything!  But if you're not MSPassPort(c)
           compatible your site will never grow!
        \_ guys, come on. It's a PROOF OF CONCEPT. Give the guy a break.
           Change your password and give it a try, then change it back.
           If it's cool maybe we could sign a petition to install similar
           stuff on trusted CSUA machines. Now if only we could petition
           a Recall on Poliburo, that'd be even better.
           \_ arnie for csua president!
           \_ Why would you trust a CSUA machine?
                \_ I trust any CSUA Linux/BSD machine over any corrupt and
                   disfunctional CSUA Poliburo any time.
        \_ it is a nice program, thank you!!

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/07/08 [General] UID:1000 Activity:popular

7/8

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil

9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...

2009/10/1-21 [Computer/SW/WWW/Browsers] UID:53417 Activity:moderate

10/1    I am thinking of installing firefox on soda under my home directory.
        Will this make me a hozer?
        \_ Possibly. I wonder if we should have another VM for that...btw,
           I remember someone saying they're glad we're not on FreeBSD
           anymore, but last I checked, a bunch of our stuff is on FreeBSD,
           but our login server is not.
	...

2009/7/8-16 [Computer/SW/OS/Linux, Computer/SW/Unix] UID:53124 Activity:nil

7/7     what happened to our web presence? http://www.csua.berkeley.edu
        not working
    \_ That would be because we've yet to set them up afaik. Steven *does* have
    a job after all. The idea is that we want a separate computer mounting the
    web directories, so that if an exploit compromises the webserver, the shell
    server (soda) itself will be insulated from the attack.
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089

6/28    Hello everyone,
Logins to soda are back open.  The new ssh key is
2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Please allow public key authentication since it is more secure
than plain password. Also if you see this posting, it means
anybody could have posted the annoucement.  Because  the
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083

6/29    Please allow public key authentication since it is more
        secure than plain password.  If you see this posting, it
        means anybody could have posted the annoucement.  Because
        the official csua web site is still down., this makes it a
        little suspicious to the truly paranoid.
        p.s.  this web entry format is counter intuitive.  And how come
	...

2009/3/8-17 [Computer/SW/Unix] UID:52685 Activity:kinda low

3/8     I'm reading about an old exploit where someone used a buffer overflow
        in a printer daemon to get "daemon privileges," which allowed them
        to use another exploit on the mail delivery program to get root.  I'm
        not sure what daemon privileges are.  Is there some set of priveleges
        that most daemons run on that is higher than user but lower than root?
        What are they?  I've never heard this before.
	...

Cache (21 bytes)

dev1.bnet.org/imp -> 204.102.118.3/imp/Port 80 References 1.

Cache (127 bytes)

www.mail2web.comPick Up Your Email From any computer, anywhere in the world. No need to register! Go Customize your mail2web now! References 1.

Cache (82 bytes)

csua.org/u -> csua.org/u/To easily shortcut URLs from anywhere, bookmark this link: 22 Shortcut This URL 7.