3/15 |
2001/4/22 [Computer/SW/Security, Computer/SW] UID:21052 Activity:very high |
4/21 Do you like to code/hack? \_ Yes. \_ hack is a dirty word. \_ to "professionals", yes, but what about crypto and software and computer pioneers? \_ to me, it mean "threw together code quickly without much forethought", does it mean different to other people? |
2001/3/22 [Computer/SW/Security] UID:20880 Activity:nil |
3/20 tom's ridiculous and endless whining about ssh purged. if tom was a man he'd give himself twink points everytime he brings it up. you can login. ssh1 works fine. now stfu and get over it. |
2001/3/21-22 [Computer/SW/Security] UID:20875 Activity:low |
3/20 \_ what about the broken sshd? -tom \_ Its not broken. It works fine for SSHv1 and OpenSSH clients. Get a different client. \_ what would you call a server that violates protocols? I would call it broken. The fact that openssh clients also violate protocols doesn't make the server any less broken. And, once again, there's ABSOLUTELY NO ADVANTAGE TO USING OPENSSH. -tom \_ Totally there is! Open source! \_ Why don't we run both versions? Run the non-OpenSSH version of port 69 so that tom will shutup. \_ Uh, its free and it comes preinstalled with *BSD, MacOS X, Linux, etc. WTF would I want to download something extra from http://ssh.com that isn't nearly as well audited as OpenSSH and isn't free for corporate users? \_ what difference does it make whether it's free for corporate users? You would want to download it because IT SUPPORTS MORE CLIENTS. Are you really this stupid? -tom \_ Because some of us are corporate users, not gub'ment 'ployees. \_ we're not talking about what you install in your cube. you can connect to soda if it's not running openssh. -tom http://ssh.com's ssh server doesn't like _/ OpenSSH clients and it doesn't like NiftyTelnet SSH on the mac (ie it will randomly drop my connection and scp doesn't work right), both of which currently work with soda's OpenSSH server. No reason to switch since switching would reduce the number of clients that are supported. \_ Bullshit. I am using both openssh clients and NiftyTelnet with http://ssh.com's server and they work fine. -tom \_ since you clearly are not making any progress getting the powers that be to switch from OpenSSH, why don't you harass the OpenSSH people and get them to fix it? \_ So, you like the added bloat of having to start the ssh1 daemon every time an ssh1 client connects? Once OpenSSH supports shession rekeying (promissed in the next major release) there will be no reason not to use OpenSSH. |
2001/3/21-22 [Transportation/Car, Computer/SW/Security] UID:20873 Activity:very high |
3/21 Went for a regular cleanup but the medical bill sez the doc did root canal and 6 x-rays. It said I had to pay 20% of the copayment to the doc but the doc sez to just ignore it. what's going on and what should i do 'bout it? \_ mmm, medical insurance fraud. \_ the doc over-charges. If the actual charge is $100, the doc is reporting the cost to be $120, so the $20 you supposedly need to pay is included in the overcharged amount. It is a win-win situation for you and your doc. Pretend that you don't know about it and play along. \_ I already paid a fuckin $10 copayment, and the insurance is paying $725 for a $50 cleanup. What the fuck? \_ its called fraud. If you're annoyed about it talk to your \_ If that's the case, I think you should also charge the doc 20% for your "services". insurance provider to get yer doc busted. \_ This is why medicare and medicaid are going bankrupt. As a taxpayer, thanks! \_ Do you even know what medicare is? If you did you would be able to figure out that the original poster isn't even qualified for it. \_ liberal solution: spend more on medical/care to cover the fraud. ITS FOR THE CHILDREN! \_ Yeah, totally. I'd pay anything and give up all my freedoms so long as it was for the children. \_ That's your frequent flyer miles rebate. \_ I read an article in Smartmoney magazine saying that doctors are not earning as much as they used to. Many are working longer hours, selling their Porches, and putting their children in public instead of private schools. Also, they no longer small talk or develop a personal \_ They make the same, but they have to work harder for it. Tough. For $350,000 they can deal. There's a lot of competition driving down prices. Most of my doctors don't even charge me the co-payment (they "forget") so it's not like they miss that extra $10 from each patient. The fee schedule is all out-of-whack with reality thanks to HMOs. For example, buying a certain medication through my HMO = $10 copayment. Buying it "without insurance" = $6.50. That's why I *always* ask how much the drug is retail cost, and it's not limited to drugs. The HMOs are screwing the doctors and the patients. --dim \_ But HMOs are FOR THE CHILDREN! Don't you care about THEM!? relationship with their patients but go right to the diagnosis in a production line manner. \_ And this is supposed to excuse fraud? \- If this has really happened to you, you have a obligation to bring it up. It'd really bad to let them get away with this. This is hardly a Jean Valjean stealing a loaf of bread. |
2001/3/21 [Computer/SW/Security] UID:20865 Activity:very high |
3/20 Hi. it appears that people have been flaming ][e about vp-like administrative policies. In the future, please direct the mail to vice-president@csua.berkeley.edu (duh). - paolo \_ Jon's just pissed 'cuz he did more work than he had to \_ He's under no contractual obligation to do anything if he doesn't want to. \_ Just as the VP is under no obligation to do his job if he doesn't want to. I guess he should email poliburo about it. \_ Actually, the VP has obligations as outlined in the CSUA Constitution. If he is unable to perform these duties, he should resign. \_ he should email vp about it then. - paolo \_ I have paolo. I'm still waiting for you to do your job. -Jon \_ i'm not seeing anything new to root or vp, unless it's the .43 net thing which is solved already. - paolo \_ what about the broken sshd? -tom \_ Its not broken. It works fine for SSHv1 and OpenSSH clients. Get a different client. \_ what would you call a server that violates protocols? I would call it broken. The fact that openssh clients also violate protocols doesn't make the server any less broken. And, once again, there's ABSOLUTELY NO ADVANTAGE TO USING OPENSSH. -tom \_ Totally there is! Open source! with *BSD, MacOS X, LinSUX, etc. \_ Why don't we run both versions? Run the non-OpenSSH version of port 69 so that tom will shutup. \_ Uh, its free and it comes preinstalled with *BSD, MacOS X, Linux, etc. WTF would I want to download something extra from http://ssh.com that isn't nearly as well audited as OpenSSH and isn't free for corporate users? \_ what difference does it make whether it's free for corporate users? You would want to download it because IT SUPPORTS MORE CLIENTS. Are you really this stupid? -tom \_ Because some of us are corporate users, not gub'ment 'ployees. \_ since you clearly are not making any progress getting the powers that be to switch from OpenSSH, why don't you harass the OpenSSH people and get them to fix it? \_ So, you like the added bloat of having to start the ssh1 daemon every time an ssh1 client connects? Once OpenSSH supports shession rekeying (promissed in the next major release) there will be no reason not to use OpenSSH. \_ That's an old thing that he isn't fixing, not a new thing. \_ well, like Jon said, he's not doing his job. -tom \_ It's a student .org. No one cares but you. Run for VP. Oh wait, you can't. \_ what the fuck are you bitter, insignificant poor suffering morons whining about? \_ lack of asian chic? \_ azn chix p. \_ SKY? Is that you SKY? Is Muchandr dead? \_ Muchandr is not dead, but he looks like a shadow of his former rambunctious self, haunting Berkeley downtown. |
2001/3/19-20 [Computer/SW/Security] UID:20846 Activity:moderate |
3/19 Hi, I'm looking for a simple encryption program for PC/w2k. I want to create a directory and everything I copy into that directory gets encrypted. It can pop up a window and ask me for a passphrase. That's not a big deal. Is there something simple like that? \_ There was something or other PGP that could encrypt a partition... \_ PGPdisk \_ store your porn offsite. it'll be safer there. |
2001/3/15 [Computer/SW/Unix, Computer/SW/Security, Computer/SW/OS] UID:20794 Activity:nil |
3/14 My saiden/cory account is disabled and my http://www-inst.eecs.berkeley.edu/~myself page is gone. If I'm a grad student how long do I get to keep my account? I'd love to have http://www.cs.berkeley.edu/~myself to be up forever. \_ nmap http://www.cs.berkeley.edu to figure out what OS its running. Get out your root kit for that OS and get root. |
2001/3/14 [Computer/SW/Security] UID:20773 Activity:high |
3/13 When I ssh from my computer to this one machine, I get: No agent. But when I go to a different machine I get: Connection to authentication agent opened. How do I fix the "no agent" problem? \_ Let me read your mind... |
2001/3/13 [Computer/SW/Security] UID:20768 Activity:nil |
3/12 What command do you use to generate a new /etc/ssh_host_key and /etc/ssh_host_key.pub for a new machine? |
2001/3/13-14 [Computer/SW/Security] UID:20765 Activity:low |
3/12 Need a secure way to encrypt files? Try Pig Latin! (and you thought all those Pig Latin routines you learn in 61A would goto waste) http://www.cnn.com/2001/TECH/internet/03/12/napster.02/index.html \_ Uh huh.... \_ Okay, so it is illegal to systematically un-Pig-Latinify the file names. But what excuse does Napster have to not simple Pig-Latinify the list of song names that it's supposed to block, and match the new list with the file names? There's no law saying you can't compare encrypted info with encrypted info, right? |
2001/3/10-12 [Computer/SW/Security] UID:20745 Activity:high |
3/9 Whenever I attempt to scp something, I get the following error: "Warning: no access to tty (Bad file descriptor). Write failed flushing stdout buffer. stty: stdin isn't a terminal write stdout: Broken pipe" How do I fix this? \_ Remove stty & similar settings from .cshrc/.login/.profile or put them inside 'if ($?prompt)' so they don't run when scp connectes \_ What other sorts of things should I check for? It's still broken but there's a different error now. But there's a different error now. \_ whats the best way to check for that for sh/ksh? \_ 'if ($?prompt)' is a shitty hack by an newbie. The correct way to do this in any shell is via tty. Put the interactive stuff in your .profile into the following wrapper: if tty -s > /dev/null 2>&1 ; then : # your interactive stuff here fi \_ dont use "tty -s". use "test -t 0" \_ "test -t 0" is not portable, "tty -s" is. Some of us still have accounts on older machines and need a portable .profile. \_ Somewhat related: don't put interactive programs in your dot files either. Some coder monkey put "more blay.txt" at the end of his .cshrc and then complained to me that scp hadn't been working for a month. |
2001/3/9 [Computer/SW/Security, Computer/SW/OS/Solaris] UID:20737 Activity:nil |
3/9 I guess IBM joins M$ as a company whose platforms you can't trust for ecommerce: http://www.theregister.co.uk/content/8/17467.html Ever since they got on the "LinSUX" bandwagon, the IBM of old (the one whose information systems defended the governments of the free world) seems to be slowly but surely disappearing. At least there is still Trusted Solaris and OpenBSD. |
2001/2/22 [Computer/SW/Security] UID:20646 Activity:nil |
2/20 How come we are still running OpenSSH 2.3.0? Shouldn't we upgrade to the newer 2.5.1? Also I've read up on that IDEA cypher that tom keeps asking for, it turns out that IDEA is deliberately ommited from OpenSSh because there is a big security whole associated with it. I'm not sure why he wants it anyway, as the other supported methods are much better. \_ Let me try to explain this one more time. We have a choice of using a server which will support whatever client one of our users is using, with whatever configuration they want to use. Or we can use OpenSSH. No one has put forth a reason why OpenSSH is even theoretically better. So why are we running it? -tom \_ Because it's open and open is kewl. Ride bike! \_ OpenSSH is as good as FSecure in terms of protocol support and because its auditing practices are like OpenBSD it is proactively secure. Who knows what buffer overflows are in the commerical closed source alternatives. Besides, Tatu is a much more immature punk than Theo de Raat. \_ OpenSSH is absolutely not as good as FSecure in terms of protocol support. OpenSSH does not support session re-keying, which is a required part of the ssh2 protocol. The ssh server from http://www.ssh.com also supports this, and is, of course, open source. -tom \_ Okay explain to me why you need session re-keying. And Tatu's ssh from http://ssh.com may be "open source", but there are serious restrictions on who can and cannot use it. OpenSSH has no restrictions. \_ I need session re-keying because IT IS A REQUIREMENT OF THE PROTOCOL and therefore PROPERLY-FUNCTIONING SSH2 CLIENTS DO NOT WORK WHEN CONNECTED TO OPENSSH SERVERS. How many times does this need to be explained? -tom \_ Whatever. What is re-keying anyway? What does it do and why is it needed by the protocol? I mean SSH v2 seems to work find without it when using OpenSSH. Are you just being ANAL again? \_ Leave your ssh2 client idle for an hour or so when connected to an openssh server. It will freeze eventually and that makes SSH2 protocol support in OpenSSH useless for people who need it. \_ The fact that openssh does not support rekeying made its ssh2 protocol support nearly useless. Has this been fixed in 2.5.1? \_ Just short by one feature. No big deal. \_ This is a big deal for sites that need a working ssh2 protocol support \_ soda doesn't need ssh2. \_ fsecure ssh 2.3 and earlier have a flaw in their HMAC code. this is documented along with the openssh lack of rekeying: http://www.openssh.com/faq.html#2.3 --jon. |
2001/2/22 [Computer/SW/Security] UID:20644 Activity:nil |
2/21 Using Fsecure's (ssh v2.0.13) i attempted to do a vary large scp -r wich began fine and copied about 223 megs of files before it hung and is not doing anything. On two other machines i got about 13 (of a planned 70) megs worth of files transferred before it stopped and hung there. Has anyone experienced anything like this? What is going on? What should I do? \_ Use OpenSSH. I copy gigs (cd images) with it and have had no problem. \_ thanks, but i already had an rsync binary for these systems and i just popped that on there and ran it over ssh and all was well. |
2001/2/21 [Computer/SW/OS/Linux, Computer/SW/Security] UID:20637 Activity:nil |
2/19 http://www.securityfocus.com/bid/2364 Potentially major security hole in linux kernels up through 2.2.18 \_ Shocking. A security hole in a linux kernel... who wooda thunk it? \_ no. it is _all_ kernels, we verified this last night you want to change, in /usr/src/linux/sysctl.c (around line 1125, the line that reads int l, len to size_t l, len. - paolo |
3/15 |
2001/2/17 [Computer/SW/Security] UID:20620 Activity:moderate |
2/16 Anyone here running SRP telnet? The URL is: http://www-cs-students.stanford.edu/~tjw/srp It looks better than SSH (no lawsuit, Open vs. DataFellows, etc). I know its from the farm (but hell, some of are grad students there). \_ I wrote some papers with Tom, he's a pretty sharp guy. I think SRP is more secure than SSH, the only problem is that nobody uses it. Also, if I recall correctly, it doesn't encrypt anything after the login. |
2001/2/16-18 [Computer/SW/Security, Computer/SW/Unix] UID:20609 Activity:kinda low |
2/16 I've got a (very) remote Solaris 7 box that I lost the root password to (been a long time). I do have a non-privileged account on the box. Box is on the internet and it's not been patched in awhile. Any suggestions on methods/tools to recover root? I hate to have to go cross-country and hook up a CDROM drive to it. TIA (and sorry, no, I cannot post the hostname) \_ yeah, I also lost the soda root pw, and can't get to the box to hook up a CDROM. Any ideas? \_ Uh huh. "You" have a remote Solaris 7 box that "you lost" the root password to, and you need help to get it "back". \_ I'd suggest a search on <DEAD>www.wannabe-hacker-dork-info.com<DEAD> Look, if you can't find very basic info like this on the net, you have no business having root to anything. \_ Giving you the benefit of the doubt, you should probably at least identify yourself if not the hostname if you want to have at least a chance of the rest of the motd monkeys treating you as anything other than a wannabe script kiddie. Requests like this are obviously by default suspiciousa, and anonymity only solidifies certain assumptions. |
2001/2/15 [Computer/SW/Security] UID:20602 Activity:very high |
2/14 I can't connect to soda using SSH Secure Shell from SSH Communications Security. I know I can use TTSSH, but is this normal? I get a "Packet integrity error". I can connect via SSH1 to other computers ... \_ I believe this is what tom keeps complaining about. Why don't you get a different SSH client. \_ or just get rid of tom's account. \_ why don't we get a working SSH server? F/Secure implements the protocol correctly. -tom |
2001/2/13 [Computer/SW/Security, Computer/SW/OS] UID:20580 Activity:nil |
.nuS eht morf detapissid si taeh woh sa yaw emaS _\ .toidi ,loof a eb t'noD ?flesruoY _\ !toidi na ton s'ohw enoemos _\ .lairetam gnilooc a gnitalba ro gnitaropave ni ssam fo tol a etsaw ot tnaw uoy sselnu ,eciohc ylno rey s'ti ,erehpsomta on evah uoy nehw tub ,si noitcudnoc sa taeh fo dir gnitteg ta tneiciffe sa t'nsi noitaidar ydob kcalB .srotaidar esu yeht _\ ME ycneuqerf wol ,derarfni _\ .niaga gnitsop erofeb "eulc" pu gnikool yb trats ot tnaw thgim uoy ,yranoitcid eht fo gnikaeps dna ,hO .noitseuq eht gnisserdda yaw yna ni ro gnirewsna yllautca tuohtiw ,noitamrofni deriuqca ylisae htiw pu flesmih gniffup si loof siht taht gniyas m'I yllautca ,oN _\ .suoixonbo dna diputs gnieb tsuj erew uoY .uoy pleh t'now yranoitcid eht tub yrt eciN _\ .llew sa "suoiceps" dna "citnames" spahreP .yranoitcid eht ni "yrtsihpos" pu kool -- pleh deen uoy spahreP _\ .muucav a si ecaps taht esimerp eslaf eht n desab si "...woh ]ps[mucav a si ecaps fI" .si ti tahw rof tcaf fo noitcerroc elpmis a esingocer ot sseleulc oot era sretsop dtom emos ,yletanutrofnU .gniyas saw I tahw s'tahT .seY _\ .muucav a ton si ecaps taht yas ot gniyrt tsuj si sih kniht I _\ ?seicnavelerri citoidi gnituops tsuj uoy era rO ?taeh tnacifingis sevomer sag fo ytisned wol siht taht tressa ot gniyrt uoy erA ?tniop ruoy s'tahW _\ .derusaem yllanosrep t'nevah I .yas yeht oS .ecaps peed ni sretemitnec cibuc 01 rep mota negordyh 1 ylhguoR .muucav erup/eurt a t'nsi ecapS _\ ?tfarcecaps a ni detapissid taeh si woh mucav a si ecaps fI 21/2 .stsop dtom ruoy sa devirtnoc dna sseltniop sa si efil ruoy esuaceb esuoh eht fo tuo ssa tnagorra ,taf ,yzal ruoy gnikcik si mom rey ,sdrow rehto nI _\ .naelc ot ssel reh sevael ti sa tnemegnarra wen eht ekil lliw diam ehT .oot ,htnom txen esuoh eht gnitaroceder ,haey hO .dtom eht tide ot emit evah llits I dna %01 ni gnittup ,serugif 6 elbatrofmoc gnikam m'I ,serianoillim -itlum-itlum-itlum era stnerap ym ,rehgih si egagtrom yM _\ )hcus dna stnemtsevni aiv erom nrae I tub ,ssel si yralas yM .gniht erugif 6 taht drawot emocni yralas-non redisnoc t'nod I ,WTB( .hcir eldi eht fo rebmem eb ot noos - .detsevnier era sdnedivid rehto eht lla ,nwo I dnuf latum elgnis a no sdnedivid yb derevoc si erutidnepxe ylraey ym tub ,tnempiuqe retupmoc ro sehtolc yub I yllanoisaccO .)om/ecnanetniam 02$ ,om/ecnarusni 05$ ,om/sag 05$( rac ym dna )om/96$( LSD era evah I stsoc gnirrucer ylno ehT .ereht stsoc no kcab tuc I os ,stnerap ym htiw emoh ta evil I .tnuoocca tekram yenom ym otni yltcerid tser eht ,PPSE ot %01 ,)k(104 ot %51 m'I _\ .ekam ew hcum woh fo daetsni dneps ew elttil woh no etepmoc ot deen ew taht das s'ti hguohtlA .rehtie serugif 6 gnikam ton m'I dna ,)k(104 ym ot %11 gnitubirtnoc dna )elbitcuded-xat-non( stnerap ym ot om/K1$ gnidnes dna htnom a tnemyap egagtrom 0062$ gnikam m'I _\ .rehtie serugif 6 gnikam ton gnikam m'I dna tnuocca tekram yenom ym otni tisoped tcerid yb raey a K04 ~ gnivas m'I ?K54 ~ ?ekam uoy od hcum woH .K02 ylnO _\ yug lagurf- .serugif 6 gnikam ton m'I dnA .yaw taht raey a K02 gnivas ot elba m'I .tnuocca taht morf wardhtiw reve TON OD dna tnuocca sgnivas a otni kcehcyap ruoy fo noitrop a tup ot tisoped yllacitamotua esU !siht thguorht tnew ew thguoht I ,yeH _\ !lreP _\ .yenom hcum oot stsoc elif txet a ,ekorb era uoy fI _\ .siht od ot elif txet nialp a esu tsuj I _\ .txen eht ot refsnart dna egap a fo mottob eht ta pu ti ddA .)esnepxe( - ro )tisoped( + saw ti fi drocer uoy erehw eno tsal a dna noitpircsed a ni etirw uoy erehw rehtona ,noitcasnart a fo etad eht ni etirw uoy erehw nmuloc eno evah uoY .sselyap ro sgnol morf koobeton 01.0$ a gnisu ekam nac uoY .regdel a dellac stI _\ .teehsdaerps yna naht siht ta retteb era yenoM tfosorciM dna nekciuQ _\ .sesnepxe ym kcart gnipeek trats ot teehsdaerps gnikcik-ssa na rof gnikool ma I .ekorb ma I 21/2 .haissem repel ot woB _\ ?toidi na tsuj uoy era ro tniop a evah uoy oD _\ .)lairetam deripxe thgirypoc tsael ta ro( lagel yletelpmoc gnirahs elpoep rof redrah ti sekam tsuj retspan nwod gnisolc taht si ssenisub retspan elohw siht tuoba dnatsrednu t'nod I tahW _\ .roop me ekam .seibab yrc eht dna esuac eht era yehT .acillatem ttocyob _\ .erehwyna taht ees t'ndid I ?meht tsniaga delur egduj ehT _\ ! /daolnwod/moc.hsemi.www//:ptth ta hsemi tuokcehc ,tuokcalb retspaN a tuoba deirrow era uoy fo yna fI 21/2 .siht gnidaer er'uoy fi uoy era os tub driew tib A .enod llew yreV ."?uohT trA erehW ,rehtorB hO" ees oG 21/2 neuy -- ?nekorb si gnihtemoS .eromyna taht od t'nseod ti yadot tuB .drowssap emit-eno eht rof sksa dna yek eht stnirp ti erehw ptf TN ym htiw krow ot desu tI .egnarts s'tahT _\ ?dnammoc laretil eht hguorht esu nac I dnammoc a ereht si .drowssap emit-eno eht retne ot tpmorp on si ereht tub yeks htiw ptf 59niW esu ot gniyrt ma I 21/2 P: nedraG evilO ro s'noyL _\ .deirram teg ro pu ti eviG .demood er'uoY _\ .daetsni kooc ot dediced--hpargeleT no airottarT inazzaM ta noitavreser ym dellecnac tsuj I ,oslA .yadrutaS no dekcehc I nehw tfel ecaps dah yeht ,egelloC no anailiciS al airottarT yrT _\ .raey tsal ecin ylbanosaer saw taht ecalp a otni klaw ot elba yllautca saw I _\ .aedi doog a si gniht gnikooc eht ,WTB .emit txen reilrae nalP .oga skeew owt neve snoitavreser teg t'ndluoc uoY _\ snoitavreser teg nac I ,tuo reh ekat ll'I _\ .neht tuo reh ekaT .yadsruhT no rehtegot kcab teG .yadot reh pmuD _\ .smelborp ruoy lla evlos lliw ti ,deirram teG _\ .tae ew elihw dna eraperp I elihw revres ekirtsretnoc ym no retspan morf 3pm gnidaolnwod eb t'nac I taht naem t'nseod siht tuB .ecalp eht etaroced dna naelc em pleh ot retsis ym dna kooc ot mom ym teg dluohs I taht tnem uoy taht demussa I "kooc" yb _\ ... tub ,siht wenk ydaerla snados tsom epoh I .revres ekirtsretnuoc ruoy no sdaolnwod retspaN ,dnuorgkcab eht ni gniralb VT ,stnecsednacni ton -- sesruoc lareves ,erawrevlis ,rennid tileldnac naem ew ,"kooc" yb _\ .rebmemer lliw ehs gnihtemos si erutseg eht ,laem tneced a kooc t'nac uoy fi nevE .lufgninaem erom hcum hcum si reh rof gnikooC .gnivas htrow ton ylbaborp s'ti neht ,pihsnoitaler eht "evas" ot FG ruoy enid dna eniw ot deen uoy fi _\ .yaD-V rof sseletad -- .tser eht ni llif nac uoy kniht I .ecalp citnamor a ot tuo reh ekaT .etalocohc illedrarihg emos dna evots roodtuo na dnif dna lwob a ni )...cte ,sananab ,seirrebwarts ,wedyenoh deppohc( stiurf emos teG .em rof dekrow taht pit tresed ecin a s'ereH .tsaf yllaer kooc ot woh nrael retteb d'uoy tub snoitavreser teg t'ndluoc uoy taht gniht doog a eb thgim ti ,esac taht nI .reh rof rennid gnikooc yb stniop erom erocs yllaitnetop dluoc uoY .snoitavreser o/w elbaliava syawla era .rJ slraC dna ,kcarC eht ni kcaJ ,gniK regruB ,sdlanoDcM _\ ?pihsnoitaler ruo evas I nac ro sselepoh yletelpmoc ti sI .dekoob si gnihtyreve dna ,yad senitnelaV rof snalp rennid ekam ot gniyrt ,dnuora gnillac m'I !dewercs os ma I 21/2 .adoC ro SFA yrt esaelp ,retnuomotua eht ot ytilanoitcnuf ralimis deen uoy fI ).esaCraelC diputs fo esuaceb emit eht lla deneppah siht dnA .ylnaelc ti toober neve t'ndluoc uoy dna xob nuS ruoy esu t'ndluoc uoy ,ytivitcennoc tsol ro nwod tnew sretsam +SIN/SIN eht ro srevres eht fo yna fi dna ocsiC ta sexob ruo lla no sfotua dah eW .ereht neeb ev'I ,em tsurT( .smelborp fo stros lla evah lliw uoy ,gninnur ti teg uoy fi nevE .eugalp eht ekil dediova eb dluohs taht SOP yletelpmoc a stI ?retnuomotua eht htiw od ot gniyrt uoy era yltcaxe tahw dnA lmth.sfotua/SFotuA_dmA/moc.gnitlusnoc-xunil.www//:ptth :QAF retnuomotuA eht fo trap siraloS eht ta kool a ekaT .dednemmocer ton tub ,elbissop si ti seY _\ ?elbissop neve siht sI .siralos rednu +SIN gninnur TUOHTIW seirotcerid emoh tnuomotua ot gniyrt m'I ?sQAF rehto yna ereht erA .gnikrow gniht nmad eht teg ot elba ton llits m'I tub gro.plehnus.www morf retnuomotua no sQAF eht dewollof I 21/2 ?scamEX ni siht od I od woH .ni dedaol teg selif cc ym lla dna cc.* F-C X-C od nac I scame nI 21/2 .ila dna mot fo evisulcni si rosnec dnA .rotatum ,rekun ,rosnec ,llort fo evisulcni si resol .tnadnuder era eseht fo emos _\ *| tnias *| rennis *| revol | enorc *| rehtom *| nediam *| hctib |* bjt *| bjt rof gnikool | rekot thgindim | rekoms | rekoj | rennis | revol | rennirg | rekcip *| desuma tsuj ***| ?huh ?dtom *| stniop kniwt gninrae *| llort tnarongi *| llort diputs *| llort duorp | bsp! ****| bsp ***| ila **| mot *| )resol( gnahck *************| resol *| rotamrofer dtom *| rotatum dtom | rekun dtom ]DEROSNEC[ uoy ,rosnec _\ *| rerosnec dtom ***| retrotsid dtom ****| retsop dtom ******| redaer dtom :)a( ma I emit eht fo tsoM .lloP 21/2 .llehs htiw liam reiht daer nem laer _\ uf kcal ylraelc uoy ,enip gnisu er'uoy fi _\ sessylu- .)ados no toor gnieb tuohtiw .e.i( yrotcerid emoh ym ni siht llatsni ot uf eht kcal I teb I hguoht ,doog skooL _\ /ed.eniltalf.enip4pgp//:ptth ?enip4pgp deirt uoy evaH _\ sessylu- ?tpircs yalpsid dna crenip rieht fo snoitrop tnaveler eht spahrep em dnes yeht dluoc dna pgp /w enip esu ydobyna seoD .smelborp o/w esu I metsys rehtona no skrow ti ecnis pgp htiw krow nac enip wonk I tub ,ttum ta kool lliw i dna detaicerppa noitsegguS _\ .)ytsur teg t'nod slatrom su erus ekam ot( esaeler yreve sgalf gifnoc pgp segnahc yllufesoprup maet tnempoleved ttum eht ,rebmemeR .edargpu uoy litnu haeY _\ .llew yrev pgp htiw setargetni ttum .ttum ot hctiws dluohs uoy _\ sessylu- .gnikrow t'nsi pu tes I tpircs "hsc.yalpsid" eht ro putes snoitpo sretlif eht tog ev'I yaw eht tuoba htS ?ados no rof .ceps enip htiw yllacitamotua htiw krow ot pgp gnitteg rof QAF a ereht sI 21/2 .relooc si u- tros _\ .)stsop ym ngis t'nod i yhw si siht dna( POT- .toidi na m'i ,sknahT .kcits eulc kciht a htiw gnikcahw doog a evresed i hguoht sa leef I ,yoB _\ '++}_${nees$ sselnu tnirp' en- lrep :redro lanigiro sti ni elif eht peek ot tnaw uoy fi ,rO _\ qinu | tros | oof _\ ?elif a morf setacilpud LLA pirts ot yaw ysae na si tahW .rehtona eno ot tnecajda era taht setacilpud spirts ylno qinu 21/2 .yrassecen sa strop gnippam dna )tuo semoc 1.4.2 htiw gnihtemos litnu( SFresieR htiw ekardnaM-xuniL gninnur ,xob TAN a dniheb enihcam eht gnivael er'ew ,elpoep wef a htiw gnitlusnoc retfa ,sknahT _\ .suoivbo t'nsaw taht esac ni ,eulc on sah tnadnopser sihT _\ .)sQaR eht no )stelvreS & PSJ tpecxe( derugifnoc dna dellatsni-erp si ffuts bew ytfin taht lla( llew ytterp ffuts bew od dna paehc ytterp era yeht ,4/3QaR )nuS AKA( tlaboC eht ta kool a ekat XUSniL htiw ecnailppa gnivres bew detacided a tnaw uoy fI .siraloS dna DSB* naht reisae hcum XUSniL no nur ot .cte ,snoisnetxE egaPtnorF ,stelvreS ,PSJ ,)nuS AKA tlaboC AKA tfoSilihC dellac ynapmoc a aiv ,xuniL no elbaliava si PSA $M sey( PSA ,PHP ekil ffuts bew looc ytfin teg nac uoy ecnis ,gnivres bew rof XUSniL gninnur ffo retteb eb ylbaborp dluow uoY .)XUSniL ekilnu ,3v stroppus DSBnepO ,SFN tnaw uoy fi tub ,ABMAS tnaw uoy gnimussa m'I( gnirahs elif dna PTMS rof DSBnepO nur dluow I _\ ?sesoprup ruo rof retteb si hcihw ,enod dna dias si lla nehW .yawyna yad yb yad ti eruces ot woh nrael dluohs ew dna ,detroppus ylediw s'ti taht si taH deR rof tnemugra ehT .seloh ytiruces rof reffus ot enorp ssel er'ew ,seibwen sa ,taht si DSBnepO rof tnemugra ehT .pukcab gnidulcni ,ereh secivres etargim ylwols dna pu xuniL taH deR ro DSBnepO rehtie tup ot ekil dluow eW .gnivres elif dna ,PTMS ,gnivres bew rof K2niW gninnur seineew ezodniW er'eW 21/2 .yldipar etiuq daerps ot dnet sesuriv eseht dlrow swodniW eht ni stoidi fi arohtelp a stsixe ereht ecnis dnA .lavivrus rieht rof resu eht fo ycoidi eht no dneped sesuriv esehT .epoN _\ .swolBniW esu t'nod I dalG ?s09 ylrae eht fo mroW tenretnI eht ekil egdelwonk ppA/SO ro lliks gnidoc laer yna eriuqer t'nseod "suriv" siht ,oS _\ .margorp eht snur hcihw ,ti no kcilc-elbuod ot dnet sresu ;elbatucexe na tsuj si eno sihT _\ ?krow siht seod woH ?margorp gniweiv eht naht rehtar egami reiht gnitucexe trats ot margorp gniweiv eht ni swolfrevo reffub tiolpxe yeht od ,lareneg nI ?suriv a eb nac egassem liame a woh dnatsrednu etiuq t'nod I .cificeps swodniw eb ot smees ti tub ,ereht tuo suriv liame wen a si ereht taht smees ti dna 30-1002-AC yrosivdA TREC daer tsuj I 21/2 |
2001/2/13-14 [Computer/SW/Mail, Computer/SW/Security] UID:20575 Activity:high |
2/12 Is there a FAQ for getting pgp to work with automatically with pine spec. for on soda? Sth about the way I've got the filters options setup or the "display.csh" script I set up isn't working. -ulysses \_ The happy ending. Somebody fixed something because the filter works all of a sudden. Note that, if anybody else has a problem, check out /usr/local/bin/pgpdecode. \_ you should switch to mutt. mutt integrates with pgp very well. \_ Yeah until you upgrade. Remember, the mutt development team purposefully changes pgp config flags every release (to make sure us mortals don't get rusty). \_ Suggestion appreciated and i will look at mutt, but I know pine can work with pgp since it works on another system I use w/o problems. Does anybody use pine w/ pgp and could they send me perhaps the relevant portions of their pinerc and display script? -ulysses \_ Have you tried pgp4pine? http://pgp4pine.flatline.de \_ Looks good, though I bet I lack the fu to install this in my home directory (i.e. without being root on soda). -ulysses \_ if you're using pine, you clearly lack fu \_ real men read thier mail with shell. \_ pinesh! pinesh! pinesh is the Standard!!! Uhh... \_ In bourne shell a paging mail reader is about 5-10 lines of code. A real man can type it all in on the command line. \_ Just add these to your .pinerc, nothing else needed: display-filters=_BEGINNING("-----BEGIN PGP")_ /usr/local/bin/pgp -f sending-filters=/usr/local/bin/pgp -feast _RECIPIENTS_ \_ Can I still send emails to people who doesn't have PGP software? \_ are you chinese? -ali \_ That is NOT all you have to do. |
2001/2/12-13 [Computer/SW/Security, Computer/SW/Unix] UID:20571 Activity:high |
2/12 I am trying to use Win95 ftp with skey but there is no prompt to enter the one-time password. is there a command I can use through the literal command? \_ That's strange. It used to work with my NT ftp where it prints the key and asks for the one-time password. But today it doesn't do that anymore. Something is broken? -- yuen \_ Today (2/13) I tried again, and it works okay now. You just type the one-time password at the "Password:" prompt. -- yuen |
2001/2/9-10 [Computer/SW/Security] UID:20554 Activity:nil |
2/9 ssh has vunerability. Integer overflow. Openssh is safe. \_ Take that, Tom! Take that, Bowlarama! Take that, Convenience Mart! Take that, Nuclear Power Plan--oh, fiddlesticks. \_ Bowlarama! Good times! |
2001/2/9 [Computer/SW/Security] UID:20548 Activity:very high |
2/8 Question about ssh or need confirmation. - purpose of using ssh is to avoid information that I read at my terminal not being seen by someone in between the traffic, so does that mean if my terminal is being mornitored (i.e., my employer or network admin is watching my console at a remote terminal), they will only see garbled messages? - or does ssh only ensures data send between soda and my terminal not being intercepted, but once information gets displayed on my screen, a mornitoring agent can just capture the screen and still see every key stroke I type in or every message I am reading? \_ work on your fucking english \_ hahhaha...having a hard time reading? I don't see the others have any problem. Can you just point out one flaw so that I can fix it. \_ double negative, run-on sentence, fragmentary phrase, passive voice, misspelling. And that's just the first sentence. \_ ssh encrypts data on the network between your host and wherever you ssh to ( in this case, soda). If your host has been compromised by whomever might be monitoring you, there is little ssh (or anything else for that matter) can do to stop you from being monitored. \_ here's what I do at work: swap around the keycaps on my keyboard. You should see the security people tearing their hair out! muahhaha! \_ how does that help really? \_ security through obscurity. though the right way to do this is to use a qwerty keyboard in dvorak mode. and remove the 'W'. |
2001/2/7-8 [Computer/SW/Security] UID:20529 Activity:nil |
2/7 http://www.nwfusion.com/news/2001/0205ddos.html No light at the end of the tunnel for preventing/protecting against DDoS attacks. \_ This is not an engineering problem, but a law enforcement problem. |
2001/2/6 [Computer/SW/Security] UID:20512 Activity:nil |
2/3 Speaking of ssh, could soda admins generate new 'n fixed ssh host keys so that we don't have to edit our known_hosts file every time soda is switched from openssh to commerical ssh1 and then back to openssh? \_ They could. I hope they have better things to do or you'd just ignore the errors like everyone else. \_ It is pretty time consuming to copy a file. I give you that. \_ I ssh to soda from about seven different systems. It is kind of annoying to have to update known_hosts file on all of them whenever soda admins change their mind about which version of sshd to run. -original poster \_ we should just have the ssh1 ssh2 and openssh binaries each of which get called after a case statement depending on /dev/rand then tom can bitch all he wants, and he will be a happy tom. \_ redhat 7.1 uses SSH Version OpenSSH_2.3.0p1 \_ And your point is? I was not advocating using one implementation of ssh or another. What I say is that the soda admins should generate new ssh host keys so that people's clients don't compalain every time sshd is switched to openssh and then back to data fellows ssh1. The current keys are 1023bit and the sshd1 fails to acknowledge that. |
2001/2/6-5/17 [Computer/SW/Security, Computer/SW/Unix] UID:20503 Activity:nil 53%like:19809 |
02/02 OS updated. Bugs to root. Complaints on wall/motd will be ignored. \_ And so will complaints to root, apparently. Give me root for 30 seconds and I'll fix the sshd problem. -tom \_ tom is the last person that ought to have root on soda. \_ yeah, I was only the VP for a year. -tom |
2001/2/1-2 [Transportation/Airplane, Computer/SW/Security] UID:20496 Activity:nil |
2/1 Tomorrow's Groundhog day! \_ http://www.intellicast.com says it's going to be cloudy in Oakland tomorrow. So spring arrives soon? |
2001/1/31-2/1 [Computer/SW/Security, Computer/SW/Unix] UID:20485 Activity:very high 57%like:20472 |
1/31 Regarding the Soda MkV bios password, why not just reset BIOS? \_ i could, but it's old and may not like it so if there's a less invasive method, i'm all up for it, otherwise i will \_ sign your fucking posts paolo \_ Check for a bios password hack on the net. Never know.... \_ what kind of bozo would put a BIOS password on a machine in a machine room \_ One who knows just how many other people have access to the machine room and just how often some of them fail to make sure the door closes all the way when they leave. \_ get a fucking clue \_ Uhm, yeah, and? A bios password will somehow save you? Sigh... find a crack or hack for it on the net. And oh yeah, as the above said, get a fucking clue. \_ umm, judging by the posters present difficulty, i'd say Yeah a bios pwd. may save you. Not everyone has the same skill set and sometimes just making things a bit more difficult for an intruder is all it takes. There are plenty of people who just check for unlocked doors. I bet you leave yours unlocked, because, hell, they can always break a window. \_ never said it would save you, just that being in the machine room doesn't make it any more or less useful to set one than a machine left in a public place. |
2001/1/31-2/1 [Computer/SW/Security, Computer/SW/OS/Windows] UID:20480 Activity:moderate |
1/30 In NT, when I try to open or delete a file and it says "The process cannot access the file because it is being used by another process", is there a way to find out which process is using the file? Thx. \_ lsof \_ handleex.exe, http://www.sysinternals.com \_ Is Filemon from the same site better for this purpose? \_ reboot \_ That won't find out and it also won't release the file if the file is opened again at startup or login. If you don't know what you're tal-- nevermind. It's the motd. Go right ahead. \_ If you don't know, you're Tal. -- talg #1 fan. \_ chill. the answer is meant as a joke. \_ This is Berkeley. That wasn't funny. |
2001/1/27-28 [Computer/SW/Security] UID:20447 Activity:moderate |
1/26 anyone ever heard of a linux kernel patch that prevents non root users from seeing the processes of other users? what's it called? \_ it's called "stupid" \_ What's "stupid" about it? Gosh, maybe this is for something "stupid" like an ISP that allows shell access but wants to do some stuff to keep users from invading each other's privacy? Yeah, that's really "stupid". You're right. Who would want something "stupid" like that? \_ it's called uclink2 \_ reference to "uclink2" shows one's age. guess what? there's no Web under Evans anymore either! \_ http://www.openwall.com \_ I don't think you need to patch the kernel.. I think this is the default behavior if you make ps, top, and whatnot !setuid root/mem/whatever. |
2001/1/25 [Computer/SW/Mail, Computer/SW/Security] UID:20429 Activity:nil |
1/24 Anybody know of any web-based newsgroups that allow you to post a question? urlP. \_ uh, your question doesn't make sense. you can access usenet newsgroups via your favourite web browser... there are tons of bulletin board type things all over the web... what the hell are you asking? \_ For example, http://www.dejanews.com allows you to read articles, but you can't post a question. Using a news reader client, I can connect to various public news servers that will allow you to post. However, port 119 (NNTP) is shut down on the network, so I can't use any of the news readers. My only option is to go over the web, and most web-based newsgroups that I know of only allow you to read, not post. Question remains - are there any web-based public newsgroups that allow you to post? \_ you can't post to http://deja.com as an anonymous bastard. you need to register with them and go through http://my.deja.com |
2001/1/19-21 [Computer/SW/Security, Computer/SW/OS, Computer/SW/Unix] UID:20373 Activity:nil |
1/19 http://fusionone.com is finally charging people for syncing files. Let's boycott. \_ I just signed up for "Free sync for life". What are you talking about? \_ after using it for about 6 months, I got an email saying "email sync is free for life. upgrade to premium account if you want to continue using file sync." \_ Holy shit! Someone on the net is trying to make money from their web based service! That sucks! Let's boycott the net! The net wants to be free! |
2001/1/15-17 [Computer/SW/Security] UID:20329 Activity:moderate 60%like:20332 |
1/15 Who provides the time service at the number POP-CORN (767-2676)? \_ "Kernel" Sanders \_ You do not need to dial "POPCORN" to hear the time. You just need to dial 767, plus 4 other digits. ANY 4 other digits. So now you this, hopefully you can figure out who provides this service (No, it isn't some strange group of people). \_ You mean it's PacBell? So it only works in Northern California? \_ It's certainly affiliated with the telco somehow, but this did _not_ exist in SoCal last time I checked, so it's not a universal PacBell feature \_ Does not work in SoCal, even though Pacific Bell is my telco (some areas are Verizon). --dim \_ in LA it's 853-1212 (or possibly any four digits). you can find out what it is anywhere by calling 411 and asking for the number for the time. welcome to the universe. more interesting is the number to dial that repeats your own number back to you. it varies depending on Central Office, and the phone co doesn't want you to have it. sf mission area readback #: 211-0022 berkeley: ? \_ Yep. \_ It worked in Reno when I lived there, but that's also PacBell land. -alan- \_ That's not the official number anyways. Only for bwd compat \_ what's the number to get the phone number of the phone you are dialing from? \_ You have been abused by the motd formatting god. \_ I think it used to be 1-800-MY-ANI-IS, but they changed the password to it. -geordan \_ Ah, I still remember the good 'ole 80s \_ in maryland, they dont have the 767 (popcorn) feature and i find that i miss it. is there some web page that tells you where you can call up if you need to know the time when youre not in norcal? i tried a number of key search words on the web (time service, etc) and had no luck. -hahnak \_ RTFM (RTFphone book) or check providers home page |
2001/1/15-16 [Computer/SW/Security] UID:20325 Activity:high |
1/15 any plans to start running ssh2d ? \_ OpenSSH didn't work, the other ssh2d is not free, so no. \_ The other ssh2d is free for soda's purposes. -tom \_ What about http://www.ssh.com/products/ssh/download.html |
2001/1/11 [Computer/SW/Security, Computer/SW/OS/Windows] UID:20295 Activity:high |
01/11 If you or anyone you know is running a version of Borland's Interbase released in the past 8 years, forward the following information: http://www.kb.cert.org/vuls/id/247371 http://www.interbase2000.com [yes, this is a /. repost; urgency justifies it, as far as i'm concerned] -alexf \_ Uh, "compiled into the source between 92 and '94". Does interbase come as partial source + binaries-with-no-source? What about the whole open source many eyes thing? If someone can sneak in a back door account for 6+ years, what's the point of it all? Might as well use MS products for all the good OS did in this case. Normally, I'd purge this as /. repost but I find this interesting although not urgent. \_ it was not open-source whatsoever until ~6 months ago. being a huge body of code, it's not too surprising that it took 5 months to find the backdoor (especially since no one would've been looking for it directly) \_ uh, why would anyone be running Interbase. -tom \_ good question. not my concern. -alexf \_ My point is, it's not urgent because no one is running it. -tom \_ grow up man. the real world won't always conform to your sense of aesthetics. at your age you should have learned that by now. \_ ^no one^no one you know of there's a large difference between the two \_ ^no one likely to be reading the MOTD you twink^ \_ ah so tom knows everyone reading the motd (and everyone else those people know; see original tom doesn't know me: 3 tom doesn't know me: 4 post). impressive, tom. Let's try a motd poll -- tom knows me: 0 tom doesn't know me: 6 and if i ever meet the bastartd, ill kick his ass:2 |
2001/1/10-11 [Computer/SW/Security] UID:20284 Activity:high |
1/9 I've inherited an old Xylogics annex box which I'd like to set up so I can dial-up remotely via modem to access the consoles on my four home servers. Any suggestions on how to configure this? URLs would be fine. thanks! \_ Install sshd. Dialup? What millenium is this? If you must, I suggest you contact Xylogics and see if they have a manual online or can ship you a new one for a few bucks. \_ gee, does sshd run at the boot prompt? \_ How else am I to access my home system consoles except by dialup? Anyways, I found the documentation on Nortel's home page. After much frustration (their search engine SUCKS and it's slow) found some docs, but of course they are WRONG. Bunch of misspelled configuration parameters. But I think I have it finally figured out thru ESP. sheesh. Now all I need is a 2nd (working) modem. page. After much frustration (their search engine SUCKS and page-design is slow) found some docs, but of course they are WRONG, after downloading the huge PDF files. Bunch of misspelled configuration parameters to lead you astray. But I think I have it finally figured out thru my psychic abilities. sheesh. Now all I need is a 2nd (working) modem. \_ buddy system. put null modem cables between systems and make sure you don't crash all of them out to the boot prompt at the same time. \_ You mean using one workstation as the "annex" that has the modem? Ah, but then I wouldnt get to utilize and set up this annex box i got. has the modem? Good idea. Ah, but then I wouldnt get to utilize and set up this annex box i got at least not in the most ideal configuration. \_ This is what I was talking about with ssh but some smart ass deleted it. You can run ssh on each box and have: A->B->C->D->A serial connections. Thus the only way you get screwed is if you don't have net or box A and B are down, you need to get to B but A is dead and unrecoverable from D. It can happen but I doubt your home is a 24x7x365 site. \_ You can be easily screwed. |
2001/1/6-16 [Computer/SW/Security] UID:20249 Activity:kinda low |
01/05 Anyone else with @home in Berkeley (I'm northside) experience REALLY crappy service since the beginning of November? Bandwidth is still good but latency has gone up from 40ms to >200ms. \_ After 1.5 yrs of "experience" with @home on Berkeley southside, the one thing I've learned is that how your service gets fucked is not correlated 90% of the time with how your neighbors' service gets fucked. Everyone's gets fucked up once in a while, but asking other people in the area doesn't produce significant trends. -alexf \_ yup, exact same problem with @home here... up to 50% packetloss at times. it sucks. -jlau \_ I'm sorry. I'll try to restrict my pingfloods/nmaps next time. - .home user. \_ nephew from norway doing ping -f's w/o root access again? |
2001/1/5 [Computer/SW/Security] UID:20240 Activity:nil |
1/3 If I ssh from machine foo to machine bar and sshd is trojaned on bar, then they cant get my passphrase because it is sent encrypted, right? But if I login with my password, can they get that? \_ your "passphrase" never leaves your machine, because that's supposed to decrypt your local ssh ID key. Your "password" is encrypted to hand over to sshd. So sshd gets to see your login password for machine bar. It also gets to see anything ELSE you type that goes to machine bar. |
2001/1/3-4 [Computer/SW/Mail, Computer/SW/Security, Computer/Theory] UID:20228 Activity:nil |
1/2 I've been getting the following error message repeatedly lately. The authenticity of host 'quasar.cs.berkeley.edu' can't be established. RSA key fingerprint is 14:1f:b3:63:83:6a:fe:73:4e:fa:64:30:9c:9f:c3:c8. Is this a problem w/ quasar or is it the soda ssh client? Why doesn't it allow me to add quasar to my list of trusted hosts? |
2000/12/26-28 [Computer/SW/Security] UID:20178 Activity:high |
12/26 anybody ever dealt with Amazon's customer service? I ordered an m100 that never arrived. I'm trying to get them to give me some credit back in addition to refunding my money. They only offered a $10 gift certificate. Pisses me off. Anybody ever milked them for more? \_ I have used Amazon.co.uk and Amazon.de's customer service, and it was actually pretty good. \_ I got jacked trying to buy a Handspring Platinum. Normally they are pretty good (I returned a Palm Viix after two months), but this pisses me off. I used a promotional code giving me a $50 discount and they are crediting the $50 to my account (AMZN-ELECTRONIC ?) \_ So you buncha wankers are honestly upset that Amazon won't let you fuck them over for hundreds of bucks? \_ Toys R Us gave me $50 last year for missing my shipment. |
2000/12/21-23 [Computer/SW/Security] UID:20153 Activity:moderate |
12/20 Why is OpenSSH prefered over SSH1? Aren't all those bad ass patented algorithms better than the free ones? Does this mean no RSA? \_ OpenSSH is not preferred over SSH. -tom \_ Depends. You want code from the OpenBSD guys or from whoever? There's no magic in the non-Open version you'll be missing out on. \_ except working support for the SSH2 protocol and IDEA. -tom \_ OpenSSH works just fine with IDEA, you just have to enable it (and in OpenSSL). \_ ssh2? Yes... and? So what? What are you doing that ssh1 isn't good enough for? \_ Connecting from a Mac, for one. Connecting with an ssh2 client, for another. -tom \_ OK, let's see. #1 is wrong.. I connect from a mac to ssh1 servers all the time, and #2 is a tautology. Boy, you're a bright one, tom. \_ I "connect" from a Mac to ssh1 servers, but the software available has insufficient features. And #2 isn't a tautology if you are someone running a system that has to be accessed remotely (such as, just about every machine running ssh). -tom \_ How many machines with _only_ ssh2 clients have you worked with? \_ I have had to install ssh2 servers so people with only ssh2 clients could connect. Real world. -tom |
2000/12/19-20 [Computer/SW/Database, Computer/SW/Security] UID:20126 Activity:high |
12/19 One of my major performance bottlenecks is the need to log every entry in a single log file. This leads to contention for write access lock to the file, delaying each process. What to do? \_ write to per process log file, and have a background process coalesce log files together. \_ this method provides the most concurrency \_ or write to sockets with a separate process listening on each, handling the logging. \_ this method is easy and most similar to what you're already doing \_ use a real db engine \_ for something this simple it might not be worth paying for one. plus, it gives this guy job security. |
2000/12/17-18 [Computer/SW/Security, Computer/SW/Unix] UID:20119 Activity:nil |
12/17 http://www.nipc.gov/warnings/assessments/2000/00-062.htm \_ yeah. "Energy Crisis" |
2000/12/17 [Computer/SW/Unix, Computer/SW/Security] UID:20111 Activity:nil |
12/14 Why is it that the motd is not auto displayed when I login? \_ I would think this is a good feature. \_ yes, but it probably would be better to let the .hushlogin file control it, which right now doesn't seem to do anything. |
2000/12/17 [Computer/SW/Security] UID:20109 Activity:nil |
12/14 Speaking of ebusiness... http://www.eeye.com \_ hacked page archived at www.csua/~mikeh/eeye-index.html \_ My IP is blocked. Has eeye blocked everyone? \_ yes |
2000/12/17 [Computer/SW/Security, Computer/SW/OS/Windows, Computer/SW/Unix] UID:20104 Activity:insanely high |
12/16 I need Windoze software that will prohibit my employees from visiting specified web sites on the Internet (like http://cnn.com). This should be server software, so that I do not have to run out and install it on all the workstations. Does anyone have any recommendations? \_ route -add -reject <subnet> or route -add -blackhole <subnet> on your border router. \_ Yeah. Eat shit and die. \_ what company? I'll build a site serving a mirror of http://cnn.com (i.e. a simple solution to your stupid policies) \_ Thanks, but all I really want is plug-and-play Windows software. \_ The easiest thing to do is point their DNS entries to or your corporate intranet or something. Do it on the DNS you have their workstations pointing to for name resolution. All childish "the information wants to be free!" Berkeley idiocy replies removed. --graduated from Cal and joined real world \_ I can point my machine at a different DNS server by editing /etc/resolv.conf or whatever, thus a rejecting route or a blackhole is the only soln. \_ no. You can't. Why not? Because you're a non-techie at a large company with a no-surf policy and you don't know jack shit about that. If it were a unix box you wouldn't have root at this person's company. \_ Thanks, but I do want to let them access most web sites except ones I exclude. Is there a plug-and-play solution? \_ Yes. Like I said, you add things like http://cnn.com to your local DNS as something else. Everything else works. \_ The easiest solution is to get a switch and a proxy server that can do transparent redirection of http requests to force them all through the proxy which does filtering. (Set up one with enough space to do caching and you'll also lower bandwidth usage and increase access speed.) Look at products from companies such as Alteon, Foundry, and Cisco on the switch side, and NetApp's NetCache or something similar on the proxy side. \_ Why? Do you like pissing your employees off? Are you trying to convince them all to quit? \_ Not all companies are like that. Not everyone can go get a better job in 24 hours. Obviously these are windows no-techie 8-6 slaves there to do what they're told and nothing more. These people are entirely fungible. |
2000/12/12-13 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:20086 Activity:high |
12/12 Something happened to CSUA server again? This morning I was unable to ssh in, I have to delete the known.hosts file to resolve the problem... \_ weird ssh problems this morning. Looks like the tcp/80 forwarder to soda's sshd was getting web requests! \_ Me too! \_ http://dailynews.yahoo.com/h/nm/20001212/tc/linux_shell_dc_1.html http://dailynews.yahoo.com/h/nm/20001212/bs/ibm_linux_dc_1.html \_ if it's good enought for shell and ibm... \_ I guess ECC Ram and hot swap disks and scalable processing just aren't what Shell Oil needs. \_ maybe they asked for help and got turned off when a freebsd user mouthed them off? \_ they should have contacted an OpenBSD or NetBSD user. \_ i've never had a weird problem with openssh, teraterm, putty, etc. \_ No problems with OpenSSH on *BSD (inlcuding MacOSX) or NiftyTelnet on MacOS. \_ openssh sucks. We should install ssh 2.3.0. -tom \_ freebsd sucks. we should install linux 2.2.17 -!tom \_ it really does -!!tom |
2000/12/12-13 [Computer/SW/Security] UID:20078 Activity:low |
12/11 Does anyone know of a Palm application designed to store passwords, credit card info, etc. that has encryption, requires password entry for access, enables you to sync with your PC, access all the info on your PC, and import/export the info between your PC application and, for example, a tab seperated text file? -asb (if you send me email, please send it to asb@eci.ucsb.edu) \_ Speaking of UCSB, my ex-roomie was a sorority girl from UCSB who came to attend Boalt School of Law. I did not have sex with her, but at least she got into a better school than Hastings. \_ Forget about your silly whims, it doesn't fit the plan. |
2000/12/12-14 [Computer/SW/Security] UID:20077 Activity:nil |
12/12 Is it possible to keep the same key each time SSH is changed/ upgraded? \_ They key has never changed. The problem lies in the fact that soda has a really really old key the 2 ssh programs treat the keys differently. Really old version of ssh created 1023 bit keys instead of 1024 and ssh has continued to lie about the keysize. OpenSSH's sshd, on the other hand tells the truth. This confuses your ssh client. -mikeh \_ I think that you can fix this by editing the length field for the key in your $HOME/known_hosts file. |
2000/12/12-2001/2/2 [Computer/SW/Security] UID:20076 Activity:nil |
12/12 We have switched versions of sshd since the OpenSSH one was hanging. Mail root if you witness odd behavior. -root |
2000/12/12-13 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20073 Activity:nil |
12/11 What are the security implecations of allowing the Delete method? Does apache allow that by default? Does it really mean that any user could send a header commanding your server to delete any file that nobody is able to write? If so, how do you disable this methd? \_ Something like <Directory /> Deny all Allow GET PUT other-explicit-methods-you-like </Directory> |
2000/12/9 [Computer/SW/Security] UID:20055 Activity:nil |
12/8 SSH question. Any idea why I am getting this error: Invalid SSH_AUTH_SOCK `', it should contain at least one /. and it gets set to "agent-socket-21980" instead of SSH_AUTH_SOCK=/tmp/ssh-user/agent-socket-21980 ? |
2000/12/6-8 [Computer/SW/Security] UID:20022 Activity:high |
12/6 Does @home allow services? No. Y'all were wrong yesterday. http://www.home.com/qa.html#server <DEAD>www.athome.att.com/faq.html#server<DEAD> \_ Genius, you're reading the generic @home agreement. The local Bay Area one I signed when I got my service doesn't say I can't \_ but effective. I run an ebusiness from an @home site. - small traffic, high price one, and haven't had any probs. run a service. It only says I can't resell net or run a business and I'm responsible for my own security. In fact the agreement is chock full of warnings about hax0rz if I run a service but *never* says I can't. Thank you for using @home in the SF Bay Area. \_ The one I signed in Fremont explicitly says I can't run a server, and I get scanned for running NNTP every day --dbushong \_ Disallowing and preventing are entirely different. \_ Hey, that's naughty! \_ but effective. I run an ebusiness from an @home site. - small traffic, high price one, and haven't had any and he's had no problems either. @home doesn't seem to mind/care. ----ranga probs. \_ My brother runs a Cobalt Qube3 with web/ftp/nat/ssh and he has had no problems. @home doesn't seem to mind/care. ----ranga |
2000/12/6 [Computer/SW/Security] UID:20014 Activity:nil |
12/5 If you run xdm rather than ssh-agent xinit, is there some way to use ssh-agent for everything and not just "ssh-agent xterm" ? \_ yes. \_ More helpfully: put the line eval `ssh-agent` near the beginning of your .xsession. |
2000/12/6-7 [Computer/SW/Security] UID:20011 Activity:nil |
12/5 I am trying to write a report on SSH does anyone know why X11 forwarding makes a host more vulnerable to attack? Any good sites to find information on the weak spots of SSH? I have the RFC but don't know enough write about weak points of SSH. -nesim \_ If a bozo user types 'xhost +' on either end of the connection, then all the ssh in the world won't keep others from sniffing their keystrokes via X. \_ The argument goes as follows: if you ssh from your trusted host, to an untrusted host, then from there to a trusted host, and run X clients off of the remote trusted host, SHOCKER: root on the untrusted host might be able to do something nasty. Fucking duh. I hate it when shit like this gets called a security hole. Once and for all, people: YOU CAN NOT PROTECT YOURSELF FROM A MALICIOUS root USER. PERIOD. (Please don't cite non-unix operating systems or some silly securelevel hack as way of counter"proof") |
2000/12/5-7 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20009 Activity:very high |
4/249 I think my employer logs all web traffic. Is there any free software I can run to block this? Like a proxy or some sort? Thanks. \_ http://www.anonymizer.com if you don't want to pay for ssl service do the following: 1. setup apache+ssl at home 2. write a cgi that takes in url request and then forwards it to anonymizer and parses the response to get rid of the annoying tags. 3. configure your browser to use your home box as a proxy Other options include hacking junkbuster to support https. \_ j is that you? \_ you idiot, I can't even log into soda from work thanks to a certain wonderful firewall. \_ yes theres plenty of ways to do this. \_ obhttp://www.zeroknowledge.com (it's what it was meant for - i.e. people not knowing what you are doing exactly) \_ How to check that the company logs all web traffic? \_ write a bot that hammers a bunch of sites, such as http://apple.com, http://sun.com and http://microsoft.com. run it on your machine and all the other machines you can get your hands on. Clueless admins will think that its 'software updates' or some such thing. Your real traffic will be obscured by the noise. Eventually the will give up and realize that logging is stupid. |
2000/12/4 [Computer/SW, Computer/SW/Security] UID:19990 Activity:insanely high |
12/4 E-COmmerce sucks. COmputer science rewls. \_ Got fired from http://dogfood.com? \_ Doing work sucks, playing around with a hobby rules. Good luck guy, hope you can come up with something intersting for the academic community to attack. \_ You got your whole life to find something that you like to do and that someone will pay you for doing. Get to it. If you can read the MOTD, it's not hard to get there from this point in your life. \_ Computer science doesn't pay for my Armani collection and my awsome Boxster -paper millionaire \_ But I am perfectly happy with blue jeans and t-shirt, and my little Miata. |
2000/12/3-4 [Computer/SW/Security] UID:19986 Activity:low |
12/1 Say I want to encrypt some text files that I don't use that often (eg, sent-mail files). Is there any command line util better than crypt available to do this? Maybe something that uses the new DES standard? (I don't want to attempt spelling it) \_ Use "pgp -e". \_ Does this have a batch mode for (de|en)crytpting multiple files? \_ You mean the new AES standard. (And Rijndael isn't _that_ hard to spell) \_ If you're some anthropologist used to garbage 'languages' from the underlife, maybe. |
2000/12/2-4 [Computer/SW/Security] UID:19978 Activity:high |
12/01 Anyone get TeraTerm + ssh to work connecting to Soda? I changed the protocol to blowfish, but SSH mysteriously drops after attempting to connect. (Alternatively, a list of win32 ssh clients would be usefull--I didn't find the ones on the csua www page to be useful.) \_ It works for me. Does it give any error messages when it disconnects? Can it connect to other machines than soda? \_ Here is the obligatory why don't you install a real os with a real ssh client follow up. \_ I installed it on my dad's Windows98 box to login when I visit them and had no problems (other than getting a new key when we went to Mark VI). -- bcmuller \_ Worked fine for me as well, and I've installed it on several different machines (win98, win2k, winnt 4) \_ Are you sure you're using Tera Term Pro and TTSSH? \_ Works for me, too. -ausman \_ sshd has been acting up - there have been random times when it has refused connections. From what I know mikeh has been considering installing the old ssh. This is information dated last week - paolo |
2000/11/29-30 [Computer/SW/Security] UID:19951 Activity:high |
11/29 So, i have host based ssh authentication going; i think. How to test? If i try to use scp from an authorized user/host it still prompts me for a password. Does that mean i don't have it set up correctly? (i'm using openssh) \_ If you mean you want to use a .shosts file, you need to: * make sure the server has: RhostsRSAAuthentication yes IgnoreRhosts no * put the hostname (and optionally username) in ~/.shosts for the target user (on the server) * ssh from the _server_ to the _client_ using the same hostname that the client will reverse as (i.e. if your client is, and reverses as <DEAD>joebob.example.com<DEAD>, ssh <DEAD>joebob.example.com<DEAD>) If your client is a windows box, this is more complicated and you'll need to configure your client software to generate and use an ssh host key. Make sure the host key is in ~/.ssh/known_hosts * ssh -v server from the client to test --dbushong --uglydbushong |
2000/11/29 [Computer/SW/Security, Recreation/Dating] UID:19943 Activity:nil |
11/28 http://www.wired.com/news/culture/0,1284,40369,00.html \_ Sign up fast before they run out!! Finally, women that geeks have a chance with! |
2000/11/28-29 [Computer/SW/Security] UID:19938 Activity:nil |
11/28 With SSH, when we change our password for the account do we have to regenerate the one time pass phrass? \_ Nope, they're separate. |
2000/11/28-12/4 [Computer/SW/Security, Computer/SW/Unix] UID:19937 Activity:kinda low |
11/28 NIS question. My nsswitch.conf has the line passwd: files nis nisplus To me this says that the user should be looked for in the passwd file first, then checked for in NIS, then NIS+... Yet when the NIS server isn't available, I have to wait for a huge timeout before I'm finally logged in (yes, there is an entry in the passwd file). Why does this happen and how do I get the expected behavior? -mogul \_ It's probably doing something other than a passwd lookup. You'll have to truss the process to find out what. -tom \_ Or you can check for other nis lines in the nsswitch.conf automount, group, hosts may all be blocking on nis lookup. It may be something in your .login/.profile/.[t]cshrc file causing an nis lookup as well (like having someone else's homedir referenced in your path). --scotsman \_ If it's stalling in .cshrc, I think there is some option you can set in .cshrc to show you where. Put a line with 'set verbose' or something at the top of .cshrc And if you have root, then login as root and see if the problem still exists. Since root has simpler dotfiles and should have no remotely mounted home dir, you can use it to narrow down the possible problem. You might also modify nsswitch.conf \_ Yes, but only if I log into another client served by NIS. My home directory gets mounted from my main machine. On my machine, the passwd home directory entry is set to the local directory so it doesn't go through autofs... -mogul to remove nis and nisplus and see what happens. Make sure you have another xterm open however just in case modifying nsswitch.conf locks you out. Also try getent passwd YOURUSERNAME and see if it says what you think it should be (i.e. is your home dir really on your local desktop disk?) Also check /var/*/messages file for errors \_ what's in the groups line? is your default group in a file or in nis? initgroups usually takes forever \_ groups line was fine, but my group was missing from local /etc/group. Still didn't solve the problem though. I will try tom's suggestion when I return to work. -mogul \_ These things are often due to DNS problems. \_ is your home directory auto-mounted? could be the auto mounter maps are stored on the nis server. \_ Try: passwd: files nis [NOTFOUND=return] nisplus -- ivy |
2000/11/16-17 [Computer/SW/Security] UID:19808 Activity:moderate |
11/16 Do we want to copy over the old ssh host key? Or is it a feature? \_ The host key has not changed. ssh has. We're now using OpenSSH. \_ Oh course the host key has been changed. Otherwise I wouldn't get this when trying to login: \_ Due to a bug, old ssh created a 1023bit key instead of a 1024 bit key. It advertized it as 1024bits. OpenSSH tells the truth that it's 1023, which makes your ssh client unhappy. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! \_ ooh! Someone could be eavesdropping on you right now (man-in-the-middle attack)! ..... \_ you can fix this by editing your ~/.ssh/known_hosts file. next to the csua key, change the length from 1024 to 1023. |
2000/11/16-19 [Computer/SW/Security] UID:19804 Activity:nil |
11/16 Why does the new sshd reject cipher type IDEA on Mk6? \_ because the new sshd does not support IDEA. \_ Why not? \_ Is it possible to build openssh with IDEA support? \_ Probably because IDEA is patent encumbered, where 3DES and Blowfish (and twofish, and rijndael, etc) are not. |
2000/11/15 [Computer/SW/Security] UID:19783 Activity:high |
11/14 ssh question. I cant get a .shosts file to work, I think it has something to do with this error Remote: Your host key cannot be verified: unknown or invalid host key. Any idea what I need to fix? \_ You need to add the client's host key (/etc/ssh_host_key.pub) to the server's known hosts file (/etc/ssh_known_hosts). The filenames vary; try adding "/usr/local" at the beginning, and try replacing "etc" with "etc/ssh". |
2000/11/10 [Computer/SW/Security] UID:19705 Activity:nil |
11/9 I'm having a problem with pam and openssh. Anyone know what the /etc/pam.d/sshd file ought to look like? |
2000/11/5 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:19647 Activity:high |
11/5 http://www.cnn.com/2000/TECH/computing/11/02/mideast.webwar/index.html \_ wow. maybe l33t h4c0rs can go there to get mecenary jobs. \_ 3733t HaxX0rz w1LL k1cK y)u 1n the nu7z. \_ religion sucks. It does nothing but bring an endless lists of wars and senseless deaths. \_ not to mention kicking people in the nuts. |
2000/11/1 [Computer/SW/Security] UID:19622 Activity:moderate |
11/1 Can someone pls fix POP and IMAP access to soda? Thx. \_ I never seem to get a break around here. - someone \_ Done. -root \_ It seems to be broken again. Can you fix it again? \_ Done, again. If you have any idea what's causing inetd to hang, let us know. -root \_ Yes. root can do it. \_ P(E|E) = 1 |
2000/10/29 [Computer/SW/Security, Computer/SW/OS/Windows] UID:19593 Activity:nil |
10.29 http://www.theregister.co.uk/content/1/14265.html |
2000/10/27 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:19580 Activity:nil |
10/26 http://www.cnn.com/2000/WORLD/meast/10/26/israel.cyberwar.ap |
2000/10/25-26 [Computer/SW/Apps/Media, Computer/SW/Security] UID:19565 Activity:moderate |
10/25 http://www.pantyraider.com \_ Now why don't they have something like predicateRaider? Now that might hold my attention. \_ is that like ContextFreeGrammarRaider and LR1Raider?? \_ woo woo! \_ How about corporateRaider? That would be *interesting*. \_ almost related: http://www.phonebashing.com |
2000/10/12-13 [Computer/SW/Unix, Computer/SW/Security] UID:19460 Activity:high |
10/11 Pointer to how to make a secure ftp connection from cory to csua? \_ man scp \_ use ssh to port forward a port from cory to soda, then use ftp -P to connect to that forwarded port. Don't forget to use passive mode. \_ it's -p ftp -P 9001 \_ ssh -L 9001:csua:21 ssh -L 9002:csua:20 (can you do these two at once?) ftp -p -P 9001 localhost \_ I tried this ssh -L 9001:csua:21 from home and it just spit the usage info back at me. So i tried it locally (i.e. from HERE) and it did the same thing. \_ You need to add the remote host: ssh -L 9001:csua:21 csua \_ I had tried that but it just logs me in! \_ The port forwarding is a side-effect. As long as you are logged in, the port forwarding is on. I suggest using scp unless you really, really need ftp. -- jsjacob |
2000/10/9-10 [Computer/SW/Security] UID:19445 Activity:high |
10/9 Shouldn't we upgrade to OpenSSH/OpenSSL soon? \_ why "should" we? -shac \_ Because of inherent weaknesses in the SSHv1 protocol that are corrected in SSHv2 which \_ must protect uber-super-sekrit soda crap?!? is implemented by OpenSSH. \_ and why then should we use OpenSSH instead of the free (to academic institutions) ssh2 server? -tom \_ OpenSSH default install allows connections to/from Either SSH 1or2 and at least one of the commercial SSH2 servers doesn't pretend to attempt validation on bad names. (not that that matters on SODA) -crebbs \_ the ssh2 server also allows connections to/from either ssh 1 or 2. -tom |
2000/10/6-7 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:19430 Activity:nil 52%like:19447 |
10/6 Readline enabled wallall in /csua/bin/wallall-rl. man readline for details. Mail root to let them know how much you want this to be the default. Bugs to mogul. -mogul |
2000/10/2-3 [Computer/SW/Security] UID:19396 Activity:nil 75%like:19390 |
10/02 Going to India next month and need a ssh client there. How do I log onto Soda if I am far away, and don't have permission to download any ssh client there? \_ http://www.csua.berkeley.edu/ssh \_ thats a ssh-in-your-web-browser java implementation of ssh. IMHO it is pretty darned good. \_ you can also use s/key. http://www.CSUA.Berkeley.EDU/skey-howto.html \_ I like the windows program for skey at http://www.yak.net/skey it also includes binaries for dos, mac, sunos, ultrix, and source |
2000/10/2 [Computer/SW/Security] UID:19390 Activity:nil 75%like:19396 |
10/02 How do I log onto Soda if I am far away, and don't have permission to download any ssh client? \_ http://www.csua.berkeley.edu/ssh \_ thats a ssh-in-your-web-browser java implementation of ssh. IMHO it is pretty darned good. |
2000/9/29 [Computer/SW/Security] UID:19367 Activity:nil |
9/29 http://www.eros-os.org/essays/capintro.html |
2000/9/27-28 [Computer/SW/Security, Finance/Investment] UID:19337 Activity:nil |
9/26 E*Trade security problem: http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/09/26/BU22755.DTL |
2000/9/26 [Computer/SW/Security, Computer/SW/OS/Windows] UID:19326 Activity:kinda low |
9/25 For DOS programmers, is there a version of Borland C 4.5 (or any other version for DOS) run-time library that has a qsort() routine that works with huge pointers (__huge *)? Thanks. \_ Watcom does. You're fundamentally not going to get clib routines from a compiler which doesn't support flat-mode memory access like Watcom does with DOS4GW. |
2000/9/21-22 [Computer/SW/Security] UID:19307 Activity:kinda low |
9/20 A friend of mine got hacked through wu-ftpd, (right about the time I was wisely moving to proftpd). He was woken up by the irregular clicks of his hard drive and was able to disconnect them. They were attempting to install a root-kit called "anivnew" Has anyone heard of it? Where can i find more info? [i've searched the web to no avail]. There was a "ps" command, which i can see how it would be useful to disguise what was going on, but it seems to work correctly (i.e. i can't figure out what kind of activity it doesn't report). Also there is an SSHD serve included in the kit. WHY? (A poster mentioned that they want to secure their "victim" site but that seems like an inadequate explanation). \_ Well, duh. This wu-ftpd problem has been reported and fixed months ago. Anyone who still runs the old vulnerable version deserves to be hacked IMHO. \_ By replacing sshd, they can patch it to 1) Sniff passwords 2) create a backdoor 3) Disable logging \_ By using sshd they can hide better from intrusion detection & tracking systems \- btw, do you know what version the trojan sshd claims to be? there might still be a way for a good IDS to detect it. if you can mail me the src or binary, i would apprecaite it. would like to work on a detection heuristic for our IDS. --psb \_ proftpd had a remote root hole not too long ago... (doesn't hold a candle to wu' though =) \_ that one apparently never got exploited \_ In the same way that openbsd reports long lists of exploits and holes, mostly, they are proactively discovered and patches released before the rest of the world knows about them. All software projects have bugs. Some are fixed before they get abused, others are fixed after. I prefer the former. \_ USE WINDOWS! |
2000/9/15-18 [Computer/SW/Security] UID:19258 Activity:nil |
9/15 Someone mentioned a security hole proftpd versions post 1.2.0pre9 (though the web page seems to think anything after 1.2.0pre9 is o.k.) Can someone tell point me to specifics. I'm running pre10, but older than the date that was specified. More info please. \_ if there was one, it would probably be in the bugtraq archives on http://securityfocus.com \_ yes, see http://securityfocus.com; no successful exploits are known yet (or, if there are, they've been an extraordinarily well-kept secret). And yes, older pre10's are still [theoretically] vulnerable. |
2000/9/8-10 [Computer/SW/Security] UID:19206 Activity:nil |
9/7 Goddamnit. Why do web sites / hosts limit the length of passwords? Ooh, increased security by reducing the hashable characters. Good idea \_ Because most people are stupid and would forget anything longer than their own first name. |
2000/9/6-7 [Computer/SW/Security] UID:19179 Activity:nil |
9/6 Does anyone know if there's an SSH extension for Windows Telnet? I'm having trouble with the Whacked out Java SSH. It can't run well when using Pine or Pico. Sorry if this screen looks messed up. I can't see what I'm typing in Pico. --pcjr \_ dont fucking use pine or pico. \_ F-Secure SSH \_ http://www.zip.com.au/~roca/ttssh.html |
2000/9/6-7 [Computer/SW/Security, Computer/SW/Unix] UID:19178 Activity:moderate |
9/6 I would like to install some software for the CSUA community. I have mailed root about it but got no response. Am I going about it the wrong way? \_ Obviously, you have wronged root at some point in the past. Better backup your home directory. ;) \_ This one is just for you. \_ Well, that's sound advice even I haven't wronged root. So thanks. \_ The politburo decided answering root mail was a waste of time so kicked everyone off root who actually answered root mail. \_ Actually that was mikeh. |
2000/8/28 [Computer/SW/Security, Computer/SW/OS/OsX] UID:19105 Activity:high |
08/27 Does anyone know of any SSH and/or scp clients available for the Macintosh (free or otherwise)? Thanks -dans \_ F/Secure SSH http://www.datafellows.com NiftyTelnet SSH http://www.lysator.liu.se/~jonasw/freeware/niftyssh Do a fuckin' web search next time. -tom Do a web search next time. -tom \_ you could even have looked on www-inst or www.csua (localhost). *duh* \_ Did both. Asked the motd in case I missed anything. Anybody know if the version of F-Secure for the Mac on eecs-inst is the full version or an evaluation version? -dans \_ If you've read it, remove your fucking motd entry. \_ BTW, this one's not legal in US until 20 Sept I believe (RSA patent needs to run out or something) |
2000/8/16 [Academia/Berkeley/CSUA/Motd, Computer/SW/Security] UID:19013 Activity:nil |
8/14 Is there anyone with root access in the CSUA office during the summer? If so, who are they and approximately what time/days are they there? Thanks. \_ call in the afternoon. sometimes one of us is around. -root \_ Who do I email to set up an appointment? staff@csua or root@csua? (unless you mean to call literally....) \_ yeah you can call 1 510 I DONT CARE bitch ass mutherfreak. </MOTD> --------------------------- [ cut here ] --------------------------- ------------ [that's it, nothing else to see, scuddle along now] ------------ dHHHbo._ dHF""HHHHb. dHH _ "HHHHb. HHH_'o "HHHHHb. HHFo "HHHHHHbo. HHH\`, HHHHHHHHHHho._ HFHH`._,'HHH' `HHHHHHb_ ____ P "HHHHH\HP "HHF:. `._ ,-'"" "-. "HHFHHF F" :::..""" "-. `. F PF , \ \ F j\ / ; `. | j `. ` A \ | | ;_ . 8 \ J F\_,'| "`-----.\ j `. \ F j F | F / \ \ ____ ,.. J J | | F j `. ,'" ""--/::::-_ | F_j F J / `. : ._`::::-_ F J____J J j `-_ __,.----"`--._ ::::; F | | F _.--' `. ""---" | F | _.------'"" : J J | ' \ "`. F F l _____.....--"""-. "; __.-""- J """"" `-. ;. (.___...-' "-.j |
2000/8/15-17 [Computer/SW/Security] UID:19000 Activity:nil |
8/15 URL for freeware windows ssh client? Doesn't have to do anything fancy. Only using it to login to a remote ssh-only box to run one script for a user. I don't care about emulation quality, features, or anything else beyond basic ssh'ing ability. No demoware with interactive nags, delays and self bombing timers. I want to install this for the user just once and forget about it forever. Thanks! \_ http://www.employees.org/~satch/ssh/faq/ssh-faq-2.html#ss2.2.3 \_ Found what I needed. Thanks again! |
2000/8/15-16 [Computer/SW/Security] UID:18995 Activity:low |
8/14 Is there anyone with root access in the CSUA office during the summer? If so, who are they and approximately what time/days are they there? Thanks. \_ call in the afternoon. sometimes one of us is around. -root \_ Who do I email to set up an appointment? staff@csua or root@csua? (unless you mean to call literally....) \_ yeah you can call 1 510 I DONT CARE bitch ass mutherfreak. |
2000/8/14-15 [Computer/SW/Security] UID:18980 Activity:moderate |
8/14 I have installed proFTPD and want to change the banner, which announces what it is, i have altered /etc/welcome.msg and that has changed half of it but not all. How can i change the rest? \_ Use the source, Luke! \_ Careful. Remote root security hole in proftpd's older than July 28th. --dbushong \_ Arg. I installed proFTPD because it's supposed to be MORE secure \_ Try ncftpd. It isn't based on the same shitty ancient ftpd source as almost everything else out there. \_ As did I. Its track record of one remote root in however many years >>>> wuftpd's "root hole of the month" And, yes, I like the apache-style config. --dbushong |
2000/8/11-14 [Computer/SW/Security] UID:18965 Activity:high |
8/11 Can anyone recommend a good network monitoring program? We have multiple Sun Servers and a buncha PC's, on a 100-BaseT subnet. \_ mrtg? \_ Memorize References to Tron Game? \_ look it up on google \_ What exactly are you going to monitor? \_ Would like to pinpoint any problem areas, slowness, lack of response, highest use, etc. \-sounds you want to monitor the network, not monitor *over* the network, in which case ping, traceroute etc. are not what you want. mrtg is pretty nice and has a lot of uses. but to answer your question: if you want to be serious about this, you get to get someone who really understands this stuff and is well-briefed about your network topology, your priorities and other local conditions. too many people spend lots of money on these big industrial strength solutions like sun net manager or that hp open whatever when a halfway clueful person can cobble something together from free stuff that meets your needs better. but they have to know exactly what you want to monitor. it is a very different matter to continuously watch for suspicious stuff security-wise vs. once a week snap- shots for capacity planning to have off-line stuff in place that can be quickly brought online to diagnose things. it is a differnt problem to get exact info about one "class c" vs. get 95% accurate info about a couple of classBs, but to be able to get it really fast, also depends whether you have privilaged acess to routers, whether you are worried about denial of service [a realy problem with a lot of monitoring setups] --psb service [a real problem with a lot of monitoring setups] --psb \_ is it all one ethernet? how many routers you got? \_ Sorry to be anal, but ping, traceroute and snmpwalk work for me. \_ ping and traceroute are practically useless for monitoring a local network. -tom \_ Depends on the size and subnetting. We use ping, traceroute and snmpwalk with some homebrew perl/java cgi frontends for managing/maintaining our heavily switched/routed lab nets at cisco. \_ gee, if it's switched and routed it's not local. \_ local to me means everything on my side of the BFR (I mean 12000 GSR). If you think local all on the same switch, I beg to differ. I might agree for all on the same VLAN. |
2000/8/10 [Computer/SW/Security] UID:18945 Activity:moderate |
8/9 I just installed openSSH --with-tcp-wrappers on my Redhat 6.2 box and outgoing functonality works great but when i try to connect using eith ssh1 or 2 i save a key but then "password authentication fails." I am quite certain i am using the right username/password combo. What could be going wrong? I can still telnet in, there is nothing in the hosts.allow/deny files that could be causing this. \_ ssh -v \_ Read the FAQ on OpenSSH. You need to modify pam.conf or something like that to get it to work. --PeterM \_ not pam.conf, /etc/pam.d/sshd, look in ~peterm/sshd \_ You need to instal openbsd where it "just works". \_ or freebsd 4.x, or debian linux (apt-get install ssh) |
2000/8/7-8 [Computer/SW/Security] UID:18905 Activity:high |
8/6 <DEAD>www.svmagazine.com/2000/week33/features/Story01.html<DEAD> Months later, the public was let in on the joke. Naughton had agreed to give technical assistance, including writing software, to the FBI in exchange for a lighter sentence. Neither Naughton, the U.S. Attorney's office nor the FBI will comment on the nature of his work. \_ We'll find out the details this week. \_ moral of the story-- YOU ARE BEING WATCHED. Think twice before you post on motd, wall, email, or download porn. Everything is taken as literal, even in the so called internet fantasy world. \_ and dont forget to encrypt your pr0n \_ zbeny bs gur fgbel-- LBH NER ORVAT JNGPURQ. Guvax gjvpr orsber lbh cbfg ba zbgq, jnyy, rznvy, be qbjaybnq cbea. Rirelguvat vf gnxra nf yvgreny, rira va gur fb pnyyrq vagrearg snagnfl jbeyq. \_ naq qbag sbetrg gb rapelcg lbhe ce0a \_ Thank God I use my own encryption method to edit the motd. \_ I think this was all an elaborate plot by the FBI to get a young, extremely talented programmer to sign his life away on some classified government project. He was probably targetted because they saw that he was a super smart guy in an unstable marriage who visited sex channels on IRC. |
2000/8/2-3 [Computer/SW/Security] UID:18847 Activity:kinda low |
8/1 The java SSH client we have running does not use https:// so i assume that when i put in my password it gets sent plain text. isn't the whole idea of dis-allowing telnet was to aviod the sending of plain text passwords? \_ nothing to do with it. the http part is just to download the ssh client locally. from there, you run ssh which creates a secure connection to the remote host (which is where your password gets transmitted). \_ What (s)he said. Of course, if you're really paranoid, you should care that you didn't download the java ssh client via https, because someone who noticed you fetch it a lot could hijack your download and replace the safe app with a compromised one. Unlikely? Sure! But then again... you're using ssh instead of telnet, so.... \_ I thought this would be a problem too. But when running unsigned Java applets, aren't network connections restricted to the host that the applet was loaded from? This wouldn't eliminate the vulnerability, but it would at least limit it. (A rogue program would have to be set up on the web server which listened for connections from hacked ssh clients.) \_ That's the theory. You trust it in practice? |
2000/7/29 [Computer/SW/Security, Computer/HW] UID:18811 Activity:moderate |
7/28 Hi-Tech and all the other cheap places in Berkeley have gone under. Where is a cheap, but decent in terms of service, place to buy a computer in SF (or Berkeley). \_ Central Computer has been our OEM of choice for a while. -nweaver \_ For a personal computer, buy parts from out of state and assemble. For your company, buy Dell. \_ God forbid a part doesn't work. Ah, to live in L.A. near hundreds of OEM vendors. |
2000/7/28-29 [Computer/SW/Security] UID:18808 Activity:kinda low |
7/28 What are the security implications of using a network time server? \_ If someone nasty can control your clock precisely it may make it easier for them to guess the values that will be generated by psuedo-random algorithms seeded with the current time. If those are used to form keys or such, security may be weakened. However, many security protocols, such as Kerberos & NIS+, require computers to have relatively close ideas of the current time so that they can prevent replay attacks by rejecting packets with far-off timestamps. |
2000/7/28-29 [Computer/SW/Security] UID:18807 Activity:high |
7/28 That web-based ssh client we have is Phat,K-RAD and 2C00l. i want to implement that on my server so i can access it if at a comp. without ssh. What are the security implications? \_ It posts your username/password and session log to alt.security.gotcha, but is otherwise pretty safe. |
2000/7/26-27 [Computer/SW/Security, Computer/SW/OS/Solaris] UID:18771 Activity:nil |
7/24 Is there a way to install WindowMaker on a Solaris machine without root access? Any url/pointer? \_ ./configure --prefix=/someplace/youcanwriteto/ make make install and then you're done. Not very hard. |
2000/7/21-22 [Computer/SW/Security] UID:18746 Activity:high |
7/21 Is there a way to get root access given (unlimited) access to console on a sparc20 box with solaris 2.5.1? The pricks in IS&T are taking over a month to fix some things on my desktop machine and I really need to take care of several of them to get anything done, at risk of pissing off IS&T. Please withhold the "if you don't know how to do this, you shouldn't have root anyway" flames; i know how to fix what I want fixed, while not fucking up anything else. \_ Well, if the other things fail you could try: <DEAD>phrack.infonexus.com/search.phtml?view&article=p53-9<DEAD> I haven't done this, and don't know whether it will work with your model+keyboard. --Galen \_ Thank you kindly. This worked like a charm after a few small corrections (s/1\@/@/g). \_ How do you find the memory address of the process? ps -lp gives me a ? for ADDR \_ It didn't do that for me; make sure you're running /usr/bin/ps though (/usr/ucb/ps, for one, has entirely different flags). If that fails, poke around in /proc/$$/, it's probably visible from somewhere in there (try bytes 0x48-0x4B of /proc/$$/psinfo). Make sure to check the current contents of *(process_pointer)+0x18 first, and see if it matches your current ruid (or risk clobbering something random in memory) \_ Boot from CD. -tom \_ No CD drive (or floppy for that matter) \_It is likely that your box was installed over network and the install server is still acting as boot/install server. In this case you can boot of the network by typing "boot net" from open boot prom. This is equivalent to booting from CD. Of course, this wouldn't work if boot prom is password protected. In this case you might need to swap the prom chip. Though, if your box is also locked then you can't get root without breaking things. \_ Borrow a cdrom - the CSUA has a sun-compatible one. \_ unless of course they set a prom password, in which case you're pretty hosed. \_ or swap in a prom. Or swap in a disk with your favored configuration. With physical access it's always possible. -tom \_ Mmm..physical access.. *drool* \_ They all say they know how to fix what they want fixed without fucking up anything else. Why don't you talk to their manager or have your manager talk to their manager? If it's truly preventing you from getting work done then it's a big deal and i'm an intern. it's not _/ taking matters into your own hands will just mask a problem. Maybe IS&T is short-staffed and enough complaints will allow them to hire, for example. --dim \_ IS around here is absolutely hopeless. Trust me, this is the last resort. \_ Well, if the other things fail you could try: <DEAD>phrack.infonexus.com/search.phtml?view&article=p53-9<DEAD> I haven't done this, and don't know whether it will work with your model+keyboard. --Galen |
2000/6/19-20 [Computer/SW/Security] UID:18498 Activity:high |
6/19 Any suggestions for a Win98 SSH client? \_ F-Secure but you have to pay $$$ \_ Yes. Go get a real OS. \_ teraterm is pretty stable and has some nifty features (eg recognizing most xterm escapes and imitating unix cut'n'paste behavior with respect to right/middle clicks) \_ TeraTerm plus TSSH. I'm using it right now. See: http://www.csua.berkeley.edu/ssh-howto.html \_ I'm using "SSH Windows Client" that I found from the same page. -- yuen \_ I use it at home and at work. Works great. |
2000/6/14-16 [Computer/SW/Security] UID:18465 Activity:high |
6/14 I have written a program that "pipes" port1 to port2 on a machine [so if you do say telnet foo 25 that can automatically send to to port 19, chargen]. Is there a way to grab all the unbound ports and map them to chargen, to deter people scanning my machine? Will that be an expensive program to run? I don't want to launch one version of the process for each port. Thanks! \_ Why are you even doing this? You're reinventing the wheel. Just use the IP firewall rules built into your OS to port forward a range of ports. \_ I want to turn this on and off. Also not all OSes support IP firewall. Would like to do this at the application level. Can you tell me how to listen on all the unbound ports like inetd? \_ Sheesh, get a real os. What are you using? win 3.1? \_ It's actually a vintage box; running a hacked-up TCP/IP stack for CP/M. I'm using it as a low-load web server \_ inetd doesn't listen on all unbound ports - it listens on the ports listed in inetd.conf. You could write a program that looped through all possible port numbers and bound them (if your OS supports opening 64k fd's in a single process) but that would prevent any other app from being able to bind a listening port. \_ N0H0ZERZ! \_ If the ports are unused what's the big deal? You can't stop a scan. And if you have insecure services running on other ports, your program won't help that either. What are you trying to do? What's the point? Your program won't do anything useful for you. \_ An easier thing to do is run FreeBSD 4.x and in /etc/rc.conf set tcp_restrict_rst="YES" This will cause connections to ports with nothing listening to hang until timed out. This pretty much kills portscanning. --dbushong \_ Who cares? Let em scan. Security through obfuscation and irritation is not security. You're only slowing down the inevitable. \_ If you don't believe in "security through obfuscation" you won't mind sharing all your passwords with me. \_ That's different. A password is obscure in a way that in order to crack it, you need to try a bunch of random combinations before you can get it right. Security through obscurity is where a backdoor exists but you just hid it somewhere. It's the difference between a key to your house and hiding that key under the mat. The key is like the password. Hiding the key under the mat the the obscure part. Obviously, most prowlers will usually look under the mat first before actually cracking the windows. \_ A password is not obfuscation. Hiding your buggy service on a random port and making it hard to scan is obfuscation. Given a few extra minutes your s00per sekret buggy service will turn up. My ssh passphrase won't. You know I could give you my ssh passphrase and it won't help you get into any of the machines I run but you wouldn't undersand why. Damn, it's so sad there's no real ugrad security classes. It shows. \- i was thinkign about writing a something to wedge the iss scanner specifically. am trying to decide whether to do it at a tcp level [long time outs etc.] or generate random data on port 80, when talking to nfsd, mountd etc. i am also thinking about using xinetd. would be interested in more discussion on this. --psb |
2000/6/12-14 [Computer/SW/Security] UID:18446 Activity:moderate |
6/11 Anybody know if encryption routines (DES, IPsec related, etc) can be parallelized? Does adding more CPUs and writing some parallel software speed things up? \_ Look at the source code. Much of the time, what can be parallelized is done at a fine grain level (vector data, level, loop level, instruction level, etc...) in which case, adding CPU's won't do you any good. If it's thread level paralellism, then yes. Go to http://mit.edu's web site and search for Krste Asonovic (he was a PhD student here w/ Patterson). His thesis has a good explaination. Also look at the spring 2000 cs252 website. I think someone did a project on encryption algorithms. -jeff \_ IPSEC isn't an encryption routine--IPSEC ESP just makes provision for tunnel encryption and key exchange for whatever crypto you're using. -John the Nitpicker \_ No. \_ It depends on the feedback mode used. If the cyper is running in ECB mode, yes, but it's a bad mode of operation otherwise. the most common mode, CFB mode, has a dependency between blocks and can't be parallelized. -nweaver \_ is that a mathematically proven statement or a "can't _easily_ be paralellized"? \_ Do you understand what you're talking about? If step B depends on the result of step A before it can be started, IT'S IMPOSSIBLE TO RUN A & B IN PARALLEL. \_ Do YOU understand what YOU are talking about? There's more than one way to split a task into blocks, and parallelism need not apply at global level to be useful. A complete mathematical proof of nweaver's statement would be quite difficult. \_ Not so. It's been done before in superscalar processors using load value prediction and trivial computation predictions. \_ CFB can not be parallelized beyond the parallelism inherant in the encryption of a single block, because of the dependency. CFB of block N is computed by encrypting the value of N xor the last block. -nweaver \_ look, computation prediction is NOT trivial!! \_ CFB encyption can NOT be parallelized beyond the parallelimsm inherant in the encryption of a single block, because of the cyclic dependency. You need to completely encrypt one block before you can begin encrypting the next block. CFB DECRYPTION however, can be parallelized between blocks. -nweaver |
2000/5/24-26 [Computer/SW/Security] UID:18336 Activity:low |
5/24 I want to make my FS encrypted so that no one can take out my linux harddrive, hook it up to another computer that they have root on and see my files. I want only my password to be able to access those files. Anyone know of such a FS package? Doesn't have to be distributed like NFS. \_ try cfs (it has a debian package in non-us). User-mode, IIRC. \_ hello, does anyone know the status of the Alex file system from cmu [not andrew]. has that been abandoned? is there a sucessor [is nebula any good?]. will it run on solaris? --psb \_ Re-formatted. \_ Who would bother? If they stick a gun to your head, you'll very happily give them the password and suck their cock, too. |
2000/5/16-18 [Science/GlobalWarming, Computer/SW/Security] UID:18283 Activity:high |
5/16 http://www.wired.com/news/politics/0,1283,36339,00.html Question: How exactly can you distinguish Voice traffic from other traffic, esp. when you can tunnel it over another protocol like http or you encrypt it using SSL and such? What the hell do the telco's want regulated? \_ It's just political clap trap noise. \_ But, technically, unencrypted voice traffic is hella easy to detect, regardless of protocol. Anyone who knows basic signal processing can write the code. -blojo \_ what's the easy trick? does the spectrum for speech look very specific? -ali \_ What you would basically do is: (a) look for signals that have most of their energy in the 500Hz-4KHz range. (b) The amount of energy and its centroid oscillate / fluctuate with periods that are O(.25 seconds). Basically you can look at docs for any of the recent vocoders and see what circumstances they focus on reproducing... fortunately recognition that something is probably a voice is a lot easier than recognizing what the voice is saying. -blojo \_ Key phrase: unencrypted. Solution: encrypt it. \- you know the NSA has a patent on automatically IDing FAX and some other kinds of traffic. --psb \_ i've got something that fluctuates at 4 Hz right down here. -ali \_ Wow. That sounds painful...or unsatisfying. Not sure which.... |
2000/4/25-26 [Computer/SW/Security] UID:18110 Activity:very high |
4/24 Are there instructions on how to use the Java SSH client at http://soda.csua.berkeley.edu/ssh - clueless \_ got that right \_ You need instructions on how to use this? This is a joke right? \_ OK - this is one of those cases like you're the only person that hears any weird sounds coming from your car, but your mechanic doesn't when you bring it to the shop. What happened was that when connected to certain networks, say at work, the Java ssh client would not know http://soda.csua.berkeley.edu, and return an error to that effect. Thus, the cause for clueless-ness. However, on less prohibitive networks, say at home via dial-up ISP provider or dsl, I have no problems, which would invite a "got that right" comment. So, now another clueless question is - does this ssh client run over http or another protocol? Why does it work in some cases and not others? More than happy to read all about ssh if you got a pointer/url, especially for this Java ssh implementation. - Longer than necessary, clueless \_ Well it runs ssh's network protocol, to port 22 on soda. Odds are if its not connectin you're behind a tightwad firewall that blocks outgoing tcp/22. -ERic \_ You might also being having DNS troubles resolving names from behind the firewall. I know Sun's firewall does wierd DNS hiding and you need a super special ssh client to get out. - seidl \_ might also try running ssh in verbose mode to gather clue |
2000/4/11-13 [Computer/SW/Security] UID:17974 Activity:nil |
4/11 When I dialup from home, I use screen in my shell so that if I get disconnected, I can dial back in and reconnect my screen and thus not loose any work. Is there something similar I can do with my X apps also? (xterms, emacs, etc). I suppose I can run vnc on my workstation at school, but vnc is slow and not secure. \_ YOu can vnc over ssh. \_ Doesn't ssh break the connection when you hang up? \_ w/ static IPs, use ssh w/o keepalives, and ssh/X will persist short interruptions or long ones if all is idle. |
2000/4/11-12 [Computer/SW/Security] UID:17965 Activity:low |
4/10 Why is ssh2 better than ssh1? Aside from sftp. I'd like a pointer to technical reasons why ssh2 has improved security. (Yes, I already spent some time looking.) --PeterM \_ well, the ssh2 protocol was written more from the ground up rather than as modifications to a hack to a neat idea. --jon \_ I can see in general how rewriting the code would improve it, but what particular attacks are now harder/impossible? --PeterM \_ pure marketting + revenue |
2000/4/3 [Computer/SW/Security, Computer/HW] UID:17913 Activity:high |
4/2 Is there a program that will continually monitor when a file gets appended to and display it to stdout (like a security log monitor)? \_ simple way might be to use: tail -f FILENAME \_ might be? That's _the_ way. How much easier can it get? No bullshit, no coding, no side effects, included in every *nix. Even Linux has it. |
2000/3/30 [Computer/SW/Unix, Computer/SW/Security] UID:17890 Activity:nil |
3/28 -nick is login "nick" already \_ No it's not - the other nick |
2000/3/22-23 [Computer/SW/Security] UID:17825 Activity:insanely high |
3/22 SHIT! My linux gateway running ipchains got cracked. How? --PeterM \_ Run a BSD. Any BSD. No, really. Linux sucks. \_ How about: BSD security >> Linux security, but Linux is getting there \- realistically i think there are just more linux root kits floating around. same reason more solaris boxes get cracked than say ultrix.irix machines. --psb \_ In my experience, VMS security >> HP security >> SUN security >> IRIX security >> Linux security >> Windows security. IRIX really sucks and SGI ships the OS wide-open. --dim \- i work in this area so my data is based on a lot of machines and not just on my experience. most people cracking systems are just trying a lot of doors and arent picking locks. the doors the usually get into arent necessarily the easiest ones to pick but the ones with the most spare keys floating around or the most likely to have been left unlocked. VMS machines arent cracked because very few people have access to them, or sources etc. i agree solaris security is better than irix security but there are more suns and more peopel have access to suns ... hence more solaris root kits. --psb. solaris root kits. a lot of the weeinie crackers dont even know the difference ... you see people using solaris eject cracks on irix machines all the time. you know you are dealing with a clown when a cracker's editor of choice is pico. [which it is more and more often these days] --psb \_ I agree completely. I just wanted to point out how much IRIX sucks. --dim \- back in the old days suns used to "ship" with + in /etc/hosts.equiv. it only took a few years for sun to admit they had their head up their ass on on that one. SGI was even more intrasigent about the lp/guest etc accounts. whenever you would complain to SGI they would either point to "small print" or defend what they did with "we know better" ... well apparently "the market" knew better. --psb \_ sendmail, dns, irc, ftp, what else are you running? \_ no ftp, irc. Running sendmail as an smtp server for the internal network, but blocking connections from outside. Running DNS. Nothing else that I know of offhand. \_ move DNS serving to an internal machine. This will take some of the load off and also close a potential security hole. I also switched to to postfix which seems to be more secure than sendmail. \_ In recent history, all of those other daemons have had a lot more security problems than sendmail. \_ I haven't seen as many CERT warnings about postfix as for sendmail and qmail. \- what version of named? are you running named unprivilaged and chrooted? this was a common attack on freebsd. --psb \_ what are your rules? wuftpd supposedly has some buffer overflow exploits. \_ "no ftp"? \_ RedHat 6.1? \_ an inside job? \_ a blown job? |
2000/3/14 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:17763 Activity:kinda low |
3/14 http://www.csua.berkeley.edu/~benchan/entreprise/CYBERARMS.html \_ Is commerce allowed on CSUA? \_ No. \_ but this is eCommerce! It's downright unamerican not to encourage eCommerce! \_ Squish! |
2000/3/13-14 [Computer/SW/Security, Computer/SW/Apps/Media, Computer/Networking] UID:17759 Activity:moderate |
3/13 At work each "phone" jack has an ethernet port, digital phone, analog phone, and a fax port. Anybody know where I can get a jack like that? I couldn't find it at homedepot. -trying to rewire my house. \_ Just unscrew the one at work. (Someone else's office) \_ http://www.l-com.com sells just about every possible connector or cable for many different applicaqtions. they should have whatever jack you need, and i think they can do online orders via web. \_ Did you look in the catalogs? (http://www.blackbox.com for example) \_ under your desk? *grin* \_ I liked it better when the area admin was under my desk. |
2000/3/8 [Computer/SW/Unix, Computer/SW/Security, Computer/SW/OS/Windows] UID:17713 Activity:nil |
3/7 What are people using to do S/MIME on Unix? I don't know which M to RTFM. (I've used a thawte digital certificate to read/ send encrypted mail in windows, but don't like going over there every time to read encrypted mails... Thanks |
2000/3/2-3 [Computer/SW/Security] UID:17677 Activity:moderate |
3/2 "He was plotting it for around two weeks, jokingly, saying he was going to extort money from these companies. Then all of a sudden he got dared to do it, and 10 minutes later Yahoo! was down. He never made extortion demands," the source said. We should all be thankful he got scared and didn't carry out his next idea, and that no one else feels the need to do this either," the source wrote. "He had a DDoS (distributed denial of service) tool that he wrote installed on all of his hacked boxes. He was planning on using all 1,000 machines in a combined attack on the Root Nameservers, flooding the Nameservice ports with UDP packets." "He is safe and he knows it, he deleted all evidence off his machine. ...He is very well aware that there isn't any way to prove a smurf attack after the fact." http://www.msnbc.com \_ Hear that tjb? They're on to you! |
2000/3/1-2 [Computer/SW/Security, Computer/SW/OS/Windows] UID:17667 Activity:moderate |
2/29 http://www.gnu.org/philosophy/amazon.html#whyBoycott http://www.oreilly.com/ask_tim/amazon_patent.html \_ USE WINDOWS. WAREZ REWLZ. LINUX SUX. \_ Uh huh, communists and a guy who made his millions on the copyright system which is the printed version of the patent system. I'm impressed. I'm also stoned, stupid, and a libertarian. \_ There is a BIG difference between the patent system and the copyright system. You can have two books that describe how to use the same algorithm, in detail, and not violate copyright. But the way the PTO is going, you wont be able to have two separate programs that use the same algorithm, without violating patents. \_ Bullshit. Stop repeating the ignorant drivel from the slashdot crowd and do your own research. Start with a law degree. "But I don't need no stinkin' law degree to know that my rights to other people's work is being infringed!" \_ One of the cornerstones of patent law is that no one should be allowed to patent prior art (something which someone has done before) nor any trivial extention of prior art (something which would be obvious to anyone in the field even without it having already been done) The trick is that the patent office's track record for letting prior art leak into patents is abysmal. [Dubious reference to prior art accidentally deleted] \_ Please quote the spec example and provide URL. If it was that simple the judge would not have granted an injunction. That's only done when there is a high probability of victory. If the example you claim is in the cookie spec covered the whole patent, then B&N's lawyers could have easily not only not been on the wrong end of the injuction, but could have had the patent declared invalid long before now. Patent law isn't as simple as slashdot makes it out. \_ Were any of the online brokers up and running in 1997? Any one of their stock purchase systems would constitute prior art if in place then. -mel \_ No, it wouldn't. You have no idea what a patent even is. It is defined by the claims, not the oft and over quoted summaries printed on slashdot and other anti-IP sites. Violate so much as a single minor claim and you're infringing on some- one else's property. |
2000/3/1-2 [Computer/SW/OS/Windows, Computer/SW/Security] UID:17664 Activity:nil |
2/29 does an ssh client for windows 3.11 exist? thanks. \_ USE WINDOWS MAN. LINUX SUX. WINDOWS REWLZ. ANYONE WHO'S ANYONE USES WINDOWS. LINUX USERS ARE FREAKS MAN. \_ Win32 programs have been known to run on 3.11 systems. Try TeraTerm ssh (free) or F-Secure (maybe free if you're on campus). \_ There was an article in the merc this week saying that SSH Communications & SANS were giving away free SSH to .edu's but I can't find anything on http://ssh.com or http://sans.org. Anyone know anything about it? |
2000/2/25 [Recreation/Dating, Computer/SW/Security] UID:17622 Activity:nil |
2/25 Pro-immigration drivel deleted. That was not a reason to allow queers to marry. That was a reason to deny foreigners easy access to our shores. I abhore the practice of foreigners, mostly women, prostituting themselves out to gain status here. We should eliminate that possibility equally for everyone. |
2000/2/22-23 [Computer/SW/Security, Computer/SW/Unix] UID:17587 Activity:moderate |
2/22 Is it possible for Soda to create a web mail interface similar to http://mail.yahoo.com to access emails on soda? \_ No. Soda is a computer and has not yet achieved sentience. Use POP or IMAP or forward your mail to luser@@yahoo.com. \_ Soda still allows POP and IMAP? I thought that the whole point of turning off telnet/ftp/etc was to prevent some twinks from sending their passwords in clear text over the net. So, what's the point of turning off telnet and ftp if POP and IMAP are still running? \_ There is no point, only trolls. \_ You may email your request to the entity known as "Soda". \_ I was looking at something called 'mailman' a while ago. It'd require nothing more than a few cgi scripts and a cron job that copies your mail into a directory off your public_html/. They started charging for mail man, though, and I haven't had time for it since. Mail me if interested. -John \_ there are at least a dozen different mail->web gateways listed on http://freshmeat.net \_The OCF got acmemail up and running in a few hours -jones \_http://secure.OCF.Berkeley.EDU/cgi-bin/acme/acmemail.cgi |
2000/2/11-13 [Computer/Networking, Computer/SW/Security] UID:17494 Activity:very high |
2/11 Why can't they stop all these DoS with a simple TCP source quench? My understanding is that if the incoming data rate passes a certain threshold, you can simply ask the the upstream sender to slow down or drop packets. So why don't the end points just do this so that the systems don't go down? \_ But then if that's true and the upstream sender starts dropping packets, it will still appear the same to the clients that the server has crashed. The effect is the same. Right? -- yuen \_ Sort of, my understanding is that you can do a source quench on one or more source IP's, so when you send a quench the message propogates all the the way back to the source. When the router's closest to the source start dropping, it will look like (from the source's perspective) the destination has gone away. Other source IP's won't be affected. \_ Source quench idea doesn't work necessarily because the idea of source quench assumes that the sending host is co-operative, not hostile. When the sending host has been root compromised, the compromise could change the behavior to make it ignore source quench requests. Also, a lot of the source IPs are being spoofed, so you don't even know who the real sources are. \_ The attacks are a lot more complicated than just "send lots of packets to yahoo". -tom \_ So where can I get a description about how these attacks work. And I'm not looking for the garbage in the general press. \_ http://www.securityfocus.com \_ http://staff.washington.edu/dittrich/misc/tfn.analysis \_ http://staff.washington.edu/dittrich Look in the papers where he analyizes trinoo, tfn and stracheldaht. Best analysis of them I have seen. -ausman \_ while (1) { httpget("yahoo.com"); } And now you know! \_ This is hardly untraceable since your IP will show up in access_log. My understanding is that the attacks have been untraceable, so they must involve header rewritting or session hijack or something. \_ No. _some one's_ IP appears in the log. Who is to say httpget() isn't mushing the IP or using a proxy or doing a million other things? \_ The problem with DoS attacks is not that they're crashing the machines, but that they're preventing normal users from accessing the service. Your suggestion does nothing to change this. \_ If you or your upstream routers block/quench based on the sending rate of a source IP, then you could filter the DoS traffic (high incoming rate) and still allow most normal users (low incoming rate) to connect. I think that is is a L3 analogy to the hammer filters in some ftp servers. \_ Except that many of the attacks consist of a low incoming rate per IP address from thousands of different addresses. Telling real traffic from attack is harder than you think. \_ Pull network cable, sell stock, go home. \_ Wrong order! \_ You want to sell at the high moments before it crashes to make sure you soak it for every last bit. After all, who knows better when it's going down than you? It'll take a while for others to notice. \_ I opened a joint broker account with my girlfriend and placed $1000 in it, telling her that whatever is in it when engagement comes would be the price of her diamond ring. GE didn't go fast enough for her, so we went into Checkpoint Software, and it went from $1000 to $4000 in 4 months, and has been going through the roof since the DoS attacks. Do you think my girlfriend might be involved? \_ She hired me to do it. I get half the account, she gets the other half for her ring. Expect it to continue upwards until you're engaged. \_ I knew she was involved! I once suggested to her that instead of a diamond ring, I can give her a super cool Sun workstation. To my surprise, even though she is a nerdy (but very beautiful, in my opinion) computer science student, she didn't like the idea very much. If you can convince her otherwise, it would be a great favor for me! \_ She is much smarter than you think. Diamonds are forever. Sun workstations become obsolete. She also realizes that you may in fact wish to fondle the sun hardware instead of twiddle her bits. And when the workstation becomes old, Sun allows you to trade it in for a newer model, perhaps giving you certain ideas she finds threatening. |
2000/2/9-10 [Computer/SW/Security] UID:17468 Activity:low |
2/9 I would like to start using PGP for communications. Problem is that the machine at work won't let me install freeware PGP for WinNT (I'm not an admin nor do I play one on TV). I thought there was an impl in PERL somewhere but can't find anything about it. Does anyone have a list of PGP impls handy? And if so could you share? \_ PGP? For what? You think the NSA and Evil HAx0rz are listening in to your love letters to your SO? |
2000/2/9-10 [Computer/SW/Security] UID:17463 Activity:insanely high |
2/8 After the recent attacks against the big boys of dot com how does a guy prevent further Denial of service (DoS) from happening to his own cos. - curious \_ You don't. You can filter some of the crap but never be totally safe from it with current protocols and technology. \_ why not just change the filter properties? \_ Which devices do you own that can filter 1 gigabit per second without crashing while still letting the good traffic through? And what if the DoS consists of properly formed http calls? What are you going to filter? \_ so i guess you need to call an upstream isp to put in the proper filters? \_ Idiot! \_ Argh! TROLL! \_ well, isn't that what they did to stop the http://cnn.com attack? \_ Yeah, they turned on the "filter_DoS_packets" rule in the routers. Some new guy had turned it off and no one noticed. \_ so i guess you don't know then, huh? \_ I think when they upgraded to dos version 2.11, everything was ok. \_ what are you going to filter, when the DoS looks EXACTLY like lots of normal traffic packets? Is the 'Slashdot Effect' a malicious attack, or just your site suddenly becoming very popular. Either way, your site is basically down. \_ are you sure DoS packets look exactly like normal packets? \_ Of course not. They have the DoS flag set. \_ so i guess you don't know then, huh? \_ The dos upgrade to v2.11 fixed it. \_ A possibility would be to make your company site a moving target. Have sevearal locations/IP's you can use. When one IP gets hit with the big DoS, change your DNS entry ( you set your TTL low ahead of time, right?), and move your site to the new IP. \_ That'll work, uh... never. DoS kiddies just get the new IP the same as everyone else. Welcome to the internet. \_ ACK! I've been trolled! \_ if you have to ask, you don't know \_ thanx for stating the obvious \_ Unplug net cable. \_ If companies with hundreds of millions of dollars at stake can't prevent it, what the hell makes you think you can? \_ Because I read a zdnet article about how to stop it. \_ it's so ironic, that zdnet was attacked and shutdown for 2 hours this morning. \_ Very little. Try not to be a tempting target. The way the big sites were attacked recently was by distributed clients running on many windows boxes infected with a remotely activated virus. There wasn't any obvious TCP stack bug problem with the servers or anything, they just got overwhelmed by tons of valid-looking hits. Short of weird heuristics, there's very little you can do about this. \_ What about authenticated IP? -- network newbie \_ Won't stop traffic floods, which is what they're getting hit with. \_ First define authenticated IP, then figure out how much your business will lose by cutting off all the random web users who don't use it. \_ Why don't we all start attacking http://www.microsoft.com and bring down the Evil Empire(TM)? |
2000/2/7-8 [Computer/SW/Security, Computer/SW/Unix] UID:17447 Activity:high |
2/7 POP-3 Question: I want to run a popd at home (such as qpopper) so that my parents can check thier mail without having to login to the mail server at home. From what I can tell from the RFC's POP seems to be an insecure protocol, in that it sends passwords as plain-text. Is it possible to run a secure POP server, or can I at least have the POP passwds in a file other than /etc/passwd (like .htaccess)? \_ Use APOP or ssh port forwarding. Using APOP would be probably less hassle for non-*nix users. You still need to send a clear text password, however, it is not the same as a user's unix password. If a user is using *nix, fetchmail + ssh port forwarding is the way to go. -akop \_ the APOP password is not clear-text; it's MD5 encoded I believe. -tom \_ Couldn't get APOP to work correctly in the released version of qpopper. Besides it looked like APOP didn't work with Netscape. \_ APOP does not work with Netscape. But it does work fine with qpopper. -tom \_ "My parents use *nix!" \_ My mom has been a Unix user/hacker since the PDP-11 was a new machine. Its not a user issue, I'm just trying to minimize logins to the mail server (also the firewall/nat box). \_ Then maybe you should be asking yermom for advice. \_ I would ask my mom (not yermom) for advice, but she is currently out of the country. \_ Then she doesn't need her email right now, does she? I don't release any GPL'd code until my mom has QA'd, debugged, and approved the release. \_ http://www.linuxdoc.org/HOWTO/mini/Secure-POP+SSH.html also, fetchmail can do APOP (but not netscape mail) \_ Go for IMAP+SSL - then they can use netscrape or MS LookOut! \_ Which server should I try? From just looking at the homepages for Cyrus (CMU) and Imapd (WU) I couldn't tell if either supported SSL. \_ Use either with the SSL wrapper from the ssl toolkit. |
2000/1/27-28 [Computer/SW/OS/FreeBSD, Computer/SW/Security] UID:17349 Activity:high |
1/26 Are the security benefits of mounting /usr partition in read-only mode worth the trouble of rebooting your server whenever you install OS patches or updates? -sysadm \- this isnt worth doing ... at least not on solaris. spend a little more energy on keeping md5 checksums --psb \_ an ounce of prevention is wourth a pound of "AAAa! We've been hacked, FIX IT!" \_ Depends on your needs. Extra security vs convenience. In general, I'd say don't do stuff like this unless you're sure you need to. That you have to ask says you probably don't need it. \_ Most of the time you have to reboot after installing OS patches & updates anyway. \_ Ok I will modify my question. What about simple and yet important updates that DON'T require a reboot. I'd rather restrart a service than reboot. -sysadm \_ what's going to stop some cracker from just remounting /usr r/w, changing stuff, and then having a ball ? I dont see any benefit in the world of mounts with -o remount or -u (bsd) -ERic \_ The only security benfit is to block script kiddies. Crackers with half a clue can get right past it. \_ You NEED TO BE ROOT to remount. the whole point is to make it more difficult for them to get it \_ Eye 0wn3d y00!111 |
2000/1/23-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:17302 Activity:nil |
1/21 Anyone have a page where I can find stuff on headers for our apache web server? We have authentication, though we've realize that caching really is another issue entirely and would like our pages to have the same behavior as the portals (e.g., yahoo, aol) re browser based email authentication \_ http://www.hamsterdance.com \_ Don't go to hamsterdance. You're looking for http://windowsupdate.microsoft.com. \_ Would you care to try again except use English and format to between 76 and 80 columns? \_ Reformatted to fit on 80-column punchcard. - motd punchcard god |
2000/1/18-19 [Computer/SW/Security, Finance/Investment] UID:17263 Activity:high |
1/18 Is E*TRADE FDIC insured? Thx. \_ They are a brokerage not a bank. They have SIPC and backup private insurance. Read their web site. (BTW do you really want an account with E*TRADE? I haven't had an account there but heard their customer service is impossible. You might find this useful: http://www.gomez.com.) \_ Very useful site. Thanks. \_ I have an account with them. I've only had to ask one question but got a response within 24hrs. But that's just once, so take it as you will. \_I have had nothing but trouble w/ Etrade. It is hard to connect with them during the day, it takes days for them to respond to emails, and you have to wait >>>1h to talk to a customer service rep when you call. I prefer Datek, even though they offer fewer services. \_ E*TRADE is completely incompetent. They are awful. --aaron \_ How about http://www.schwab.com \_ schwab has pretty good service. Problem is their commission costs for trades are pricey \_ Why do people use/need customer support that much? I would think that once you get things setup, you don't need that much customer support \_ try doing a brokerage transfer. -tom |
2000/1/14-17 [Computer/SW/Security] UID:17241 Activity:nil |
1/14 can't find ssh client for win 3.11. help? (and pls don't suggest to upgrade to win 95/98/NT.) thanks in advance. \_ LINUX! RIDE BIKE! \_ I think you can just telnet the non-secure way, use the one-time password generator at http://www.csua.berkeley.edu/skey or elsewhere to generate the one-time password, then manually type the password in your non-secure telnet. \_ F-Secure ssh for Win32 will run on Win 3.11 -sony \_ http://www.zip.com.au/~roca/ttssh.html \_ Can you run java? If so: http://www.mindbright.se/mindterm |
2000/1/11 [Computer/SW/Security] UID:17211 Activity:high |
1/10 Why don't we use SSH Ver.2? (I think there was an explanation somewhere but i can't find it) \_ No one supports SSH 2. \_ SSH2 costs too much \_ Exactly. SSH1 is freeware while SSH2 is available for purchase only. |
1999/12/22-23 [Recreation/Dating, Health/Men, Computer/SW/Security] UID:17085 Activity:high |
12/21 So I'm looking for Logo information -- I go to bh's Web page, and just below his photo is a link inviting me to "Take a look at my son Heath." NO WAY!!! bh actually found a female to get intimate with him? Is/was bh married? Or is this some kind of weird I-hate-my-family-so- I'll-pick-a-new-one thing like benco and his "fathers" Allman and McKusick? \_ he adopted a 12 year old boy. single parent. unmarried. \_ no, 11 \_ Some morons let that total bug eyed freak get his molestor's dirty fat little paws on a helpless child which he promptly posted pictures of on the net? WTF is this country coming to? Next, they'll let queers marry. \_ You obviously don't know BH personally. So quit trolling. FYI, there's no law (or reason) against posting your kids' pictures on the net, he wanted a kid for nearly a decade, and had to put up with the social service system (which is ridiculously biased against men) for that long, and has a master's in clinical psychology to show for the statement that he's capable of caring for the kid properly. \_ Oh yeah, I went to school so I must know all about kids! You're so completely clueless and dense. There's a very good reason they don't give children to unmarried men. The only shock is that they let freakoid have one after *any* number of years of trying. Normal people who want kids try out this thing called "marriage" and they "have sex" and "procreate". Try it sometime... or in your case, please don't. The gene pool is sufficiently polluted. \_ I agree. Lezbo "couple" adoptions and sperm inseminations should be banned by law. |
1999/12/19-21 [Computer/SW/Security] UID:17070 Activity:kinda low |
12/18 Is anyone aware of an existing scp interface for Wind0ze? \_ Not a chance. \_ http://bmrc.berkeley.edu/people/chaffee/winntutil.html about 1/2 way down the page -mikeh \_ This is bogus. \_ How so? It works for me. -mikeh \_ It doesn't properly follow the specs. \_ Clarify? \_ Read the spec and compare. |
1999/12/1 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:16982 Activity:very high |
11/30 http://www.gn.apc.org/pmhp/ehippies/action/index.htm \_ death to the protesters. We need martial law. Every single protester on TV ended up being an unemployed laborer who basically wants us to pay $75 for a made-in-America Tickle Me Elmo. DEATH TO THE MEATHEADS! USE MORE RUBBER BULLETS! \_ The TV coverage was biased beyond belief. You've been taken by the mass media. Use your mind, not your TV remote. The WTO is evil. One-World Government is evil. I don't hate you, but I do pity you. --eyes open, TV off \_ PAT! PAT! PAT! PAT FOR PRESIDENT!!!! HE'LL SAVE US FROM THOSE ONE-WORLD FOREIGN JOB-STEALING DEVILS!!!!!! \_ Pat is an idiot. I don't care about your job. I care about your air. \_ This is called a "Denial of service attack", not a "sit-in". Dont kid yourselves, this is bordering on illegal, if not actually illegal. The webpage owners are setting themselves up for "Incitement to commit a crime" or something. And personally, I hope they get arrested on those charges. \_ guess what, sit-ins are illegal too. And if you see how it is set up it won't do anything unless tons of people participate \_ It would be far better to just have a petition, with thousands of names. otherwise,it will beseen as a few hundred people trying to interfere with "progress". This is an artificial attempt to magnify the effect that a few hundred people can have. Because if it actually made thousands of people actually "sign" their names, clinton would actually listen. \_ Are you really this stupid? Do you know hte difference between a sit-in and a petition? Sheesh... kids. \_ They're making the dangerous assumption that the average Joe actually *cares* enough to turn on his WebTV and point it at a WTO Web site in the first place . . . \_ Who the hell do you think stopped the WTO today? The streets were packed with average Joes you cynical fuck nut. \_ now THAT (unfortunately) will have an effect. Killing the web site with a DOS attack, will not. \_ I chose not to participate in the DOS. It seemed pointless. I'm still opposed the WTO and in favor of almost any protest opposing the WTO. \_ For what its worth the WTO is a serious issue, deserving alot more attention than its given in the media. Whether the US should be in the WTO is questionable, and bringing China into the WTO would be a blunder. \_ WTO rules! Don't turn US into inward-looking Ming dynasty China! Unilateralism will make the US into a leader without followers! \_ shut up achoi \_ Who's that? \_ Don't turn the US into a lackey of the One World Government. By the people, for the people. Not whatever tiny scrap of empowerment the OWG _lets_ you have. The WTO is evil. \_ Fuck the WTO, the UN, and all One World Government stupidity. \_ of course, this idea does not exclude the similar idea that the WTO rioters all deserve a swift kick to the head while being dunked in toilet water diarrhea. Moron fuck-ups. \_ No. They deserve to be honored as the heros they are. The anti-WTO protesters have a very clear idea of what's going on. If you looked up from your Quake3 once in a while and looked around, you might also. Death to the WTO and all other One World Governemtn anti-people organisations. \_ PAT! PAT! PAT! PAT FOR PRESIDENT!!! HE'LL SAVE US FROM THOSE FOREIGN ONE-WORLDER JOB-STEALING DEVILS!!! \_ It's not about jobs. It's about clean air and water. |
1999/11/30-12/1 [Computer/SW/Mail, Computer/SW/Security] UID:16980 Activity:high |
11/30 Is there a way to use trn to connect to an NNTP server that requires a login and password? -brianm \_ trn4 supports NNTP authentication, and despite being in beta for the last 4 years is more stable than 3.6 \_ Right. Where in the man page or documentation is the explanation of how to actually authenticate? |
1999/11/22-24 [Computer/SW/Security] UID:16939 Activity:low |
11/22 http://www.landoverbaptist.org \_ This is a parody Web site for those who haven't figured it out. \_ No. We're complete and total morons who would be lost without you to explain things for us. If it wasn't for your brilliant guidance, we'd never have found the truth about Santa Claus or the Tooth Fairy either. (But please, can you tell us, is Trevor Buckigham for real? He's even more unbelievable than the Tooth Fairy...) \_ TB is for real. Some of us have even met him. \_ What? You're saying the TF isn't real? Then where'd all that money come from, wise guy?! \_ No, the funny bit is the mailbag. -John \_ No, the depressing bit is the mailbag. |
1999/11/20-22 [Computer/SW/Security, Computer/SW/Unix] UID:16927 Activity:moderate |
11/18 /var/mail at 100%. Got mail? Get rid of it.. \_ Root is evil! Buy more disk! Ride bike! Linux wouldn't have run out of disk with the new beta3 of the mail compressing file system, mcfs!!! \_ we need philfs \_ We already have philcompress. root can just use that on /var/mail. -- ilyas \_ philfs would use philcompress automatically though, and there's no telling what other nifty features Phillip would include. |
1999/11/14-15 [Computer/SW/OS/Linux, Computer/SW/Security] UID:16879 Activity:nil |
11/11 Skey for Linux - Do you know how to compile it / where to get a version that's later than 1995? Thanks! \_ http://rpmfind.net \_ rufus \_ it sho' is hard to find, suh |
1999/11/14-16 [Computer/SW/Security, Computer/SW/Unix] UID:16871 Activity:high |
11/14 I know they're generally a pretty lame alternative, but how would people/root/politburo feel about running a webmail server on soda for folks who'd like to check their mail by browser? Mind you, I'm not suggesting a public free mail server, but currently I have nothing but proxied http net access, and I wasn't about to suggest port-redirecting http on scotch to ssh the way mconst did with telnet (yay!) I have been playing with MailMan from http://www.endymion.com with the idea of having cron move my mail to a restricted directory so I could read it via shell account as well as browser. Has anyone ever considered an https server on scotch/soda so http passwords wouldn't be sent in cleartext? Just some thoughts... -John \_ I'd prefer to respond to this over mail. --root \_ in my personal experience, root usually replies something and then just delete my mail. fuck root. \_ YOU NO CONJUGATING VERB MUST LIKING VERY MUCH ON \_ What do these acronymns stand for? BOAT GETTING GO TO BACK WHERE YOU COME FROM LEARNED ENGLISH SO MANY DIFFICULT! -(fucker) \_ Go home, fuckered, stop blabbering on the motd. \_ At least (fucker) is funny. What have you contributed recently? \_ Fuck you. FOAD --Jon \_ What does this acronymn stand for? \_ Heyyyy, take that back. meanness to roots is not tolerated. you must write with respect. --Consumer Affairs Department \_ .forward \_ Have you thought of getting non-proxy net access? \_ I currently forward my mail from soda, and I have a mail address and non-proxy net access with a provider. I was simply playing around with ways to get my mail off soda through a firewall for the fun of it, and thought that maybe, perhaps, possibly, people might be interested in having me invest some time to set it up. Obviously not, since I haven't gotten any feedback except from the usual too-chickenshit-to-sign-your-name peanut gallery. -John \_ I never sign my name but I didn't add anything to this thread until now. --too-chickenshit-to-sign-my-name-monkey \_ install IMAP & TWIG on a machine with APACHE-SSL |
1999/11/10-12 [Computer/SW/Security, Computer/SW/OS/Windows] UID:16858 Activity:very high |
11/10 Anyone heard of a "BubbleBoy Virus"? Thx. __/~*##$%@@@******~\-__ /f=r/~_-~ _-_ --_.^-~--\=b\ 4fF / */ .o ._-__.__/~-. \*R\ /fF./ . /- /' /|/| \_ * *\ *\R\ (iC.I+ '| - *-/00 |- \ ) ) )|RB (I| ( [ / -|/^^\ | ) /_/ | *)B (I(. \ `` \ \m_m_|~__/ )_ .-~ F/ \b\\=_.\_b`-+-~x-_/ .. ,._/ , F/ ~\_\= = =-*###%#x==-# *=- =/ ~\**U/~ | i i | ~~~\===~ | I I \\ / // i\ \\ ( [ (( I@) ))) ) \_\_VYVU_/ || * | | * *\ /* /I\ *~~\ /~-/* / \ \ ~~M~\ ____----=~ // /WVW\* \|\ ***===--___ MOTD NUKED HAVE A NICE DAY \_ It can be a problem if you run IE5 and Windows scripting host on win98. In which case you deserve it. -John __/~*##$%@@@******~\-__ /f=r/~_-~ _-_ --_.^-~--\=b\ 4fF / */ .o ._-__.__/~-. \*R\ /fF./ . /- /' /|/| \_ * *\ *\R\ (iC.I+ '| - *-/00 |- \ ) ) )|RB (I| ( [ / -|/^^\ | ) /_/ | *)B (I(. \ `` \ \m_m_|~__/ )_ .-~ F/ \b\\=_.\_b`-+-~x-_/ .. ,._/ , F/ ~\_\= = =-*###%#x==-# *=- =/ ~\**U/~ | i i | ~~~\===~ | I I \\ / // i\ \\ ( [ (( I@) ))) ) \_\_VYVU_/ || * | | * *\ /* /I\ *~~\ /~-/* / \ \ ~~M~\ ____----=~ // /WVW\* \|\ ***===--___ MOTD NUKED HAVE A NICE DAY \_ OrCAD still sucks \_ Any URL where I can find a warning from CERN? \_ Any URL where I can find a warning from CERT? \_ If CERT issued a warning it would be on their web site. Since it's not, they haven't bothered. They don't issue alerts for every new MS virus or they'd be spending all their time doing that. \_ Open outlook. Go to Tools/options/security. Set to 'restricted'. Go to IE's tools/options/security/restricted. Set everything to disabled. Learn lesson that M$ never learned about keeping data separate from code. Thou shalt not make active data types. \_ Windows Update. Eyedog control ActiveX patch. Problem dealt with. \_ obFormatHardDiskInstallLinux \_ Linux? I thought we're talking about security not k00lness? The mindless Linux crowd pisses me off just as much as the equally ignorant Windows crowd. -pissed off by stupidity \_ actually I'm a Windoze user that posted the ob comment \_ Gach! Surrounded! It's hopeless! \_ If you want extra secure use OpenBSD. If you want complete security unplug your network from your computer. \_ Never mind; I was high on crack at the time. -Phil \_ Impersonating Phil in the motd should be a squishable offense. Doing so as badly as the above person should be a capital offense. \_ But the network IS the computer. Phil told me! \_ Non-Phil forgeries deleted. -Phil \_ Non-Phil forgeries deleted. -Non-Phil \_ damn philforge don't work worth a damn... \_ be even more secure, unplug the computer. \_ Whoa! This is stunningly original! Can I quote you on this? |
1999/11/2 [Computer/SW/Security, Computer/SW/OS/OsX] UID:16811 Activity:insanely high |
11/1 How secure is the www Java ssh terminal? Can't someone still intercept packets going through your browser? \_ The real answer you're looking for is "No, not really". Don't forget, the Java doesn't run on the site you got it from, it's like a downloaded program and is run _locally_ in your browser. The outgoing traffic is encrypted by the ssh code. _However_, if someone really had it in for you, they could intercept the ssh java code as you downloaded it the first time you went to that URL and replace it with compromised java code. --dbushong \_ or attach a debugger or read your process data via /proc... \_ yes, if they have root access to your machine, kill -SEGV your client and analyze the core file. But that's true for any ssh client (not just the java version). \_ if you're going to be that way about it, all they have to do is intercept data going to/from your tty, and you'd never know. \_ I don't have a tty. \_ or attach a debugger or read your process data via /proc or just secretly replace the ssh binary or hack the socket system calls to log or . . . Short answer: You must trust root, because they can do anything they want to you. \_ I don't trust root. I only use a Macintosh because it has the best security. You never hear about Mac servers getting broken into. \_ That's because you never hear about Mac servers. \_ What do you think Apple is running? Mac rulez, unix dr00lez@! \_ soda [12] telnet http://www.apple.com http Trying Connected to http://www.apple.com Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 500 Server Error Server: Netscape-Enterprise/3.6 SP3 Date: Tue, 02 Nov 1999 22:21:38 GMT Content-length: 305 Content-type: text/html Connection: close Connection closed by foreign host. Apple is runnig MacOS? \_ Netscape for Macintosh, dummy! You dr00le!!!1 \_ There isn't an Enterprise for Mac. Look at their web site. |
1999/10/30-31 [Computer/SW/Security, Computer/SW/Unix] UID:16798 Activity:very high |
10/30 I accidentally posted my hostname and root password to usenet. Help! \_ how stupid are you? change the password, and get on with life. \_ I DID! It was posted again! I think I have a virus! Help! \_ I DID! It was posted again! I think I have a virus! Help! \_ how stupid are you to respond to him? \_ Help! I'm stuck under a bridge and can't get out! ACK! |
1999/10/25-27 [Computer/SW/Security, Computer/SW/Unix] UID:16765 Activity:very high |
10/24 alumni.eecs is down again. Could someonw with root powers check it out? thanks! \_ mail root@alumni.eecs. heh. \_ tried that before. no one checks root email there. \_ I was joking. \_ root@ucsee.eecs, http://ucb.org.ucsee \_ actually, the machine itself is up (it's ping-able) but the telnet service isn't. Been seeing some weird things with alumni/ucsee machines today. :-( \_ Time for a three-finger salute? \_ REBOOT! REBOOT! REBOOT IS THE STANDARD! \_ Hmm... single-user mode perhaps? \_ Then a single-finger salute is in order. \_ OK it's up, but old mail still needs to be delivered. Dunno whose responsibility that is. |__ Hey jon, feeling a bit tense about alumni.eecs? \_ FOAD --jon \_ PLUR --jon \_ I'd help you but I quit for reasons that anybody, who has typed uname on alumni, can figure out. The other sysadmins have graduated. Given that you have a csua account, one wonders why you would even want your alumni account back up. But if I have any spare time from cs 152 I'll see if I can get it going again. --jeff \_ how about replacing alumni? would anyone be willing to do it if I donate an old sparc lx? \_ You really think a $50 computer will help? \_ it's better than the current alumni. \_ email jon@soda; he may be willing. \_ I hate that machine. I don't know why I bother with it. Fuck ultrix, fuck clueless users who think they are entitled to services, and fuck flaky hardware. --jon *just* enough crochety and cluess alums (who don't seem to understand that the machine is run by student volunteers rather than paid admins) to make life as a sysadmin there awfully annoying. \_ what? are you mocking that bad ass DEC Station 3100 running Ultrix, the best OS ever? running Ultrix? running Ultrix, the best OS ever? \_ PLUR --jon \_ FOAD --jon \_ Well (speaking from some personal experience), not only does alumni.EECS have the DS/Ultrix thing going against it, but it also has a user base with *just* enough crochety and clueless alums (who don't seem to understand that the machine is run by student volunteers rather than paid admins) to make life as a sysadmin there incredibly annoying. I appreciate having the "@alumni.EECS.Berkeley" mailing address, and would be more than willing to throw in my share of cash for a replacement machine, but can understand why the current caretakers would want to throw in the towel. Maybe the dept. should take over the hostname for some kind of mail-forwarding arrangement, or some competent alum volunteers should step forward to take a share of root-type responsibilities . . . -- former root@alumni.EECS person \_ Nonononono, as a crotchety clueless alum, I insist we stand by tradition and have students continue trying to support dead hardware running a badly b0rken bsd clone from 10 years ago. I'll tell ya, Back In My Day, we were lucky to have \_ FOAD --jon a 4 meg sun 3/50 with swap mounted remotely on another sun over a 10mbit shared networked. You youngin's today... whine whine whine.... \_ PLUR --jon --- clueless crotchety alum PLUR an acronym for? \_ FOAD --jon \_ pardon my cluelessness but what is FOAD an acronym for? \_ you left out "and sharing the same swap server with 20 other machines was a small price to pay..." \_ I thought of that but didn't want to re-edit to add it in. Any other clueless \_ FOAD --jon crotchety alum would've known what I was talking about. still time! (Oh yeah, and FOAD.) \_ I volunteered less ancient h/w before, but no one reads root email on alumni. I think alums should volunteer h/w, but sysadmin should \_ PLUR --jon be a student service for someone who wants to learn sysadmin stuff. still time! (Oh yeah, and PLUR.) \_ Its still down for some reason after a brief uptime... \_ FOAD --jon \_ Because it's an ancient piece of crap. \_ It's back up now, so move your files off of it while there's still time! (Oh yeah, and FOAD.) \_ As an alum, I definitely wouldn't mind making donations of cash, or hardware to keep alumni alive. This should be an organized effort, though. Something that is sanctioned and kept alive from generation to generation. \_ Too late. The powers that be are talking about making a subscription mail forwarding $ervice. \_ <DEAD>alumni.csua.berkeley.edu<DEAD> mail forward? |
1999/10/16-18 [Computer/SW/Security, Computer/SW/WWW/Server] UID:16714 Activity:nil |
10.15 Apache on RedHat- set UserDir to public_html in httpd.conf, with no specific directory permissions. I still get "Forbidden You don't have permission to access /~{user} on this server." What do I have to set to make this work? \_ look in your error log for chrissakes. -tom \_ Oh. Thanks. \_ You likely need to make sure that both the public_html dir AND the USER directory are WORLD executable. -crebbs |
1999/10/15-17 [Computer/SW/Security, Computer/SW/Unix] UID:29932 Activity:kinda low |
10/14 /var/mail is full; clean up your crap! top ten mail hosers: jenlam 7488 jam 7832 tonytung 7968 alvinwoo 8232 ramses 8496 moraleda 8720 robin 8832 klee 9680 suzuki 12032 rico 12160 \_ Hey root, why don't you move these hozer's mail spools to their home directories? \_ root would rather have users police themselves. fucker. \_ the various root users know that sometimes when they try to deal with sloppy users' mail for them they sometimes get "rm" confused with "mv". |
1999/10/13-14 [Computer/SW/Security] UID:16702 Activity:high |
10/13 So, say i want to ssh to another site that allows it. How do i do it? "ssh http://siteName.com" returns the error that the host key is not found and asks me over and over if i want to keep connecting. \_ say yes you idiot. \_ Well, I'll be damned. that WORKED! (o.k., o.k., in defense of my idiocy, when was the last time you had to type in "yes" to answer a computer's yes-no question? I typed 'y' for fuck's sake. I even tried 'Y' just in case. But the IDEA of typing 'yes' never even entered my mind. \_ Obviously you are not an emacs user. You therefore don't deserve to be able to ssh. \_ If Cal gave you a degree, give it back. If not yet, drop out and go to Stanford. |
1999/10/13-14 [Computer/SW/Security, Computer/SW/Unix] UID:16698 Activity:low |
10/13 Anybody know of a free proxy server out there? I just need something very very simple no fancy features. Thanks. \_ natd. much more transparent than using a proxy server. \_ wingate or winroute. \_ What type of Proxy? HTTP only? If so, Squid, Apache, & CERN (listed in order of proxy-studliness - don't bother with CERN anymore - apache's overkill for just a proxy, squid kicks ass) \_ squid kicks its own ass. The only reason it stays up is because the start script is basically ' while true; do squid ; done' \_ is Squid GNU software? I couldn't find it on the gnu sites. where can I find it? Thanks. Password Thief Ransacks AOL 3:00 a.m. Password-stealing emails slip into AOL accounts and make off with user passwords by the thousands, according to the email service used to launch the attacks. Critics says it's the latest in a pattern of neglect by AOL. By Chris Oakes. \_ Thank you Wired News! \_ "Password-stealing emails"? Is this social engineering, or some K-RAD N3W PASSWURD ST3AL1NG HACK1NG V1RUZ????/??? \_ Standard "click on idiot.exe" in html email to send your password to random account bullshit. The only fault AOL has is having a browser available to it's customers that allows them to run an .EXE from a hyper link. |
1999/10/13 [Computer/SW/Security] UID:16697 Activity:nil |
Password Thief Ransacks AOL 3:00 a.m. Password-stealing emails slip into AOL accounts and make off with user passwords by the thousands, according to the email service used to launch the attacks. Critics says it's the latest in a pattern of neglect by AOL. By Chris Oakes. |
1999/10/11-12 [Computer/SW/Security] UID:16689 Activity:high |
10/10 Does sshd on soda have an idle timeout? Or is it something that I need to configure on my client? I keep getting "connection reset by peer" messages after about 10 minutes or so. \_ There's an option in ssh that lets you do keepalives. You might also be behind a firewall that timesout too quickly. \_ Yeah, I'm aware of keepalives. It doesn't seem to help. The firewall that I'm behind is a simple Linux ipchains one. I don't *think* it has any idle timeouts. Weird. \_ ipchains masquerading has a 15-minute timeout by default. You can raise it to (say) one day: "ipchains -MS 86400 0 0". See "man ipchains" for details. \_ Thanks for the info. Is that 15 minutes default timeout listed somewhere in the man page? I didn't see it. \_ It's not in the manpage, but it is mentioned in /usr/doc/HOWTO/IPCHAINS-HOWTO (section 4.1.5). \_ Soda's keepalives are currently set for 24 hours, so if you're getting hozed after ten minutes, somethings fucked on your end. |
1999/10/6-9 [Computer/SW/Security] UID:16672 Activity:nil |
10/6 When I am logged in via SSH, is all the data I type encrypted and safe from sniffing, or just the login/password pair? \_ All is encrypted using 3DES \_ Oh boy, not RedHat again. Try linuxconf or netcfg or appropriate module in /lib/modules/2.2.5/net \_ and people who write dumb shit like this would be taken out and beaten to death as the crowds cheer? |
1999/10/6-8 [Computer/SW/Mail, Computer/SW/Security] UID:16671 Activity:high |
10/6 What is the reason for ssh being suid root? \_ ssh is setuid root for .shosts authentication. The client connects to the server, proves its identity using its host key, and then sends your username to the server. You can't write a fake client that sends someone else's username because the client connects from a reserved port (that's why it has to be setuid root). You can't run a fake client as root on your own linux box because you don't have the real client's host key. make a fake client that sends someone else's username because the host key is only readable by root. If you don't use .shosts authentication, your ssh client does not need to be setuid. --mconst \_ The remote server connects back to check or what? I don't see how your description prevents me from hacking my own client and handing them my own user generated server key. \_ It checks against it's own list of known keys (in the system directory or the user's directory) \_ Huh? Waitasec... so I hack my own client to return a key I've created which I'm falsely telling the server is a valid key for my host. How does it know I haven't made a hacked client? There's too many pronouns floating around confusing me. Thanks. \_ The server only trusts hosts it's talked to before and saves their public keys for future reference. The only way to spoof that is break into the client and find it's private key (which is only readable by root on Unix boxes so non-root people can't do evil shit with it). \_ Hmmm.. ok.. but what if the only prior server contact was with my hacked client? \_ Then the user was a moron if they added your hacked client's key & hostname to their .shosts \_ the server /etc/known_hosts file is maintained by the sysadmin. sshd won't add new hosts to it. \_ Ok, got that. I still don't see why I can't hack my own client to feed all bad info to the remote server from first contact to potential security violation. If my client is the only source of info for the remote server and I've hacked my client to send false data, how does the other side know? \_ it doesn't, but it has no reason to care either. You only get to login if your host in the .shosts and your key matches what the server thinks your host key is. Otherwise you lose. |
1999/10/4-5 [Computer/SW/Languages/Misc, Computer/SW/Security, Computer/SW/Unix] UID:16660 Activity:high |
10/4 does anyone know how to script the password for rsync over ssh? \_ Don't. Instead use RSA rhosts, that is: on the target machine (the one you'll be sshing _to_), put the hostname and username you'll be sshing from into the file ~/.shosts (man rhosts for format). Then make sure you ssh at least once from the target machine and the target account _back_ to the machine you'll be normally running rsync on to get its host key in place. Then your script won't need to type a password, but it's much much more secure than a real .rhosts file. Yadda yadda.. security risk since you don't need to type a password as that user yadda yadda. --dbushong \_ huh? No, use the authorized_keys file, to avoid spoofing. \_ This is the approach I've used. --PeterM |
1999/9/30-10/2 [Computer/SW/Security] UID:16630 Activity:moderate |
9/29 This is probably a dumb question, but why don't .htaccess files work on soda? I am guessing it has something to do with web access loads and the such but I was just wondering if there was some sort of official reason. \_ They do work, but thre are some things they wont do. What problems are you seeing with them? \_ Trying to do server side javascript includes and just simple password security. More just to see how they are done than anything else so it is not that important -fucking moron \_ I'm not sure about the javascript includes, but the password security stuff should work if you get it configured properly. \_ The official reason is that you are a fucking moron. This is supported by your inability to sign your post \_ And where's your signature? \_ Hey! That's not fair! Don't bring facts into this! |
1999/9/28-30 [Computer/SW/WWW/Server, Computer/SW/Security] UID:16614 Activity:high |
9/28 Hi -- say Im using apache+openssl, but Im using basic (not digest) http authentication for a dir under https; is that initial password transaction encryped over ssl? In other words, do I make basic http auth more secure (non-sniffable) by using openssl, or am I still screwed. Yes, I could sniff the packets, but Im lazy:) \_ Get your lazy ass outta your chair, pick up your Visa, and buy Stronghold! \_ apache+openssl is working fine and free -- I just had the above question, that's all. Do ya know the answer? \_ And illegal in the US, but who cares about that... \_ if you're too damn lazy to run "tcpdump 443 | strings", you \_ They can have my STRONG CRYPTO when they pry it out of my cold, dead hands!!!!~@~@!!!@~@!@! \_ You'd be the first to give up your strong crypto when the MIB show at your door. Talk is cheap. \_ It's not the men in black coming after you it's RSA's lawyers with patent infringement lawsuits. \_ What color suits do lawyers tend to wear these days? \_ if you're too damn lazy to run "tcpdump port 443 | strings", you deserve to get hacked, then fired. \_ I think a more important issue (it turns out) is client caching of the password, so it's a bad idea anyway.... \_ I thought it was legal as long as you didn't use any of the patented crypto code like idea and rsa. --marc \_ I refuse to use anything unless my use is considered a violation of patent, copyright, or arms control laws. |
3/15 |