|
11/23 |
2004/1/8 [Computer/SW/Security] UID:11716 Activity:kinda low |
1/7 I know soda runs a browser based ssh login scheme but I've never had to use it so I know nothing about it. Now for various unimportant reasons I need the same thing running on my home machine. What is the name of the software that soda uses for this and where can I get it? Thanks! \_ Easier is just download putty ssh when you need it. \_ Google for "mindterm", or just grab it from soda. There's different versions. It is a 'ssh1' client implemented in java. -ERic URL is http://www.mindbright.se/mindterm \_ and an excellent FAQ for getting to systems from behind networks with firewalls administered by idiot/bofh network admins: http://www.tldp.org/HOWTO/Firewall-Piercing \_ It sounds to me like he is looking for server software, not a client. \_ OP here to clarify: a friend who recently can ssh out from a corp \_ OP here to clarify: a friend who recently who ssh out from a corp network no longer can. they only have some sort of http proxy to the public net now. I'm looking for a way for them to abuse the corp http proxy to ssh to remote hosts outside the corp net. I thought the soda solution was running some sort of proxy abusing ssh client which is why I asked about that. \_ I could never get mindterm to work right with http proxies. Mindterm2 has no problems, though. Run it as a local jarfile if you have funky security settings. -John ssh client which is why I asked about that. \_ Thanks! |
2004/1/6 [Computer/SW/Security] UID:11680 Activity:nil |
1/6 How do I post to newgroup with an email account I don't have access to? Thanks. \_ Use your mad el8 haxz0r skillz! |
2003/12/22 [Computer/SW/Security] UID:11560 Activity:nil 75%like:10794 |
12/21 Anybody have any good or bad things to say about http://togetherhost.com? |
2003/12/13-14 [Computer/SW/Security] UID:11447 Activity:nil |
12/13 Why do yahoo, ebay, and a host of other sites that require a password and may contain personal information still default to use non SSL to transmit passwords? Several times I've forgotten to click the elective secure login button! \_ it puts more load on their systems, and really, they don't give a shit about your account, unless they're providing financial services. \_ yes.. extra load on their systems.. also some people are in environments where https is not an option. if you haven't noticed, whenever you access something they think is trully sensitive they switch to requiring https and ask for your "security key" which is separate from your password |
2003/12/12 [Computer/SW/Security, Computer/Companies/Yahoo] UID:29714 Activity:nil |
12/12 Yahoo to use msg authentication for email: http://www.newscientist.com/news/news.jsp?id=ns99994459 \_ That's like, so yesterday, and stuff |
2003/12/12-13 [Computer/SW/Unix, Computer/SW/Security] UID:11435 Activity:nil |
12/12 what in the hayell is <DEAD>writeme.com<DEAD>? like free webmail with no website? \_ see http://www.mail.com and try signing up. \_ aaaaaah hchaaaaaaa! cheerz. but no. \_ ??? http://mail.com offers many @domain options including <DEAD>writeme.com<DEAD>. What do you mean by your statement above? |
2003/12/12-13 [Computer/SW/Editors, Computer/SW/Mail, Computer/SW/Security] UID:11423 Activity:nil |
12/11 Does anyone know of a free SFTP client for MacOS 9? --dim \_ http://versiontracker.com |
2003/12/11 [Computer/SW/OS/SCO, Computer/SW/Security] UID:11402 Activity:nil |
12/10 SCO's claim of a DDOS attack probably false: http://www.groklaw.net/article.php?story=20031210163721614 |
2003/12/3 [Computer/SW/Security, Computer/SW/Graphics] UID:11295 Activity:low |
12/2 Research on Ecstacy is Clouded by Errors http://www.nytimes.com/2003/12/02/science/02ECST.html \_ Not surprising. Most people I've seen on X aren't the greatest examples of lucidity. \_ uh, the scientists who ran the flawed study weren't the ones on ecstacy. in fact nobody in the study was. \_ Whoosh! \_ Whoa. Someone commented on an URL link without reading the URL? SHOCKER! \_ Okay. It was a joke. Sorry for confusing you. \_ INCLUDE YOUR CHILDREN WHEN BAKING COOKIES \_ NEW STUDY FOR OBESITY LOOKS FOR LARGER TEST GROUP. \_ PROSTITUTES APPEAL TO POPE \_ ALL DRUG ADDICTS HAVE EATEN A POTATO AT SOME POINT IN THEIR LIVES. \_ Y'all gonna keep them brain doctors working when you're 60. |
2003/11/25-26 [Computer/SW/Security] UID:11223 Activity:nil |
11/25 When I do "ssh machine command" it keeps asking me for password. The weird thing is that it only happens on certain machines. Why is that and how do I make it so it never prompts for a password? Thx \_ create private keys \_ man ssh-keygen, man ssh-agent \_ Also man ssh, search for shosts. \_ shost-like authentication is not enabled by default in newer implementations of OpenSSH. Just use the key authentication. |
2003/11/23-24 [Recreation/Dating, Computer/SW/Security] UID:11197 Activity:low |
11/23 A friend has a website that's become very popular recently (no, it's not porn). Up until now he's been relying on the kindness of strangers to host it but recently the large amount of bandwidth it's taking up has made that no longer an option. I'm trying to help him figure out how/where to host his site, any advice would be appreciated. The site had a recent spike in popularity which may or may not continue, the last few days it's used up about 13 GB of bandwidth a day. It doesn't need a lot of storage space (< 100 MB). \_ http://www.communitycolo.net be sure your friend's site is not for profit! No porn! -brain \_ 13 gigs a day!?! wow, and it's really not porn? What is it. That is a crazy amount of traffic for a non porn site. \_ warez, mp3, porn. pick 2. \_ no, none of these... it's just gotten some press in the last few days. -op \_ so what's the site? \_ it's gotta be friendster, no? \_ 13GB/(24 * 60 * 60) = 150KB/s or 1.2 Mb/s This is not enough to fill a T1. How can CS students really be this dense? \_ Traffic is a spikey thing. Peaks of 10 times your average traffic are not uncommon. \_ Perhaps. But I work at a site that is not even in the top 500 of web sites and we do 200X this much traffic. Lots of sites that aren't porn do much more than 13GB/day. \_ it is a hell of a lot of traffic for a site that is being run on dontated bandwidth. \_ he just doesn't have the right friends. 1.5mbs would barely show on the graph where I am. \_ BitTorrent. \_ http://FreeCache.org |
2003/11/11 [Computer/SW/Security] UID:11029 Activity:nil |
11/11 11:11:11 has passed. \_ it isn't the year 1111 \_ Alright, what's the deal with 11:11:11? Is this one of those mystical stoner things like 4:20 that no one understands the origin of but everyone quotes? \_ the 4:20 thing comes from a police code for marijuana. -nonstoner \_ That's a widely circulated but well-debunked myth. There was a group of stoners from Cupertino or somewhere in the south bay who called themselves the Waldos and got high after school at 4:20 in the early 80's. I can't provide URLs demonstrating that it's not the police code anywhere but a little googling should provide it. -sometimesstoner \_ a minute to remember those who have made sacrafices in the fields of battle in service of our country. Hate the Commander in Chief, but do not hate the foot soldier. \_ Veteran's Day, originally Armistice Day, was held on November 11th to celebrate the close of WWI. Supposedly the terms of the armistice were signed around 11am |
2003/10/30 [Computer/SW/Security] UID:10865 Activity:high |
10/30 Somebody once mentioned editing the motd via scp. How does that work? \_ See, when you edit by scp, you're off by one whole day. \_ err, think about it. What does scp do? It copies files. Copy, edit, copy back. \_ Yes, thank you. I'm wondering *why* someone would do that, instead of editing it on soda. \_ to attempt greater anonymity, duh. |
11/23 |
2003/10/30 [Computer/SW/Security] UID:10857 Activity:nil |
10/29 Is there a way to turn off encryption of the data stream in openssh? Encryption during the authentication process is fine and good, but sometimes I want to transfer files across a fast network on slow machines, and the data encryption becomes the bottleneck rather than the network. I've check the manpage, but the openssh guys seem a little fascist about encryption. Thanks. \_ telnet rcp \_ weird how a bunch of dudes writing security software would be so anal about all that encryption stuff, huh? \_ there's anal, then there's too anal. \_ go ahead and write your own encryption method and compile it in and just have it not encrypt. the source is always built with an option to let the user change methods. use it. \_ you can build it yourself with a null cipher, or just live with -c arcfour as one of the faster ones. btw, if you are transfering smallish files, tar cf - | ssh tar xf - will gain much more than tinkering with ciphers on the crappy scp protocol. \_ I would think that part of a secure transmission is ensuring that the data stream hasn't been tampered with. If you don't encrypt everything, someone could possibly inject bad data. |
2003/10/29 [Computer/SW/Security, Computer/SW/SpamAssassin, Computer/SW/Unix] UID:10836 Activity:nil |
10/28 Someone give me a quick way of installing/using spamassassin? Thanks! \_ man spam \_ can I install spamassassin as non-root on a machine that I don't have root on, like... company machine, school, etc? \_ yes but it's easier with root. with some tiny clue you can do it as non-root. you're mostly changing paths around. \_ ok I just installed it with non-root. However it only filters 50% of the rules. Should I make it learn it on a frequent basis (e.g. sa-learn --spam mail/spam) or is there a better way? Also is razor a good thing to have? |
2003/10/22 [Computer/SW/Security] UID:10732 Activity:nil |
10/21 Security researcher and security content analyst positions at Zone Labs. See ~sky/job/{zone,zone2}.txt. Sorry I was too lazy to format nice. WARNING: may require sitting for for extended periods of time. (More positions will be added soon) Email sking@zonelabs.com --sky \_ do I have to bend over too? :( \_ sygate is far more superior \_ I respect your opinion... just curious why you think so. thanks. --sky \_ 1) sky is not on my favorite person list, 2) i have no contact :( --sky _/ or association with zone labs beyond being a user, 3) your lack of english skills are painful, 4) sygate sucks donkey dick. I tried these and several others and zonelabs was the best at dealing with rogue apps calling home. zonelabs + winroute for port and protocol screening make a really good combo. \_ Do you actually know sky, or is your opinion of the gent strictly based on motd? -mice \_ Either way, I wouldn't blame the poster for his/her opinion. I've had more than my fair share of problems in the past, which manifest themeselves both in my real life interactions with people and in the motd. --sky |
2003/10/20-21 [Finance, Recreation/Food, Computer/SW/Security] UID:10707 Activity:low |
10/20 Ever wonder why you get some much junk mail? It's because the United States Postal Service encourages such practice! http://www.usps.com/features/fourstepstodirectmail.htm \_ of the corporations, by the corporations and for the corporations... \_ Yeah, they're self supporting. \_ poor trees. \_ theyre grown on tree farms for the purpose. so of like your \_ theyre grown on tree farms for the purpose. sort of like your lunch. \_ yes the forests of Canada, Madagascar and Burma are one vast tree farm. \_ yawn. no one is chopping trees in madagascar to get paper to send you junk mail. it takes 50,000 trees to print *each* edition of the sunday NYT. you think they're stripping madagascar? no, it's all tree farm trees raised for that purpose. \_ poor cows. \_ and poor wheat and corn and everything else grown for us to murder and eat. |
2003/10/10-12 [Reference/BayArea, Computer/SW/Security] UID:10580 Activity:nil |
10/10 Any recs. for the cheapestpossible cell service in the bay area that is more-or-less decent? Only need for occasional use. Want to minimize the $/month. \_ Never used it myself, but they say MetroPCS is good if you only call within bay area. \_ Thanks, but I am looking for the CHEAPEST. MetroPCS is $35/mo \_ I don't think you're gonna find any cheap plans below $30 these days with most providers. My gf's sister and parents have a really old plan of $10 a month, and Verizon's gonna kick them off the plan in few months. Perhaps you should look into prepaid cells. AT&T and Virgin has 'em. \_ Cingular also has prepaid. $0.35/minute for peak time and $0.10/minute at off peak. Prepaid card starts at $10 and must be refilled every 30 days. $20 and above card expires 90 days. I think you get to keep any leftover $ everytime you refill your account. \_ Thanks, that's what I was thinking of \_ http://www.attwireless.com/personal/prepaid You can get wireless for as low as $10/45 day period. Minutes will roll-over if you recharge your acct before the minutes expire. |
2003/10/10-11 [Computer/SW/Security, Computer/SW/Unix] UID:10568 Activity:nil |
10/10 pretty entertaining AI/20 Questions website: http://y.20q.net:8095/btest for anonymous login <DEAD>q.20q.net/q.cgi?N<DEAD> to register, which makes it way more entertaining. Things I didn't know The Earth's core is not something you can wear You don't squeeze the Earth's core out of a bottle The Earth's core is not in a traditional engagement ring \_ Things I didn't know A programmer is not fuzzy \_ Bunny is, though. A programmer might carry people A programmer does bite A programmer is not used to measure something \_ Thing I didn't know You don't put things in a testicle \_ A mobile phone probably has leaves... and is a domesticated animal \_ Things I didn't know Religion is not made of plastic Men might not find religion erotic Religion is artificially built by human beings \_ Can some one please install the *ancient* 'animal game' on soda so these people can get their sillyness fix? Thanks. |
2003/10/3-5 [Computer/SW/Security, Computer/Domains] UID:10457 Activity:nil |
10/3 About freakin time... http://boston.internet.com/news/article.php/3087071 \_ what? why? i found their search page a fresh and welcome change to my dull typo-filled life. |
2003/10/2-3 [Computer/SW/Security] UID:10430 Activity:low |
10/2 someone posted a web page to access our soda mail, what was it again? thx. \_ I think it was shot down as insecure. \_ John says everything is insecure so we should just do it. |
2003/10/1 [Computer/SW/Security, Computer/SW/Unix] UID:10391 Activity:nil |
9/30 I'm not a very mathy person, but I've found myself in dire need of a good root-finding algorithm. I've currently got a piece of software that uses Mueller's Method -- but it sometimes generates whack results that crash a rather twitchy third party piece of software as it iterates. The curves I'm examining can be assumed to be monotonic. Can I do better than Mueller's, or am I SOL? TIA. -mice \_ Use Mathworld to look up 'root finding' and find the root finding method which will work best for the kind of function you have. Using mathworld for this sort of thing is a good meta-skill to learn. \_ you'd probably find a numerical analysis text more useful than mathworld. try checking one out at a college library if you can. there are not that many root-finding methods that are actually used much in real life. \_ One technique to explore-- see if you can parameterize your curve on some region of interest by a [0,1] lambda. I.e.. munge your algebra around until you can get a diff from root as a function of some linear parameter. If your curve is nice, consider golden section or binary search. Another thing to do is just chop up lambda into increments, evaluate diff, and pick the best guess at root (or refine search in a region of the best approx from a linear visit across lambda). Not the niftiest method in the universe, but it gets the job done. |
2003/10/1-3 [Computer/SW/Security, Computer/SW/WWW/Server] UID:10390 Activity:nil |
10/1 OpenSSL vulnerabilities. Patchpatchpatch... http://www.openssl.org/news/secadv_20030930.txt -John \_ is it enough to get install the new ssl rpm or does my mod_ssl need to be recompiled? \_ depends on whether mod_ssl is linked statically or not. I believe it's not since the only new RedHat updates that showed up today are openssl ones. In general, they a rarely use static linking, so to update a library, you just need to install the new library rpm and not worry about the applications that use it. \_ My new plan. Fuck ssh/ssl. I'm changing all external connections to vpn-only and then filtering the shit out of who is allowed to even try to connect to that. \_ Oh *that* will work. Because we all know that every VPN solution out there is utterly foolproof and secure. Nobody ever cracked DES or IOS. Blanket statements like that are incredibly ignorant and dangerous (although if it makes you feel safer, go ahead.) There is nothing fundamentally wrong with OpenSSH/SSL--no computer or software is or will ever be 100% secure. Just patch the fucking thing and get on with your life. There'll be others. -John \_ You're so ... manly! when you talk about security, John. It makes my heart go "thump! thump! thump!" Can I have your love child? Your IPSEC key? \_ DOS vulnerability. Not remote exploit. |
2003/9/29 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:10359 Activity:nil |
9/29 What do you guys use to SFTP your files from soda to home Winbox? I use WinSCP but it hangs too often. Thx. \_ cygwin scp \_ SecureCRT + zmodem \_ SecureFX \_ Putty's pscp. Though FileZilla works too. Both are free. \_ http and mozilla |
2003/9/24-25 [Computer/SW/Security] UID:10315 Activity:high |
9/24 For Wind0ze users: SecureCRT or PuTTy, cost notwithstanding? \_ putty seems perfectly sufficient for my needs. but i am using it as i would a glass tty, so your needs may differ. \_ never used putty, but SecureCRT has been more than adequate for my needs. \_ SecureCRT. I haven't tried PuTTy recently though. I like SecureCRT's binding of PageUp/PageDown to scrollback, and reading from my ssh private key files automatically, which are the same as in my Cygwin ssh. I don't like that CPU goes to 100% and I can't close the window when output is coming too fast. \_ TTSSH is another free alternative. I like it, though if you don't care about cost SecureCRT may be better. \_ Is SecureCRT free? Last time I checked it has a trial period. \_ My only beef with putty is that the config is in the registry. It's X-tunnelling works great, etc. (TTerm can't tunnel IIRC.) \_ Another great thing about putty is that it comes with ssh-agent like functionality. \_ Teraterm can definitely tunnel. Maybe the only bad thing about Teraterm/TTSSH is it only supports ssh1. I like it. \_ The only bad thing is that your secure client isn't secure? \_ Have been using putty for over 2 years now (when forced to use a windows machine, that is), and have been very satisfied with it. It just seems to work right, no matter what, carry no bloat and have no annoyances. Quite possibly the cleanest windows app that I've used in a long, long time. -alexf \_ Putty is very basic and simply works. If I could get work to pay for SecureCRT, I'd use that instead. in my Cygwin ssh. |
2003/9/24 [Computer/SW/Security, Computer/HW/Drives] UID:10308 Activity:nil |
9/23 I have some data tapes that I haven't touched in 5 years. I used nbackup in DOS on a 486 to make the tapes. Using the same program on the same computer, I am trying to restore those files. I was able to open the tapes, but when I try to restore, it says "Cannot access tape drive" or just keeps asking me to insert the tape when it's already inserted. Is it possible that the tape is old and that the data is lost, or is the problem more likely the tape drive? How can I retrieve this data? \_ Does it say this for *every* tape? Unless *all* your tapes have been damaged by some environmental event or they were shitty tapes to start with, it is more likely the tape drive is shot. If you have a unix box with the right tape drive you should be able to at least use dd to read raw data from the tapes as a test. \_ Actually, since I posted that, I was able to get some data from one of the tapes. But then it kept giving me error messages again. I looked closely at the tape, and the tape is physically only connected to one spool (this was not the case originally), and it's not as easy as you might think to get it back on the other spool neatly. \_ I had this same thing happen years ago. There is an "end of tape" optical sensor in the drive, and if it gets dusty, the drive unspools the tapes. You could try to put the tape back together after cleaning the dust out of the drive, but I suspect you might be out of luck. This is why I abandoned tapes, and switched to hard disks backups. and disks don't make that annoying whining sound when searching for files. Look in the Sunday paper and get a 150GB disk for $90. use an old extra computer as a backup server, or get an external drive, but either way, make sure to spin it up often: hard disks can die from stiction if left unused in an "off" state for too long (years). |
2003/9/23-25 [Computer/SW/Security] UID:10293 Activity:kinda low |
9/22 OpenSSH 3.7.1p2 (portable, ie non-OpenBSD) has been released. There are multiple vulnerabilities with the PAM auth code in 3.7.1p1, so if you use PAM (Solaris/Linux) you should upgrade. http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106432248411636&w=2 \_ Is there an sshd that just works? I'd be happy with a v2 sshd without holes that just allows simple logins. Any other features after that would be a bonus. Any suggestions? Please? \_ Sigh. OpenSSH "just works". It's just that its vulnerabilities are declared and found more frequently than commercial SSH daemons. Not saying those are any better or worse, but you are deluding yourself if you think that any piece of cryptographic software is "secure" just because no bugs are ever publicly announced. Patching system components is a part of life as a sysadmin, get used to it. -John \_ I am all for opensource but doesn't it bring as much harm as benefit in terms of security? Sure patchs are made on more frequently, but isn't it much easier in theory to find a bug to exploit when the source is available than otherwise? \_ Do you occasionally look at Bugtraq? I suggest you do, if only to make it clear that having a commercial program doesn't add much in the way of security. Ask Microsoft. "Better the devil you know"... -John \_ I'm not making my point. I can see that. I don't care who wrote it or why or where it comes from. I just want an sshd with minimal features and fewer holes than what openssh has. If you don't know of one, thanks, that's ok. \_ would you prefer to know that holes are being found and patched at the cost of having to upgrade, or instead not know about holes and ignore upgrades in ignorant bliss? \_ I'm not making my point. I can see that. I don't care who wrote it or why or where it comes from. I just want an sshd with minimal features and fewer holes than what openssh has. If you don't know of one, thanks, that's ok. \_ You're very clear--I'm simply saying that OpenSSH is pretty much "it" for open-souce sshd, and with the non-open source ones, no, you probably won't be patching so often, but that says nothing about the amount of holes in them. -John \_ I don't care if the alternative is commercial or not. I just want something I won't be patching three times in a week. I'm not concerned with open vs commercial philosophy. \_ It's nothing to do with commercial or open source. It's a question of security. If all you care about is not patching something, then don't run OpenSSH. This is what's known as 'sticking your head in the sand'. And yes, what you don't know _can_ hurt you. Your call. -John \_ I'm not making my point. I can see that. I don't care who wrote it or why or where it comes from. I just want an sshd with minimal features and fewer holes than what openssh has. If you don't know of one, thanks, that's ok. \_ Argh! Nooo! Is this a joke? I had already had to upgrade OpenSSH on nearly 200 hosts -twice- during last week. What the #$(@)@*!! \_ Pride goeth before a fall. \_ Pride goes before destruction, a haughty spirit before a fall. Proverbs 16:18 \_ That's why it makes sense to wait to upgrade. OpenSSH *always* has one or two patches out within a week. --dim \_ wait a week to upgrade while getting hacked in the meantime? swell idea, i wish i'd thought of it. \_ There are no known exploits for this vulnerability, nor for most of the ones being found lately. "It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively." --dim \_ so says them. securityfocus paints a different picture. in any case, better safe than sorry. \_ More than once the "new" OpenSSH has been more flawed than the original. An example was when the privilege separation code was first added. It is common for the OpenSSH folks to fix a bug and then have to fix their fix. Hence, we are at p2 already. Just wait for the bozos to figure it out unless the bug is easily exploited. --dim \_ they're not exactly fixing their fix. they somewhat hastily made a release with *new* functionality, which was probably not well-tested. so just patch the old 3.6.1p2 and you're fine. \_ Jesus fucking Christ! Is there a simple v2 sshd out there that just works?! I don't need all the whiz bang features, just a login shell. If it could port forward that would be a bonus but I could survive without it if it meant I could stop the upgrade madness. \_ what's this whole upgrade madness? it's been a while since the last major openssh scare. fwiw, maybe you should've just patched 3.6.1 and been done with it. \_ lsh might be what you are looking for. Keep in mind that OpenSSH has a larger user base, developer base and h4x0r base so gets more auditing. \_ and lsh had its own remote exploitable bug days later. so what's the difference. http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106432248411636&w=2 |
2003/9/23-24 [Computer/SW/Security] UID:10287 Activity:nil |
9/22 I know of MindTerm, as well as a whole slew of httpstunnel ssh-over-https scripts; does anyone know of a java applet which combines the two? -John |
2003/9/17-18 [Computer/Networking, Computer/SW/Security] UID:10233 Activity:nil |
9/16 What's the cheapest internet access to be had in (west) Berkeley? It's for my sister, a student... and I don't think piggybacking onto someone's wireless is an option. Speed isn't important. Thanks. \_ Get dialup for $8 a month. \_ Who has dial-up for $8 a month? \_ i have dialup for $6.95 a month. \_ NetZero. The ads are free too... \_Netzero isn't free anymore. \_ I haven't used it, but the last time I was looking, I got a couple reccomendations to http://www.access4less.net $6/mo and supposedly good service (can't vouch for this, apple-fan(atic) roommate went and signed up for their partner earthlink) |
2003/9/17 [Computer/SW/Security, Computer/Rants] UID:10227 Activity:nil |
9/16 Shutterfly on http://fuckedcompany.com. Add this to my list of a few days ago about why *not* to use them. \_ Who cares if Best Buy is or isn't using them? It's a good service. -tom \_ Because they're a dotcom with no parent company, too many staff, high prices and one less big customer. I just hope you keep an original of all your pictures and copies of everything your friends have shared with you. When they go, they're going to go POP! really fast. \_ I ended up going with http://pbase.com. Yeah, it's a pay service ($23/yr), but it had all the features I wanted in an attractive package. |
2003/9/17-20 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:10225 Activity:nil 74%like:10214 |
9/16 OpenSSH 3.7.1 released (fixes a buffer mgmt error): http://marc.theaimsgroup.com/?l=openbsd-announce&m=106375547524560&w=2 OpenBSD: http://www.openssh.com/openbsd.html Portable: http://www.openssh.com/portable.html [ updated to 3.7.1 since 3.7 had a bug ] emacs user was here \_ I had a beta version of 097b ssl installed so I got the 4/10/03 version and the compile and install went clean but the ssh client still says its using the old version.... I then recompiled and installed ssh and same thing. I've tried a few other things but nothing works. Any hints? There's no rpm for my system and the compile isn't the issue anyway. Thanks! \_ Have you killed and restarted sshd? Do you know where your make install is putting things--is it the same place your startup scripts are running them from? -John \_ ssh -v shows the old openssl version. It has nothing to do with sshd. It's getting it from /usr/lib/libcrypto.so.8.0 according to ktrace. I don't see where the openssl install is supposed to replace or install a newer version of this file. \_ If you build openssl from src it puts the libs in /usr/local/ssl/lib or /usr/local/lib (depends on your os). If you want your new version to override the system installed default, then just rename the version in /usr/lib and make a symlink to the new version (provided you can build a .so on your arch). If you are using *BSD you should probably fetch the latest version of /usr/src/lib and rebuild that way. \_ Arrr! \_ Avast! |
2003/9/16 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:10214 Activity:nil 74%like:10225 |
9/16 OpenSSH 3.7 released (fixes a buffer mgmt error): http://marc.theaimsgroup.com/?l=openbsd-announce&m=106373074626260&w=2 OpenBSD: http://www.openssh.com/openbsd.html Portable: http://www.openssh.com/portable.html |
2003/9/13-15 [Computer/SW/Security] UID:10183 Activity:nil |
9/13 Which online photo sharing websites do you guys prefer? \_ shutterfly. -tom \_ http://www.csua.berkeley.edu/~login \_ snapfish. \_ Decide what you need. Here's the service summary on the 3 major sites: snapfish: uses Kodak paper and machines, lowest prices, but ships from east coast so it takes a little longer to get prints sent here, maybe an extra 2-3 days. ofoto: owned by kodak but uses fuji equipment, etc. slightly more expensive but you'll get your pics a day or two sooner because they're printing locally, shutterfly: same idea as ofoto except they're still a dotcom and dont have large company backing them so they have to charge more and they could go under and take your pictures with them at any time. i believe they use a variety of smaller development firms, thus the higher prices since they don't get the same kind of bulk rates snapfish and ofoto can. If you're not printing and only want the free online storage and the ability to share, it doesn't really matter. Bits are bits, yes? \_ ofoto requires your visitors to log on to view your pictures, so it does really matter. -tom \_ if they didn't then deep linking directly to photos would allow rampant abuse of storage and bandwidth for non-customer uses. It isn't 1998 anymore. They need to control costs and make profit or die. \_ that is easy enough to prevent without making someone need to have an account. Just check the referal. \_ See my comment about 1998. If they can get you to sign up, you're more likely to continue using the service. If you won't signup, what do they need you for anyway? \_ I'm just pointing out that your first argument was flawed. As to the second, well, there are two options I can go with that don't require a visitor to sign in. All other things being equal guess which choice is better? \_ We have a different idea of what constitutes abuse. To me if you're not a paying customer or bringing in other paying customers yet you're sucking bandwidth and storage, you're useless to the company. True, it's only really abuse if they allow it to happen and in this case they're not. Additionally, they're taking steps to try to get more paying customers which is a good thing for any business. We're splitting hairs at this point. Since the accounts are free, it's all pretty much the same in that regard. There's probably a csuamotd/csuamotd account on all three already. :-) \_ no, because if I'm using the service I'm also probably paying for prints and the like. The point is by making people need to log in to see my pictures I'm going to go with one of the other two and when I want to get prints I'll get them from the company where I've put my photos. Bandwidth and storage is still pretty damn cheap compared to other costs and it is pretty easy to catch the serious abuses. (Say just give every use a dl/day limit). |
2003/9/2-3 [Computer/SW/Security] UID:29520 Activity:insanely high 80%like:10043 |
9/2 What is the average density of yermom? I don't have anything to measure weight near me and I need that info soon. Ok tnx. \_ STFW? there's got to be something about this online somewhere. \_ Use the scale at the post office. It also depends on the paper. \_ I cannot easily access a post office right now. I need to come up with a very rough estimate of lost of book. I have only rulers in my disposal. E.g. phone books are pretty light considering their sizes. \_ I cannot access a post office right now. I need to estimate very roughly the weight of many boxes of books with only rulers and helpful info from the motd. If you have a big book and can measure both its weight and dimensions, please let me know. Tnx. \_ I know. Find a computer book at your office. Measure its dimensions. Go to http://Amazon.com, and try to order 100 copies of that book. See what the shipping charge is, and backward- calculate its weight according to the shipping method. Then cancel your order at the last step. \_ That's a pretty good idea. Though you don't even need to do this--Amazon should include the dimensions of the book. |
2003/8/29-30 [Computer/SW/Security] UID:10013 Activity:nil |
8/29 How does ssh generate the fingerprint for the rsa public key? When I echo <pubkey from ssh_host_rsa_key.pub> | openssl sha1 I get a different fingerprint than what ssh shows me, but when I look at the actual key they are the same. \_ umm, you know doing that sums the string 'pubkey', and not your actual key right? \_ he does now. \_ I figured it was obvious that 'pubkey' ment the public key from /etc/ssh/ssh_host_rsa_key.pub. I've fixed it. \_ cat /etc/ssh/ssh_host_rsa_key.pub | openssl sha1 \_ the right answer is ssh-keygen -l -f <keyf> |
2003/8/27-28 [Computer/HW/Memory, Computer/SW/Security] UID:29482 Activity:moderate |
8/27 I just gave a security presentation to a bunch of MBA students working on a market strategy for http://www.giwano.com Aside from a mildly unfortunate name, they have a cute idea, but it seems slightly gimmicky to me. While I can think of nice roles for some kind of "secure" storage like these, what's the almighty motd's opinion? -John \_ sounds like hogwash. Either the user can't get data between the two systems, or it's vulnerable to attack. -tom \_ what do you have in mind re: unfortunate name? gitano? guano? \_ Puerile, but yes. And as the PC (that's what it is) runs XP, it is vulnerable to attack--the idea is to use the flash memory between the two PC units to manually move sensitive data back and forth. It's got a built-in KVM switch to let you work on both units, so you could connect the internal unit to a 'sensitive' network and share it with PCs there. Or something. I think the idea has some merit, but they're going about it all weird. -John \_ Isn't this just reinventing sneaker net? --dim \_ I tried to figure out exactly what they're doing but wasn't willing to invest that much time doing so. Can you explain it in a few short sentences? Generally, people with important data seem happy with their current level of security. If they weren't then you'd see products from the major vendors (EMC, Hitachi, IBM, Netapp, etc) to address the issue. You don't but I wish them well anyway. |
2003/8/26 [Computer/SW/Security, Computer/SW/Unix] UID:29470 Activity:high |
8/26 http://nosuch.com/music/webtones.cgi \_ hm... I don't think this is that cool. \_ The arbiter has spoken! \_ more an attempt to stimulate conversation than to arbitrate. what do other people think? just seems to me like there are many arbitrary ways one could generate music from a web page, gif, whatever, and the results of thsi weren't particularly compelling musically. |
2003/8/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:29359 Activity:low |
8/15 D00DZ GN00 WUZ 0WNZ! http://csua.org/u/3xw (story.news.yahoo.com) http://www.cert.org/advisories/CA-2003-21.html \_ rms:rms |
2003/8/14-15 [Computer/SW/Security] UID:29342 Activity:high |
8/13 Read your Soda mail on the web: http://dev1.bnet.org/imp No warranties, but you can mail me w/ questions/comments. IMP does this semi-securely(?) using IMAPS (port 993). -abe \_ so wait, it uses imap-ssl but you suggest we login via plain text http? brilliant. why not just use something like http://www.mail2web.com instead? \_ who would trust your site anyway? if people want something like \_ and to connect to it over straight http... this, csua should just install squirrelmail or something. \_ Which could very easily be used to gather passwords. Come on, people... SSH tunnels and IMAPS are really not that hard to set up. --scotsman \_ Not that easy if you are on some webterminal while on vacation. \_ I found that going to the putty download page and running from there often worked to ssh in. \_ Of course I could easily use it to gather passwords. CSUA *should* install something like IMP (or squirrelmail, or whatever), but they haven't, so this is an alternative. of course, you have to trust me and my server (which I probably wouldn't). -op \_ not for "you" to gather passwords. for a man-in-the-middle between you and the hapless user. --scotsman \_ I guess it's about like http://csua.org/u but it's a potential security/privacy hazard. So, if I may speak for the motd, we thank you but respectfully decline. \_ Um. It's nothing like http://csua.org/u the url shortener doesn't have anything to do with your login on soda. and it doesn't \_ um. the reading comprehension thing again. -not 2 up open you up to having your account nabbed by a sniffer. Again I say come on... --scotsman \_ um. the reading comprehension thing again. -not 2 up \_ Wow that's great! It uses my MSPassPort(c), right? I use my MSPassPort(c) for everything! But if you're not MSPassPort(c) compatible your site will never grow! \_ guys, come on. It's a PROOF OF CONCEPT. Give the guy a break. Change your password and give it a try, then change it back. If it's cool maybe we could sign a petition to install similar stuff on trusted CSUA machines. Now if only we could petition a Recall on Poliburo, that'd be even better. \_ arnie for csua president! \_ Why would you trust a CSUA machine? \_ I trust any CSUA Linux/BSD machine over any corrupt and disfunctional CSUA Poliburo any time. \_ it is a nice program, thank you!! |
2003/8/11-12 [Computer/SW/Security, Computer/SW/Unix] UID:29315 Activity:kinda low |
8/11 http://www.craigslist.org/eby/eng/14754592.html They claim there's a "Secret password" encoded in there but it looks like every other "we don't have enough money" job posting to me. I'd never apply for a job like this but I'd like to know if there really is a "secret password" in there. \_ Read down the first letters of the first five paragraphs. I want 30% of your first month's salary. \_ bingo \_ Kinda sad actually. I thought it would be harder to find. \_ BSPTEFEEA? WTF does that mean??? \_ It means "you will continue to draw unemployment" |
2003/8/10-12 [Computer/SW/Security] UID:29299 Activity:very high |
8/10 I'm looking for an encryption software package for windows 2000 that works on a per-directory or drive basis and is transparent. Meaning once I authenticate myself I can create files or copy stuff into the folder and it'll be encrypted automatically. Word, Excel, TurboTax, etc should all work with this encrypted folder. For individual files I can use pgp. But when working with a lot of files, I prefer not to think and just dump the files into a directory. I'll buy the software. Not looking for free stuff. Thanks. \_ Whatever you do, avoid EFS. It has its uses, but its key management is immature and difficult to manage. You may also want to have a look at Utimaco Safeguard Easy (it's not on a per-directory basis, but might give you something to work with.) -John \_ for enterprise level you might consider a NAS or SAN product like the datafort from Decru. the nas product does per file encryption on the fly.. plus can do end-end cryption btwn it and your desktop. for just local storage, i recommend either f-secure or pgpdisk, both create a virtual volume on the local drive and maintain a file system structure w/in that volume. from experience w/ both, pgpdisk at least used to be easier to use. you can find it at http://www.pgp.com of course. -shac \_ You can also try BestCrypt. You can mount an encrypted file as a removable drive. I've been using it for more than three years now to keep my personal stuff secure on my work laptop. http://www.jetico.com \_ Steganos Security Suite. Tools include Steganos Safe (like PGPDisk), Internet Trace Destructor, Email Encryption, Shredder, Password Manager \_ Which tools work on both Linux and Windows platforms? \_ here is my stupid question. Where do you guys store your private key ring when you are using any of these product? the very same laptop/computer that you are encrypting upon? \_ This is the problem. Probably the best place to store a private encryption key is on something like a smart card, which can itself be PIN-code protected. One of the main weaknesses of most drive encryption products (this is my beef with EFS) is that it's nearly impossible to keep track of peoples' private encryption keys--Entrust does a good job of this, I'm not sure of other PKIs (MS does not.) Ideally you'd have the keys somewhere local and secure (like a hardware token inside a protected container) as well as archived *very* securely for recovery purposes in something like an encrypted CA/RA database. For everyday encryption (aunt Hilda's secret recipes, your porn) storing keys in something like a GPG keyring should be enough. -John \_ My PGP foo is weak. Please explain. So what if I store all the key stuff in the same laptop? I thought that without my passphrase people can't possibly crack it? That's the whole point of the bigger and bigger sizes I keep hearing about. E.g. 1024 vs 2048 bit encryption. \_ OK when you lose your encryption keys, you have a problem. A PKI (public key infrastructure) is a mechanism that issues keys for encryption and your transfer rates will sky rocke while your disk usage will signing etc. and, ideally, archives your private encryption key in a safe place. PGP/GPG work differently, instead of having authoritative say "Joe is OK", you have this idea of a "web of trust" where you trust peoples' keys by consensus. Key size, to oversimplify it, just affects how hard it is to crack something by brute force. And as for storing all your keys in one place, look at it like a normal keychain--if you put all your keys on it and it gets lost or stolen, you have a problem--you should probably use a key safe or something. Hence the password protection or storing it on some secure medium, like a smart card. For some slightly outdated docs on how a PKI (not PGP) works, have a look at http://ospkibook.sourceforge.net -John \_ I use PhilCrypt with the compression option. Works with all OS's, local, over NFS, HTTP, etc to NAS, SAN, with udp, tcp, iscsi, you name it! PhilCrypt is the best and the compression option means your transfer rates will sky rocket while your disk usage will actually go down the more data you add to your PhilCrypt DataVault! Get "PhilCrypt DataVault Deluxe" (includes PhilCompression and advanced management features)! |
2003/8/8-10 [Computer/SW/Security, Computer/SW/RevisionControl] UID:29286 Activity:moderate |
8/8 Is there any way to run a cvs server without root such that it can support windows users without ssh. \_ man pserver \_ no joy. \_ another way is to download cygwin, install it in windows, use the cvs via ssh at the command line - danh \_ man pserver \_ no joy. \_ Um.. okay, read up on pserver on the cvs howto page. \_ You can use .rhosts file. Better to use ssh such as plink though. |
2003/8/8-10 [Computer/SW/Security] UID:29277 Activity:low |
8/7 Is it just me or is Soda's POP3/IMAP security certificate broken? \_ Does anyone besides me read CSUA mail on the web (i use imp)? \_ Yup, it expired. |
2003/7/30 [Computer/SW/Security, Computer/SW/Unix] UID:29175 Activity:kinda low |
7/29 I've been struggling with cygwin all day and getting nowhere. I'm trying to get it to run init and startup xinetd, sshd, etc from /etc/rc.d/rc?.d just like on a real unix box and I'm not getting anywhere. There's an error in the init.d/functions file which prevents anything running properly and when I try running xinetd by hand, it runs as my user and not SYSTEM even though I setuid'd xinetd.exe and tried a bunch of other things. Has anyone here got any of this working and if so, please tell me how explaining very very slowly because I'm feeling really stupid right now. And no google didn't help at all. Thanks! \_ there is a cyg program to install your sshd (and anything else) as an NT service. Set that to start automagically and you will be good to go. google for "cygwin sshd install" and i'm sure you will find it. |
2003/7/25 [Politics/Domestic/California, Computer/SW/Security] UID:29134 Activity:kinda low |
7/24 Any recommendations for high-speed access in La Palma, Ca? I have SBC for phone service, but ironically, I can't get the Yahoo/SBC DSL deal where I live. \_ try using http://www.dslreports.com to search |
2003/7/23-27 [Computer/SW/Security, Consumer/CellPhone] UID:29119 Activity:high |
7/23 Anyone have any experience checking their soda email thru t-mobile's "t-zones" service? I just got a new phone that I'm messing around with and it seems pretty cool except for a couple glitches that I've been calling tech support about and wondering if anyone's gotten it to work right. thanks. - rory \_ http://www.ntk.net/2003/07/25/dohbad.gif -John \_ Who the heck came up with that name. "combination skin and oily \_ you need an exfoliating mMode cleanser. - rory \_ rory! I fantasize about giving you a bikini wax. \_ WTF is going on here. \_ Probably the same people who tried putting a computer store in the old Weird Stuff building in Sunnyvale (across from the old Fry's) and decided T-Zone was a much cooler name than Technology Zone. Didn't last long. T-zones let me check my email ANYWHERE!" -chialea \_ I haven't had any luck, except through very basic SSH access through my P800. \_ and does anyone use the t-mobile internet (unlimited gprs for 19.99 on top of voice plan)? does it suck? --karlcz \_ I think the rates have changed. I'm getting 1MB for 2.99, and I can upgrade to unlimited bandwidth for $10. \_ that is for t-zones WAP service. tmobile internet lets you use your phone (or pcmcia card) as a gprs network interface for your laptop, pda, etc. \_ I know a couple people with t-mobile and they are angrier about lock of service than even the cingular users I know. Data, voice, neither seem to work worth a damn. No wonder if is so cheap. \_ I heartily disagree... perhaps the problem is your friends' phones? I recently switched to a Nokia 6610 (been using t-mobile for a while) and service dramatically improved. I'm almost never w/out connection. Plus, their customer service is fantastic. extremely helpful phone people. I lost my previous phone and was given a full month credit just because. \_ out of curiosity where in bay area are you? \_ Manhattan. heh \_ I get full signal in mid-peninsula and south bay. But I haven't tried east bay where my friend has almost no signals. \_ Update: alright, so I figured out the problem, but would like to come up with a better solution. When I check my soda email with my phone via POP3, it leaves all my msgs on the server but moves them off the spool to a mailbox file named "mbox" in my home dir. Usually I check my email with Outlook Express, which as far as I can tell, just checkes for msgs on the spool. Is there any way I can get these two different mail-checking methods to work together? is this standard behavior? \_ you have pop3 over ssl working with soda? i never got that working \_ I use pop3 over an ssh tunnel. ie, localhost:110 on my home machine |
2003/7/15-16 [Computer/SW/Security] UID:29048 Activity:nil |
7/15 http://lwn.net/Articles/39909 Bruce Schneier's crypto-gram, scroll down and read the last part. |
2003/7/10-11 [Computer/SW/Security] UID:28998 Activity:moderate |
7/10 What is a good way to check to see if a host is alive when ICMP is blocked? Attempting an ssh connection to it stinks if the host is down, since the client takes a long time to give up. Other ideas? --dim \_ Interesting, you'd need to know a service that is always up when the host is up. If ssh is running, you could try telnet host 22 \- not true with udp --psb when the host is up. then netcat that port. 'netcat hostname 22' \- you cannot tell the difference between a host that is blackholing you and one that is down ... i.e. you arent getting any FIN/RST/ACK etc. i suppose you can hit random udp ports and look for icmp port unreachables ... basically you either need to know/guess something about the machine to pick the "single" highest probability technique or you need to OR together a bunch of tests, some of which are expensive. i am assuming you are a few hops away and you want an active rather than passive technique. --psb \_ Port scan 'em. \_ Call the sysadmin or send email and ask. If you're the admin, then look at the screen. |
2003/7/10-11 [Computer/SW/Security, Computer/SW/WWW/Server] UID:28992 Activity:nil |
7/9 So, what are the cheapest "trusted" SSL certs out there? \_ Get a standard Windows install, open MMC, look in the certificates snap-in for trusted root certificates, go through those. Or failing that, in the 'security' settings of any browser under whatever incarnation of a 'certificate authorities' listing you have. (Thawte no longer exists.) What do you need a trusted root CA chain for? You can very often get away with issuing your own. -John \_ http://instantssl.com, price starting at $50 http://geotrust.com, price starting at $150 Never used either of them, so YMMV. |
2003/7/9-10 [Politics/Domestic/California, Computer/SW/Security] UID:28981 Activity:very high |
7/9 Diebold voting machines easily hackable: http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm Why on earth would you use Microsoft Access to do something as important as tabulating votes? \_ because you care more about short-term profit than democracy? \_ Well, there goes their profit. \_ how is there profit in using a shrink wrap ware instead of a free one? they're stupid but not for the reason you feel. \_ thanks guys, once in a while this anti-corporate, "they are all a bunch of evil greed heads" draws me in and i forget that the answer is almost always "people are stupid" rather than "people are evil", it's good that \_ How about making software as "product" and subject to product reliability law suit? duh there are others who realize that and can remind me when i forget. -phuqm \_ only criminals would hack into systems. let law enforcement do its job, fucker \_ hmm, these sound like the words of a criminal who is aware just how unlikely the "job" is to get done. You know, that or a Troll. -phuqm \_ Or corrupt/zealous/partial/party-affiliated voting officials \_ That makes them criminals, DUH! \_ hah! the great long tradition of police protecting voting... \_ how about making software as a "product" (instead of this licensing nonsense) and subject to product reliability law suit? |
2003/7/7 [Computer/SW/Security] UID:28943 Activity:low |
7/6 Is there any way to get scp to not overwrite a file that exists on the remote host? \_ Use rsync instead. You can use rsync through ssh for the encryption and auth. \_ Unison is a nice tool for syncing things between two machines. |
2003/7/2-3 [Computer/Domains, Computer/SW/Security] UID:28898 Activity:high |
7/2 I need to renew my domains soon. I'm currently registered under http://joker.com but with the high cost of the euro, I think I'll switch. Can anyone recommend a registrar for this? Does it cost money to switch? \_ http://godaddy.com It does not cost additional money to switch \_ It looks like they offer only 5 subdomains with the basic package. Can I add more? How much would they cost? \_ http://www.tubgirl.com has the best domain registration service. \_ but not quite as good as www.goatse.cx |
2003/7/1 [Computer/SW/Security, Computer/SW/OS/Windows] UID:28886 Activity:nil |
7/1 What's a .pif file? \_ http://www.google.com/search?q=what+is+a+pif+file \_ brilliant! |
2003/6/25-26 [Computer/SW/Security] UID:28837 Activity:high |
6/25 Does anyone have any day-to-day experience with encrypting many (O(100s of MBs)) of files on their hard drives? For instance, if you have a laptop with all of your electronic bank statements/etc on it, and wanted to encrypt these with a key that you have on a compact flash or something similar? I know it is doable, but I'm wondering if it is in a way that is still usable? \_ why not use an encrypting file system... \_ MS EFS has somehighly annoying problems, like making it really easy to accidentally generate new keys (which are not backed up easily.) Look at CFS under FreeBSD. -John \_ The critical point would still be key management, right? You don't want to have the key on the machine if it gets stolen, but you still want fairly normal access to the files... Put it on a "secret" web page so that you can download it to use? Or on compact flash? Does anyone do this kind of thing? \_ but that would be cheating. \_ is there any free/open source encrypted file system? \_ pffft. You might as well just format the drive now. \_ Abe's Linux Encrypted Filesystem howto: http://www.abeowitz.com/crypto Also I've seen similar stuff with windows that uses a vxd to add encrypted filesystem support and mounts an encrypted block file. \_ no relation. -abe \_ Just tell your g/f that you look at porn. Stop trying to hide it from her. |
2003/6/24 [Computer/SW/Database, Computer/SW/Security, Reference/Law/Visa] UID:28824 Activity:high |
6/24 Oh god. I wish the EU (useless bunch of poltroons) would get at least a semblance of a backbone. http://www.theregister.co.uk/content/55/31380.html Does anyone know more about new biometric passports the US is supposed to be issuing? I'd frankly much rather deal with the hassle of a visa with my Swiss passport than submit to this. -John \_ Maybe it's just me, but John seems to talk about his Swiss passport pretty frequently. \_ Biometrics are such a huge mistake. No one seems to be addressing the issue that if your biometrics are compromised, there is no way to issue new ID--well, without replacing your eyes. -emarkp \_ Hm? Perhaps I'm misunderstanding the process: you have an ID or passport with your retinal scan/fingerprints on it. They scan your ID, compare it to a db of such things, and then you put your eye/hand to the scanner and verify that you are who the system says you are. Are you saying that someone could hack the db and sub their own particulars for yours and so take your bank account? If so, you now have their fingerprints / ret. scan on file-- should be fairly easy to find the duplicates in the system and arrest the perp. \_ No, if someone else can ID themself with your biometrics or subvert the system somehow, you're screwed. You can't get different biometrics. -emarkp \_ What are we talking here? Fake fingerprint gloves? False retinal scan contacts? Not saying it can't be done but quite a stretch, no? \_ Actually it's quite easy to fake out the fingerprint thing. The retinal scans can be horribly difficult obtain accurately at times. The real problem is identity theft and proving that it wasn't you who shifted your bank account/stock portfolio/real estate to party X. VERY tough to dispute. \_ I fail to see how biometrics makes this worse; right now you're being authenticated on your signature, which is way easier to forge than even the simplest biometric. -tom \_ It's not worse. It makes id theft much more difficult. I'm more for dual source authentication. Bio + PIN. However, businesses might make it much harder to dispute id theft and make corrections since it is technically so difficult. I fear an overreliance on tech. \_ I think this has less to do with tech, and more to do with the nature of big business and bureaucracy. Bureaucracy and silly overhead happen just fine without any technology at all. What you'd hope is that intelligent policies will be put into place to deal with situations that the tech makes 'unlikely'. \_ You'll submit and you'll like it. \_ Grey matter! Grey matter! |
2003/6/12 [Computer/SW/Security, Computer/SW/RevisionControl] UID:28711 Activity:high |
6/11 Which of the free email accounts are the most reliable? I have a http://netscape.net account that recently has been getting flaky. Anyone have any recommendations for yahoo, hotmail, or anything else? Thanks. \_ CSUA \_ You have broadband? Host yourself. \_ No broadband. I need to use a web-based provider. \_ http://www.horde.org/imp http://www.squirrelmail.org Work a charm, fast, and I'd trust them a lot more than a free mail provider. -John \_ Work a charm, foreigner! \_ Fine. "They work very nicely", you pedantic hun. -John \_ That's Normandic Anglo-Saxon to you. \_ How about trailer trash honky? |
2003/6/10 [Computer/SW/Mail, Computer/SW/Security] UID:28688 Activity:high |
6/9 is anyone using the following SSH client? Is it any good? ssh windows client version: Aug 4 1998 (32) by: Cedomir Igaly, 1995/1998 Revision: 2.100 \_ If you're just looking for a recommendation, either SecureCRT or TeraTerm Pro have worked well for me. \_ Agree with the above, or putty (simply because it's the first google hit on a search for putty, and is a single executable of about 500k. i call it my tissue paper ssh client) --scotsman \_ I use the free non-commercial ssh client from http://ssh.com. Works fine and allows for easy file transfers. \_ It also has the advantage of recognizing urls and letting you click on them, which i like since i follow every link posted on CSUA. It has the disadvantage of being very bugy. \_ buggs ar eprobabyl frm cdoing typos, eh? \_ PuTTY works very nicely: http://www.chiark.greenend.org.uk/~sgtatham/putty \_ Indeeed, I switched from TTerm to putty and haven't looked back (the single executable/no install is very nice). It does X tunnelling which IIRC TT doesn't. \_ Actually, TT tunnelling is pretty good, and does X fine. \_ Yup, and teraterm cut/paste is much more friendly. Also its UI is much leaner, which I prefer. TeraTerm will also do serial connections, which IIRC putty does not. \_ Does TT do protocol 2 yet? \_ Not the last time I checked. That's the *only* reason to use putty. \_ cygwin \_ SecureCRT, hands down! Putty is not bad, but SecureCRT has almost everything you ever wanted in a telnet client. Ultra robust, highly customizable. |
2003/6/5 [Computer/SW/Languages/Misc, Computer/SW/Security] UID:28642 Activity:high |
6/4 Does anyone know if there's a web interface for FORTRAN? Basically, I want to write and run FORTRAN programs from a Web browser without having to install anything on my desktop. Thanks! \_ no \_ Hmmm. If your goal is just to write FORTRAN programs without installing on your computer, you could SSH into soda and use g77. Is using a web browser really important? Maybe the Java SSH interface would suffice. \_ Thanks for that thought. I have a need where it would be more than just myself and not all my users would have an SSH client... I just figured Web browsers are ubiquitous. Also, I was hoping for a richer UI. Any other thoughts?... I appreciate any ideas. \_ How about install a VNC server? VNC has java applet client and it works reasonably well. \_ The problem with VNC is all users share the same desktop. So if two people needed to work on their own project, they couldn't. I didn't mention this as a requirement previously so I definitely appreciate the suggestion... but I cannot use it. Please keep 'em coming, though. \_ you can run them from a browser as a cgi like anything else. writing them is no different than any other web based input system that you see message boards,etc using. \_ In other words, you mean use an HTML TEXTAREA where the programmer can write his/her code; but when the submit button is clicked, the code is fed to the FORTRAN compiler on the server? \_ something like that. In short I mean "use CGI". that's what it's there for. \_ more stupid idea. How about install an X-client on the FORTRASH computer, install an X-server on your own computer, and access that way? It will resolve the problem. I know, you said you don't want install anything on your computer, but i personally think an x-server should be an exception: everyone should installed X-server (and FTP server :p ) \_ and a kazaa server and put at least 200 gigs online so we can all share because the information wants to be free!!! you're truly brilliant in a k-12 sort of way. |
2003/6/4 [Computer/SW/OS/Linux, Computer/SW/Security] UID:28627 Activity:high |
6/2 So why did Anonymous Motd Censor remove the DIY Cruise Missle link? \_ No one can truly understand the motives of AMC. Anyway here is the link: http://www.interestingprojects.com/cruisemissile \_ thanks for restoring the link. Now even I am curious and want to build a pulsejet myself :p \_ Because it had nothing to do with RIDE BIKE! or USE LINUX! of course, which are the only topics that are allowed to be of any interest to the "Berkeley computer science community". |
2003/5/20-21 [Computer/SW/Unix, Computer/SW/Security] UID:28496 Activity:moderate |
5/20 sun gurus, please help. My ultra 5 had some problem getting out of suspend. I had to power cycle and do nvram-default to get it to boot up normal again. Everything is up now. But the system is EXTERMELY slow. I don't see any processes hogging up memory or anything strange. I think the previous bad suspend left some bad stuff around that's screwing up the system. What should I look for to get it back to normal again? Thanks! \_ It's an ultra5. How fast could it ever have been? \_ I type 'top' and it takes 10 seconds for the display to come up. Similarly with other commands. It's not environment related because using the same dot files on another machine works just fine. \_ vmstat, iostat \_ Don't use suspend. There is no point and it has problems. --dim \_ When suspend hoses me I try this from the ok prompt: boot -s when it asks for the root password, I hit control D. The machine should then come up fine. I login as root, I remove /.CPR or /var/.CPR and edit /etc/power.conf so I don't get hosed again. If you chmod /usr/openwin/bin/sys-suspend not to be executable, that will prevent accidentally suspending via the sleep key. -ax \_ Just pkgrm the power related packages. \_ pkgrm(in this order): SUNWcprx SUNWcpr SUNWpmux SUNWpmowm SUNWpmowu SUNWpmowr SUNWpmr SUNWpmu |
2003/5/19-20 [Computer/SW/Security, Politics/Domestic/SocialSecurity] UID:28490 Activity:nil |
5/19 My refinance showed someone (LA) is using my SSN. What can I do? Who do I report this to? This is a serious question. thx. \_ First contact the police. One of the things they will do is give you a form with a lot of different crdit agencies to contact. Contact all major credit card companies as well. Although you can get a free credit check if you suspect fraud you get the wimpy version, so you want to shell out 25 bucks for the full one you can double check. Hell, you probably want to do it every couple of months for the next half year or so. Yes it is a bitch, I've been there before, but it the long run things got corrected and the person stopped using my SSN. \_ Call your local SS office. They will give you the number of the SS Inspector General. That office handles stuff having to do with SS fraud and criminal activity. \_ And the IRS. When you contact the three credit agencies, ask to put a freeze or a fraud report on your listings. \_ See if you can get an address and kill them. |
2003/5/12 [Science/GlobalWarming, Industry/Startup, Computer/SW/Security] UID:28410 Activity:very high |
5/11 http://www.workingassets.com - just a decent phone company that puts money toward good (progressive) causes (for when your email to your congressman stops making you feel good). \_ Shouldn't they be giving the service free!?? Capitalist swine - you are a sell out. \_ yermom gives it out for free and she's still swine. \_ If they are the cheapest and give (your) money away, then this is great. o/w give your own money away, and get the charitable deduction for yourself. \_ the nice thing about opting for world conscious services such as this one is that you show market preference for that type of corporation ethic. other companies will clean up their act if they see that the conscious stick gets customers. \_ wow.... I didn't know people actually believed that.... \_ Kinda like the U.N. I imagine. \_ Except the UN doesn't make a profit, isn't at all 'world conscious', doesn't provide real services, has no competition, and continues collecting money from it's 'members' no matter how well or poorly it does providing no incentive to improve, and has no effective means of controlling either it's own members or it's own staff, officers, and executives who don't ever get reviewed, demoted, fired, or replaced, and is trying to take over the entire world and reduce your national level rights to zero. Yeah, kinda like that. \_ Except for the profit thing, this sounds exactly like Microsoft! \_ You think the UN and MS are in cahoots? |
2003/5/8-9 [Computer/SW/Security] UID:28377 Activity:high |
5/8 I'm suing someone and it turns out that he gave me a fake address and I can't serve the paper. What should I do now? \_ why don't you post this to the motd three or four *more* times? \_ hire a private detective. \_ This is correct, assuming you don't have a cheaper option. (Like a phone book.) I can put you in touch with a good one. -jrleek \_ What's the guy's name? Maybe we know him. Or is it a fake name? And you still haven't told us what information you do have on him: driver's license, license plates, etc. \_ If the above does not work, but you have his real name and a general idea of where he lives, you can petition the court for service by publication. However, that should be a last resort because it can get somewhat expensive. \_ I have his real name and a general idea of where he lives. What is service by publication and how much is it? \_ Service by publication means that you take out ad space in the local newspaper(s) saying "Hey, I am suing you - Call me for details." If the person fails to answer within a certain time, you can take that person's default. Then you hire a private investigator to find the person and his assets. The cost depends on the judge, particularly on how many publications and for how long - check your local rules, but hopefully, you are in a situation where you can recover costs and fees. Also, lest I forget, service by publication generally does not work for small claims matters, but once again, check your local rules. |
2003/5/7-8 [Computer/SW/Security, Computer/SW/OS/Windows] UID:28364 Activity:high |
5/7 "Microsoft Plans Toilets With Web Access " http://csua.org/u/e60 Now, who wants to use a keyboard that has been touched by a thousand other people while they wiped their butts and genitals? \_ Only a thousand? \_ This is a question you may not want to address to motd users. \_ Well, you used the lab computers, didn't you? \_ Oh no! And I was eating my sandwich with bare hands too! \_ Yeah I always used gloves if you used it before me. \_ This was on the motd almost a week ago. \_ yes, although there was no explicit mention of genitals the first time. \_ Great, more shitty products. \_ I'd hate to be in there when the server crashed. |
2003/4/30-5/1 [Computer/SW/Security, Computer/SW/Unix] UID:28273 Activity:low |
4/30 So can someone comment on the problem(s) with /var? Why does it keep filling up, what are people doing to fix the problem each time? Maybe somebody here already knows a longterm solution. \_ It is some attachment problem. It goes away on its own. Jon thinks it is related to SA. I cannot tell anymore than that because I do not have root. You should email root or the politburo for answers to questions like this. -ausman \_ actually, it goes away when someone with root comes along and cleans out whatever file(s) causing the prob. |
2003/4/28-29 [Computer/SW/Security] UID:28247 Activity:kinda low |
4/27 I share a shell-SSH-SCP account using ssh-keys. Is there a way to log SCP access history of the other users. \_ don't share accounts. and no you can't create a log that you can't delete. \_ What about a log that could be deleted? possible? The intent of the log is not to log the technically sophisticated folks who could delete it, but to keep track of the stupid people. Where can I get web-hosting with multiple accounts and a group as well? |
2003/4/20-21 [Computer/SW/Security] UID:28175 Activity:nil |
4/20 John, a question about swiss bank accounts (since you're there). I've heard some news that they're going to stop issuing those secret accounts where you don't need any ID to open one. Is that true? And do you know of any banks there that use biometric data to access the account? Like retinal scan or some finger printing device. Thanks. \_ There haven't been any id-less Swiss bank accounts for a very long time now. A 'numbered' account simply means that once you open an account, there is no longer an association between your name and the account #--you lose the number, you're screwed. Swiss banks nowadays do a lot of checking to make sure cash isn't "dirty"--this includes verifying your ID. The main attraction is the secrecy you get once the account is open. They generally don't tell anyone. For even more confidentiality and better service, I'd look at Liechtenstein. Also, I know of no banks that do biometric ID for the type of money that you or I are looking at. And for very large accounts (> $5 million) the service is usually personal ("private banking"). There's still a huge legal gap regarding biometric ID and digital non-repudiation in most countries. I'd be glad to ask around, though. -John \_ If the account # and some password or passphrase is the only thing you need to to access the account, isn't that dangerous? If either of the two is stolen you're screwed since they don't check IDs (rather there's no ID to check). That's why i thought of some biometric system. |
2003/4/17 [Computer/SW/Security] UID:28156 Activity:very high |
4/17 In veneration of his computer science forbears, it is decided that Dan Holliman will change his name to Dan Hollerith. danh, we expect compliance and certifying documentation from the Social Security Administration in a reasonably short time. Thank you and good night. \_ huh? \_ Perhaps a reference to the hollerith format flag in Fortran77? -- ulysses |
2003/4/15-16 [Computer/SW/Security] UID:28135 Activity:very high |
4/15 What is a one-time pad, and why is it considered bad/insufficient for security? \_ Yeah, why is a one-time pad insufficient? Snicker. - !OP \_ a one-time pad IS insufficent if it is the only thing you are using for security. There better be some intelligent system for sharing one-time pads/keeping them secure, etc. Stop being an ass. \_ So you're saying a one-time pad is insufficient if it is used stupidly? Is there a security protocol that is sufficient even if used stupidly? \_ I'm saying that used alone it is far from sufficent because there are far too many unresolved issues. \_ declaring war on iraq \_ which begs the question: if your system is idiot-proof, won't someone just build a better idiot? \_ It's an encryption algorithm: to send a (say) 5K message to your friend, first generate 5K of random bits (the "pad") and share those secretly with your friend. Then, to send your message, just xor each bit with the corresponding bit from the pad. You can't ever reuse pad data; you have to generate new random bits for each message you want to send (hence the "one-time"). This algorithm is cool because it's provably unbreakable: if someone sees your encrypted message, but has no information about your pad, then it's impossible for them to decrypt your message. However, this algorithm is usually not practical, because you have to secretly share 5K of pad data for each 5K message you want to send. (For comparison, an ordinary private-key encryption algorithm like AES lets you secretly share a small key (128 to 256 bits) and then use that key to encrypt as much data as you want.) \_ because you're all being stupid and noone signs their names: OTPs are useful for when you have only occasional trustworthy contact with your sender/receiver (in-person contact, trusted monthly courier ...), and have a need to share relatively short messages in a highly secure fashion. to respond to some of the points attempted above: 1) if you have a way to get someone a pad in a secret [trusted] way, why not use the same way to transmit the message? Because the way you transfer the pad may not be available when a message needs to be sent. 2) if you get part of the pad, you can decrypt part of the message. If you get an AES key, which is comparable in size to the supposed partial pad, you get the whole message. Issues of key management aside (which affect all crypto systems), OTP offers the user high confidence at the expense of convenience (large, non-reusable keys) and reliance on periodic OTP refreash. (large, non-reusable keys) and reliance on periodic OTP refresh. --4554660b1f82fae1e048ff6c1874d31b \_ I think everyone who cares already knew that, since among other things the OTP is about the simplest cryptosystem imagineable. you have been trolled. \_ only so that I could get the guy below to respond. sometimes you gotta take a troll to get a better troll. --3210615175eaa726402a9001bf8dbc6a \_ OTP does not offer high confidence except in highly controlled environments because there is no way to perform adequate message authentication in OTP: 1) If the recv'd msg is off by even one bit/char the message won't make any sense. While single bit/char errors might be noticed in the decrypted PT, multi-bit/char errors that can change the content of the message without being detected (this depends on the language, but for things like english the probability of detecting multi-bit/char errors is not that high). 2) If OTP is used for messages transmitted via a public channel the big problem is that there is no way to ensure that the message you recv'd was transmitted by the person that should have sent it. In some cases an attacker can mount a DOS on the system by tx'ing fake messages. \_ Why is it one-time? Why can't the same pad be used again to transmit a different message to the same receiver? \_ If a pad is reused, a pattern is formed in the ciphertext which can be exploited by an opponent via a Analysis in Depth Attack. Some of the venona decodes were the result of the Russians reusing the same pad for multiple (different) messages. |
2003/4/15-16 [Computer/SW/Security] UID:28129 Activity:very high |
4/14 So I quit my company 2 months ago but I'm still getting paycheck from them. I'm pretty sure something's wrong with the accounting. I guess it's just a matter of time before they find out. Can they legally withdraw money from my account when they find out? \_ accepting a paycheck from a job you no longer work at is fraud, end of story. return the money and get on with your life. \_ Tell the payroll office about it now, and don't be helpful about returning the money you have. You can hope that interdepartmental politics will keep payroll from contacting legal and you might get to keep it. The moral thing is something else of course... but you did quit, so maybe they screwed you over? Eh... \_ Blow up the accounting office or hack their computers. Be a MAN! \_ of course. it's their money. \_ it depends. If you're getting paper paychecks then no. But they can sue you for it and will win. If you're EFT then yes they can. Either way, I wouldn't spend the money until they're out of business plus a year. \_ Why can't the guy quit while he's ahead? That is, close the bank account. \_ Because they'll just sue him and he'll lose. Welcome to the world of adults where accountability exists. Silly rabbit. \_ No. BUT... Since you know you're not working for them, any money received works as a claim of fraud. Since it's been a couple of months and probably a good amount of money recieved, you could be charged with embezzlement and felony fraud. Notify the company and arrange to return the money. If you withdrew against this money, it adds credence to the charges. After two months of getting checks, you'll be hard pressed to claim ignorance and proving "good will" in notifying the company of the error. Return the dough and hope they don't ask for interest back. \_ This happened to me and a fellow coworker at Cisco. He told them after the first paycheck arrived and they told him to keep it... I mailed them after receiving three paychecks (~$5K) and they never mailed me back but stopped sending checks. A few months later I deposited the checks into a money market account. I didn't touch the money for two years. It's been three years since. ymmv. |
2003/4/9 [Computer/SW/Security] UID:28051 Activity:nil |
4/9 If I have access to a POP box full of mail, what's the easiest way to get all the messages currently in the box forwarded to somebody. I don't have access to the mail spool for this POP box. \_ fetchmail from the pop account and then forward. |
2003/4/5-6 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:28002 Activity:high |
4/5 On the http://netzero.com Terms and Conditions: * Software Downloads. As part of the NetZero Service, NetZero may from time to time download software owned by NetZero or third parties to your computer. Your use of the NetZero Service constitutes your consent to such downloads. What is this about? What type of software would they want to download to my computer? Is this to scan the files on my computer, or likely something more innocuous? \_ something to do with ads maybe? \_ why do you want to use netzero anyway? there are other choices that are cheaper and have worked okay for me. e.g., joi internet. \_ Thanks for the tip! I'll switch to joi. \_ does joi require you to use their own software? \_ no. \_ Welcome to Gator hell. Tried Ad-aware @ http://lavasoft.com? \_ Ad-aware sucks. Get Spybot Search and Destroy \_ It probably means pop up and other ad crap, data mining, and similar spyware crap. Legally it means *anything* they want and they're on safe legal ground. Some third party ware installed via them steals your CC or tax info and you're a victim of ID theft? You're SOL. Don't be cheap, get real net service without T&C like this. \_Just hack Netzero and get around their software. I used to do it when their accounts were free. \_ Why bother? |
2003/4/1-2 [Computer/SW/Security] UID:27947 Activity:low 63%like:27920 |
4/1 OpenSSH 3.6.1 is out. Fixes some interoperability problems with other implementations. Portable: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.6.1p1.tar.gz OpenBSD: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.6.1.tgz \_ Thanks, installed. --mconst |
2003/3/31-4/1 [Computer/SW/Security] UID:27920 Activity:low 63%like:27947 |
3/30 OpenSSH 3.6 will be out shortly. Changes include RSA blinding and proper handling of priv. sep. when root login is permitted. Portable: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.6p1.tar.gz OpenBSD: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.6.tgz \_ Thanks -- I've installed it in /usr/local/bin. --mconst \_ thanks |
2003/3/26-27 [Computer/SW/Security, Computer/SW/Unix] UID:27858 Activity:moderate |
3/26 I just upgraded to Bind 9.2.2 and it seems that I can no longer get responses from roots a and b (the other root serves work fine). I've checked the routing, I can get to a and b, I just can't get a response from them. Anyone else have this problem? Any suggestions about where to start debugging? tia. \_ I had a different problem. bind8 stopped being able to query the root nameservers at all. So I upgraded to bind9. --scotsman |
2003/3/26 [Computer/SW/Security] UID:27853 Activity:nil |
3/25 Anyone know if ther are providers that will sell DSL service without phone service? I've had it with AT&T/Comcast. --jwm |
2003/3/20-21 [Computer/SW/Security] UID:27768 Activity:high |
3/20 anywhere to get an SSH2 client, someone just stole my SSH 1 since i am using teratermpro and ssh for it (ie: a friend stole it) \_ putty is a free ssh client for Windows. \_ http://software.berkeley.edu or http://www.ssh.com if you're not a student \_ stole it? \_ huh? I thought teratermpro is free at first place. |
2003/3/19-20 [Computer/SW/Unix, Computer/SW/Security] UID:27751 Activity:high |
3/19 How did mconst fix /var, and what was wrong with it? \_ The mail I sent to root is now in ~mconst/pub/var-mail. --mconst \_ thanks, that was informative. Shouldn't that file be made unreadable by non-root though? \_ I think everything in there is public information -- but please let me know if I missed something. --mconst \_ I'm sorry, I meant /var/account/acct. It seems like it contains somewhat private information of little use to non-sysadmin types. \_ You're absolutely right. Fixed, thanks. --mconst \_ Does anybody else find this polite exchange as refreshing as I do? \_ Actually...yes. -mice \_ PURE. REFRESHING. MCONST. \_ Someone was trying to rotate accounting logs, and failed miserably. |
2003/3/13 [Politics/Domestic/911, Computer/SW/Security] UID:27686 Activity:very high |
3/13 http://www.usatoday.com/usatonline/20030313/4942670s.htm "Much of the information on Mohammed's laptop computer was protected by an encryption code that CIA analysts cracked easily, U.S. intelligence officials said." It was probably RSA or PGP. What else is he likely to have used? Something from MS? \_ They threated to kill his preteen kids if he didn't give them the password. \_ Damn those unsecure end nodes. \_ Microsoft Visual ROT13++ \_ Microsoft Active Visual 2ROT13#. \_ Be sure to download the first three patches and upgrade before using. The fourth patch allows you to encrypt, but won't decrypt non-MS ROT13 encryptions. They are still working on it... \_ This stuff is getting so old it's not even funny anymore. \_ This stuff is still funny, because it is still the case, despite how long it has been the case. \_ Any system in which the key is shorter than the message is an inherently weak system. The only one "safe" encryption system is OTP (and even that is not safe if you have your own Guardian of Forever) \_ Guardian of Forever? Is this some nerdy book/tv/movie reference? \_ Here's a cookie for you. \_ I'm serious. What is it? \_ Watch TOS Ep. 28. \_ so what the fuck is TOS? \_ You do realize that no one is obligated to answer your question, yes? \_ Your geekdom passport has been revoked. \_ 'cause we all know jocks r00l. \_ oh no! What WILL I do? Oh that's right, have a life. Never mind. \_ Sorry, but we don't buy it. You've already proven you have no life by posting here. |
2003/3/12-13 [Computer/SW/Security] UID:27668 Activity:very high |
3/12 Call me paranoid. How likely is it for someone to decode traffic sent to/from an ssh connection? The encryption is done end-to-end, so if the govt is getting a copy of every packet between two boxes is it possible for them to crack it? I'm not a technical guy BTW, I just know the high level functionality of these things. \_ If they really REALLY care and are willing to wait a couple of weeks before the traffic is decoded and have some insane amount of computer power... pretty unlikely. There is a reason this stuff scares the shit out of the powers that be. \_ It is much easier for them to attack at the unencrypted endpoints \_ If the government wants to see your shit, they can get a tap for your keyboard or put a van outside your home/office and read your monitor. You're only fooling yourself thinking ssh will really keep the United States' Federal Government from reading your shit. I suggest you find a good defense lawyer and send good-bye notes to your family and friends. \_ any URLS with stories from people this has happened to? \_ http://www.you.com.au/news/1009.htm \_ If you are using SSHv1 there is a possibility that someone could read your traffic. If you are using SSHv2 (AES128-HMAC SHA1) your traffic will be unbreakable for the next several billion years assuming that (1) the RSA factoring problem is impossibly hard, (2) the Discrete Log problem is impossibly hard, (3) SHA1 is a true 1 way hash and can't be inverted in less than 2^80 tries, and (4) there are no weaknesses in the AES S-BOX. There is a further concern among some about the way that HMAC is performed in the SSH protocol, iirc SSH does E(K,P) HMAC(K,P) rather than the more secure IPSEC method E(K1,P) HMAC(K2,E(P)). I'll look this up in my notes and post later on. \_ It might take decades, or even centuries, but the quantum computers are coming. \- we've broken ssh session keys when we were "really really interested". ok tnx. \_ what size session keys and did you break them using brute force or via some other method? \- "we measure computing power in acres" \_ how much ct did you need? \_ who's 'we'? \_ "ok tnx" is the hallmark of PSB, and PSB works at LLBL, so he could have "acres of computing power" Was that you, PSB? |
2003/3/6-8 [Computer/SW/Security, Computer/SW/Unix] UID:27610 Activity:low |
3/5 All of a sudden my DNS server is not resolving http://mail.yahoo.com or http://calendar.yahoo.com. Everythign else I try seems to work. What could cause this? \_ is Earthlink your ISP by any chance? \_ no, why, do they have hte same problem? this is on my own dns server running BIND8.x \_ ; <<>> DiG 8.3 <<>> http://calendar.yahoo.com ;; res options: init recurs defnam dnsrch ;; res_nsend to server default -- 127.0.0.1: Connection timed out |
2003/3/5-6 [Computer/SW/Security] UID:27602 Activity:nil |
3/4 Any recommendations for a website, email, and DNS service provider? |
2003/3/5 [Recreation/Pets, Computer/SW/Security] UID:27600 Activity:high |
3/4 This is good: jose CP 67.121.94.23 3:14PM 1:39 cat /etc/motd.public How do you cat something as short as the motd for over 1.5 hours? "So the guy at the bar says, 'that's no cat, that's my wife!'" hahahh! \_ you can pipe it through "more" \_ I guess... why not just 'more $file'? \_ because $file expands to whatever $file is before the command is execed. \_ I was being generic. I'll spell it out for the anal among you and try again, "why not just 'more /etc/motd.public'? \_ or losing an ssh connection while executing the command. \_ Doesn't sshd use tricks to detect such stale sessions and kill them off, including all applications that belong to the same session? \_ maybe but it's pretty funky dropping a connection in the split second it takes to cat the motd. im suspicious of this behavior. |
2003/2/28-3/1 [Computer/SW/Security] UID:27563 Activity:very high |
2/28 How come csua doesn't support imap, even when it's from csua itself? \_ imap is disabled, but imaps (imap + ssl) is enabled in /etc/inetd.conf. \_ the certificate is self-signed though. wouldn't imap-over-ssh be more secure? \_ feel free to donate enough money for a verisign cert. imaps also works straight out of the box with Outlook and doesn't require running a ssh tunnel \_ and you trust soda's SSH key why? \_ I use the same key on all my production systems. \_ And this helps why? Your SSH fu is weak. Train harder. \_ that way if I lose root i can login from anywhere else just about because i use a passphraseless key. soda's key is also on the auth'd list so its cool. \_ that way if one of your machines is compromised the '1337 h4x0r's have 0wn3d all your machines! \_ And self-signed certs are insecure why? Your PKI fu is weak train harder. \_ do you memorize the signature on the certificate? at least with ssh, i need to verify the key only once. \_ A self signed cert presented by a server is equivalent to yermom presenting a potential csua stud with a notarized medical certifciate stating that the person presenting this certificate is yermom and that she doesn't have any up enough to go for it PKI fu boi! the certificate is yermom and that she doesn't have any stds where yermom was the both the obgyn who wrote up the certificate and notary who signed it. Maybe you are hard up enough that you'd go for it PKI fu boi... \_ I only read email I have personally decrypted with a PGP passphrase I store on a keychain attached to my body at all times. I am also very attractive. |
2003/2/27-28 [Computer/SW/Security, Computer/SW/OS/Windows] UID:27551 Activity:moderate |
2/27 13823 files on a brand new w2k machine with no other software installed. I remember copying dos from floppy to floppy using one drive and had to do 26 disk swaps to get all the files.... \_ Uh, my copy of DOS 6 is only about 3 or 4 floppies. \_ Did you count all the hidden files? \_ There were only 1 or 2 which http://sys.com put on for me after a few more swaps. \_ DOS 3.2 -- 2 LD 5.25" floppies. \_ DOS 1.1 -- 1 360k floppy. \_ MacOS 1.0 -- 1 400k floppy. 127k used, 273k free. |
2003/2/27 [Computer/SW/Security] UID:27549 Activity:high |
2/26 MAPI gurus - do you know how to get encryption on MAPI? The online docs are nasty, i've even looked at lotus's docs out of despereation still nothing. \_ Notes uses a proprietary 'encryption' algorithm. Little is known about it. If you really want a certain degree of assurance that your mapi connections aren't being snooped, think about running ipsec. There aren't many MAPI security docs, period. -John \_ XOR! \_ 2ROT13! |
2003/2/27-28 [Computer/SW/Security, Computer/SW/Unix] UID:27548 Activity:high |
2/26 Wasn't csua passwd was compromised the other time? Could the hacker had placed some program on csua that snoops our email? I think my email account has been snooped on. I send out a email to a friend giving him my server ip and port, but someone else visited my server since my friend was not able to access my server. I got a foreign ip accessed my server. \_ obUsePGP! \_ obUsePGP! If you send messages in the clear anyone can read them. \_ PGP is useless until it is made more transparent. Even the people who invented it have agreed on this. The existing tools are simply too difficult to use and even people with clue end up sending clear text or gibberish by accident half the time. \_ The 'people'? Perhaps you mean the person, namely Phil Zimmerman? And what you've just suggested does not sound very much like the sort of thing Phil Zimmerman would say. Could you post a citation so we know you're not talking out of your ass here? If you are just talking out of your ass, could you make a point of sticking your head up your ass before doing this in the future so we don't have to listen to your blather? Thanks. \_ <Sigh> The most notable "blather" is Whitten & Tygar (1999). cited in the GNU privacy handbook, chapter 5. cited in the GNU privacy handbook, chapter 5. You are, of course, correct that it does not very much sound like something Phil Zimmerman would say. \_ What makes you think it's not a problem on your friend's end? \_ it may be possible too since the company uses MS Exchange and Outlook, but they are very good at patching up the security holes. =D Have you ever had nimda.a/e on you machine? if you see httpodbc.dll in all your root drives, your machine is infected with nimda.e. Most likely a hacker has already placed a backdoor in your computer... \_ More likely you were just port scanned. \_ but he wouldn't know the exact path of the file to call even he finds out that port is open. I had NAT forward that port to my my server. And the web app is under a specific context-root, also the file is has a unique url mapping. I see the visitor access that exact path right after my email went out (well a few minutes later). \_ Foreign eh? Which country? \_ foreign=alien=non-local \_ You really should email root about this. \_ Ya, that way root will be more careful about reading ppl's email. Seriously though, what are the odds of someone having the patience to go through and read your email? Did you look in your apache logs to see what IP it was that looked up your site? \_ Don't knock the propensity of individuals to do what normal people like you and I would consider a complete lack of a life for intrusive purposes. Security through obscurity or even anonymity is not a good idea. -John \_ last time I checked the IP belonged to http://prophetfinance.com, I took a look at it subnet ips, they tranlated to greet, pride, lust, stalin, roosevelt, churchill, etc <DEAD>.prophetfinance.com<DEAD>. It is probably managed by some Russian sys-admin since he seems to name the servers with Russian leaders. \_ Churchill and greet are my favorite Russian leaders! \_ Okay, machines with people names are name of Russsian leaders. Damn, always some block head nit-picking posts while totally ignoring the main point \_ if you use a completely specious argument to back up your contention that it's a Russian sysadmin and you get called on it, I don't think it qualifies as nit-picking \_ What is your site anyway? \_ just some stuff to test my web configuration. |
2003/2/24-25 [Computer/Domains, Computer/SW/Security] UID:27509 Activity:very high |
2/24 Okay, I know this type of question has been asked before, but here goes. I'm currently using http://domaindirect.com for my registrar--they also handle my email (1 pop account + 5 forwarding addresses + catch-all). The problem is that they only provide www forwarding (with perhaps "url keeper" which wraps the page in a frame and it still looks like the domain, but is a pretty cheesy technique). Anyway, I'd like to move to a hosting service that allows me to keep the same (or better) email services, and do either web hosting or aliasing to (say) a http://dyndns.org site. domaindirect costs about $35/yr. and I'd like it to be cheap, but I'm willing to pay more for better service if necessary. Suggestions? \_ DynDNS \_ Um, did you notice that I mentioned dyndns? Do they handle hosting? Do they handle email redirects? Do I have to run my own mail server? Everything I checked about dyndns shows that it's a partial solution, not a complete one. \_ Um, did you notice that I mentioned dyndns? Do they handle hosting? Do they handle email redirects? Do I have to run my own mail server? Everything I checked about dyndns shows that it's a partial solution, not a complete one. \_ http://gandi.net is cheap. They won't do hosting but they'll handle mail forwarding and aliasing. the downside is they are in Europe and you'll get all your e-mail in French (and English). \_ I have had 5 domains with gandi for > 3 years now. They are great, their service is fast, their TOS are unambiguous. Regarding the DNS, you can do it with the public DNS service. Look at http://soa.granitecanyon.com -- I found it very difficult to get working, though, but it does work. And it's free. -John |
2003/2/24 [Computer/SW/Security, Computer/SW/Unix] UID:27506 Activity:high |
2/24 http://csua.org/u/9db -finally they arrest the strike leaders. I wonder if that means oil will finally drop; the strike is 30% of the reason oil's been going up. \_ Yeah, I guess if getting rid of a corrupt political leader interferes with your getting a cheap tankful of gas by jailing a few brave souls, then god speed to ya'. \_ Gosh, in that case, would you like to join the general strike to remove a corrupt politician who gained his position through unconstitutional manipulation of a a corrupt electoral system? At the least, you wouldn't mind if we shut down the economy for a few days to do so, right? \_ if the people of the United States had enough savvy and guts to do just that I'd help in any way I could. \_ Yawn. Your own media spent months trying to prove your assertion and failed. Go back to alt.conspiracy. |
2003/2/21 [Computer/SW/Security, Transportation/PublicTransit] UID:27485 Activity:nil |
2/21 http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/02/21/MN240732.DTL Crowd counting article restored, you censoring bastard. |
2003/2/14-15 [Computer/Rants, Computer/SW/Security] UID:27415 Activity:moderate |
2/14 What is a good internet phone card for calling China? Thanks. \_ I usually use http://www.cybercalling.com I don't know how it compares to others. Is 3.3 cent good price for calling compares to others. I thought it has good prices for China, Taiwan, and even US. Is 3.3 cent good price for calling within the US? \_ http://www.pincity.com : 4.9 cents (using local access #) http://www.onesuite.com : 3.9 cents (using local acesss #) |
2003/2/13-14 [Computer/SW/Security] UID:27400 Activity:low |
2/13 Looking for <DEAD>anonymizer.com<DEAD> like websites that are free. Thanks. \_ like water for chocolate. \_ get a colo somewhere and run squid on it. set up the acls so you and your friends can access it by others can't. Enable https to http proxying and you've got all of the features of anonymizer for next to nothing. |
2003/2/12-7/5 [Computer/SW/Security] UID:27380 Activity:moderate |
2/11 At what point (in the course of my login) does DISPLAY get set, and what does it get set to? I'm able to open X windows locally (using Exceed) from soda, but not from another box I have access to. On this other box, DISPLAY is not set and I'm trying to figure how to set it. Thanks. \_ Depends on the OS & login method. \_ please expound or provide a link? the offending box is running red hat, and I'm logging in over ssh. \_ The remote system's sshd should be setting it. Make sure that X forwarding is enabled on the remote system and on your local system (try using ssh -v and looking for the "X11 forwarding" lines); you might also want to make sure your dotfiles aren't resetting your DISPLAY variable to something wrong. \_ Can you figure out your local machine's IP address and then manually do "setenv DISPLAY local-IP-addr:0.0" after logging in to the other box? \_ Try ssh -X \_ ssh -x |
2003/2/7-8 [Computer/Domains, Computer/SW/Security] UID:27337 Activity:nil |
2/6 Anybody have experience with http://pair.com for web hosting? Any other recommendations for quality, affordable web hosting? What about hooking up my own computer to a fat pipe somewhere? \_ my friends like http://pair.com. i like <DEAD>zapatec.com<DEAD> |
2003/2/7-8 [Recreation/Dating, Computer/SW/Security] UID:27330 Activity:high |
2/6 What's the best remote flower delivery service? \_ Calling a florist in the remote area and being very exact in what you want (or give them free rein to create). \_ Don't use FTD or other large service. I agree with the first reply. --aaron \_ Except a lot of florists are part of the FTD network. And they will deliver FTD's standard arrangements. Ask them if they are a FTD member before you order. \_ What's wrong with FTD? -florally clueless \_ http://FTD.com was the first commercial launch of a Java website \_ and then? \_ Fuck Valentine's Day. Fuck it right in the ear. \_ BDG? Is that you?? \_ this sounds more like doesn't-work-with-cable-modem guy (DWWCMG) \_ What? \_ ERROR: EAR HOLE TOO SMALL. \_ ~payam/squick.vt \_ If recipient is in SF, I've always gone with http://frenchtulip.com \_ I love Rose and Radish in SF myself, 415-864-4988. --chris \_ Is that a hint? \_ /usr/sbin/in.rflowersd \_ I hope that you are ordering flowers for your ex-wife's funeral. If you are ordering flowers for your girlfriend, DON'T. You might think that you are being nice, caring, considerate, etc. but in reality you are being drawn into a bottomless pit of despair. You cannot imagine the endless nightmare that your life will become if you allow yourself to be drawn any further into this woman's web. If you do not heed my advice the day will come when you will wish that you had tied a noose around your neck rather than a bow-tie. \_ Now that's more like it! bdg #3 fan \_ bdg, sign your post |
2003/2/6-7 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:27322 Activity:low |
2/5 I picked up this year's Taxcut and it won't import last year's turbotax files. I'm gettign idiotic errors where it either wants to treat my TT file as a TC file and then reports a corrupt file or it looks for a TC named .T01 file when it's clearly a TT .tax file. I've played around with filenames and even looked at hex editing the binaries. Is anyone else trying to do the same thing? Is it working for you? \_ importing is highly over-rated. Name, address, soc security, etc can be easily typed in. The only other thing you need to worry about is carryover capital losses (stock). It's more complicated if you run a small business and need schedule C. But you probably don't run a business. \_ Hmm. Well that sucks. Thanks for the info. |
2003/2/4-5 [Computer/SW/Unix, Computer/SW/Security] UID:27305 Activity:high |
2/4 Anyone here use samhain? Any opinions?? (It claims to detect LKMs) What is your favorite IDS/checksum program? \_ Isn't that a Danzig song? \_ snort \_ don't be cheap, buy a IDS blade that goes into your router or switch. It offers much higher performance and it's more manageable. \- that cant detect something like people doing rlogin -> ssh -> su and typing root passwd onthe net can it? you can use BRO. but it sounds like the above person is looking for something run on the filesystem, like tripwire. i use veracity which might not be right for you. --psb \_ I don't use anything at all. SSH2 ports open to world+dog if you can guess the root password, you get the whole site! Over 5 million active usable credit cards just waiting for the taking! And the best part is we wouldn't even know you'd broken in and stolen everything if you weren't an idiot about it. |
2003/2/4 [Computer/SW/Security] UID:27299 Activity:nil |
2/3 Soda's very own Nick Weaver makes news again. http://news.com.com/2100-1001-983197.html?tag=fd_top \_ So he's a "security expert" now? \_ Yes he is. |
2003/2/1 [Computer/SW/Security, Computer/HW] UID:27266 Activity:moderate |
1/31 I find that http://terraserver.microsoft.com is not detailed enough. And I've been googling for another one. Can't seem to find another free server that provide satellite photos. I used another service before a few years back but can't remember the site anymore. Anybody know? \_ Call your local congressman today, and ask them to approve funding for the Total Information Awareness program. Soon, the server you seek will come into existence. Though your access to it may be on the 'need to know' basis... \_ Yermom won't show up on any civilian quality sat. photos. \_ Unfortunately, yermom does. \_ You're thinking of the military quality army boot sats. \_ No, I'm thinking "Yermom is SO fat ..." \_ her blood type is "crisco" \_ TIA program stillborn. Just another random pentagon concept that went nowhere. |
2003/1/21 [Computer/SW/Security] UID:27164 Activity:high |
1/20 Is there any tool on an SGI running IRIX 6.5 to play a .mp3 or .mid file? I don't have root access. Thanks. \_ um... build something in your homedir? If you don't have write access to the sound device, you're just SOL. \_ Oh, I'm sure there are plenty of tools running IRIX 6.5 |
2003/1/20-21 [Computer/SW/Security, Computer/SW/Languages, Computer/SW/Apps] UID:27161 Activity:high |
1/20 I have a pdf file that contains type 3 font. Since it is bitmapped I can understand why it does not scale nicely, but why does it look jagged even at 100% on acrobat reader while the print out looks fine? How can I convert it to type 1 font? The program dvistripp.exe that google points me to no longer seems to exist. Ok tnx. \_ does this file have anything to do with ps2pdf? -chialea \_ Yes typically I have the ps file and convert it to pdf using ps2pdf or distiller. I don't have access to the original tex or dvi files, however. --op ps2pdf or distiller. It seems to be the problem of the ps file, since many other ps files converts just fine. I don't have access to the original tex or dvi files, btw. --op \_ ps2psd does not do the right thing. |
2003/1/18 [Computer/SW/Security] UID:27141 Activity:moderate |
1/17 Do any other search engines besides google cache? \_ I think the question is do any others provide public access to their caches... I'm sure any reasonable search engine does caching on some level. |
2003/1/9-10 [Computer/SW/Security, Computer/SW/RevisionControl] UID:27040 Activity:very high |
1/9 I need an archive/revision-control system that keep the repository, which is left a relative public system, encrypted. CVS does not seem to do that. What is an (free/open-source) alternative? \_ Do you mean "encrypted on disk" or "requires encrypted transmission"? CVS does the latter; you need to set CVS_RSH=ssh and do some more config on the server (there are howtos online). For the former, maybe a file system that encrypts data to disk? \_ I mean that the (CVSROOT) repository is encrypted on disk. I don't need heavy weight encryption. It is to thwart opportunistic voyeur. -- OP \_ rot13. \_ rot26! \_ chmod 600 your cvsroot |
2002/12/30 [Computer/SW/Security] UID:26940 Activity:nil |
12/31 Essential System Administration by Frisch refers to a "wheel group" as being an added security feature for the assignment of root privileges. Question: How is this an added security feature when having the stolen root password allows login as root anyways? The author also mentions that this feature is not available in Linux, but used in BSD type OS's. \_ False assumption. Given a wheel group, you can disallow external logins by root altogether. This leaves at the very least a username trail if the source IP is spoofed. |
2002/12/24 [Computer/SW/Security, Reference/Military] UID:26898 Activity:nil |
11/22 [stupid airport security thread deleted.] \_ mandatory firearm safety training for everyone. give every passenger a gun with rubber bullets. terrorism problem solved. \_ Sheep |
2002/12/20-21 [Computer/SW/Security] UID:26874 Activity:high |
12/20 Is there a way to get SSH to do keepalives (for firewalls/dial-up sessions with inactivity timeouts?) I currently do ssh -X and send an xclock over it, but I usually have more than one host open, and things get a bit cluttered. -John \_ the inband keepalive is daemon configurable \_ the inband keepalive is daemon configurable -shac \_ I just have a script that echoes a character to the screen every 10 minutes. -- yuen \_ Put "KeepAlive Yes" in /etc/ssh/sshd_config \_ The line is already there. Guess it doesn't work. \_ My office fw filters that so I do the same thing yuen does. \_ KeepAlive actually sends out-of-band so.. it's not what it seems.. you actually want ClientAliveInterval which sends inband.. however its ssh2 only and some ssh clients will barf when they see this packet.. if your client doesnt barf at it, then it will keep your session alive -shac |
2002/12/17-18 [Recreation/Dating, Computer/SW/Security] UID:26831 Activity:insanely high |
12.16 Does anyone here get the economist? my subscription expired two days ago and i want online access to an article called "Trapeze artists". if you could post it in /csua/tmp it would be most appreciated --tia. \_ So why not resubscribe, rather than steal? \_ Are you planning to resubscribe? \_ I just did, and I have the print version of the article, but I want to forward the article to a friend. Yes, I could scan it or snail mail him the original, but that's a pain. Or I could wait a month or two for my new subscription to kick in, but that is more lame. \_ Post a url to the article and your friend's email address \_ So you're asking someone else to commit copyright crimes and then put their name on it for you? \_ yes, I am actually. thanks for clarifying the situation though. prick. and I will forward it for you. \_ Thief. \_ copyright violation is not theft. look up thief and theft in the dictionary. \_ Sure it is. You're taking or making use of something that isn't yours without permission that normally costs money for access. Take the rest of your argument to slashdot or k5 where you'll find like minded thieves who care. \_ that's not theft. theft involves taking away. "making use" of something -- which isn't even a thing, is not theft. for you to say otherwise is just like my stating you are a cunt. \_ Yeah whatever. Take it to slashdot. In the meantime do you mind if I have sex with your gf? It's not like my making use of her while you're busy with copyright violations is denying you your use of her. \_ This is wrong on so many levels. \_ Just another victory against copyright violators. \_ i'm not the OP. i'm just saying it isn't theft. \_ It only "normally costs money" because of a perversion enshrined into law. Should breathing air cost money, too? Would you support such a law, if passed? |
2002/12/15-17 [Computer/Companies/Google, Computer/SW/Security] UID:26819 Activity:moderate |
12/13 I was reading somewhere something that implied that google's popularity algorithm could tell if the link to your site in someone's page was "hidden." Can someone here confirm: if I have a link to may page on another page that is either a.) The same color text as background or b.) a "spacer" image that is a link. Will Google discount that link? \_ No one knows how google really works. A form of security through obscurity to protect their pagerank thing. 12/now Hey do ya think we could get the motd any shorter and more boring? Let's see: 1) a link to chapter 1 of an old book, 2) trivial dns lookup issue, 3) emacs question with joke answer. Why bother even having a writable motd if it's going to be stripped of *everything* worth reading? There's no technical questions/answers, no cool stuff about, well... *anything*! And it's always worse on the weekend when there's fewer bored people at work to add new things. [*laugh* and then the same idiot deletes this whole thing] \_ If you're so strapped for amusement that you rely on the motd, I weep for you. \_ weep away, just stop erasing everything. just because im pathetic doesn't mean im not right about others stripping the motd. \_ who knows? what makes these fucking censors tick? why do they want the motd to become pointless? mysteries we may never know. \_ Instead of trying to beat the system, why don't you just try to make your page better and more relevant? How hard do you really think it is to detect that technique? Can you guess how many people we have who work on quality full-time to prevent this kind of thing? --aaron@google \_ because, 1.) I am starting a new service which competes with long-existing services, Since I am funding this all myself, I can not affort to pay SEO's to place "legitimate" links on their already ranked web sites. 2.) Part of the service i am offering to clients is that there page will not link back to my page which in turn links to a bunch of their competitors. This basically hozes me, since my competition creates sites that then link back to themselves, racking up points, but i am not going to be able to do this. Because of this, my site could very easily be much better and "more relevant" and still not have as high a score as my competition. -cuek_saja@yahoo.com \_ If your site is good, people will come, regardless of what you do. If your site is bad, people will not come, regardless of what you do. If you are starting to ask these sorts of questions now you have already lost. \_ BS. If they can't find the site, they'll never know whether it's good or not. \_ Consider: http://www.google.com didn't have to circumvent google. People found it because it was good. Be good, don't be evil. \_ As for your second question, i think the color trick would be easy to dectect but the image trick would be hard. |
2002/12/10 [Computer/SW/Security, Computer/Theory] UID:26779 Activity:high |
12/9 Story on Blum at http://www.nytimes.com/2002/12/10/science/physical/10COMP.html Question - why is Blum "Professor Emeritus" of the CS dept when in fact he was happy enticed from Berkeley and is now ensconced at CMU with a full and productive lab? \_ Hey man, like what a traitor! I can't believe that! I'm just like ya know totally stunned and completely bummed! And like he ya know stole an emerity thingy from us! Man! \_Who said anything about him being a traitor? Just wondering why he has this title, which means "Retired but retaining an honorary title corresponding to that held immediately before retirement" when he's anything but retired. \_ From Webster's Revised Unabridged Dictionary (1913) [web1913]: Emeritus \E*mer"i*tus\, a. [L., having served out his time, p. p. of emerere, emereri, to obtain by service, serve out one's term; e out + merere, mereri, to merit, earn, serve.] Honorably discharged from the performance of public duty on account of age, infirmity, or __long and faithful services__; -- said of an officer of a college or pastor of a church. \_ enticed by his wife, no less. \_ yet another reason why marriage is evil. - bdg fan #3 |
2002/12/9 [Computer/SW/Security, Computer/SW/OS/Windows] UID:26754 Activity:high |
12/8 Has anyone been able to get sound working when running DOS 6.22 under VMWare? I want to play old DOS games and having no sound sucks. thx. --sky \_ I know there is a windows program that emulates an old sound blaster so old dos games can use sound, maybe oyu can hunt that down and use it? \_ VDMSound? http://ntvdm.cjb.net \_ sweet. I will try that. thx --sky \_ It works great! --sky \_ Maybe http://dosbox.zophar.net Doesn't do protected mode tho. \_ there are several dos emulators around. Which game? \_ old DOS adventure games. VDMSound seems to work with them all. --sky \_ which ones? (just curious) \_ space quest, king's quest, monkey island, maniac mansion \_ for the LucasArts games, you should use ScummVM instead. http://scummvm.sourceforge.net |
2002/11/25-26 [Computer/SW/Security] UID:26630 Activity:high |
11/25 How do I get openssh to work with s/key? I've got skey working and have passwords, but having trouble making openssh use them. \_ obGoogle \_ Google on "skey openssh" gives a million links on the old ssh vulnerability \_ Why not just use password-encrypted authorization keys? \_ ChallengeResponseAuthentication yes in sshd_config. -geordan (who dares to give actual answers) \_ what should I then see when I do ssh -v in the allowed authentications? publickey,password, keyboard-interactive ? should I continue to login as user or user:skey ? do I need to change /etc/passwd or anything else ? \_ Hm. keyboard-interactive is my guess. I don't actually remember how to activate S/Key from the client; I remember that OS X's ssh did it by default. Why do you want to be using s/key with ssh, anyway? -geordan \_ sshing from untrusted machines Tried this, but still didn't work. Any urls that are openSSH specific? \_ http://openssh.org? |
2002/11/22 [Politics/Domestic/California, Computer/SW/Security] UID:26597 Activity:nil |
11/20 How can I verify Soda's certificate? ... \_ No. You can't add self signed certs to your cert store. \_ yes, you can... the easiest way is if the machine is using the same cert for https... you can import it simply using IE... otherwise you need to manuall add import it, but it can be done. \_ Does the CSUA have a https site? Still haven't found the self-signed cert ... -OP \_ Not all versions of OE/IE support this. \_ Really? That's dumb. Another reason not to use Lookout(tm) \_ A self signed cert has no meaning in the PKI model, since all it says that you vouch that you are who you claim you are. If you really want to implement the cert mgmt correctedly there is no reason to allow such certs into the cert store. \_ Point taken. Where can I view this cert, and how was it generated, for technical curiosity's sake? And does the CSUA have a cert for https? -OP \_ http://www.openssl.org has all the goodies \_ By the way, is self-signed certificate different from a certificate that was signed by an untrusted CA (say you have setup a certificate authority within your company for signing certificates) \_ self-signed: signed by untrusted (your own) CA \_ I like the original minty green certs best, but some of the more orange flavored ones that came later were ok too. \_ Before being bought out by RSA, Xcert minted their own brand for a promo ... labeled obviously as: "XCerts"! -OP \_ Sweet! \_ Another approach if you really want secure POP is to set up SSH forwarding on a local port to csua:110, then just set up Outlook to retrieve email across the SSH (i.e., localhost: 110). |
2002/11/17-18 [Computer/SW/Security] UID:26571 Activity:kinda low |
11/17 the last five paragraphs of from this article: http://www.cnn.com/2002/TRAVEL/11/16/airport.security.ap __ Ed Karabinus, 56, was a security manager at Shepard Air Force Base in Texas last winter when he traveled through Dallas-Fort Worth International Airport and encountered inefficient screeners who didn't speak English. He decided to become a screener himself. He took the test, and in March he was one of 61 people hired as supervisors. Eight months later, he has been promoted to federal security director, a new category of federal law enforcement officer, overseeing both Wichita Falls Municipal Airport in Texas and nearby Lawton Municipal Airport in Oklahoma. Federal security directors earn between $108,400 and $150,000 a year. Karabinus, who now drives a used Mercedes, motivates his screeners by saying, "Look where I went, guys, in eight months." -- DAMN, where can I get a job like that? \_ There are always special people in all sorts of jobs doing really well. They are the exceptions, not the rule. The typical airport security jock is making $8.50/hr and will get a COLA in 2 years to $8.75/hr. \_ They are federal employees now making more than that. I don't know how much more, but more than $17k/yr certainly. |
2002/11/15-17 [Computer/SW/P2P, Computer/SW/Security] UID:26558 Activity:nil |
11/15 http://journalism.berkeley.edu/projects/biplog Coming soon, a real hostname. -dans |
2002/11/14 [Computer/SW/Security, Computer/SW/Unix] UID:26540 Activity:very high |
11/13 back to the question regards to my problem of being f*cked up by sys admin cuz they changed the UIDs... during the process changing user ID, is hard-link ever used to accomplished the task? I read somewhere that if hard-link is not being used carefully, I may never able to get those files couting against my quota unless the other person happened to deleted the file. Is that true? \_ Please supply host IP address, login name and password and I'll check it out for you. It's too hard to debug with so little, random, information. \_ 198.137.241.41, gwb, bombiraq \_ Sounds like you need to pay a contractor to go in there and fix this idiot's mess. While you're at it, fire the stupid bastard because he's making the rest of us look bad. --real sysadmin \_ maybe your sysadmin is a BOFH who is persecuting you because you just can't seem to use english properly. \_ Napalm the fuckin bastard. -John \_ thanks to all (except that grammar/spelling nazi, who didn't really contribute anything useful). For those who never step out of bay area / berkeley: you would be suprised that sheer concentration of *GOOD* system admin here at Cal, and alarming number of those who are considered as mideocre at best at for the rest of the world, even in an academic setting (where my account is) For the rest... thanks for putting up with all sort of mis- spellings and grammar errors from me. \_ Actually a lot of the world has some pretty stellar sysadmins; however, usually they lack a good academic environment in which to hone their skills and find out about others doing the same stuff. So they often end up doing crap jobs tucked away in some company somewhere, underpaid and underappreciated. I'm enjoy introducing people like that to others in the field by organizing BOFs and the likes; I'm always amazed at how little contact some of the good tech guys have to the rest of the world. And I still say there are enough decent good root-types to go ahead and napalm the fuckin bastard. -John \_ Ever owned a cat, John? Or are you just spouting? \_ Yes and yes. -!john |
2002/11/13-14 [Computer/SW/Security] UID:26535 Activity:moderate |
11/13 http://privacy.yahoo.com/privacy/us/pixels/details.html \_ Your point? \_ I believe (s)he wants us all to click on that opt-out link. \_ bugnosis? |
2002/11/6-7 [Computer/SW/Security] UID:26428 Activity:kinda low |
11/5 Which free version of PGP provides a PGPDisk that works in WindowsXP? I'm considering the International and CTK variants. Is any version more secure or trustworthy than another? \_ PGP is pretty good. \_ HA HA HA HA HA HA HA HA. ha. ha. ugh. --aaron \_ Screw it. PGP6.5.8ckt_build08 failed to install on XP, and PGP6.0.2i could not read my PGPDisks made by PGP6.0.2 Desktop Security in Windows2000. Now my question is: What other pretty good encryption tools are there that does what PGPDisk does? -OP \_ nai actually stopped developing pgpdisk before XP and before their latest versions of PGP.. and even announced that they would be killing off pgpdisk entirely.. then sold of pgp to the current PGP Corp. which says they will have support for XP in v8.0 which is currently in beta. check http://www.pgp.com -shac \_ Thanks. I'm looking for something _FREE_, and their Freeware products do not include PGPDisk. \_ Cheap bastard. Pay for it if you want quality products with full features. These people have to eat (sushi and Vik's takeout daily) and pay rent (okay, well, condo association fees) and buy shoes (and private school tuition and cell phones) for their kids. |
2002/11/5-6 [Computer/SW/Security, Computer/SW/Database] UID:26423 Activity:nil |
11/05 What form of encryption is used for system passwords? Is it possible to use that same form in mysql? I would like to be able to take a users encrypted password from sql (which needs to be usable through mysql) and give them a system account once they have jumped through additional hurdles. Is this possible? how? URLs appreciated. \_ ??? What's the project goal? \_ man crypt |
2002/10/22 [Computer/SW/Languages, Computer/Rants, Computer/SW/Security] UID:26275 Activity:high |
10/21 Is there any service that takes email and sends regular mail? Like bill pay, but with email instead of checks. I should be able to set up "sendees" and they could print and send my emails to them. Then i could correspond with my amish friends! \_ don't you have a printer, stamps, paper, and envelopes? \_ I'm VERY LAZY and am willing to pay someone else to specialize in that and get the economies of scale. \_ http://www.usps.com/mailingonline \_ cool, thanks. |
2002/10/17-18 [Computer/SW/Unix, Computer/SW/Security] UID:26234 Activity:insanely high |
10/17 Is there a really easy way to forward all port 80 packets to another machine? I want to migrate my web (but not mail/smtp/etc) packets to a new machine. I don't want any sort of HTTP redirects because I want the transition to be "seemless". Does my question even make sense? \_ seamless \_ Any firewall software can do this. Or you can point the DNS name at your new web server and use MX'es to keep the mail on the existing server. Or use mod_rewrite. -tom \- writing a generic "port forwarder" to listen on localhost:tcp/### and fwd that to A.B.C.D:### is pretty straght forward programming exercise. in fact it is possible ssh can do it for you. i have a tool i suppose i can send you which forwarded the pop protocol but it should work for WEEB by just changing the port number. [all WEEB is tcp, right?]. i seem to remember after looking at a breakin there was some crackerware to do this too. --psb \ are you calling nc "crackerware"? \_ This is what I was going to do. Either this or just use ssh to do the forwarding until I complete the migration. do the forwarding until I complete the migration. But I was hoping that someone had already written something (or gotten netcat to work as such) so that I don't reinvent the wheel... and don't have to worry about implementing error handling and so forth. \_ DNS! Why does no one use DNS for this stuff? The world wasn't meant to be hard coded IPs. They made DNS for a reason. You don't need clunky firewall kludges if you made proper use of DNS. You wannabe sysadmins are getting more dangerous by the day. Please tell me this isn't a commercial site. \_ because dns wont forward port 80 packets. DNS will send all packets to that hostname elsewhere. This is why a smart admin will point several names at the same host, each name for each service on the host, and then they can move the ip in the name for that service without affecting the other services. I.e. csua www service is 'www.csua', not 'soda.csua' (even those two names point to the same IP), so we can move www service if necessary without screwing other services. If you weren't so smart, firewall-NAT /packet forwarding/ is your only option. -ERic \_ Thank you for the description of "proper use of DNS" as mentioned above. Anyone who doesn't know that DNS doesn't forward packets needs to give up the root shell. \_ DNS switches are not "seemless". Even if you have your TTL set properly, there is a whole world of improperly set up DNS servers (and microsoft DNS clients that mad-cache) that will not get up- dated the instant you want them to. (Of course, just leaving the service up at site 1 for a while is probably better than port forwarding everything with good ol' nc -The SysAdmin. \_ Gosh, you mean you actually figured out how to do a seamless service migration with DNS? Wow. That was hard, huh? \_ 1) You are a dumbass, as everyone else already pointed. 2) Even if what you said were correct (which it isn't), have you considered the possibility that some people might be hard- coding the IP's? \_ 1) No one said any such thing. Learn to read. 2) It's correct and anyone who hard coded the IP's is a total moron at step zero and shouldn't have root which was already addressed earlier. If you could read, you'd have read that, too. 3) Learn to read. Thanks. \_ [ inane baiting deleted. ] \_ OP here. Here's my solution: www stream tcp nowait nobody /usr/local/bin/nc nc my.remote.host 80 im reposting my solution for the third time: tcpserver 0 80 nc ncc 80 |
2002/10/15-16 [Computer/SW/Security] UID:26195 Activity:kinda low |
10/15 FYI OpenSSH 3.5 is out. \_ Interesting. Is there a ChangeLog somewhere that summarizes the changes in this release. In particular, I am wondering if PAM and auditing problems have been fixed in Solaris when privilege separation is enabled. \_ ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog |
2002/10/15-16 [Computer/SW/Security] UID:26191 Activity:high |
10/15 I don't have a long dist carrier. I usually use 10-10-321, 811, 220, etc. What's a good plan to use? \_ http://www.onesuite.com Cheap, no hassles, portable. \_ http://www.onesuite.com/faqs.htm#G13 , you can get 20 free minuts (hey that's like 60 cents)! but why don't they just bill the telephone like others? \_ onesuite is actually a calling card which you can access through a 1-800 number or local numbers. it is not a traditioal long distance carrier. |
2002/10/15 [Computer/Rants, Computer/SW/Security] UID:26185 Activity:very high |
10/14 Why all the H1B posts? Our jobs, esp support and QA are already being exported to countries like India and China. There was a report from 60 Minutes that says a few phone companies already shifted their phone support ops to India. They even train the workers to be knowledgeable about the American culture (football, beer, etc). Face it, many jobs are indeed exportable. IT is just a glorified auto/steel/whatever industry. \_ You're a Cal grad and doing phone support and QA? Jesus F. Christ! Did you graduate with a degree in English or something? \_ I thought Jesus' middle initial was 'H'. \_ You don't know what the 'F' is for? \_ Agreed, IT = auto = steel = dockworkers. However, since most motd readers are sys admins, they confuse themselves with real software engineers and architects. We're not worried about H1B workers. \_ uh, it's the software development that can be easily exported, not the sysadmin work. Think autoworker vs. policeman. -tom \_ *laugh* As a sysadmin, the last thing I'm worried about is my job getting exported to another country. No sysadmin confuses what they do with what a coder monkey does. When a coder monkey fucks up, you get a bug which gets caught by QA (in India). When a sysadmin fucks up, the whole shop goes down. No one is going to ship their servers to India. Silly troll, cookies are for kids! \_ Recently had trouble with an http://amazon.com order. Emailed them (the only way to reach them) and all I got were replies from folks with Indian-looking names. All replies either had good english or good scripts or both. I suspect amazon support may be outsourced? \_ I have never gotten good customer service of any kind from an Asian-outsourced helpdesk. In fact, this is the main reason why I refuse to buy anything from http://Amazon.com anymore. My experience with US helpdesk workers is mixed, although mainly positive (unless you're dealing with a fucked up company like Sony. The only consistently good tech support I've gotten was from Irish call centers (most European tech firms redirect English-language calls there.) -John \_ Was on the phone with a Netapp chick in Singapore last night. She didn't fix my problem but had a sexy voice so I still logged the call as a "10" in their customer service records. \_ I have never gotten good customer service of any kind through the phone, period. Almost. \_ B&H over the phone seems okay. \_ Exporting software jobs is the best thing that ever happened to the software industry. Perhaps now, we will realize that many engineering positions are filled by glorified, semi-skilled typists (software). Let's face it- software systems are LARGE nowadays- but innovation is the crux of value, not WPM. Stop complaining about your obsolete job. Coding is a monkey task that should be outsourced, not protected by some archaic notion of an ivory tower of academia. \_ Which is why I would recommend moving up to a more architectural or managerial level, to avoid your job being 'exported'. I agree, coding, not only a 'monkey task' as the above posted noted, is often considered a thankless job. Don't shoot the messenger, this is what I heard. \_ Put it this way. Number of engineers produced per year in US: 65000, in China 700000, and their quality is improving. \_ This is exactly the kind of reasoning upper management uses to justify H1b's shortly before they get a http://fuckedcompany.com entry. Because if 1 american engineer can do it in X days, then 10 H1b engineers can do it in X/10 days. Right? Good math. |
2002/9/28 [Computer/SW/Security, Computer/SW/Unix] UID:26038 Activity:nil |
9/28 I installed mysql 3.23.52_1 via pkg_add and I'm trying to set the root password-- but I don't know the default password. This is a fresh installation, and I'm using % /usr/local/bin/mysqladmin -u root password 'blah' /usr/local/bin/mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user: 'root@localhost' (Using password: NO)' % /usr/local/bin/mysqladmin -u root -p password 'blah' Also fails, because I don't know the stinking password. I've tried the system's root password, "root", "toor", and various foul language. |
2002/9/13 [Computer/SW/Security] UID:25874 Activity:kinda low |
9/12 Has anyone else noticed that their ssh session tends to die as soon as they get notified of new mail? \_ never happens to me. \_ Mine is kindof twisted. If I have newmail running in the backgrnd I cannot seem to log out of my ssh session cleanly (it just hangs after the logout). But if I kill the newmail process prior to logging out, it works fine. (this is on a Debian Linux). Clues? \_ just a guess -- does newmail open an X connection? \_ try ssh -v when making connections. without debugging info you don't stand a chance. |
2002/9/12 [Computer/SW/Security] UID:25859 Activity:nil |
9/11 I hate people who block ping requests, it is so annoying and of so little (in fact i'd go as far as to say NO) security value. \_ some people just block all icmp.. for valid security reasons -shac |
2002/9/11-12 [Computer/SW/Security, Computer/SW/Unix] UID:25851 Activity:low |
9/11 Is it commonly accepted to use rsync between two machines using a null passphrase? I haven't found any good workaround. The next best thing would be to type the key once per reboot, but that is inconvenient and the key stays in memory. So... after a few days of googling, root+null passphrase is the best I could come up with. \_ If it's a low security site, you can do the null passprase to a junk account and then have cron or whatever copy/move the files out. jailed shells and what-not are easy enough to setup without jumping through too many flaming hoops. Are these both internal machines? Maybe NFS is the answer? \_ Install ssh, rsync over ssh instead of rsh and use a passkey. |
2002/9/9 [Computer/SW/Security] UID:25820 Activity:high |
9/8 Is @cal forwarding down again all day? What the hell? It's an embarrassment to Berkeley! Shit I should've never trusted them in the first place!! My ISP is far more reliable! They suck you in with a permanent email forwarding address and then the service goes down for days. Bunch of idiots!!! \_ Is there a number we can call about the service? \_ This gives Cal a bad name, just like the programming contest and Cal Football. \_ We've won our past three games against 5th tier teams! \_ I think it may have come back up. |
2002/9/4-5 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:25767 Activity:very high |
9/3 I'd like to donate equipments (eg 160G HD) so that I can influence politburo members into giving me root access. How do I go about doing that? P.S. I'm an alumni \_ alumnus (possibly alumna) or alum \_ are you female? I think most of them are tired of making love to mr.hand \_ rosie Palm and her five sisters are h07! \_ The Palm SEXtet (pun intended) will make you blind! \_ You mean *Miss* Hand? Or are they gay? \_ No, you're just 100% clueless. \_ mail politburo. ask. -chialea \_ chialea! I want to kiss you! :-) \_ are you an eastcoast or westcoast stalker of hers? !fan \_ you're freaky \_ No, they're dreamy! --chialea #1 fan #1 fan \_ a.k.a. chialea \_ Incorrect. --chialea #1 fan #1 fan \_ you're going about it the wrong way. you need to bribe a single root person, not the whole politburo. you don't want official access, just access. social hacking. \_ is that how paolo got root? \_ Speaking of bribing, have the recent politburo requested alumni support yet for this year? \_ still not getting it. you dont support politburo for root, you buy some kid a few beers. sheesh. must i spell out *everything* for you? \_ Not looking for root, just wondering about funding. \_ maybe they can request funding for a SCSI RAID card. \_ if you're cute, you screw for root. \_ The secretary? \_ Good things I'm not sexy@csua anymore -chialea \_ Get real. Sleep with csua root users instead of popping 5 bucks for cheap beer? Son, not all sex is good sex. You should go for the beer option. |
2002/8/29-30 [Computer/SW/Security] UID:25734 Activity:high |
8/29 Do you guys have a different password for every single account you own -- email, website, server, bank, etc? \_ Yes. \_ I have tiers of security-- like very secure, medium, and not at all secure. Usually as I retire my very secure passwords, I move them down to the lower tiers... except for the lowest level, which is almost always just based on my name or something. \_ I do this too. I wonder how commmon it is. \_ How do you remember all the passwords? I have like 10 passwords for maybe 30 accounts. I can never remember which to use for what, except for the accounts I use daily. \_ I use the same password for all my accounts, home, work, root, hotmail, http://yermom.com pr0n sites, my secret password with Visa, my home security company, everything. \_ Have you been to http://yermom.com? What a fucking stupid website! |
2002/8/29-30 [Computer/SW/Security] UID:25732 Activity:high |
8/29 Has anyone tried DMA? Does it really work? I'm afraid to use it for the same reason why I don't click on "unsubscribe me" from spams. \_ Yes it works. Both for mail and phone-based junk. It works best if you also request that the credit agencies not release your info as well and you foregoe mail forwarding when you move. \_ Those work very well for me, together with calling up companies to cancel junk catalogs under whoever's names and my address. --yuen \_ Direct memory access? I love it. Great stuff. Works great and less filling at the same time! Better than rogaine \_ No but I've tried MDA. Is DMA some other analogue? \_ Direct Marketing Association, Inc. http://www.the-dma.org The posters are talking about DMA's Mail Preference Service which helps you stop junk mail. helps you stop junk mail. Saves time and trees. |
2002/8/29-30 [Computer/SW/Security] UID:25731 Activity:low |
8/29 Is there a website that tells you the elevation above sea-level of all the cities in the US (at least the major ones)? \_ No. I have encrypted all of my copywritted material using an encryption algorithm based on US city elevation data, and releasing it now would be in violation of the DMCA. If you try to download that information from the web, I'll DOS your server. -GIAA \_ Uh, Yeah, the first link from the google query: "us major cities elevation above sea level" -googled |
2002/8/27 [Computer/SW/Security, Computer/SW/Unix] UID:25705 Activity:high |
8/27 Is there a CSUA policy about deleting accounts of those who have died? Or is it a respect sort of thing to keep the account for the deceased? \_ There are deceased? \_ gene kan \_ What happened to him? \_ He Cobained. \_ gene can do what? \_ was he active CSUA? \_ How about deleting accounts for those who have been inactive for a long time? \_ and... why? \_ To reclaim disk space? Free up login names and UIDs? Reduce chance of break-ins since those people won't be changing their passwords periodically? \_ As if people who never really used their accounts are using a lot of disk, someone else wants their name, we're near out of UIDs or more than 1% of you slack bastards has changed your password in the last 6 years.... \_ reclaim unused uids? Doesn't the account creator just add a new uid after the highest used one? Are we even anywhere near starvation for uids? types.h lists the uid as: typedef u_int32_t uid_t; So thats what, 4 billion possibilities? I see only 2400 or so passwd entries. Try another excuse to delete unused accounts... To reduce chance of break-ins? I'd argue to delete the active accounts -- theyre the ones most likely to have their password leaked ( via social engineering , trojaned software, or other means) or shared on another site. \_ ok genius so then why should the accts not be deleted? \_ The burden of proof is on those who desire change in a functional environment. They should not be deleted because there is no reason to and it would waste someone's time to do so. Why *should* any accounts be deleted? \_ How come at line 2437 in /etc/passwd the UID goes up to 10958, but then at line 2438 it starts from 1003 again? \_ I saw that old login names like achoi or choice no longer exist. \_ achoi/choice is now android. -geordan \_ So any future Albert Choi or Ah-Ching Hoi can re-use the login achoi. \_ *hint* |
2002/8/26-27 [Computer/SW/Security, Computer/SW/OS/Windows] UID:25694 Activity:high |
8/26 After I save a file in win95, I need to process it from DOS prompt (to use with sftp for putty for example). I find the file name to be "currupted" - it's shorter and contains strange characters like "~". I know this must be a feature from MS but how to get around it and access the file from DOS using the real file name? \_ try using cygwin \_ the win95 shell displays that because it's DOS and DOS doesn't do more than 8.1 filenames. Just use those shorter names (i believe they show up correctly in windows), use the long name with quotes around it (i think that works) or better yet upgrade to win 2000. \_ if you use the short file name with scp, you'll lose the long file name on the other side. you need to double quote the LFN to do what you're talking about. or as the above say use cygwin or w2k. \_ By "DOS prompt", do you mean the DOS window in Win95, restarting Win95 in DOS mode, or plain MS-DOS 6.xx? \_ Enclose your long/full name with double quotes. \_ Use double quotes. \_ I think double quotes will do the trick. |
2002/8/26 [Computer/SW/Security] UID:25689 Activity:moderate |
8/26 Any recommendations for web hosting services with good latency from campus? Looking for cheap service to host low traffic www site. \_ Low latency? You're playing quake from your campus office? |
2002/8/20-21 [Computer/SW/Mail, Computer/SW/Security] UID:25623 Activity:very high |
8/20 using gpg i want to associate someones public_key with a wildly different alias that they also use to mail me encrypted text. I skimmed the long man-page but didn't find it. \_ you really think the nsa cant read your text in real time? get real. they can spot the gpg signature and flag your packets to make certain a human reads the messages. sheesh. dont you know the best way to hide is in plain sight where your traffic looks like everyone else's and only the computers will read (and ignore) it? \_ (!OP): I don't care about the NSA. I care about business competitors, 1337 haxors, and the like. \_ w3 @1r3d33 0wNz y00. \_ (TOP) o.k. i love to ecourage trolls.. 1) I'm trading commercial "secrets" not military ones so I don't much care if some cypher-wonk in the basement of the pentagon reads my mail. 2) By encrypting traffic "they"re not interested in i'm making their job harder, if only a little, which makes me happy. \_ What mail client do you use to (en|de)crypt mail w/ gpg? \_ mutt \_ pine. (flame away) \_ So you trust foreign governments such as the French who are known to engage in industrial espionage for their corporations not to steal your data and hand it over to your competitors? So much to learn, so little time.... |
2002/8/19 [Computer/SW/Security, Computer/SW/Unix] UID:25608 Activity:nil |
8/19 http://www.kuro5hin.org/story/2002/8/19/2952/21932 - php gui sucks. \_ gui's are bad. |
2002/8/15 [Computer/SW/Security] UID:25563 Activity:very high |
8/15 I am familar with SSH1 but just put SSH2 on my computer. With SSH1, I know I put the contents of his identity.pub file in my authorized_keys file. With SSH2, what is the analogous procedure? Do I do something with the snippet that begins "---- BEGIN SSH2 PUBLIC KEY ----" which he sent me? Where do I put that on my server? Thanks! \_ It depends on what kind of keys you use (SSH1 or SSH2 keys), what client do you use, and whether the server is running openssh or commercial sshd. In case of soda, you have to upload your public key to your account, convert it to the format the openssh understands using ssh-keygen command and then append it to your .ssh/authorized_keys2 file. \_ I think I need to add something in the .ssh2 directory. I am running with "SSH-1.99-2.4.0 SSH Secure Shell". \_ yes, consult the ssh2 man page \_ place the public key (the entire file from '---- BEGIN...' to '---- END SSH2 PUBLIC KEY ----' in a file under .ssh2 then create a .ssh2/authorization file containing the line 'Key pubkeyfilename' (where pubkeyfilename is the name of the public key file you just created) - max |
2002/8/8 [Computer/Domains, Computer/SW/Security] UID:25524 Activity:high |
8/8 If I use <DEAD>foo.bar.com<DEAD> in a root .rhosts file, can someone who controls DNS server in his own domain set up one of his addresses to reverse to <DEAD>foo.bar.com<DEAD> and get into my machine? \_ If you're using rsh? Probably. ssh, if you have it configured to, will check to see if the remote machine's host key is correct. \_ Yes I know this wont work for ssh. I think with rsh the only trick is to get him to look at your DNS server. If you can do that, I think it will work. |
2002/8/1-2 [Computer/SW/Security] UID:25470 Activity:high |
8/1 Bugtraq reports that openssh-3.4p1 was trojanned on http://ftp.openbsd.org, and its mirrors. \_ Link? And Is that what happened to csua? \_ http://online.securityfocus.com/archive/1/285492/2002-07-29/2002-08-04/0 \_ Don't think so. That seems to have affected the openssh-portable port. \_ which... soda runs... \_ dont bring facts into this. this is the motd, damn it! \_ It's okay, they didn't. \_ no it doesn't: $ telnet soda 22 Trying 128.32.112.233... Connected to http://soda.CSUA.Berkeley.EDU. Escape character is '^]'. SSH-1.99-OpenSSH_3.4 \_ genius wtf do you think that is? If it isn't an openbsd machine and it's running openssh, it's the portable one \_ I believe the FreeBSD uses the non-portable openssh too, perhaps with their own patches. If FreeBSD was using portable openssh, you'd see a version string that looks like this: SSH-1.99-OpenSSH_3.4p1 \_ Hi. You're an idiot. \_ Recent FreeBSD base system uses 3.4p1. There are also two ports: security/openssh and security/openssh-portable, which are a patched OpenBSD version and the portable version, respectively. Soda is running the former, AFAIK. --dbushong \_ The only installed openssh port I see is: /var/db/pkg/openssh-3.4_4 \_ What's the bottom line? Is soda's current version compromised? \_ I don't think so. Plus, the compromise is just a side effect of the build, and (supposedly) should not affect the built executables. \_ No. The MD5 on the src tar ball in /usr/ports/distfiles matches the correct MD5: MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 soda$ cd /usr/ports/distfiles/ && md5 openssh-3.4.tgz MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 \_ Here is what I've heard from a reliable source: (sorry, no url) "If you didn't rebuild OpenSSH from scratch in the past 36 hours you don't have to worry about it and the trojaned code was replaced with a clean copy by 6am PDT. The trojan was that someone added a line to a Makefile such that during compilation, a socket is opened to a hacked machine once an hour to await "commands" (or example, open a shell, or die). The OpenSSH code base wasn't touched. The hacked machine was wiped early early this AM. I haven't heard anything about whether the SunOS 4.1.X FTP server (the OpenSSH project hosts there because the people who offered to host it there have lots of bandwidth) was hacked, or if this was some kind of inside job from someone who had appropriate levels of access on that host. Like you doctor always said, check your md5 checksums and your PGP sigs. The FreeBSD "ports" system does that automatically and refused to build and install the tainted coded." |
2002/7/29 [Computer/SW/Security] UID:25436 Activity:nil |
7/29 Can some one tell us some definitive info about what's going on with pop? it hasn't worked since the ip change. Do I need to change port number? \_ The sort-of official, and thoroughly unannounced answer is that clear-text POP/IMAP has been disabled since the recent compromise. You can only use SSL enabled POP/IMAP clients. Hopefully we will soon have localhost clear-text service available for those who prefer to ssh tunnel instead of trying to find an SSL enabled mail client --scotsman \_ okay, what settings do I use for POP3 over SSL? port 995? \_ Y'know. looking at things, I don't see POP3s enabled.. I'd have to say mail root. --scotsman \_ wasn't this always the case? I was never able to use POP w/ clear-text password remotely and have been ssh tunneling for about the last year. - rory \_ On a somewhat related note, is telnet / skey going to be reenabled, or is it permanently disabled? |
2002/7/25 [Computer/SW/Unix, Computer/SW/Security] UID:25422 Activity:insanely high |
7/25 Just curious. How come 'last' shows the date went backwards? thx. mikeh ttyA7 128.32.112.194 Thu Jul 25 01:09 - 01:11 (00:01) root ttyv1 Thu Jul 25 01:08 - 01:09 (00:00) root ttyv0 Thu Jul 25 01:07 - 01:08 (00:01) emarkp ttyv3 Wed Jul 24 23:36 - 23:36 (00:00) mehlhaff ttyA4 63.201.156.21 Wed Jul 24 23:30 still logged in root ttyv2 Wed Jul 24 23:24 - 23:46 (00:22) root ttyv1 Wed Jul 24 22:51 - 23:46 (00:54) mikeh ttyv0 Wed Jul 24 22:50 - 23:47 (00:56) reboot ~ Wed Jul 24 22:50 shutdown ~ Wed Jul 24 22:44 root ttyA1 10.32.43.51 Wed Jul 24 22:17 - shutdown (00:26) mikeh ttyA1 10.32.43.51 Thu Jul 25 03:54 - 22:17 (18:23) jon ttyA3 10.32.43.51 Thu Jul 25 03:07 - 03:08 (00:00) root ttyA4 10.32.43.51 Thu Jul 25 03:00 - shutdown (19:43) root ttyA1 10.32.43.51 Thu Jul 25 02:44 - 03:54 (01:10) mikeh ttyA1 10.32.43.51 Thu Jul 25 02:44 - 02:44 (00:00) root ttyA0 10.32.43.51 Thu Jul 25 01:45 - shutdown (20:59) reboot ~ Thu Jul 25 01:35 \_ that's why it's called 'last'. it shows from most to least recent who has logged in. \_ so you saying july 24 is more recent than july 25? |
2002/7/25-26 [Computer/SW/Security] UID:25416 Activity:moderate |
7/25 Is there any ETA of a full report about the compromise? For instance-- how long ago did the hack take place? Where did it originate? How was it discovered? Was ssh-keygen hacked? Do we need to replace our keys? Are we supposed to change ALL of our passwords, or just ones that we used in the past X days? \_ Also, what _isn't_ known about the hack? \_ we believe that nweaver was responsible. --h@x0r \_ Are we going to ask for the death penalty? \_ Can't hurt to change your passwords and ssh keys anyhow... |
2002/7/25-2003/1/5 [Computer/SW/Security] UID:25415 Activity:nil |
07/25 Yes, soda's ssh, sshd, and sudo were compromised. Changing all of your passwords is advised. Services that are down now will come up in due time. --ajani |
2002/7/25 [Computer/SW/Security, Academia/Berkeley/CSUA/Troll] UID:25414 Activity:high |
7/25 Anybody know what's happening with alumni.eecs? Can't seem to ssh in. \_ Last I herd they were having problems with secure shell. \_ Sounds like they got 0wnz0red \_ well, they told me because csua's ssh was trojaned, all accts which have anything to do with soda is disabled. Talk to root to reactivate it. \_ csua's ssh was trojaned? when did this happen? \_ Shoulda used coitus interruptus, but abstinence is the best choice! \_ You better be fucking kidding because there's nothing about this on /etc/motd.official. If soda got owned we have the right to know about it and root has a responsibility to tell. I'd like to see official word on motd.official whether this is true or not. This isn't funny if you're making it up. \_ What even not funnier is how you're being such a dick about asking for this information. \_ Excuse me while I beg for critical security information. Oh please please please let me know sometime after you graduate what the fuck was going on. Security isn't a joke and users shouldn't be left guessing wtf happened or how much they might be fucked over. And for you personally, fuck you, you know nothing fool. \_ And for you personally, if your files and whatever else are so critically dependent on soda being completely secure, get your own machine and connection and maintain it. \_ Found on http://ucb.org.csua (7/24): Soda.csua is down because it was compromised. It will hopefully be fixed tomorrow. Galen \_ which is unfortunately not very helpful when soda is the only machine from which one can read ucb.* \_ Try http://groups.google.com? \_ how about a secondary webserver on, say, scotch that gives news and downtime type stuff for soda. new A record <DEAD>news.csua.berkeley.edu<DEAD>, etc. \_ If you asked him really nicely, perhaps dbushong would be willing to do something like this at http://www.csua.org I'll bet you'd have better chances if you volunteered to do the coding so that he could just post it. \_ I know dbushong. dbushong is a good friend of mine. and you, sir... wait.. what was i saying? Really. Dave just runs http://csua.org. He doesn't know or care about the daily goings on of soda. This is something the politburo can and, i'm going out on a limb here, should do. \_ Ok that's a start, how about some info on how long it's been compromised, what sort of compromise, how badly, what were the hackers doing, what got installed, etc? \_ Nice attitude. And how much have you contributed to this group and its equipment lately? |
2002/7/25-26 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:25413 Activity:low |
7/25 Thanks to the root types who have been working hard to clean up the recent mess on soda and in EECS in general. The masses are pleased to have soda return. --PeterM \_ Word. \_ Hmm, is POP and IMAP still down? \_ All praise the great root types! \_ No HTTP service either \_ Your work means a lot to us. Inability to use soda drives me nuts, especially since I use it for love emails. \_ specifically much praise is due to mikeh. He put alot of time into the reinstall and cleaning up of things. 'course everybody put effort in. |
2002/7/16-18 [Computer/SW/Security] UID:25372 Activity:high |
7/16 How do I generate a public key compatible for openssh on an SSH (commercial) machine? openssh uses single-line keys, while ssh uses multiline keys. \_ I got out a text editor and re-arranged the entries to match. It was lame but it worked. \_ see openssh ssh-keygen man page \_ If you're trying to use pre-existing keys and convert them this won't do it for you but it will generate new ones in either format. \_ Yes it will, you apparently haven't read the manpage. \_ Not in my version which is relatively recent. -x This option will read a private OpenSSH DSA format file and print a SSH2-compatible public key to stdout. -X This option will read a unencrypted SSH2-compatible private (or public) key file and print an OpenSSH compatible private (or pub- lic) key to stdout. \_ Yes and where's the option for ssh1? |
2002/7/13 [Computer/SW/Security, Computer/SW/Unix] UID:25347 Activity:moderate |
7/12 Anyone know of a lightweight secure ftp program like secure fx? Putty PsFtp is *too* lightweight. \_ try WinSCP \_ ssh secure shell client for windows, available on http://depot.berkeley.edu if you can't access http://depot.berkeley.edu, maybe you shouldn't be on a machine that is supposedly for undergrads. \_ I wake up every morning and try to fuck up everyone else's day just a little bit too, cool! |
2002/7/6 [Computer/SW/Security] UID:25292 Activity:low |
7/5 What is the purpose of having subkeys in the PGP/GPG encryption scheme? \_ for rounds. |
2002/7/6-8/9 [Computer/SW/Security] UID:25290 Activity:nil |
07/05 Apache upgraded, bugs to dev-null@soda. In the future if you see a problem mail root rather than venting on the motd. Yes, we read bugtraq, as is demonstrated by the fact that security issues are normally handled quickly. --Galen |
11/23 |