Sven Luther dijo [Thu, Dec 11, 2003 at 09:04:43PM +0100]:
> > > GPG smart-cards are entering the market. If GPG is crackable then
> > > we have lost regardless. If GPG is secure then GPG smart-cards will
> > > do as long as they are not stolen. Having revokation proceedures
> > > for stolen card
On Wed, Dec 03, 2003 at 09:32:37AM -0600, Manoj Srivastava wrote:
> On Wed, 3 Dec 2003 14:17:18 +1100, Russell Coker <[EMAIL PROTECTED]> said:
>
> > On Wed, 3 Dec 2003 12:34, Don Armstrong <[EMAIL PROTECTED]>
> > wrote:
> >> The problems associated with them aren't too terribly different
> >> fro
On Sat, Dec 06, 2003 at 11:13:05AM -0600, Manoj Srivastava wrote:
> And then again I question your judgement. What, pray, is this
> good thing that is going to go away?
"Hey hey I saved the world today
Everybody*s happy now
The bad things gone away
And everybody*s happy now
The good thing*
On Sat, 6 Dec 2003 02:35:16 -0800, Tom <[EMAIL PROTECTED]> said:
> On Sat, Dec 06, 2003 at 01:51:23AM -0600, Manoj Srivastava wrote:
>>
>> Drop the imperatives, and we shall get along a lot better. Better
>> still, roll up your sleeves and make it happen, and you'll earn my
>> respect, and my s
On Sat, Dec 06, 2003 at 01:51:23AM -0600, Manoj Srivastava wrote:
>
> Drop the imperatives, and we shall get along a lot better.
> Better still, roll up your sleeves and make it happen, and
> you'll earn my respect, and my support.
How about "fuck up again and watch your good thing go awa
On Fri, 5 Dec 2003 02:45:41 -0800, Tom <[EMAIL PROTECTED]> said:
> Let me start by saying I basically understand your last point: it's
> not worth it because it won't work.
> On Fri, Dec 05, 2003 at 04:01:42AM -0600, Manoj Srivastava wrote:
>> who follow secire processes. Blowing 40k collective
Let me start by saying I basically understand your last point: it's not
worth it because it won't work.
On Fri, Dec 05, 2003 at 04:01:42AM -0600, Manoj Srivastava wrote:
> who follow secire processes. Blowing 40k collectively is unlikely to
> buy us much security.
Like I said, it may be that i
On Thu, 4 Dec 2003 11:52:21 -0800, Tom <[EMAIL PROTECTED]> said:
> On Thu, Dec 04, 2003 at 11:43:21AM -0600, Manoj Srivastava wrote:
>> Snippy, aren't we? Usually it is better to have basic logic
>> straight before you try for a mistaken sense of haughtiness.
> My logic is correct; apparently m
On Thu, Dec 04, 2003 at 11:43:21AM -0600, Manoj Srivastava wrote:
> Snippy, aren't we? Usually it is better to have basic logic
> straight before you try for a mistaken sense of haughtiness.
My logic is correct; apparently my understanding of the goals of the
Debian project is not. I al
On Wed, 3 Dec 2003 13:36:58 -0800, Tom <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 09:24:07AM -0600, Manoj Srivastava wrote:
>> Heh. Your grasp of the practicality of the situation is slipping.
>> Not only do these guys donate a fairly expensive chunk of billable
>> hours and expertise,
On Wed, 3 Dec 2003 13:36:58 -0800, Tom <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 09:24:07AM -0600, Manoj Srivastava wrote:
>> Heh. Your grasp of the practicality of the situation is slipping.
>> Not only do these guys donate a fairly expensive chunk of billable
>> hours and expertise,
On Wed, 3 Dec 2003 13:34:51 -0800, Tom <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 09:26:15AM -0600, Manoj Srivastava wrote:
>> Guess what the median age of a Debian developer is.
> Don't know, don't care.
>> Volunteer organization have dues?
> Yes, I don't know what planet you're fro
On Wed, Dec 03, 2003 at 09:32:37AM -0600, Manoj Srivastava wrote:
> Laptops with biometric print readers are supposed to be around
> the horizon as well.
If you're talking about laptops with fingerprint readers, they're
consumer items right now. The sales manager at my ex-employer had one
f
On Thu, Dec 04, 2003 at 10:27:57AM +1100, Russell Coker wrote:
> Current fingerprint readers have been shown to be very unreliable. Both
> false-positives and false-negatives are big problems.
and normally they cant be used over untrusted channels/terminals, since they
work with
a shared secret
On Thu, 4 Dec 2003 02:32, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> An even better security guideline is "something you are" -- so
> should we not spring for retinal scanners/fingerprint readers/other
> buiometrics? I mean, we _are_ talking about other peoples money. :P
Biometric sca
Le mardi 02 décembre 2003 à 17:19:22, Tom a écrit:
> Smartcards would have avoided the Debian compromise: merely having a
> compromised DD box would have prevented bad guy from getting on the box
On Wed, Dec 03, 2003 at 11:14:29PM +0100, Wouter Verhelst wrote:
>
> Let me reiterate. You want to set up something with the Debian Project's
> machines so that I have to pay for the privilege of contributing?
>
> Thanks, but no thanks. Volunteers don't work that way.
>
No sweat, that's totally
Op wo 03-12-2003, om 22:36 schreef Tom:
> On Wed, Dec 03, 2003 at 09:24:07AM -0600, Manoj Srivastava wrote:
> > Heh. Your grasp of the practicality of the situation is
> > slipping. Not only do these guys donate a fairly expensive chunk of
> > billable hours and expertise, they must pay to b
On Wed, 2003-12-03 at 15:32, Manoj Srivastava wrote:
> An even better security guideline is "something you are" -- so
> should we not spring for retinal scanners/fingerprint readers/other
> buiometrics? I mean, we _are_ talking about other peoples money. :P
This idea has recently been in t
On Wed, Dec 03, 2003 at 09:24:07AM -0600, Manoj Srivastava wrote:
> Heh. Your grasp of the practicality of the situation is
> slipping. Not only do these guys donate a fairly expensive chunk of
> billable hours and expertise, they must pay to be able to volunteer?
Sure, if you care about
On Wed, Dec 03, 2003 at 09:26:15AM -0600, Manoj Srivastava wrote:
> Guess what the median age of a Debian developer is.
Don't know, don't care.
> Volunteer organization have dues?
Yes, I don't know what planet you're from, but on this planet the
Rotarians, Kiwanas, Civitans, Knights
On Wed, Dec 03, 2003 at 09:28:30AM -0600, Manoj Srivastava wrote:
> Sender: Tom Ballard <[EMAIL PROTECTED]>
Yeah, somebody else pointed that out. It's bullshit that mutt was doing
that to me. My /etc/email-addresses:
# This is /etc/email-addresses. It is part of the exim package
#
# This file
On Wednesday 03 December 2003 15:32, Manoj Srivastava wrote:
> An even better security guideline is "something you are" -- so
> should we not spring for retinal scanners/fingerprint readers/other
> buiometrics? I mean, we _are_ talking about other peoples money. :P
However 'something you a
On Wed, 3 Dec 2003 14:17:18 +1100, Russell Coker <[EMAIL PROTECTED]> said:
> On Wed, 3 Dec 2003 12:34, Don Armstrong <[EMAIL PROTECTED]>
> wrote:
>> The problems associated with them aren't too terribly different
>> from those associated with keys or other forms of physical
>> security, notably,
On Wed, 3 Dec 2003 01:24:50 -0800, Tom <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 01:16:39AM -0800, Tom Ballard wrote:
> Oh, one last thing: each DD should pay for the device him/her self
> and should be required to fly to meet wherever they can pick them
> up. Why do you assume someb
On Wed, 3 Dec 2003 06:54:29 -0800, Tom Ballard <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 08:45:49AM -0600, Steve Langasek wrote:
>>
>> Share the crack.
> In my experience kids in college and right out tend to freak out
> over the thought of having to spend a few dollars of disposable
On Wed, 3 Dec 2003 05:42:20 -0800, Tom Ballard <[EMAIL PROTECTED]> said:
> On Thu, Dec 04, 2003 at 12:20:57AM +1100, Hamish Moffatt wrote:
>>
>> How about including your full name somewhere in your posts too
>> then? I find it a bit off-putting to discuss security with someone
>> who's obscuring
I demand that Tom may or may not have written...
> On Wed, Dec 03, 2003 at 08:45:49AM -0600, Steve Langasek wrote:
>> Share the crack.
> In my experience kids in college and right out tend to freak out over the
> thought of having to spend a few dollars of disposable income, because they
> don't
On Wed, Dec 03, 2003 at 09:06:07AM -0600, Graham Wilson wrote:
>
> So you've aided telemarketers and worked for Microsoft? Is your last
> name Darkness, middle name Prince of?
Satan fell because he wanted to know. So do I.
I'm a contrarian. I believe the opposite of whatever I'm confronted
wit
On Wed, Dec 03, 2003 at 05:42:20AM -0800, Tom wrote:
> Let me tell you a story about a job I had one time: I worked for a guy
> (in his basement -- don't ask) who bought your personal credit card data
> and other publicly available information. He would pay about $10,000 or
> $15,000 for lists
On Wed, Dec 03, 2003 at 08:45:49AM -0600, Steve Langasek wrote:
>
> Share the crack.
In my experience kids in college and right out tend to freak out over
the thought of having to spend a few dollars of disposable income,
because they don't have any :-)
Hey, laugh if you want, most organizatio
On Wed, Dec 03, 2003 at 01:24:50AM -0800, Tom wrote:
> On Wed, Dec 03, 2003 at 01:16:39AM -0800, Tom wrote:
> >
> > If something could have prevented something that actually happened, I
> > say go for it.
> Oh, one last thing: each DD should pay for the device him/her self and
> should be requi
On Thu, Dec 04, 2003 at 12:20:57AM +1100, Hamish Moffatt wrote:
>
> How about including your full name somewhere in your posts too then?
> I find it a bit off-putting to discuss security with someone who's
> obscuring their identity.
Ha Ha Ha what a joke. I don't want to be googled for all etern
On Wed, Dec 03, 2003 at 01:16:39AM -0800, Tom wrote:
> On Wed, Dec 03, 2003 at 01:03:16AM -0800, Don Armstrong wrote:
> > [NB: I wanted to take this OT discussion off [EMAIL PROTECTED] and into
> > private
> > mail, but your e-mail address was munged in some sort of anti-spam
> > measure, and not
On Wed, 03 Dec 2003, Tom wrote:
> each DD should pay for the device him/her self and should be required
> to fly to meet wherever they can pick them up. Why do you assume
> somebody has to pay for everything? What's wrong with bearing some
> of the costs yourself?
Could it possibly be because eq
On Wed, Dec 03, 2003 at 01:16:39AM -0800, Tom wrote:
>
> If something could have prevented something that actually happened, I
> say go for it.
Oh, one last thing: each DD should pay for the device him/her self and
should be required to fly to meet wherever they can pick them up. Why
do you a
On Wed, Dec 03, 2003 at 01:03:16AM -0800, Don Armstrong wrote:
> [NB: I wanted to take this OT discussion off [EMAIL PROTECTED] and into
> private
> mail, but your e-mail address was munged in some sort of anti-spam
> measure, and not trivially un-mungeable. Please consider providing
> information
[NB: I wanted to take this OT discussion off [EMAIL PROTECTED] and into private
mail, but your e-mail address was munged in some sort of anti-spam
measure, and not trivially un-mungeable. Please consider providing
information on how to demunge it in some X- header, or not using
munging at all.]
On
On Wed, Dec 03, 2003 at 12:20:59AM -0800, Don Armstrong wrote:
> On Tue, 02 Dec 2003, Tom wrote:
> > Yes but the attacker did not "steal" the DD's computer. He rooted it
> > remotely.
>
> So the machine is rooted remotely, the DD logs into a debian box even
> using our new fangled smart cards, an
On Tue, 02 Dec 2003, Tom wrote:
> Yes but the attacker did not "steal" the DD's computer. He rooted it
> remotely.
So the machine is rooted remotely, the DD logs into a debian box even
using our new fangled smart cards, and the attacker still can control
the connection.
In this particular intrus
On Tue, Dec 02, 2003 at 05:34:05PM -0800, Don Armstrong wrote:
> On Tue, 02 Dec 2003, Tom wrote:
> > I think the DD's should seriously think about requiring smartcards.
> > It would have prevented the proxmiate cause of our recent troubles.
>
> Smartcards are not a magical panacea either. The prob
On Wed, 3 Dec 2003 12:34, Don Armstrong <[EMAIL PROTECTED]> wrote:
> Smartcards are not a magical panacea either.
True.
> The problems associated
> with them aren't too terribly different from those associated with
> keys or other forms of physical security, notably, that they can be
> stolen, or
On Tue, 02 Dec 2003, Tom wrote:
> I think the DD's should seriously think about requiring smartcards.
> It would have prevented the proxmiate cause of our recent troubles.
Smartcards are not a magical panacea either. The problems associated
with them aren't too terribly different from those associ
43 matches
Mail list logo
