I don't know if my system was proper one to make tests but...
Wow that was pain in the ass to go thru all of this X configuration
(again..:P)
So. The steps I made. I wanted to test this on my hardware. I've
installed all the packages for my arch (i386) but then it broke my X. So
I only left this o
At second glance, I noticed these packages are for Wheezy/stable.
So the experimental archive is not appropriate for these packages.
These fixes seem to be not included in the sid packages yet?
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of
Why not put these packages into experimental? It would make testing easier, at
least for me.
Thanks for your caring.
--
Regards,
jvp.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https:
On mer., 2014-12-10 at 06:56 +0100, Moritz Muehlenhoff wrote:
> Hi,
> there's been a new release of xorg-server fixing multiple security
> vulnerabilities:
> http://lists.x.org/archives/xorg-announce/2014-December/002500.html
>
> The update is ready for Wheezy/stable and has been successfully tes
Hi,
there's been a new release of xorg-server fixing multiple security
vulnerabilities:
http://lists.x.org/archives/xorg-announce/2014-December/002500.html
The update is ready for Wheezy/stable and has been successfully tested
on an Intel graphics adapter.
But since different hardware will exer
> On Wed, Apr 09, 2008 at 08:49:29AM +1200, Chris Bannister wrote:
>> On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
>> > My (admittedly limited) understanding of public key crypto is that the
>> > public and private key are connected by the relationship of two
>> extremly
>> > lar
On Wed, Apr 09, 2008 at 08:49:29AM +1200, Chris Bannister wrote:
> On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> > My (admittedly limited) understanding of public key crypto is that the
> > public and private key are connected by the relationship of two extremly
> > large prime
On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> On Fri, Apr 04, 2008 at 02:43:58AM +0200, s. keeling wrote:
> > Brian McKee <[EMAIL PROTECTED]>:
> > > On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > > > Unless they take the time to successfully factor the
> > > > public key,
>
On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> In practice, any decent public key system will use large enough primes
> that this is a "Got a supercomputer or a botnet and a good bit of time?"
> case which makes brute-forcing an md5 password file look easy, but I
> like to be c
On Fri, Apr 04, 2008 at 02:43:58AM +0200, s. keeling wrote:
> Brian McKee <[EMAIL PROTECTED]>:
> > On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > > Unless they take the time to successfully factor the
> > > public key,
> >
> > Can you expand on that sentence? I'm not sure what you meant by
On Thu, 3 Apr 2008 12:23:34 -0500
Dave Sherohman <[EMAIL PROTECTED]> wrote:
[snip]
> When using public key auth, copy *only* your public key to the server.
> (ssh-copy-id is a handy way to automate this.) So long as your private
> key remains secure, there is very little risk to an attacker gett
Brian McKee <[EMAIL PROTECTED]>:
> On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > Unless they take the time to successfully factor the
> > public key,
>
> Can you expand on that sentence? I'm not sure what you meant by it.
I imagine he means a brute force crack. Got a supercomputer or
bot
Douglas A. Tutty <[EMAIL PROTECTED]>:
>
> Well, does the desktop need to run sshd at all, and if so, does it need
> to listen to "outside" addresses? If not, and you've deactivated
> password logins and you've deactivated root logins, you could give
> anyone the root password and there's noth
On Wed, Apr 02, 2008 at 08:33:34PM -0500, Russell L. Harris wrote:
> * s. keeling <[EMAIL PROTECTED]> [080402 19:28]:
> > Russell L. Harris <[EMAIL PROTECTED]>:
> > >
> > If the server's compromised, you should reinstall.
>
> My concern is not for corruption of the server. My concern is whethe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
Unless they take the time to successfully factor the
public key,
Can you expand on that sentence? I'm not sure what you meant by it.
Other than that I wholeheartedly agree with the suggestion to use
On Wed, Apr 02, 2008 at 10:33:35AM -0500, Russell L. Harris wrote:
> It is convenient to use "scp" for transferring files between the
> desktop machine in the LAN and the server, and to use "ssh" for
> remote maintenance of the server, again from the desktop machine
> in the LAN. A
Russell L. Harris <[EMAIL PROTECTED]>:
>
> In other words, if I were to give you free access to my server, so
> that you could inspect all the system files, would you be able to
> deduce the password and passphrase, which are the same as those which
> I use on the desktop machine?
You just de
* s. keeling <[EMAIL PROTECTED]> [080402 19:28]:
> Russell L. Harris <[EMAIL PROTECTED]>:
> >
> If the server's compromised, you should reinstall.
My concern is not for corruption of the server. My concern is whether
-- if I employ on the server the same password and passphrase which I
employ
Russell L. Harris <[EMAIL PROTECTED]>:
>
> Is there a major or unreasonable security risk if the sysop creates
> on the server an account with the same username, password, and
> passphrase as his account on the desktop machine?
Same username is a convenience, account passwords need not be the
sam
SYSTEM:
(1) firewall/router (SmoothWall Express 2.0) which (using NAT)
provides and protects both a "green" zone for a LAN and an
"orange" zone ("DMZ") for a publicly-accessible server
(2) ftp or http server in the DMZ
(3) desktop machine in the LAN from which the sysop
Russell L. Harris:
>
> Such remote maintenance of the server from a machine in the LAN
> becomes tedious unless there is on each machine an account with
> the same username, password, and passphrase.
Not true. You can log into another machine with any username you want.
Either you pro
On 01/04/2008, Russell L. Harris <[EMAIL PROTECTED]> wrote:
>
> SYSTEM:
>
> (1) firewall/router (SmoothWall Express 2.0) which (using NAT)
> provides and protects both a "green" zone for a LAN and an
> "orange" zone ("DMZ") for a publicly-accessible server
>
> (2) ftp or http server
SYSTEM:
(1) firewall/router (SmoothWall Express 2.0) which (using NAT)
provides and protects both a "green" zone for a LAN and an
"orange" zone ("DMZ") for a publicly-accessible server
(2) ftp or http server in the DMZ
(3) desktop machine in the LAN from which the sysop
On Tue, Mar 06, 2007 at 02:08:24PM +, david robert wrote:
> Hi,
>
> I am running apache 2.0.54 version and one of security audit tool found the
> following
> Vulnerability
>
> Apache Web Server ETag Header Information Disclosure Weakness
>
> more information located here
Hi,
I am running apache 2.0.54 version and one of security audit tool found the
following
Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
more information located here
http://www.securityfocus.com/bid/6939
How to fix this problem
Than
On Tuesday 26 July 2005 08:15, pier wrote:
> wim wrote:
> > Doesn't kde has a "run-as" function? There's such a function in gnome...
>
> In Gnome is gksu.
> Or you could use sudo.
>
>
> Pier
Also, in KDE
the [Alt]+[F2] dialog has a "run as user" option under the "Options" button.
--
To UNSUBSC
wim wrote:
> Doesn't kde has a "run-as" function? There's such a function in gnome...
In Gnome is gksu.
Or you could use sudo.
Pier
--
Un uomo saggio impara dall' esperienza. Un uomo ancora più saggio
impara dall'esperienza degli altri
signature.asc
Description: OpenPGP digital signature
wim wrote:
> Doesn't kde has a "run-as" function? There's such a function in gnome...
In Gnome is gksu.
Or you could use sudo.
Pier
--
Un uomo saggio impara dall' esperienza. Un uomo ancora più saggio
impara dall'esperienza degli altri
signature.asc
Description: OpenPGP digital signature
[EMAIL PROTECTED] wrote:
I am running Debian Sarge on a simple single-user desktop system. My X
display is started by kdm. By default, Debian configures the X server
to allow connections only by the user logged into the machine through
kdm. If I want to start an X client by another user (e.g.
I am running Debian Sarge on a simple single-user desktop system. My X
display is started by kdm. By default, Debian configures the X server
to allow connections only by the user logged into the machine through
kdm. If I want to start an X client by another user (e.g. start vim-gtk
as su'd root
On Sunday 19 December 2004 1:16 am, Jeffrin Thalakkottoor wrote:
> How To Configure It On The Server Side ...
>
> Configure The Server That A File On The Server Can
> Only Be Viewed But Not Downloaded.
You don't. RIAA and MPAA are learning this the hard way: If you can
view it, you can copy it
On Sun, Dec 19, 2004 at 09:29:28AM +, Dave Ewart wrote:
> On Sunday, 19.12.2004 at 09:16 +, Jeffrin Thalakkottoor wrote:
> > How To Configure It On The Server Side ...
> >
> > Configure The Server That A File On The Server Can
> > Only Be Viewed But Not Downloaded.
>
> In order to 'view'
On Sunday, 19.12.2004 at 09:16 +, Jeffrin Thalakkottoor wrote:
> How To Configure It On The Server Side ...
>
> Configure The Server That A File On The Server Can
> Only Be Viewed But Not Downloaded.
In order to 'view' you *have* to have already downloaded the file. What
you suggest cannot
How To Configure It On The Server Side ...
Configure The Server That A File On The Server Can
Only Be Viewed But Not Downloaded.
=
Birthdays ---
1869 Henri Matisse (artist) - December 31
1976 Jeffrin Jose (Hobby Sinner) - December 31
_
Greeting,
I am running a slink server for http access and our campus has been
recently getting a lot of redhat boxes hacked. My question is, are there
any statistics on debian and/or redhat security breaches? I follow
comp.risks fairly regularly and haven't seen anything about this. Also,
has ther
35 matches
Mail list logo
