lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41334957.7020107@alicampbell.org.uk>
From: fdisclosure at alicampbell.org.uk (Ali Campbell)
Subject: write events log to CD?

Oliver J. Morais wrote:

> * Ali Campbell <fdisclosure@...campbell.org.uk> [040830 05:15]:
> 
>>Sending logs to a printer makes the most sense to me. Absolutely 
>>unhijackable, and a good use for that old 9-pin dotmatrix and 2000 
>>sheets of traction feed paper you have in the cupboard.
> 
> 
> Read http://downloads.securityfocus.com/library/lp-attack.pdf

Fair enough. Although in my defence I must point out that I wasn't 
advocating sending absolutely everything to the printer verbatim - 
anyone can see that some sort of filtering and/or escaping is required, 
both in terms of the volume of data involved, and in terms of dangerous 
control characters. I also wasn't implying that LPT1 should be the only 
target for logs, rather a jigsaw piece in a more comprehensive logging 
strategy (something I didn't make clear).

Thanks for your comments, though. :)

Ali

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ