lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp4N0+vy9_ntCxsJgsb8oD9-_e_djvEV_j97WNN+WjE97A@mail.gmail.com>
Date: Sun, 20 Nov 2011 08:41:24 +1100
From: xD 0x41 <secn3t@...il.com>
To: "Larry W. Cashdollar" <bugs@....dhs.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Ubuntu 11.10 now unsecure by default

DESCRIPTION:
Ubuntu has issued an update for librsvg. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the
library.


It just does not stop with ubuntu.. really, everyday i see another
problem lib etc... well, atleast theyre fixing it :s maybe in a cpl
years Ubuntu will be abit nicer to use.. or, just go back a few
versions and harden... i found 2009 kernel of ubuntu very easy to
harden, yet newer ones, i would be worried to even attempt..
anyhow thats all i think i have on this toic.. its another wasted time
topic... MS has had this 'feauture' for years...so why is it only
being picked out in ubuntu..
ohwell.. i guess the divison of iso cds is a problem..and somuch
magazine coverage where ubuntu developers themmselfs have spoken on
the ease of use... APC magazine likes ubuntu actually, but it also
classes it as newbie, nowdays the kernel is more 'buggy' tho.
rm -rf /current_devs
touch a_secure_launchpad_where_ALL_addons_pass_testers
thats all on this topic.. so lame... discussing one os, and then i
guess for what, unless kcope makes a post the list is frozen talking
cfrap... like this :s
you guys have told me to growup, ill tell you guys, welcome to the 21st century.
XD

PS: pce Larry :) just used your email coz, it was about ONLY decent
one out of like 30 on that tpic :P
hehe...take care m8!




On 18 November 2011 06:42, Larry W. Cashdollar <bugs@....dhs.org> wrote:
> imap? creating folders? etc.. =/
>
>> Are there any other services this may effect?
>>
>> On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden <
>> andrew_dowden@...tdesign.net.nz> wrote:
>>
>>>  On 18/11/11 23:46, Larry W. Cashdollar wrote:
>>>
>>> Anyone know what the default is for Ubuntu 11
>>>
>>> PermitEmptyPasswords no
>>> PasswordAuthentication no
>>>
>>>
>>> in /etc/ssh/sshd_config?
>>>
>>>  for Ubuntu 11.10 (Oneiric)
>>>
>>> snip: ( from */etc/ssh/sshd_config* )
>>> --
>>> # To enable empty passwords, change to yes (NOT RECOMMENDED)
>>> PermitEmptyPasswords no
>>> --
>>> # Change to no to disable tunnelled clear text passwords
>>> #PasswordAuthentication yes
>>> --
>>>
>>> --
>>> SoftDesign Group, Dowden Software Associates
>>> P O Box 31 132, Lower Hutt 5040, NEW ZEALAND
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ