Discussion in 'OT Technology' started by P07r0457, Jun 10, 2008.
I found this to be interesting:
Seems like the hackers are really going at it lately.
I don't know if anyone made a thread on the Safari flaw?
Microsoft is saying to avoid running Safari until Apple repairs a serious flaw that allows for a "carpet bomb" hack.
I do use safari for a few sites that don't like Opera. I prefer Safari to Firefox. I personally feel that Firefox is just swiss cheese when it comes to security holes.
This is actually a fairly OLD vulnerability. Almost 2 years old.
What's scarry is that this affects Debian systems (very popular) and all of the debian-dirivitives, such as Ubuntu.
I'm not happy to know that all of my debian boxes have SSH vulnerabilities.
It's a vulnerability with the keys, which is fixed. Just generate new ones and you'll be fine.
Firefox 2 on Mactel is about as stable as Windows 95. It crashes repeatedly during one day. 3-4 times. I wish I was running IE. Its that bad.
WTF scanned article.. Get some OCR up on that shit
what, you can't read you need a screen reader to do it for you?
no speaka the ingles
btw, I did use OCR to get those quotes. But overall I feel that the scanned article is easier to read.
I use debian primarily for SSH
yes the vast majority of my linux boxes are debian-based. And SSH is enabled on ALL of them it's a late night ahead of me updating them
You should be up to date already, the fix to the key generator was pushed almost a month ago and marked critical. If you update regularly then you just need to copy your new keys over your old. Filezilla's quick-connect sftp should allow this in only seconds per box.
Of course, if you've waited until now to fix this for anything critical then you should probably check your logs for a lot of ssh denials which could indicate somebody attempting to take advantage. Routing your logs to a central location would have made this a lot easier if you set it up already.
Why is it a late night? Just like the article says, its been around since 06 and they released the news over a month ago, if you didn't do it a month ago why do you have to do all of them right now?
For me...I've never worked for a company that would allow Debian (or any Debian derivative) servers, so I don't have to worry. I do use ubuntu on a home PC but thats about a 5 second fix.
i have to update keys on just shy of 90 boxes at 10 mins each, it's a late night.
Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
It's an analog scan made from my own personally-owned copy. It's no different from me showing people a picture I took of a famous painting. I am also not mis-representing the work, as all marks of ownership are in-tact. I am also not receiving any benefit for personal gain.
I am not including the entire magazine, but rather an excerpt from it as evidence to support my discussions.
This is fair-use.
I haven't turned on my debian box in MONTHS.. if not a year.
Setup at home just for tunneling.. but I haven't had time to keep it up.
Does fair use apply to what is essentially a mass medium... OT?
Ohh the ironing.
He's strict about copyright only when its convenient for him, and he's all for companies violating antitrust laws. Kind of a selective strictness on legalities he's got
how is it any different from me emailing a group of my friends discussing it?
i said "fine" to intel having been wrong. My point in that thread was I don't think you can really put a fair and accurate monetary value on it, so even though amd may get a piece of paper saying they were right, I don't think they can adequately demonstrate any profits lost, and therefore no money should exchange hands.
Same goes for emailing a group of friends a digital copy of a movie to discuss. Its from my own personally-owned copy and the digital rip is not a perfect copy, the image is degraded some and I get no personal financial gains.
On Topic: I don't know much about Linux and its development times, but 2 years seems like wayyy to long of time to fix such an huge issue.
it wasn't a movie. I didn't have to decrypt it. It wasn't the entire magazine. It was ONE PAGE, with an optical picture taken.
I have held my digital camera up to the tv and recorded a scene from cops to post online for discussion and that is 100% fair-use. This is no different.