debian vulnerability

Discussion in 'OT Technology' started by P07r0457, Jun 10, 2008.

  1. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I found this to be interesting:

    [​IMG]




     
  2. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    Seems like the hackers are really going at it lately.

    I don't know if anyone made a thread on the Safari flaw?

    Microsoft is saying to avoid running Safari until Apple repairs a serious flaw that allows for a "carpet bomb" hack.
     
  3. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I do use safari for a few sites that don't like Opera. I prefer Safari to Firefox. I personally feel that Firefox is just swiss cheese when it comes to security holes.
     
  4. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    This is actually a fairly OLD vulnerability. Almost 2 years old.

    What's scarry is that this affects Debian systems (very popular) and all of the debian-dirivitives, such as Ubuntu.

    I'm not happy to know that all of my debian boxes have SSH vulnerabilities.
     
  5. tyrionlannister

    tyrionlannister New Member

    Joined:
    Jun 13, 2006
    Messages:
    710
    Likes Received:
    0
    Location:
    New York
    It's a vulnerability with the keys, which is fixed. Just generate new ones and you'll be fine.
     
  6. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Firefox 2 on Mactel is about as stable as Windows 95. It crashes repeatedly during one day. 3-4 times. I wish I was running IE. Its that bad.
     
  7. EkriirkE

    EkriirkE Zika Xenu OT Supporter

    Joined:
    Jan 11, 2004
    Messages:
    14,799
    Likes Received:
    0
    Location:
    Dublin & San Francisco, CA
    WTF scanned article.. Get some OCR up on that shit
     
  8. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    what, you can't read you need a screen reader to do it for you?
     
  9. EkriirkE

    EkriirkE Zika Xenu OT Supporter

    Joined:
    Jan 11, 2004
    Messages:
    14,799
    Likes Received:
    0
    Location:
    Dublin & San Francisco, CA
    no speaka the ingles
     
  10. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    btw, I did use OCR to get those quotes. But overall I feel that the scanned article is easier to read.
     
  11. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    I use debian primarily for SSH :hs:
     
  12. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    yes the vast majority of my linux boxes are debian-based. And SSH is enabled on ALL of them :eek3: it's a late night ahead of me updating them :wtc:
     
  13. tyrionlannister

    tyrionlannister New Member

    Joined:
    Jun 13, 2006
    Messages:
    710
    Likes Received:
    0
    Location:
    New York
    You should be up to date already, the fix to the key generator was pushed almost a month ago and marked critical. If you update regularly then you just need to copy your new keys over your old. Filezilla's quick-connect sftp should allow this in only seconds per box.

    Of course, if you've waited until now to fix this for anything critical then you should probably check your logs for a lot of ssh denials which could indicate somebody attempting to take advantage. Routing your logs to a central location would have made this a lot easier if you set it up already.
     
  14. Mike99TA

    Mike99TA I don't have anything clever to put here right now

    Joined:
    Oct 3, 2001
    Messages:
    4,553
    Likes Received:
    0
    Location:
    Greenville, SC
    Why is it a late night? Just like the article says, its been around since 06 and they released the news over a month ago, if you didn't do it a month ago why do you have to do all of them right now?

    For me...I've never worked for a company that would allow Debian (or any Debian derivative) servers, so I don't have to worry. I do use ubuntu on a home PC but thats about a 5 second fix.
     
  15. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    i have to update keys on just shy of 90 boxes :wtc: at 10 mins each, it's a late night.
     
  16. Frequency

    Frequency New Member

    Joined:
    Dec 30, 2004
    Messages:
    7,504
    Likes Received:
    0
    Location:
    PA
    :lockd:
    Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
     
  17. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon

    It's an analog scan made from my own personally-owned copy. It's no different from me showing people a picture I took of a famous painting. I am also not mis-representing the work, as all marks of ownership are in-tact. I am also not receiving any benefit for personal gain.

    I am not including the entire magazine, but rather an excerpt from it as evidence to support my discussions.

    This is fair-use.
     
  18. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    I haven't turned on my debian box in MONTHS.. if not a year. :noes:

    Setup at home just for tunneling.. but I haven't had time to keep it up.
     
  19. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Does fair use apply to what is essentially a mass medium... OT?
     
  20. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    Ohh the ironing. :rofl::rofl::rofl::rofl::rofl:

     
  21. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    He's strict about copyright only when its convenient for him, and he's all for companies violating antitrust laws. Kind of a selective strictness on legalities he's got :)
     
  22. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    how is it any different from me emailing a group of my friends discussing it?
     
  23. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    i said "fine" to intel having been wrong. My point in that thread was I don't think you can really put a fair and accurate monetary value on it, so even though amd may get a piece of paper saying they were right, I don't think they can adequately demonstrate any profits lost, and therefore no money should exchange hands.
     
  24. dissonance

    dissonance reset OT Supporter

    Joined:
    May 23, 2006
    Messages:
    5,652
    Likes Received:
    1
    Location:
    KS
    :squint:

    Same goes for emailing a group of friends a digital copy of a movie to discuss. Its from my own personally-owned copy and the digital rip is not a perfect copy, the image is degraded some and I get no personal financial gains.:hsugh:

    On Topic: I don't know much about Linux and its development times, but 2 years seems like wayyy to long of time to fix such an huge issue.
     
  25. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    it wasn't a movie. I didn't have to decrypt it. It wasn't the entire magazine. It was ONE PAGE, with an optical picture taken.

    I have held my digital camera up to the tv and recorded a scene from cops to post online for discussion and that is 100% fair-use. This is no different.
     

Share This Page