Re: Apache Software Foundation Server compromised, resecured. (fwd)
From: Alex Holst (a@area51.dk)
Date: 06/01/01
- Next message: Michael Bryan: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Previous message: Karsten W. Rohrbach: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- In reply to: Brian Behlendorf: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Next in thread: Michael Bryan: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Michael Bryan: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Karsten W. Rohrbach: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: f.johan.beisser: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Brian Behlendorf: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Ask Bjoern Hansen: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Dag-Erling Smorgrav: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Jun 2001 01:30:41 +0200 From: Alex Holst <a@area51.dk> To: freebsd-security@freebsd.org
Quoting Brian Behlendorf (brian@collab.net):
> On Thu, 31 May 2001, Cy Schubert - ITSD Open Systems Group wrote:
> > Some of you might be interested in this.
>
> If anyone has any questions about this, I'm happy to answer them. It's
> always the stupid things (not finishing the upgrade of openssh to 2.3.0
> when the advisory came out - no points for a "make buildworld" without a
> corresponding "make installworld"!) that catch you.
That should be verified often with scanssh or something similar. I was
surprised when I read about the compromise, because it gives the impression
that people are still using passwords (as opposed to keys with passphrases)
for authentication in this day and age. Is that correct? If so, why is that?
-- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow. http://a.area51.dk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Michael Bryan: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Previous message: Karsten W. Rohrbach: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- In reply to: Brian Behlendorf: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Next in thread: Michael Bryan: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Michael Bryan: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Karsten W. Rohrbach: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: f.johan.beisser: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Brian Behlendorf: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Ask Bjoern Hansen: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Reply: Dag-Erling Smorgrav: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
