big debian and ubuntu security alert - Linux

This is a discussion on big debian and ubuntu security alert - Linux ; On 2008-05-15, Ezekiel wrote: > > "jellybean stonerfish" wrote in message > news:8pJWj.57$Q57.49@nlpi065.nbdc.sbc.com... >> On Wed, 14 May 2008 17:12:32 +0000, Whoknew wrote: >> >>> Hmm, I thought you a**holes said linsux was impenetrable >>> >> >> It is now, ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 41 to 51 of 51

Thread: big debian and ubuntu security alert

  1. Re: big debian and ubuntu security alert

    On 2008-05-15, Ezekiel wrote:
    >
    > "jellybean stonerfish" wrote in message
    > news:8pJWj.57$Q57.49@nlpi065.nbdc.sbc.com...
    >> On Wed, 14 May 2008 17:12:32 +0000, Whoknew wrote:
    >>
    >>> Hmm, I thought you a**holes said linsux was impenetrable
    >>>

    >>
    >> It is now, the flaw has been fixed.

    >
    > Certainly not impenetrable. There's just no huge holes that you are aware
    > of. Last week before this 2-year old hole was announced (the bug was
    > introduced into the code back in 2006) you used your computer thinking that
    > it was "impenetrable" which it was not.


    I tend to think now that for completely random attackers, who could
    not sniff on a network, the bug did not present any opportunity. You
    at least had to know the username and source computer from
    authorized_keys to try to fake one.

    --
    Due to extreme spam originating from Google Groups, and their inattention
    to spammers, I and many others block all articles originating
    from Google Groups. If you want your postings to be seen by
    more readers you will need to find a different means of
    posting on Usenet.
    http://improve-usenet.org/

  2. Re: big debian and ubuntu security alert

    On Thu, 15 May 2008 13:36:45 -0400, Ezekiel wrote:

    > "jellybean stonerfish" wrote in message
    > news:8pJWj.57$Q57.49@nlpi065.nbdc.sbc.com...
    >> On Wed, 14 May 2008 17:12:32 +0000, Whoknew wrote:
    >>
    >>> Hmm, I thought you a**holes said linsux was impenetrable
    >>>
    >>>

    >> It is now, the flaw has been fixed.

    >
    > Certainly not impenetrable. There's just no huge holes that you are
    > aware of. Last week before this 2-year old hole was announced (the bug
    > was introduced into the code back in 2006) you used your computer
    > thinking that it was "impenetrable" which it was not.
    >
    >
    > ** Posted from http://www.teranews.com **


    When I made that post, I momentarily forgot that sarcasm doesn't transmit
    very well through usenet.

    sf

  3. Re: big debian and ubuntu secure

    Man-wai Chang ToDie (33.6k) wrote:
    > Hadron wrote:
    >>
    >> Youch. And to think that people like HPT keep pimping Debian
    >> Etch as the "failsafe server". But as some of us point out,
    >> ALL SW is prone to errors. Debian Etch too. "Stable" does
    >> not mean what he thinks it means.

    >
    > Seems that it's a bug from the backporting process....


    http://colatrolls.blogspot.com/2007/...ark-troll.html

    Debian Stable is one of the most widely used distros for mission
    critical applications and where one wants minimal impact to
    production work. Very few require bleeding edge software to be
    productive.

    Yet Hadron insists that Debian Stable is full of bugs and too
    backward for usage:

    Subject: Re: [News] Sister OS to Linux, OS-X Has Better TCO than
    Microsoft Windows
    Date: Sun, 09 Mar 2008 09:50:07 +0100
    Message-ID: fr08c1$9e1$2@registered.motzarella.org


    > Hadron has an apparent inability to recognise how more
    > consistent usage of Debian Stable will only help his usage
    > of the product, preferring unstable versions of Debian; if not
    > for the only reason as an opportunity to attack Linux/OSS.


    Once more for the hard of brain power : I use testing. Not
    unstable. And I use it for a reason - Debian Stable is simply too
    buggy and backward and I cant be arsed to manage pinning or
    selectively monitoring backports.
    Recent security updates for Ubuntu 8.04
    Synaptic History Log:

    Commit Log for Wed May 14 17:35:35 2008

    Upgraded the following packages:
    openssh-client (1:4.7p1-8ubuntu1.1) to 1:4.7p1-8ubuntu1.2
    ssh-askpass-gnome (1:4.7p1-8ubuntu1.1) to 1:4.7p1-8ubuntu1.2
    ssl-cert (1.0.14-0ubuntu2) to 1.0.14-0ubuntu2.1
    transmission-common (1.06-0ubuntu4) to 1.06-0ubuntu5
    transmission-gtk (1.06-0ubuntu4) to 1.06-0ubuntu5
    update-manager (1:0.87.24) to 1:0.87.27
    update-manager-core (1:0.87.24) to 1:0.87.27

    Installed the following packages:
    openssl-blacklist (0.1-0ubuntu0.8.04.2)
    --
    HPT
    Quando omni flunkus moritati
    (If all else fails, play dead)
    - "Red" Green

  4. Re: big debian and ubuntu secure

    Moshe Goldfarb wrote:
    > Hadron wrote:
    >> Tim Smith writes:
    >>> "Man-wai Chang ToDie (33.6k)" wrote:
    >>>> Tim Smith wrote:
    >>>>
    >>>>>
    >>>>
    >>>> Does it affect the openssl-0.9.8g from the official website?
    >>>
    >>> The official OpenSSH website? No. It is only Debian, and things that
    >>> get their packages from Debian. Basically, the Debian people made a
    >>> couple changes to OpenSSL in their packages, breaking OpenSSL in the
    >>> process.

    >>
    >> I quite look forward to HPT's take on it since he still doesn't
    >> understand what "stable" means in Debian parlance.


    http://colatrolls.blogspot.com/2007/...ark-troll.html

    Debian Stable is one of the most widely used distros for mission
    critical applications and where one wants minimal impact to
    production work. Very few require bleeding edge software to be
    productive.

    Yet Hadron insists that Debian Stable is full of bugs and too
    backward for usage:

    Subject: Re: [News] Sister OS to Linux, OS-X Has Better TCO than
    Microsoft Windows
    Date: Sun, 09 Mar 2008 09:50:07 +0100
    Message-ID: fr08c1$9e1$2@registered.motzarella.org


    > Hadron has an apparent inability to recognise how more
    > consistent usage of Debian Stable will only help his usage
    > of the product, preferring unstable versions of Debian; if not
    > for the only reason as an opportunity to attack Linux/OSS.


    Once more for the hard of brain power : I use testing. Not
    unstable. And I use it for a reason - Debian Stable is simply too
    buggy and backward and I cant be arsed to manage pinning or
    selectively monitoring backports.
    Recent security updates for Ubuntu 8.04
    Synaptic History Log:

    Commit Log for Wed May 14 17:35:35 2008

    Upgraded the following packages:
    openssh-client (1:4.7p1-8ubuntu1.1) to 1:4.7p1-8ubuntu1.2
    ssh-askpass-gnome (1:4.7p1-8ubuntu1.1) to 1:4.7p1-8ubuntu1.2
    ssl-cert (1.0.14-0ubuntu2) to 1.0.14-0ubuntu2.1
    transmission-common (1.06-0ubuntu4) to 1.06-0ubuntu5
    transmission-gtk (1.06-0ubuntu4) to 1.06-0ubuntu5
    update-manager (1:0.87.24) to 1:0.87.27
    update-manager-core (1:0.87.24) to 1:0.87.27

    Installed the following packages:
    openssl-blacklist (0.1-0ubuntu0.8.04.2)
    Problem solved.

    > He will bury his head in the sand and flail his arms around all the while
    > denying their is a problem.


    http://tinyurl.com/6hecfx

    Subject: Re: Roy Schestowitz
    Date: Thu, 17 Apr 2008 08:37:41 +0100
    Message-ID: MPG.22710e9e34014f6b9896a3@news.motzarella.org


    > He has software that takes RSS feeds, sorts them, searches for
    > certain phrases, makes comments taken from a database and spits
    > out the stuff to every corner of the Internet.


    Unlike you - a troll with a chip on your shoulder who manually
    creates so much ****e aka anti-Roy spam that no-one, that's
    right, NO-ONE wants to read, that you've single-handedly reduced
    the appeal and effectiveness of a newsgroup.

    Please, go create another group and move to it. If you really
    have a voice someone wants to listen to, you'll get them moving
    over to it.

    You can get treatment for obsessive compulsive disorder you know!
    --
    HPT
    Quando omni flunkus moritati
    (If all else fails, play dead)
    - "Red" Green

  5. Re: big debian and ubuntu security alert

    On Thu, 15 May 2008 13:36:45 -0400, Ezekiel wrote:

    > "jellybean stonerfish" wrote in message
    > news:8pJWj.57$Q57.49@nlpi065.nbdc.sbc.com...
    >> On Wed, 14 May 2008 17:12:32 +0000, Whoknew wrote:
    >>
    >>> Hmm, I thought you a**holes said linsux was impenetrable
    >>>
    >>>

    >> It is now, the flaw has been fixed.

    >
    > Certainly not impenetrable. There's just no huge holes that you are
    > aware of. Last week before this 2-year old hole was announced (the bug
    > was introduced into the code back in 2006) you used your computer
    > thinking that it was "impenetrable" which it was not.
    >


    Let me explain. I don't think the fix is as easy as fixing your keys.
    I think a full system scan is required. And this scan can not be done by
    a possibly compromised system, requiring a reboot to a known safe disc.
    Perhaps a cd, or removed hard disc you made before this hole was created.

    stonerfish

  6. Re: big debian and ubuntu security alert

    jellybean stonerfish writes:

    > On Thu, 15 May 2008 13:36:45 -0400, Ezekiel wrote:
    >
    >> "jellybean stonerfish" wrote in message
    >> news:8pJWj.57$Q57.49@nlpi065.nbdc.sbc.com...
    >>> On Wed, 14 May 2008 17:12:32 +0000, Whoknew wrote:
    >>>
    >>>> Hmm, I thought you a**holes said linsux was impenetrable
    >>>>
    >>>>
    >>> It is now, the flaw has been fixed.

    >>
    >> Certainly not impenetrable. There's just no huge holes that you are
    >> aware of. Last week before this 2-year old hole was announced (the bug
    >> was introduced into the code back in 2006) you used your computer
    >> thinking that it was "impenetrable" which it was not.
    >>

    >
    > Let me explain. I don't think the fix is as easy as fixing your keys.
    > I think a full system scan is required. And this scan can not be done by
    > a possibly compromised system, requiring a reboot to a known safe disc.
    > Perhaps a cd, or removed hard disc you made before this hole was created.
    >
    > stonerfish


    if what you are saying is that the only way to be sure in a supposedly
    secure environment is to reinstall then you are right unless some sort
    of system monitor was running which would have detected any compromising
    of system executables.

  7. Re: big debian and ubuntu security alert

    On Fri, 16 May 2008 09:11:12 +0200, Hadron wrote:


    >
    > if what you are saying is that the only way to be sure in a supposedly
    > secure environment is to reinstall then you are right unless some sort
    > of system monitor was running which would have detected any compromising
    > of system executables.


    Not an reinstall, but a scan for rootkits or whatever. But the scan must
    be from a known safe boot.

  8. Re: big debian and ubuntu security alert

    jellybean stonerfish writes:

    > On Fri, 16 May 2008 09:11:12 +0200, Hadron wrote:
    >
    >
    >>
    >> if what you are saying is that the only way to be sure in a supposedly
    >> secure environment is to reinstall then you are right unless some sort
    >> of system monitor was running which would have detected any compromising
    >> of system executables.

    >
    > Not an reinstall, but a scan for rootkits or whatever. But the scan must
    > be from a known safe boot.


    Opinions are divided since weaknesses can be hidden in the data as well
    as the executables. In addition how can you be sure that the safe boot
    is capable of recognising any infiltration. You can not. Reinstall is
    the only safe option.

  9. Re: big debian and ubuntu security alert

    On Fri, 16 May 2008 12:50:20 +0200, Hadron wrote:

    > jellybean stonerfish writes:
    >
    >> On Fri, 16 May 2008 09:11:12 +0200, Hadron wrote:
    >>
    >>
    >>>
    >>> if what you are saying is that the only way to be sure in a supposedly
    >>> secure environment is to reinstall then you are right unless some sort
    >>> of system monitor was running which would have detected any compromising
    >>> of system executables.

    >>
    >> Not an reinstall, but a scan for rootkits or whatever. But the scan must
    >> be from a known safe boot.

    >
    > Opinions are divided since weaknesses can be hidden in the data as well
    > as the executables. In addition how can you be sure that the safe boot
    > is capable of recognising any infiltration. You can not. Reinstall is
    > the only safe option.


    Did Schestowitz have anything to do with this vulnerability?
    Just asking.

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  10. Re: big debian and ubuntu security alert

    Moshe Goldfarb is flatfish (in real life Gary Stewart)

    http://colatrolls.blogspot.com/2008/...arb-troll.html
    http://colatrolls.blogspot.com/2007/...ish-troll.html

    Traits:

    * Nym shifting (see below)
    * Self confessed thief and proud of it
    * Homophobic
    * Racist
    * Habitual liar
    * Frequently cross posts replies to other non-Linux related newsgroups
    * Frequently cross posts articles originally not posted to COLA

  11. Don Zeigler 304-409-4342 - The name shifting asshole spammer has been caught

    Don Zeigler 304-409-4342 - The name shifting asshole spammer has been
    caught


    "Anonymous Sender" wrote in message
    news:835cda2bee4c40abe3945d82a612f1d4@remailer.met acolo.com...
    > Poopy Pants McGee wrote:
    >
    >> Moshe Goldfarb is flatfish (in real life Gary Stewart)
    >>
    >> http://colatrolls.blogspot.com/2008/...arb-troll.html
    >> http://colatrolls.blogspot.com/2007/...ish-troll.html
    >>
    >> Traits:
    >>
    >> * Nym shifting (see below)
    >> * Self confessed thief and proud of it
    >> * Homophobic
    >> * Racist
    >> * Habitual liar
    >> * Frequently cross posts replies to other non-Linux related
    >> newsgroups
    >> * Frequently cross posts articles originally not posted to COLA

    >
    >
    >
    > Tattoovampire, 48 years old from Bluefield, West Virginia, USA.
    > NNTP-Posting-Host: 76.122.250.55
    > ge-0-1-ubr01.bluefield.wv.knox.comcast.net
    >
    >
    >
    > FOAD Don
    >
    >



    Don "asshole face" Zeigler is the scumbag spammer. He accidently revealed
    his identity.

    http://groups.google.com/group/comp....d?dmode=source








    ** Posted from http://www.teranews.com **

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3