LINUX.ORG.RU

Сообщения mator

 

RSBAC vs RBAC

В чем разница между Role-Based Access Control (RBAC) и Rule Set Based Access Control (RSBAC) ?

mator
()

Openwall wordlists collection

Hi,

This is to announce the availability an extensive wordlists collection that I've been working on for quite some time.

I've processed many hundreds of public domain wordlist files from multiple sources and in a variety of file formats. Most files were rejected for being duplicates or for poor quality (e.g., a mix of languages in a supposedly language-specific wordlist), but a few hundred remained and went into the combined wordlists that you will find in the collection.

The wordlists are intended primarily for use with password crackers such as John the Ripper and with password recovery utilities.

The URL for the wordlists collection is:

http://www.openwall.com/wordlists/

There you will be able to order the full collection on CD (for $28.85 including US postage) or download a reduced version.

Included in the collection are wordlists for 20+ human languages and lists of common passwords. The included languages are: Afrikaans, Croatian, Czech, Danish, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese, Latin, Norwegian, Polish, Russian, Spanish, Swahili, Swedish, Turkish, and Yiddish. There's also a list of the common passwords and unique words for all the languages combined in one file (over 40 MB for almost 4 million entries).

Included only on the CD and not available in the downloadable version of the collection is a huge list of all the common passwords and words from all the languages with word mangling rules applied (to form other likely passwords, such as by adding capitalization or digits to words) and any duplicates purged. This wordlist is provided as a single uncompressed text file usable directly off the CD. Its size is almost 500 MB and it has over 40 million entries.

For all wordlists, the entries are sorted either alphabetically or for more common to less common passwords/words/languages with alphabetical order within each section (for about equally common passwords or words, or for individual languages). There're no duplicates.

Five good reasons to purchase the CD:

- You get more content: the huge mangled wordlist is only available on the CD.

- Immediate access to all of the wordlists: they're uncompressed and usable right off the CD.

- You save time, bandwidth, and hard drive space.

- You can sleep well knowing that you've done your part to support the work on this collection.

- As a bonus, the CD has a complete mirror of ftp.openwall.com, including John the Ripper password cracker; this makes for a total of over 600 MB of content.

mator
()

Sombia system

рекомендую почитать всем кто интересуется бузопасностью. :)

http://www.lac.co.jp/security/english/sombria_e/smbr_1.pdf

зеркало: http://gsib.sl.ru/~mator/pdfs/smbr_1.pdf

mator
()

RSBAC 1.2.1 Released

Rule Set Based Access Control (RSBAC) version 1.2.1 has been released. Full information and downloads are available from http://www.rsbac.org

This version comes with many smaller improvements against 1.2.0 and some new features, e.g.:

- New JAIL module, similar to the FreeBSD Jails functionality, but with extensions like individual IPC compartments. - Support for all architectures (not all of them tested, feedback is welcome).

PS: недавно еще openssh-3.5 новый вышел ...

mator
()

snort 1.8.7 release

как-то незаметно вышел последний snort :)

http://www.snort.org/dl/snort-1.8.7.tar.gz

mator
()

new IDS report

Our new IDS report is now available for free download from our site at
http://www.nss.co.uk/ids

Smaller than Edition 2 since we had to start again testing all products from
scratch using our new methodology, but we hope to expand it throughout this
year. If there is anyone you think is missing and would like to see included
in future editions, let us know - but above all, let THEM know. We did
invite ALL the major vendors to take part.

Registration is required to download - I would like to reiterate here that
any details you provide on the registration form will not be used for any
kind of spamming (you will not even hear from US again unless you tick the
box that says you want to), nor do we ever make those details available to
third parties.

Regards,

Bob Walder
Director
The NSS Group

mator
()

OpenSSH 3.3 has been released.

OpenSSH 3.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.


Changes since OpenSSH 3.2.3:
============================ 

Security Changes:
=================

- improved support for privilege separation:

	privilege separation is now enabled by default

  See UsePrivilegeSeparation in sshd_config(5)
  and http://www.citi.umich.edu/u/provos/ssh/privsep.html for more
  information.
- ssh no longer needs to be installed setuid root for protocol
  version 2 hostbased authentication, see ssh-keysign(8).
  protocol version 1 rhosts-rsa authentication still requires privileges
  and is not recommended.

Other Changes:
==============

- documentation for the client and server configuration options have
  been moved to ssh_config(5) and sshd_config(5).
- the server now supports the Compression option, see sshd_config(5).
- the client options RhostsRSAAuthentication and RhostsAuthentication now
  default to no, see ssh_config(5).
- the client options FallBackToRsh and UseRsh are deprecated.
- ssh-agent now supports locking and timeouts for keys, see ssh-add(1).
- ssh-agent can now bind to unix-domain sockets given on the command line,
  see ssh-agent(1).
- fixes problems with valid RSA signatures from putty clients.

Reporting Bugs:
===============

- please read http://www.openssh.com/report.html
  and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.
mator
()

OpenSSH 3.2.2 Released

Subject: OpenSSH 3.2.2 released
Date: Fri, 17 May 2002 00:36:24 +0200
From: Markus Friedl
To: news@linuxsecurity.com

OpenSSH 3.2.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.

Security Changes:
=================

- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and
http://www.citi.umich.edu/u/provos/ssh/privsep.html
for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger

Other Changes:
==============

- improved smartcard support (including support for OpenSC, see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in protocol v2
- support configuration of TCP forwarding during interactive sessions (~C)
- improved support for older sftp servers
- improved support for importing old DSA keys (from ssh.com software).
- client side suport for PASSWD_CHANGEREQ in protocol v2
- fixed waitpid race conditions
- record correct lastlogin time

Reporting Bugs:
===============

- please read http://www.openssh.com/report.html and
http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.

mator
()

OpenWall linux kernel patch for 2.4.18 is avail for testing

mator
()

3 вопроса - X, mozilla, xfs

1) поставил X'ы 4.2.0 и mozilla 0.9.9 так вот не пойму где у меня anti-aliasing ? половина фонтов в мозилле от алиасены, а половина нет, наводит на мысль что это mozilla делает anti-aliasing.

2) xfs что идет в поставке с xfree86 4.2.0 поддерживает ttf или нет?

разьясните кто знает :)

mator
()

новое sudo

mator
()

phrack 58

mator
()

search page

вы на http://www.google.com/ были?!?!? там при загрузке странички javascript SetFocus() на поле ввода, здесь бы тоже не помешало где всего лишь одно поле ввода

mator
()

OpenSSH 3.0.2 released December 3, 2001 (-)

subj

mator
()

secure unix programming

mator
()

snort && flexresp

кто пробовал?

mator
()

какой-то линк

mator
()

comp.os.linux.security FAQ updates

mator
()

debian && установка locale

в каком скринте при загрузке debian устанавливается системная локаль? переменные LANG, LC_* ? спасибо.

mator
()

sendmail && copy all email to account

короче нужно всю почту которую как-либо обрабатывает Sendmail (sent/received) копировать на дополнительный ящик.

mator
()

RSS подписка на новые темы