RSBAC vs RBAC
В чем разница между Role-Based Access Control (RBAC) и Rule Set Based Access Control (RSBAC) ?
В чем разница между Role-Based Access Control (RBAC) и Rule Set Based Access Control (RSBAC) ?
Hi,
This is to announce the availability an extensive wordlists collection that I've been working on for quite some time.
I've processed many hundreds of public domain wordlist files from multiple sources and in a variety of file formats. Most files were rejected for being duplicates or for poor quality (e.g., a mix of languages in a supposedly language-specific wordlist), but a few hundred remained and went into the combined wordlists that you will find in the collection.
The wordlists are intended primarily for use with password crackers such as John the Ripper and with password recovery utilities.
The URL for the wordlists collection is:
http://www.openwall.com/wordlists/
There you will be able to order the full collection on CD (for $28.85 including US postage) or download a reduced version.
Included in the collection are wordlists for 20+ human languages and lists of common passwords. The included languages are: Afrikaans, Croatian, Czech, Danish, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese, Latin, Norwegian, Polish, Russian, Spanish, Swahili, Swedish, Turkish, and Yiddish. There's also a list of the common passwords and unique words for all the languages combined in one file (over 40 MB for almost 4 million entries).
Included only on the CD and not available in the downloadable version of the collection is a huge list of all the common passwords and words from all the languages with word mangling rules applied (to form other likely passwords, such as by adding capitalization or digits to words) and any duplicates purged. This wordlist is provided as a single uncompressed text file usable directly off the CD. Its size is almost 500 MB and it has over 40 million entries.
For all wordlists, the entries are sorted either alphabetically or for more common to less common passwords/words/languages with alphabetical order within each section (for about equally common passwords or words, or for individual languages). There're no duplicates.
Five good reasons to purchase the CD:
- You get more content: the huge mangled wordlist is only available on the CD.
- Immediate access to all of the wordlists: they're uncompressed and usable right off the CD.
- You save time, bandwidth, and hard drive space.
- You can sleep well knowing that you've done your part to support the work on this collection.
- As a bonus, the CD has a complete mirror of ftp.openwall.com, including John the Ripper password cracker; this makes for a total of over 600 MB of content.
рекомендую почитать всем кто интересуется бузопасностью. :)
Rule Set Based Access Control (RSBAC) version 1.2.1 has been released. Full information and downloads are available from http://www.rsbac.org
This version comes with many smaller improvements against 1.2.0 and some new features, e.g.:
- New JAIL module, similar to the FreeBSD Jails functionality, but with extensions like individual IPC compartments. - Support for all architectures (not all of them tested, feedback is welcome).
PS: недавно еще openssh-3.5 новый вышел ...
как-то незаметно вышел последний snort :)
Our new IDS report is now available for free download from our site at
http://www.nss.co.uk/ids
Smaller than Edition 2 since we had to start again testing all products from
scratch using our new methodology, but we hope to expand it throughout this
year. If there is anyone you think is missing and would like to see included
in future editions, let us know - but above all, let THEM know. We did
invite ALL the major vendors to take part.
Registration is required to download - I would like to reiterate here that
any details you provide on the registration form will not be used for any
kind of spamming (you will not even hear from US again unless you tick the
box that says you want to), nor do we ever make those details available to
third parties.
Regards,
Bob Walder
Director
The NSS Group
OpenSSH 3.3 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.2.3: ============================ Security Changes: ================= - improved support for privilege separation: privilege separation is now enabled by default See UsePrivilegeSeparation in sshd_config(5) and http://www.citi.umich.edu/u/provos/ssh/privsep.html for more information. - ssh no longer needs to be installed setuid root for protocol version 2 hostbased authentication, see ssh-keysign(8). protocol version 1 rhosts-rsa authentication still requires privileges and is not recommended. Other Changes: ============== - documentation for the client and server configuration options have been moved to ssh_config(5) and sshd_config(5). - the server now supports the Compression option, see sshd_config(5). - the client options RhostsRSAAuthentication and RhostsAuthentication now default to no, see ssh_config(5). - the client options FallBackToRsh and UseRsh are deprecated. - ssh-agent now supports locking and timeouts for keys, see ssh-add(1). - ssh-agent can now bind to unix-domain sockets given on the command line, see ssh-agent(1). - fixes problems with valid RSA signatures from putty clients. Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
Subject: OpenSSH 3.2.2 released
Date: Fri, 17 May 2002 00:36:24 +0200
From: Markus Friedl
To: news@linuxsecurity.com
OpenSSH 3.2.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support and encouragement.
Security Changes:
=================
- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and
http://www.citi.umich.edu/u/provos/ssh/privsep.html
for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger
Other Changes:
==============
- improved smartcard support (including support for OpenSC, see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in protocol v2
- support configuration of TCP forwarding during interactive sessions (~C)
- improved support for older sftp servers
- improved support for importing old DSA keys (from ssh.com software).
- client side suport for PASSWD_CHANGEREQ in protocol v2
- fixed waitpid race conditions
- record correct lastlogin time
Reporting Bugs:
===============
- please read http://www.openssh.com/report.html and
http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.
1) поставил X'ы 4.2.0 и mozilla 0.9.9 так вот не пойму где у меня anti-aliasing ? половина фонтов в мозилле от алиасены, а половина нет, наводит на мысль что это mozilla делает anti-aliasing.
2) xfs что идет в поставке с xfree86 4.2.0 поддерживает ttf или нет?
разьясните кто знает :)
вы на http://www.google.com/ были?!?!? там при загрузке странички javascript SetFocus() на поле ввода, здесь бы тоже не помешало где всего лишь одно поле ввода
subj
кто пробовал?
в каком скринте при загрузке debian устанавливается системная локаль? переменные LANG, LC_* ? спасибо.
короче нужно всю почту которую как-либо обрабатывает Sendmail (sent/received) копировать на дополнительный ящик.
← предыдущие | следующие → |