aterm 0.4.2 tty permission weakness

Grok Headline matches for aterm 0.4.2 tty permission weakness

Re: aterm 0.4.2 tty permission weakness

Re: aterm 0.4.2 tty permission weakness 07/15/2004 03:10 PM
Armin Wolfermann (Jul 14 2004)

Re: [security] aterm 0.4.2 tty
permission weakness

Re: [security] aterm 0.4.2 tty
permission weakness 07/15/2004 05:20 PM
lorenzo (Jul 14 2004)

Linux VServer procfs Permission Weakness

Linux VServer procfs Permission Weakness 07/07/2004 04:44 AM
“Veit Wahlich has reported a weakness in Linux VServer, which can be exploited by certain malicious, local users to cause a DoS (Denial of Service) or gain knowledge of sensitive information. The vulnerability is caused due to weak permissions on procfs, which allows a privileged user on a virtual server to manipulate the permissions on “/proc” for all virtual servers or gain knowledge of information related to other virtual servers….Solution: Update to version 1.28.”

multi-aterm 0.2.1

multi-aterm 0.2.1 09/03/2004 01:59 PM
A multi-tab X terminal emulator based on aterm.

"used without permission. please don't
sue us."

"used without permission. please don't
sue us." 02/10/2004 02:53 AM
A Peanuts (re)Mix.

Permission Marketing

Permission Marketing 05/24/2002 11:27 AM

SiniS 0.1a (Permission GUI)

SiniS 0.1a (Permission GUI) 08/29/2004 03:47 AM
A CVS user access and operations permission tool.

SiniS alpha (Permission GUI)

SiniS alpha (Permission GUI) 06/21/2004 07:36 AM
A CVS user access and operations permission tool.

how to implement a permission system in
a CMS ?

how to implement a permission system in
a CMS ? 01/22/2003 06:39 PM
I'm currently coding (yet another) content management system with PHP/MySQL. As any modern CMS, mine got users. Now I need to implement the 'permissions' system. Basically it's a flag recorded in the database, allowing or not user 'x' to do action 'y' on the website. I can see every 'piece of information' in a CMS as an 'element'. That is, blogs of course, links, files, users, all is recorded in the same table with a 'type' attribute describing element type and allowing code to fetch and display correctly the element content.

Why new US passports can be read without
permission

Why new US passports can be read without
permission 04/14/2005 12:47 PM
Cory Doctorow: Yesterday at the Computers, Freedom and Privacy conference in Seattle, Ed Felten cornered a State Department Fed who was there to advocate for passports enabled with RFID chips that will make it possible to track Americans as they wander the streets of foreign cities, and for terrorists and crooks to target American citizens by detecting the signature radio-pulses their passports give off. Ed asked the Fed why the US needed remotely readable passports, instead of passports with smart-cards or other "contact-read" technologies in them? The Fed's responses are hilariously lame:

In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners -- which, officially at least, is not a goal of the U.S. government's program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn't very convincing, since the smart-card standard could be applied to passports nearly as-is -- the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.

After the panel, I discussed this issue with Kenn Cukier of The Economist, who has followed the development of this technology for a while and has a good perspective on how we reached the current state. It seems that the decision to use contactless technology was made without fully understanding its consequences, relying on technical assurances from people who had products to sell. Now that the problems with that decision have become obvious, it's late in the process and would be expensive and embarrassing to back out. In short, this looks like another flawed technology procurement program.

Link

Windows XP SP1 Share Permission Changes

Windows XP SP1 Share Permission Changes 05/25/2004 10:18 PM

TiVo Gets Permission To Innovate

TiVo Gets Permission To Innovate 08/04/2004 01:33 PM
While it's good news that the FCC has given TiVo permission to offer their TiVoToGo service it still raises serious questions about why any company should need to ask for permission to offer an innovative service? It sets a bad precedent for the entire industry.

Permission-Free Prison

Permission-Free Prison 05/16/2004 07:55 AM
Fascinating article by Seymour "Next Pulitzer a-Comin'" Hersh in this week's New Yorker. It alleges that the abuses at Abu Ghraib happened because a "special-access program" established by Rumsfeld to authorize quick-response kill/capture/interrogate operations took hold there. Hersh does not allege that Rumsfeld knew of or authorized the particular abuses, only that his program of secret, rough interrogation enabled them. But it's a far more nuanced article than I'm letting on. And, of course, it's well-told....

Why Does TiVo Need Permission To
Innovate?

Why Does TiVo Need Permission To
Innovate? 08/02/2004 04:42 AM
A couple weeks ago, we had the story of the MPAA and the NFL trying to force TiVo to stop its plans to add new features to their devices that would let a user send a recorded program to another device. While we discussed why this was a ridiculous move by both the MPAA and the NFL, a reporter at the Washington Post is now going one step further and pointing out that the real travesty is the fact that TiVo suddenly needs to ask permission from the government to innovate. The ability of companies to continually innovate and reinvent markets based on free and open competition is what helps drive this economy. When companies need to ask permission to add innovative features, and that permission needs to go through other companies, we're destroying our ability to innovate competitively. Instead, companies outside of this country will build new systems with features that consumers actually want, while systems here are held back by regulations that serve no other purpose than to protect an adjacent industry that refuses to change with the times. It's the worst form of protectionism -- since no one will even admit that it's protectionism. And, like all attempts at protectionism, the end result will be much worse for those these rules supposedly protect.

Permission-only e-mail scheme says no to
spam

Permission-only e-mail scheme says no to
spam 04/09/2005 07:58 AM
Chicago Tribune Apr 9 2005 11:20AM GMT

Giving and receiving authorization and
permission

Giving and receiving authorization and
permission 04/09/2004 04:02 PM
We've been exploring the key concepts of identity management as promulgated by the Open Group in a recent white paper (link below). Today our topic is authorization and permission management.

IBM DB2 Windows Permission Problems
(#NISR05012005F)

IBM DB2 Windows Permission Problems
(#NISR05012005F) 01/05/2005 06:39 PM
NGSSoftware Insight Security Research (Jan 05 2005)

Unsecure file permission of ZoneAlarm
pro.

Unsecure file permission of ZoneAlarm
pro. 08/20/2004 04:07 PM
Bipin Gautam (Aug 19 2004)

Re: Unsecure file permission of
ZoneAlarm pro.

Re: Unsecure file permission of
ZoneAlarm pro. 08/27/2004 01:32 PM
Bipin Gautam (Aug 22 2004)

Core Technology Exports Need Permission

Core Technology Exports Need Permission 09/19/2004 04:01 AM
Hankooki Sep 19 2004 8:37AM GMT

Serious TCP Weakness Identified
(26-Apr-2004; 10.4K)

Serious TCP Weakness Identified
(26-Apr-2004; 10.4K) 04/26/2004 09:53 PM

Sales Weakness From InterMune

Sales Weakness From InterMune 04/30/2004 01:43 PM
Actimmune is stumbling without data to support its use.

FTC peers through Windows weakness

FTC peers through Windows weakness 11/06/2003 11:10 AM
ZDNet Nov 6 2003 9:52AM ET

Intel shows weakness

Intel shows weakness 09/02/2004 04:10 PM
ZDNet Sep 2 2004 9:00PM GMT

the permission society: stay free!
stories

the permission society: stay free!
stories 06/24/2005 07:26 PM
Stay Free! has a fantastically interesting s tory about the struggles of a film maker with the permission society.

Permission-based Content Notifications
in Plone

Permission-based Content Notifications
in Plone 03/11/2003 01:22 AM
Many sites need to be able to announce new content to their registered users. Wouldn't it be good if they did so only when the users have given them permission to do so and the content was genuinely of interest to each recipient? Here's a system for doing just that, using the Plone/Zope CMS.

SCO using Samba source code: permission
granted or not?

SCO using Samba source code: permission
granted or not? 12/07/2003 10:29 AM
I've never told anyone about this before. In 1997, I collaborated for a few weeks with one of the developers of VisionFS on decoding the NT Domain protocols. Both VisionFS and Samba are windows-compatible file, print and login servers.

The issue is that whilst our cooperation accelerated the understanding of NT Domains, SCO's developer sent me some of his code, and the implicit understanding was that he would be able to copy mine.

However, no such agreements were actually in place...

Notes and Tips: File Permission Problems

Notes and Tips: File Permission Problems 05/20/2004 10:03 AM
Apple updates its help file for dealing with all-too-common file-permission problems in Mac OS X.

Researchers spot XP SP2 security
weakness

Researchers spot XP SP2 security
weakness 08/20/2004 08:22 AM
vnunet.com Aug 20 2004 12:25PM GMT

McAfee sees accounting weakness

McAfee sees accounting weakness 04/04/2005 08:22 AM
Another tech company that can't keep the books

No weakness in IT expat salaries: Survey

No weakness in IT expat salaries: Survey 12/09/2003 08:25 AM
CNET Asia Dec 9 2003 7:43AM ET

Weakness in Passphrase Choice in WPA
Interface

Weakness in Passphrase Choice in WPA
Interface 11/04/2003 02:32 PM
By Robert MoskowitzSenior Technical DirectorICSA Labs, a division of TruSecure Corp Use of PSK as the key establishment method WPA and 802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. A PSK is a 256 bit number or a passphrase 8 to 63 bytes long. Each station MAY have its own PSK, tied to its MAC address. To date, vendors are only providing for one PSK for an ESS, just as they do for WEP keying. When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. There is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK. This paper will look into the risks of using a PSK and particularly the risk associated with a passphrase-based PSK. How the PSK is used in WPA and 802.11i The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows: PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256) Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation. The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable. The Intra-PSK attack The normal practice is to have a single PSK within an ESS. To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the...

Wi-Fi's new security standard has a
weakness

Wi-Fi's new security standard has a
weakness 11/04/2003 03:37 PM
BoingBoing pal Glenn Fleishman writes:

I wrote a piece yesterday for the Mac journal TidBITS about the recently released implementation of Wi-Fi Protected Access (WPA) in the AirPort Extreme product line from Apple. WPA replaces WEP by fixing its various holes. That article drew a response from Robert Moskowitz, long-time wireless security expert, who sent me a paper and his permission to post it about a serious weakness in the consumer version of WPA: if you choose short keys that are comprised of real words, WPA keys can be easily broken through passive access to a network.

I've written this up and posted his paper here. Interestingly, the problem is all at the presentation layer, not at the encryption layer. It's a flaw with how manufacturers are offering users the chance to create and enter WPA keys, and thus could be easily fixed with a driver update -- no firmware necessary.

This Deal Might Reveal Cisco's Weakness

This Deal Might Reveal Cisco's Weakness 06/13/2004 11:02 PM
Business Week Jun 14 2004 2:54AM GMT

Re: Inexcusable weakness in Kmail /
GnuPG

Re: Inexcusable weakness in Kmail /
GnuPG 12/25/2004 05:09 PM
Simple Nomad (Dec 23 2004)

U.S. Economic Gauge Signals Weakness

U.S. Economic Gauge Signals Weakness 09/23/2004 04:04 PM
Reuters via Wired News Sep 23 2004 7:31PM GMT

Boeing asks government for permission to
harass seals

Boeing asks government for permission to
harass seals 04/08/2005 06:36 PM
Blog: Boeing has asked the U.S. government for permission to harass Pacific seals. It's no joke. The defense contractor...

House panel passes spyware permission
bill

House panel passes spyware permission
bill 06/17/2004 08:56 PM
No more sneaking monitoring software onto people's PCs if this becomes law.

Sun Java Predictable File Location
Weakness

Sun Java Predictable File Location
Weakness 07/13/2004 10:33 AM
“A weakness has been reported in Sun Java, allowing malicious websites to write arbitrary content to a file with an easily guessable name….Solution: Use another browser than Microsoft Internet Explorer. Alternatively disable Active Scripting in Internet Explorer. If you do not use Internet Explorer, this issue is not considered a security problem.”
Grok Description matches for aterm 0.4.2 tty permission weakness
GrokA matches for aterm 0.4.2 tty permission weakness

aterm 0.4.2 tty permission weakness

The following phrases have been identified by the grok system as matching this entry: