Re: aterm 0.4.2 tty permission weakness
Grok Headline matches for Re: aterm 0.4.2 tty permission weakness
aterm 0.4.2 tty permission weakness
aterm 0.4.2 tty permission weakness
07/13/2004 06:40 PMMaarten Tielemans (Jul 13 2004)
Re: [security] aterm 0.4.2 tty
permission weakness
Re: [security] aterm 0.4.2 tty
permission weakness
07/15/2004 05:20 PMlorenzo (Jul 14 2004)
Linux VServer procfs Permission Weakness
Linux VServer procfs Permission Weakness
07/07/2004 04:44 AM“Veit Wahlich has reported a weakness in Linux VServer, which
can be exploited by certain malicious, local users to cause a DoS
(Denial of Service) or gain knowledge of sensitive information. The
vulnerability is caused due to weak permissions on procfs, which
allows a privileged user on a virtual server to manipulate the
permissions on “/proc” for all virtual servers or gain
knowledge of information related to other virtual
servers….Solution: Update to version 1.28.”
multi-aterm 0.2.1
multi-aterm 0.2.1
09/03/2004 01:59 PMA multi-tab X terminal emulator based on aterm.
"used without permission. please don't
sue us."
"used without permission. please don't
sue us."
02/10/2004 02:53 AMA Peanuts (re)
Mix.
Permission Marketing
Permission Marketing
05/24/2002 11:27 AMSiniS 0.1a (Permission GUI)
SiniS 0.1a (Permission GUI)
08/29/2004 03:47 AMA CVS user access and operations permission tool.
SiniS alpha (Permission GUI)
SiniS alpha (Permission GUI)
06/21/2004 07:36 AMA CVS user access and operations permission tool.
how to implement a permission system in
a CMS ?
how to implement a permission system in
a CMS ?
01/22/2003 06:39 PMI'm currently coding (yet another) content management system with
PHP/MySQL. As any modern CMS, mine got users. Now I need to implement
the 'permissions' system. Basically it's a flag recorded in the
database, allowing or not user 'x' to do action 'y' on the website.
I can see every 'piece of information' in a CMS as an 'element'. That
is, blogs of course, links, files, users, all is recorded in the same
table with a 'type' attribute describing element type and allowing
code to fetch and display correctly the element content.
Why new US passports can be read without
permission
Why new US passports can be read without
permission
04/14/2005 12:47 PMCory Doctorow:
Yesterday at the Computers, Freedom and Privacy conference in Seattle,
Ed Felten cornered a State Department Fed who was there to advocate
for passports enabled with RFID chips that will make it possible to
track Americans as they wander the streets of foreign cities, and for
terrorists and crooks to target American citizens by detecting the
signature radio-pulses their passports give off. Ed asked the Fed why
the US needed remotely readable passports, instead of passports with
smart-cards or other "contact-read" technologies in them? The Fed's
responses are hilariously lame:
In the Q&A session, I asked Mr. Moss directly why the decision was
made to use a remotely readable chip rather than one that can only be
read by physical contact. Technically, this decision is nearly
indefensible, unless one wants to be able to read passports without
notifying their owners -- which, officially at least, is not a goal of
the U.S. government's program. Mr. Moss gave a pretty weak answer,
which amounted to an assertion that it would have been too difficult
to agree on a standard for contact-based reading of passports. This
wasn't very convincing, since the smart-card standard could be applied
to passports nearly as-is -- the only change necessary would be to
specify exactly where on the passport the smart-card contacts would
be. The standardization and security problems associated with
contactless cards seem to be much more serious.
After the panel, I discussed this issue with Kenn Cukier of The
Economist, who has followed the development of this technology for a
while and has a good perspective on how we reached the current state.
It seems that the decision to use contactless technology was made
without fully understanding its consequences, relying on technical
assurances from people who had products to sell. Now that the problems
with that decision have become obvious, it's late in the process and
would be expensive and embarrassing to back out. In short, this looks
like another flawed technology procurement program.
LinkWindows XP SP1 Share Permission Changes
Windows XP SP1 Share Permission Changes
05/25/2004 10:18 PMTiVo Gets Permission To Innovate
TiVo Gets Permission To Innovate
08/04/2004 01:33 PMWhile it's good news that
the FCC
has given TiVo permission to offer their TiVoToGo service it still
raises serious questions about why
any company should need to
ask
for permission to offer an innovative service? It sets a bad
precedent for the entire industry.
Permission-Free Prison
Permission-Free Prison
05/16/2004 07:55 AM Fascinating article by Seymour "Next Pulitzer a-Comin'" Hersh in this
week's New Yorker. It alleges that the abuses at Abu Ghraib happened
because a "special-access program" established by Rumsfeld to
authorize quick-response kill/capture/interrogate operations took hold
there. Hersh does not allege that Rumsfeld knew of or authorized the
particular abuses, only that his program of secret, rough
interrogation enabled them. But it's a far more nuanced article than
I'm letting on. And, of course, it's well-told....
Why Does TiVo Need Permission To
Innovate?
Why Does TiVo Need Permission To
Innovate?
08/02/2004 04:42 AMA couple weeks ago, we had the story of the MPAA and the NFL trying to
force
TiVo to stop its plans to add new features to their devices that
would let a user send a recorded program to another device. While we
discussed why this was a ridiculous move by both the MPAA and the NFL,
a reporter at the Washington Post is now going one step further and
pointing out that the real travesty is the fact that
TiVo suddenly needs to ask permission from the
government to innovate. The ability of companies to continually
innovate and reinvent markets based on free and open competition is
what helps drive this economy. When companies need to ask permission
to add innovative features, and that permission needs to go through
other companies, we're destroying our ability to innovate
competitively. Instead, companies outside of this country will build
new systems with features that consumers actually want, while systems
here are held back by regulations that serve no other purpose than to
protect an adjacent industry that refuses to change with the times.
It's the worst form of protectionism -- since no one will even admit
that it's protectionism. And, like all attempts at protectionism, the
end result will be much worse for those these rules supposedly
protect.
Permission-only e-mail scheme says no to
spam
Permission-only e-mail scheme says no to
spam
04/09/2005 07:58 AMChicago Tribune Apr 9 2005 11:20AM GMT
Giving and receiving authorization and
permission
Giving and receiving authorization and
permission
04/09/2004 04:02 PMWe've been exploring the key concepts of identity management as
promulgated by the Open Group in a recent white paper (link below).
Today our topic is authorization and permission management.
IBM DB2 Windows Permission Problems
(#NISR05012005F)
IBM DB2 Windows Permission Problems
(#NISR05012005F)
01/05/2005 06:39 PMNGSSoftware Insight Security Research (Jan 05 2005)
Unsecure file permission of ZoneAlarm
pro.
Unsecure file permission of ZoneAlarm
pro.
08/20/2004 04:07 PMBipin Gautam (Aug 19 2004)
Re: Unsecure file permission of
ZoneAlarm pro.
Re: Unsecure file permission of
ZoneAlarm pro.
08/27/2004 01:32 PMBipin Gautam (Aug 22 2004)
Core Technology Exports Need Permission
Core Technology Exports Need Permission
09/19/2004 04:01 AMHankooki Sep 19 2004 8:37AM GMT
Serious TCP Weakness Identified
(26-Apr-2004; 10.4K)
Serious TCP Weakness Identified
(26-Apr-2004; 10.4K)
04/26/2004 09:53 PMSales Weakness From InterMune
Sales Weakness From InterMune
04/30/2004 01:43 PMActimmune is stumbling without data to support its use.
FTC peers through Windows weakness
FTC peers through Windows weakness
11/06/2003 11:10 AMZDNet Nov 6 2003 9:52AM ET
Intel shows weakness
Intel shows weakness
09/02/2004 04:10 PMZDNet Sep 2 2004 9:00PM GMT
the permission society: stay free!
stories
the permission society: stay free!
stories
06/24/2005 07:26 PMStay Free! has a
fantastically interesting
s
tory about the struggles of a film maker with the permission
society.
Permission-based Content Notifications
in Plone
Permission-based Content Notifications
in Plone
03/11/2003 01:22 AMMany sites need to be able to announce new content to their registered
users. Wouldn't it be good if they did so only when the users have
given them permission to do so and the content was genuinely of
interest to each recipient? Here's a system for doing just that, using
the Plone/Zope CMS.
SCO using Samba source code: permission
granted or not?
SCO using Samba source code: permission
granted or not?
12/07/2003 10:29 AMI've never told anyone about this before. In 1997, I collaborated for
a few weeks with one of the developers of VisionFS on decoding the NT
Domain protocols. Both VisionFS and Samba are windows-compatible
file, print and login servers.
The issue is that whilst our cooperation accelerated the
understanding of NT Domains, SCO's developer sent me some of his code,
and the implicit understanding was that he would be able to copy mine.
However, no such agreements were actually in place...
Notes and Tips: File Permission Problems
Notes and Tips: File Permission Problems
05/20/2004 10:03 AMApple updates its help file for dealing with all-too-common
file-permission problems in Mac OS X.
Researchers spot XP SP2 security
weakness
Researchers spot XP SP2 security
weakness
08/20/2004 08:22 AMvnunet.com Aug 20 2004 12:25PM GMT
McAfee sees accounting weakness
McAfee sees accounting weakness
04/04/2005 08:22 AMAnother tech company that can't keep the books
No weakness in IT expat salaries: Survey
No weakness in IT expat salaries: Survey
12/09/2003 08:25 AMCNET Asia Dec 9 2003 7:43AM ET
Weakness in Passphrase Choice in WPA
Interface
Weakness in Passphrase Choice in WPA
Interface
11/04/2003 02:32 PMBy Robert MoskowitzSenior Technical DirectorICSA Labs, a division of
TruSecure Corp Use of PSK as the key establishment method WPA and
802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X
based key establishment. A PSK is a 256 bit number or a passphrase 8
to 63 bytes long. Each station MAY have its own PSK, tied to its MAC
address. To date, vendors are only providing for one PSK for an ESS,
just as they do for WEP keying. When a PSK is used instead of 802.1X,
the PSK is the Pairwise Master Key (PMK) that is used to drive the
4-way handshake and the whole Pairwise Transient Key (PTK) keying
hierarchy. There is a straightforward formula for converting a
passphrase PSK to the 256-bit value needed for the PMK. This paper
will look into the risks of using a PSK and particularly the risk
associated with a passphrase-based PSK. How the PSK is used in WPA and
802.11i The PSK provides an easily implemented alternative for the PMK
as compared to using 802.1X to generate a PMK. A 256bit PSK is used
directly as the PMK. When the PSK is a passphrase, the PMK is derived
from the passphrase as follows: PMK = PBKDF2(passphrase, ssid,
ssidLength, 4096, 256) Where the PBKDF2 method is from PKCS #5 v2.0:
Password-based Cryptography Standard. This means that the concatenated
string of the passphrase, SSID, and the SSIDlength is hashed 4096
times to generate a value of 256 bits. The lengths of the passphrase
and the SSID have little impact on the speed of this operation. The
PTK is a keyed-HMAC function using the PMK on the two MAC addresses
and the two nonces from the first two packets of the 4-Way Handshake.
This is why the whole keying hierarchy falls into the hands of anyone
possessing the PSK, as all the other information is knowable. The
Intra-PSK attack The normal practice is to have a single PSK within an
ESS. To generate any PTK, a device only needs to learn the two MAC
addresses and nonces (and the selected ciphersuite). All of this is
available in the initial exchange, from the ASSOCIATE through the
4-Way Handshake. Any device can passively listen for these frames and
then generate the PTK. If the device missed these frames, it can send
a DISASSOCIATE against the STA and force the STA to perform the...
Wi-Fi's new security standard has a
weakness
Wi-Fi's new security standard has a
weakness
11/04/2003 03:37 PMBoingBoing pal
Glenn Fleishman
writes:
I wrote a piece yesterday for the Mac journal TidBITS about the
recently released implementation of Wi-Fi Protected Access (WPA) in
the AirPort Extreme product line from Apple. WPA replaces WEP by
fixing its various holes. That article drew a response from Robert
Moskowitz, long-time wireless security expert, who sent me a paper and
his permission to post it about a serious weakness in the consumer
version of WPA: if you choose short keys that are comprised of real
words, WPA keys can be easily broken through passive access to a
network. I've written this up and posted his paper here.
Interestingly, the problem is all at the presentation layer, not at
the encryption layer. It's a flaw with how manufacturers are offering
users the chance to create and enter WPA keys, and thus could be
easily fixed with a driver update -- no firmware
necessary.
This Deal Might Reveal Cisco's Weakness
This Deal Might Reveal Cisco's Weakness
06/13/2004 11:02 PMBusiness Week Jun 14 2004 2:54AM GMT
Re: Inexcusable weakness in Kmail /
GnuPG
Re: Inexcusable weakness in Kmail /
GnuPG
12/25/2004 05:09 PMSimple Nomad (Dec 23 2004)
U.S. Economic Gauge Signals Weakness
U.S. Economic Gauge Signals Weakness
09/23/2004 04:04 PMReuters via Wired News Sep 23 2004 7:31PM GMT
Boeing asks government for permission to
harass seals
Boeing asks government for permission to
harass seals
04/08/2005 06:36 PMBlog: Boeing has asked the U.S. government for permission to harass
Pacific seals.
It's no joke. The defense contractor...
House panel passes spyware permission
bill
House panel passes spyware permission
bill
06/17/2004 08:56 PMNo more sneaking monitoring software onto people's PCs if this becomes
law.
Sun Java Predictable File Location
Weakness
Sun Java Predictable File Location
Weakness
07/13/2004 10:33 AM“A weakness has been reported in Sun Java, allowing malicious
websites to write arbitrary content to a file with an easily guessable
name….Solution: Use another browser than Microsoft Internet
Explorer. Alternatively disable Active Scripting in Internet
Explorer. If you do not use Internet Explorer, this issue is not
considered a security problem.”
Grok Description matches for Re: aterm 0.4.2 tty permission weakness
GrokA matches for Re: aterm 0.4.2 tty permission weakness
Re: aterm 0.4.2 tty permission weakness
