From owner-freebsd-security@FreeBSD.ORG Wed Feb 4 15:42:25 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8CAF91065676 for ; Wed, 4 Feb 2009 15:42:25 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from smtp.3dresearch.com (dorabella.3dresearch.com [66.167.251.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5ED038FC13 for ; Wed, 4 Feb 2009 15:42:25 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from fracasso.3dresearch.com (pool-96-236-181-134.pitbpa.east.verizon.net [96.236.181.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vmail.3dresearch.com (Postfix) with ESMTP id F05A2D5128 for ; Wed, 4 Feb 2009 10:03:39 -0500 (EST) Received: from fracasso.3dresearch.com (fracasso.3dresearch.com [10.61.70.2]) by fracasso.3dresearch.com (Postfix) with ESMTP id 132AB17267 for ; Wed, 4 Feb 2009 10:03:39 -0500 (EST) From: Janos Dohanics Organization: 3D RESEARCH To: freebsd-security@freebsd.org Date: Wed, 4 Feb 2009 10:03:38 -0500 User-Agent: KMail/1.9.7 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200902041003.38182.web@3dresearch.com> Subject: OT - Heartland Payment Systems X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Feb 2009 15:42:25 -0000 I came across this today: http://information-security-resources.com/2009/01/29/did-heartland-ceo-make= =2Dinsider-trades/ The article discusses some questions about the security breach which occurr= ed=20 at Heartland Payment Systems. Among other things, the article says: =E2=80=9CSomehow, these guys went directly to the base level of the machine= (to an=20 area) that was not part of the file table for the disk=E2=80=9D =E2=80=9CSomehow, they got around the operating system." I'm wondering what is suggested here? =2D-=20 Janos Dohanics From owner-freebsd-security@FreeBSD.ORG Thu Feb 5 03:08:24 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A895A106564A for ; Thu, 5 Feb 2009 03:08:24 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id 2CBC98FC1C for ; Thu, 5 Feb 2009 03:08:23 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n152f6dU063776; Thu, 5 Feb 2009 13:41:06 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 5 Feb 2009 13:41:06 +1100 (EST) From: Ian Smith To: Janos Dohanics In-Reply-To: <200902041003.38182.web@3dresearch.com> Message-ID: <20090205132745.S38905@sola.nimnet.asn.au> References: <200902041003.38182.web@3dresearch.com> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1291112551-1233801666=:38905" Cc: freebsd-security@freebsd.org Subject: Re: OT - Heartland Payment Systems X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2009 03:08:25 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1291112551-1233801666=:38905 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Wed, 4 Feb 2009, Janos Dohanics wrote: > I came across this today: > > http://information-security-resources.com/2009/01/29/did-heartland-ceo-make-insider-trades/ > > The article discusses some questions about the security breach which occurred > at Heartland Payment Systems. Among other things, the article says: > > ˙˙Somehow, these guys went directly to the base level of the machine (to an > area) that was not part of the file table for the disk˙˙ > > ˙˙Somehow, they got around the operating system." > > I'm wondering what is suggested here? Apart from poor grammar, to me it suggests that they're trying really hard to not reveal which version of Windows they're running .. Ian --0-1291112551-1233801666=:38905-- From owner-freebsd-security@FreeBSD.ORG Thu Feb 5 09:31:07 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 784BD1065675 for ; Thu, 5 Feb 2009 09:31:07 +0000 (UTC) (envelope-from BORJAMAR@SARENET.ES) Received: from proxypop1.sarenet.es (proxypop1.sarenet.es [194.30.0.99]) by mx1.freebsd.org (Postfix) with ESMTP id 3A17E8FC0C for ; Thu, 5 Feb 2009 09:31:06 +0000 (UTC) (envelope-from BORJAMAR@SARENET.ES) Received: from [127.0.0.1] (matahari.sarenet.es [192.148.167.18]) by proxypop1.sarenet.es (Postfix) with ESMTP id B13F55CAF for ; Thu, 5 Feb 2009 10:15:15 +0100 (CET) Message-Id: <5F581D71-E6BF-487D-91F0-67EA6A21BA6E@SARENET.ES> From: Borja Marcos To: freebsd-security@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Thu, 5 Feb 2009 10:15:15 +0100 X-Mailer: Apple Mail (2.930.3) Subject: MAC subsystem and ZFS? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2009 09:31:08 -0000 Hello, I'm trying to upgrade the configuration of some web services, already using the MAC subsystem, to use ZFS instead of UFS, but I see that ZFS doesn't support MAC labels, even for a whole filesystem, which would be fine for me, I don't need multilabel support. Any ideas? Have I missed anything? Borja. From owner-freebsd-security@FreeBSD.ORG Sat Feb 7 22:21:54 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7B581065678 for ; Sat, 7 Feb 2009 22:21:54 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id C40408FC0A for ; Sat, 7 Feb 2009 22:21:54 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 503B146B03; Sat, 7 Feb 2009 17:21:54 -0500 (EST) Date: Sat, 7 Feb 2009 22:21:54 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Borja Marcos In-Reply-To: <5F581D71-E6BF-487D-91F0-67EA6A21BA6E@SARENET.ES> Message-ID: References: <5F581D71-E6BF-487D-91F0-67EA6A21BA6E@SARENET.ES> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: MAC subsystem and ZFS? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2009 22:21:55 -0000 On Thu, 5 Feb 2009, Borja Marcos wrote: > I'm trying to upgrade the configuration of some web services, already using > the MAC subsystem, to use ZFS instead of UFS, but I see that ZFS doesn't > support MAC labels, even for a whole filesystem, which would be fine for me, > I don't need multilabel support. > > Any ideas? Have I missed anything? Hmmm. Sounds like a bug -- all file systems should be able to operate in single-label mode, even if they don't support EAs and multilabel mode. Could you describe the symptoms you're experiencing in a bit more detail? Robert N M Watson Computer Laboratory University of Cambridge