From owner-freebsd-security Thu May 31 16:30:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from f-control.area51.dk (f-control.area51.dk [213.237.108.10]) by hub.freebsd.org (Postfix) with SMTP id 025D637B424 for ; Thu, 31 May 2001 16:30:25 -0700 (PDT) (envelope-from a@f-control.area51.dk) Received: (qmail 35821 invoked by uid 1007); 31 May 2001 23:30:41 -0000 Date: Fri, 1 Jun 2001 01:30:41 +0200 From: Alex Holst To: freebsd-security@freebsd.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601013041.A32818@area51.dk> Mail-Followup-To: Alex Holst , freebsd-security@freebsd.org References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brian@collab.net on Thu, May 31, 2001 at 04:23:33PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Quoting Brian Behlendorf (brian@collab.net): > On Thu, 31 May 2001, Cy Schubert - ITSD Open Systems Group wrote: > > Some of you might be interested in this. > > If anyone has any questions about this, I'm happy to answer them. It's > always the stupid things (not finishing the upgrade of openssh to 2.3.0 > when the advisory came out - no points for a "make buildworld" without a > corresponding "make installworld"!) that catch you. That should be verified often with scanssh or something similar. I was surprised when I read about the compromise, because it gives the impression that people are still using passwords (as opposed to keys with passphrases) for authentication in this day and age. Is that correct? If so, why is that? -- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow. http://a.area51.dk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message