Date: Fri, 1 Jun 2001 01:30:41 +0200 From: Alex Holst <a@area51.dk> To: freebsd-security@freebsd.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601013041.A32818@area51.dk> In-Reply-To: <Pine.BSF.4.31.0105311621290.52261-100000@localhost>; from brian@collab.net on Thu, May 31, 2001 at 04:23:33PM -0700 References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> <Pine.BSF.4.31.0105311621290.52261-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Brian Behlendorf (brian@collab.net): > On Thu, 31 May 2001, Cy Schubert - ITSD Open Systems Group wrote: > > Some of you might be interested in this. > > If anyone has any questions about this, I'm happy to answer them. It's > always the stupid things (not finishing the upgrade of openssh to 2.3.0 > when the advisory came out - no points for a "make buildworld" without a > corresponding "make installworld"!) that catch you. That should be verified often with scanssh or something similar. I was surprised when I read about the compromise, because it gives the impression that people are still using passwords (as opposed to keys with passphrases) for authentication in this day and age. Is that correct? If so, why is that? -- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow. http://a.area51.dk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601013041.A32818>