Security" : Dictionary / Wörterbuch (BEOLINGUS, TU Chemnitz)

Proverbs, aphorisms, quotations (English)	by Linux fortune

"Note that if I can get you to \"su and say\" something just by asking, you have a very serious security problem on your system and you should look into it." (By Paul Vixie, vixie-cron 3.0.1 installation notes)
Multics is security spelled sideways.
Security check: INTRUDER ALERT!
So you see Antonio, why worry about one little core dump, eh? In reality all core dumps happen at the same instant, so the core dump you will have tomorrow, why, it already happened. You see, it's just a little universal recursive joke which threads our lives through the infinite potential of the instant. So go to sleep, Antonio, your thread could break any moment and cast you out of the safe security of the instant into the dark void of eternity, the anti-time. So go to sleep...
Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984
To date, the firm conclusions of Project Blue Book are: 1. no unidentified flying object reported, investigated and evaluated by the Air Force has ever given any indication of threat to our national security; 2. there has been no evidence submitted to or discovered by the Air Force that sightings categorized as UNIDENTIFIED represent technological developments or principles beyond the range of present-day scientific knowledge; and 3. there has been no evidence indicating that sightings categorized as UNIDENTIFIED are extraterrestrial vehicles. - the summary of Project Blue Book, an Air Force study of UFOs from 1950 to 1965, as quoted by James Randi in Flim-Flam!
"Security is mostly a superstition. It does not exist in nature... Life is either a daring adventure or nothing." -- Helen Keller
"You shouldn't make my toaster angry." -- Household security explained in "Johnny Quest"
"A commercial, and in some respects a social, doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discus- sion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fal- lacy. Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lockpicking long before locksmiths discussed it among them- selves, as they have lately done. If a lock -- let it have been made in what- ever country, or by whatever maker -- is not so inviolable as it has hitherto been deemed to be, surely it is in the interest of honest persons to know this fact, because the dishonest are tolerably certain to be the first to apply the knowledge practically; and the spread of knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too ear- nestly urged, that an acquaintance with real facts will, in the end, be better for all parties." -- Charles Tomlinson's Rudimentary Treatise on the Construction of Locks, published around 1850
"They know your name, address, telephone number, credit card numbers, who ELSE is driving the car "for insurance", ... your driver's license number. In the state of Massachusetts, this is the same number as that used for Social Security, unless you object to such use. In THAT case, you are ASSIGNED a number and you reside forever more on the list of "weird people who don't give out their Social Security Number in Massachusetts." -- Arthur Miller
"Perhaps I am flogging a straw herring in mid-stream, but in the light of what is known about the ubiquity of security vulnerabilities, it seems vastly too dangerous for university folks to run with their heads in the sand." -- Peter G. Neumann, RISKS moderator, about the Internet virus
"... gentlemen do not read each other's mail." -- Secretary of State Henry Stimson, on closing down the Black Chamber, the precursor to the National Security Agency.
National security is in your hands - guard it well.
Signs of crime: screaming or cries for help. -- The Brown University Security Crime Prevention Pamphlet
Surprise! You are the lucky winner of random I.R.S. Audit! Just type in your name and social security number. Please remember that leaving the room is punishable under law: Name #
The Worst Prison Guards The largest number of convicts ever to escape simultaneously from a maximum security prison is 124. This record is held by Alcoente Prison, near Lisbon in Portugal. During the weeks leading up to the escape in July 1978 the prison warders had noticed that attendances had fallen at film shows which included "The Great Escape", and also that 220 knives and a huge quantity of electric cable had disappeared. A guard explained, "Yes, we were planning to look for them, but never got around to it." The warders had not, however, noticed the gaping holes in the wall because they were "covered with posters". Nor did they detect any of the spades, chisels, water hoses and electric drills amassed by the inmates in large quantities. The night before the breakout one guard had noticed that of the 36 prisoners in his block only 13 were present. He said this was "normal" because inmates sometimes missed roll-call or hid, but usually came back the next morning. "We only found out about the escape at 6:30 the next morning when one of the prisoners told us," a warder said later. [...] When they eventually checked, the prison guards found that exactly half of the gaol's population was missing. By way of explanation the Justice Minister, Dr. Santos Pais, claimed that the escape was "normal" and part of the "legitimate desire of the prisoner to regain his liberty." -- Stephen Pile, "The Book of Heroic Failures"
There is no security on this earth. There is only opportunity. -- General Douglas MacArthur
A hypothetical paradox: What would happen in a battle between an Enterprise security team, who always get killed soon after appearing, and a squad of Imperial Stormtroopers, who can't hit the broad side of a planet? -- Tom Galloway
MAFIA, n: [Acronym for Mechanized Applications in Forced Insurance Accounting.] An extensive network with many on-line and offshore subsystems running under OS, DOS, and IOS. MAFIA documentation is rather scanty, and the MAFIA sales office exhibits that testy reluctance to bona fide inquiries which is the hallmark of so many DP operations. From the little that has seeped out, it would appear that MAFIA operates under a non-standard protocol, OMERTA, a tight-lipped variant of SNA, in which extended handshakes also perform complex security functions. The known timesharing aspects of MAFIA point to a more than usually autocratic operating system. Screen prompts carry an imperative, nonrefusable weighting (most menus offer simple YES/YES options, defaulting to YES) that precludes indifference or delay. Uniquely, all editing under MAFIA is performed centrally, using a powerful rubout feature capable of erasing files, filors, filees, and entire nodal aggravations. -- Stan Kelly-Bootle, "The Devil's DP Dictionary"
Boomer Envy: Envy of material wealth and long-range material security accrued by older members of the baby boom generation by virtue of fortunate births. -- Douglas Coupland, "Generation X: Tales for an Accelerated Culture"
Biggest security gap -- an open mouth.
Don't guess -- check your security regulations.
Q: How many members of the U.S.S. Enterprise does it take to change a light bulb? A: Seven. Scotty has to report to Captain Kirk that the light bulb in the Engineering Section is getting dim, at which point Kirk will send Bones to pronounce the bulb dead (although he'll immediately claim that he's a doctor, not an electrician). Scotty, after checking around, realizes that they have no more new light bulbs, and complains that he "canna" see in the dark. Kirk will make an emergency stop at the next uncharted planet, Alpha Regula IV, to procure a light bulb from the natives, who, are friendly, but seem to be hiding something. Kirk, Spock, Bones, Yeoman Rand and two red shirt security officers beam down to the planet, where the two security officers are promply killed by the natives, and the rest of the landing party is captured. As something begins to develop between the Captain and Yeoman Rand, Scotty, back in orbit, is attacked by a Klingon destroyer and must warp out of orbit. Although badly outgunned, he cripples the Klingon and races back to the planet in order to rescue Kirk et. al. who have just saved the natives' from an awful fate and, as a reward, been given all light bulbs they can carry. The new bulb is then inserted and the Enterprise continues on its five year mission.
"Yo, Mike!" "Yeah, Gabe?" "We got a problem down on Earth. In Utah." "I thought you fixed that last century!" "No, no, not that. Someone's found a security problem in the physics program. They're getting energy out of nowhere." "Blessit! Lemme look... <tappity clickity tappity> Hey, it's there all right! OK, just a sec... <tappity clickity tap... save... compile> There, that ought to patch it. Dist it out, wouldja?" -- Cold Fusion, 1989
After a while you learn the subtle difference Between holding a hand and chaining a soul, And you learn that love doesn't mean security, And you begin to learn that kisses aren't contracts And presents aren't promises And you begin to accept your defeats With your head up and your eyes open, With the grace of a woman, not the grief of a child, And you learn to build all your roads On today because tomorrow's ground Is too uncertain. And futures have A way of falling down in midflight, After a while you learn that even sunshine burns if you get too much. So you plant your own garden and decorate your own soul, instead of waiting For someone to bring you flowers. And you learn that you really can endure... That you really are strong, And you really do have worth And you learn and learn With every goodbye you learn. -- Veronic Shoffstall, "Comes the Dawn"
Just a song before I go, Going through security To whom it may concern, I held her for so long. Traveling twice the speed of sound She finally looked at me in love, It's easy to get burned. And she was gone. When the shows were over Just a song before I go, We had to get back home, A lesson to be learned. And when we opened up the door Traveling twice the speed of sound I had to be alone. It's easy to get burned. She helped me with my suitcase, She stands before my eyes, Driving me to the airport And to the friendly skies. -- Crosby, Stills, Nash, "Just a Song Before I Go"
Be security conscious -- National defense is at stake.
Several years ago, an international chess tournament was being held in a swank hotel in New York. Most of the major stars of the chess world were there, and after a grueling day of chess, the players and their entourages retired to the lobby of the hotel for a little refreshment. In the lobby, some players got into a heated argument about who was the brightest, the fastest, and the best chess player in the world. The argument got quite loud, as various players claimed that honor. At that point, a security guard in the lobby turned to another guard and commented, "If there's anything I just can't stand, it's chess nuts boasting in an open foyer."
You Might be a Microsoft Employee If... 1. When a Microsoft program crashes for the millionth time, you say "Oh, well!" and reboot without any negative thoughts 2. The Windows 95 startup screen (the clouds) makes you feel all warm and fuzzy inside 3. You fully understand why Windows 95's Shutdown Option has to be accessed from the Start Menu 4. You believe Internet Explorer's security flaws were slipped in by a crack team of Netscape programmers 5. You keep valuable papers near your fireplace. Therefore, you are comfortable with Windows 95's "may-delete-it-at-anytime" philosophy 6. You're the Bob that Microsoft Bob was named after 7. Instead of "I'd rather be fishing," your bumper sticker says, "I'd rather be writing buggy Microsoft code" 8. You know the technical difference between OLE 1.0 and OLE 2.0 9. You've ever completed your income taxes while waiting for Windows 95 to boot, and didn't think anything of it 10. You run Solitaire more than any other program, and therefore you consider your computer a Dedicated Solitaire Engine (DSE)
Windows 2000 is more secure than Linux... Since the machine is offline half of the time because of crashes, it cannot be accessed globally, therefore producing higher security. -- From a Slashdot.org post
Hear me out. Linux is Microsoft's main competition right now. Because of this we are forcing them to "innovate", something they would usually avoid. Now if MS Bob has taught us anything, Microsoft is not a company that should be innovating. When they do, they don't come up with things like "better security" or "stability", they come back with "talking paperclips", and "throw in every usless feature we can think of, memory footprint be dammed". Unfortunatly, they also come up with the bright idea of executing email. Now MIME attachments aren't enough, they want you to be able to run/open attachments right when you get them. This sounds like a good idea to people who believe renaming directories to folders made computing possible for the common man, but security wise it's like vigorously shaking a package from the Unibomber. So my friends, we are to blame. We pushed them into frantically trying to invent "necessary" features to stay on top, and look where it got us. Many of us are watching our beloved mail servers go down under the strain and rebuilding our company's PC because of our pointless competition with MS. I implore you to please drop Linux before Microsoft innovates again. -- From a Slashdot.org post in regards to the ILOVEYOU email virus
Linux Drinking Game (Abridged) With a group of friends, take turns reading articles about Linux from popular media sources (Ziff-Davis AnchorDesk is recommended) or postings on Usenet (try alt.fan.bill-gates). If the author says one of the things below, take a drink. Continue until everyone involved is plastered. - Linux will never go mainstream - Any platform that can't run Microsoft Office [or some other Microsoft "solution"] sucks - Linux is hard to install - Linux tech support is lacking - No one ever got fired for choosing Microsoft - Any OS with a command line interface is primitive - Microsoft is an innovative company - Could you get fired for choosing Linux? - Linux was created by a bunch of snot-nosed 14 year old hackers with acne and no life - Security through obscurity is the way to go - Linus and Unix are 70s technology while NT is 90s technology - All Linux software must be released under the GPL - Linux is a great piece of shareware
Humorix Holiday Gift Idea #9 Dial-A-Detective $499.95/year; 1-888-BYE-SPAM This detective firm is not what you'd expect. Instead of tracking murderers or unfaithful husbands, this band of rogue private investigators goes after something just as sinister -- spammers. For a modest annual retainer fee, these spam detectives will track down the source of every piece of spam you receive. Using the latest in forensic technology, they will bring you the virtual scalp of the spammer -- their name, home address, social-security number, and, more importantly, credit card numbers. At this point you are free to pursue the evil spammer as you see fit. If your friend or relative is sick of receiving wave after wave of "Find Out Anything About Anyone" spams, give them a subscription to Dial-A-Detective, and they'll find out anything about any spammer -- for real.
Linux Advocacy Crackdown SHERIDAN, WY -- In an unprecedented blow to Linux advocacy, Aaron McAdams, an employee at the Sheridan Try-N-Save Discount Store, was fired last week. According to the store's general manager, McAdams was fired because "he constantly rearranged items on shelves so that Linux-related books and software boxes would be displayed more prominently than Windows merchandise." McAdams' boss added, "If he would have spent as much time actually working as he did hiding Windows books at the back of shelves, he wouldn't have received the pink slip." The general manager supplied Humorix with videotapes from the store's security cameras showing McAdams in action. In one scene, he takes a whole stack of "...For Dummies" books and buries them in the Cheap Romance section, an area of the store rarely visited by computer users. In another, McAdams can be plainly seen setting copies of Red Hat Linux in front of a large, eye-catching display of various Microsoft products at the front of the store. Finally, at one point McAdams can be seen slapping huge tags reading "DEMO DISPLAY BOX -- NOT AVAILABLE UNTIL 1999" on boxes of Windows 98. McAdams disputes his bosses accusations. "If he would spend more time actually working instead of peering over security camera footage for hours on end, this store might actually turn a profit for a change."
Attack of the Tuxissa Virus What started out as a prank posting to comp.os.linux.advocacy yesterday has turned into one of the most significant viruses in computing history. The creator of the virus, who goes by the moniker "Anonymous Longhair", modified the Melissa virus to install Linux on infected machines. "It's a work of art," one Linux advocate told Humorix after he looked through the Tuxissa virus source code. "This virus goes well beyond the feeble troublemaking of Melissa. It actually configures a UMSDOS partition on the user's hard drive and then downloads and installs a stripped-down version of Slackware Linux." The email message that the virus is attached to has the subject "Important Message About Windows Security". The text of the body says, "I want to let you know about some security problems I've uncovered in Windows 95/98/NT, Office 95/97, and Outlook. It's critically important that you protect your system against these attacks. Visit these sites for more information..." The rest of the message contains 42 links to sites about Linux and free software. Details on how the virus started are a bit sketchy. The "Anonymous Longhair" who created it only posted it to Usenet as an early April Fool's gag, demonstrating how easy it would be to mount a "Linux revolution".
The War Against Linux A significant obstacle on the path to Linux World Domination has emerged. A reactionary grass-roots movement has formed to fight, as they call it, "The War Against Linux". This movement, code-named "LinSux", is composed of people (mostly Microsoft stockholders and commercial software developers) who want to maintain the status quo. They are fighting back against the rise of Linux and free software which they see as a threat to their financial independence. The most damaging attack the LinSux folks have launched is "Three Mile Island", a Windows macro virus designed to inflict damage on computers that contain a partition devoted to a non-Microsoft OS. When the victim computer is booted into Windows, the virus activates and deletes any non-Microsoft partitions. Ironically, the many security flaws in Windows allow the virus to damage alternative operating systems but leave Windows unscathed. "The War Against Linux" has also been fought in more subtle ways. Time-tested methods of Linux advocacy have been turned into subtle forms of anti-Linux advocacy by the LinSux crowd. MSCEs are smuggling NT boxes into companies that predominantly use Linux or Unix. LinSux "freedom fighters" are rearranging books and software boxes on store shelves so that Microsoft offerings are displayed more prominently.
Is Linux A Finnish Conspiracy? WASHINGTON, DISTRICT OF CORRUPTION -- According to a report recently issued by the NSA (No Such Agency), Finland is now considered a national economic and security risk. "We don't trust the Finns... software written by these people could potentially contain backdoors that could undermine domestic security," the report states. In response to the news, US Senator Fatcatte (R-WA) has proposed a bill, the It's For The Children Act of 2000, that would ban all software written by native-born Finns. "It's time we take the Finnish threat seriously," Fatcatte said at a press conference. "Not only is Finn software a threat to domestic tranquility, but it could radically alter the computer industry, costing us thousands of jobs... and, more importantly, billions in tax revenue. We must prevent the Finns from subverting our economy with so-called 'open-source software'." He then asked, "Is anybody thinking of the children of programmers who will become unemployed when Finnish software overruns the country?"
Security Holes Found In Microsoft Easter Eggs REDMOND, WA -- It's damage control time for the Microsoft Marketing Machine. Not only have exploits been found in IE, Outlook, and even the Dancing Paper Clip, but now holes have been uncovered in Excel's Flight Simulator and Word's pinball game. "If you enter Excel 97's flight simulator and then hit the F1, X, and SysRq keys while reading a file from Drive A:, you automatically gain Administrator rights on Windows NT," explained the security expert who first discovered the problem. "And that's just the tip of the iceberg." Office 97 and 2000 both contain two hidden DLLs, billrulez.dll and eastereggs.dll, that are marked as "Safe for scripting" but are not. Arbitrary Visual BASIC code can be executed using these files. More disturbing, however, are the undocumented API calls "ChangeAllPasswordsToDefault", "OpenBackDoor", "InitiateBlueScreenNow", and "UploadRegistryToMicrosoft" within easter~1.dll. Microsoft spokesdroids have already hailed the problem as "an insignificant byproduct of Microsoft innovation."
"Brown Orifice" Is Only The Beginning Last week security holes were found in Netscape's Java implementation that allowed it to act as a web server. Earlier today, a hacker announced that he had found vulnerabilities in Mozilla M17 that allow it to operate as a web browser. And that's just the beginning. Said "3l337h4x0r", the discoverer of the M17 exploit, "This is quite a hack! By manipulating some internal functions, I was able to use M17 to actually surf the web. Slashdot and Humorix rendered beautifully." Mozilla engineers were stunned. "This shouldn't be possible. M17 contains a newsreader, a mail client, an instant messenger client, and a whole bunch of XUL acronymn-enriched stuff, but it shouldn't be able to handle HTTP or HTML. We haven't been planning on adding web-surfing functionality to Mozilla until M30... maybe M25 at the earliest. I suspect this whole thing is a hoax."
Look Out! It's Microsoft Outlook An old maxim in the Unix community states, "All programs expand until they can read mail... except Microsoft Outlook." Well, that's no longer true. By taking advantage of loopholes in several undocumented APIs, a team of geeks were able to transform Outlook from a virus-delivery system into an actual mail client. "It was quite a feat to accomplish this," said one of the geeks. "I mean, the rat's nest that is the Windows API can be used to frighten small children... or adults. And the frequency by which Outlook exploits are discovered is directly proportional to the number of times Bill Gates uses the word 'innovation'. But this is the first time somebody has discovered a beneficial exploit." Microsoft has vowed to release a patch to fix the uncovered security flaws. "We simply cannot tolerate unauthorized reverse engineering and hacking of our innovative solutions. Our Security Response Team will pull an all-nighter to eliminate these known issues."
Bill Gates Sends Out Desperate Plea For Help REDMOND -- In a shocking development, Chief Bloatware Architect Bill Gates admitted today that Microsoft is in severe financial difficulty and desperately needs donations to stay afloat through the next month. "The dismal state of the economy, the lackluster sales of Windows ME, and the pending anti-trust lawsuit have placed significant financial stress on Microsoft," Gates said at a press conference. "We can't continue to develop and maintain our innovative solutions without financial contributions from users like you." The company spent the remaining $10,000 in its coffers to send out letters to registered Windows users pleading for donations. "For just pennies a day, you can help support the world's most innovative company in its quest to discover the cure for the Blue Screen of Death," the letter announces. "Or you can help fund research and development into improving the security of our products against such sinister forces as script kiddies, crackers, and Linux freaks."
Linux Distro To Include Pre-Installed Security Holes Proactive Synergy Paradigm, the Linux distro targeted at Pointy Haired Bosses, will now include built-in security flaws to better compete with Microsoft programs. "The sheer popularity of Windows, Outlook, and IIS clearly shows that people demand security holes large enough to drive a truck through," said Mr. Bert Dill of P.S.P. Inc. "We're going to do our best to offer what the consumer wants. Just as Microsoft stole ideas from Apple during the 1980's, we're stealing ideas from Microsoft today." Future releases of Proactive Synergy Linux will feature "LookOut! 1.0", a mail reader that automatically executes (with root privileges) e-mail attachments coded in Perl, JavaScript, Python, and Visual Basic. "Hey, if it works for Microsoft, it can work for us," boasted Mr. Dill. "Now PHBs won't have to stick with Windows in order to have their confidential files secretly emailed to their colleagues by a worm. Better yet, this capability allows viruses to automagically delete unnecessary files to save disk space without wasting the PHB's valuable time.
The Humorix Oracle explains how to get a job at a major corporation: 1. Find an exploit in Microsoft IIS or another buggy Microsoft product to which large corporations rarely apply security patches. 2. Create a virus or worm that takes advantage of this exploit and then propogates itself by selecting IP numbers at random and then trying to infect those machines. 3. Keep an eye on your own website's server logs. When your virus starts propogating, your server will be hit with thousands of attacks from other infected systems trying to spread the virus to your machine. 4. Make a list of the IP numbers of all of the infected machines. 5. Perform a reverse DNS lookup on these IP numbers. 6. Make a note of all of the Fortune 500 companies that appear on the list of infected domains. 7. Send your resume to these companies and request an interview for a system administrator position. These companies are hiring -- whether they realize it or not. 8. Use your new salary to hire a good defense lawyer when the FBI comes knocking.
Press Release -- For Immediate Release Microsoft Corporation, Redmond, WA ...Virtually all version of Linux (and Unix) contain a security hole that allows unauthorized users to gain complete control over the machine. By simply typing "root" at the login prompt and supplying a password from a limited number of possibilities, a malicious user can easily gain administrator privileges. This hole can be breached in seconds with only a dozen or so keystrokes... We suspect this issue has been known to Red Hat and other Linux distributors for years and they have refused to acknowlege its existence or supply a patch preventing users from exploiting the "root" login loophole... By ignoring the problem, the Linux community has proven that installing Linux is a dangerous proposition that could get you fired. We would like to point out that Windows XP does not suffer from this gaping hole... Tests conducted by both Ziff-Davis and Mindcraft prove that Windows XP is indeed the most secure operating system ever produced...
Solving The Virus Problem Once And For All System administrators across the globe have tried installing anti-virus software. They've tried lecturing employees not to open unsolicited email attachments. They've tried installing firewalls and the latest security patches. But even with these precautions, email viruses continue to rank third only to Solitaire and the Blue Screen Of Death in the amount of lost productivity they cause. Meanwhile, Microsoft Exchange and LookOut! remain as the number one virus delivery products on the market today. But maybe not for much longer. A group of disgruntled administrators have teamed up to produce and sell a brand new way to fight viruses, one that attacks the root of the problem: stupid users. Salivating Dogs, Inc. of Ohio has unveiled the "Clue Delivery System" (CDS), a small device that plugs into the back of a standard PC keyboard and delivers a mild electric shock whenever the luser does something stupid. The device is triggered by a Windows program that detects when the luser attempts to open an unsolicited email attachment or perform another equally dangerous virus-friendly action.
Actually you would still need the other fixes otherwise you might as well put the root password in /etc/motd - Alan Cox pointing out some security holes in binfmt_misc
With the current lunatic US congress proposals on security, crypto and building big brother into all PC's I'd say allowing non GPL security modules is positively dangerous to the well being of non US citizens - Alan Cox on linux-kernel
> Yes please! Finally we could introduce proper support for 64-bit > inode numbers too! Right. As soon as userland is audited for places where it uses int for storing inode numbers - just a couple of months after MS fixes all security holes in their software. By then we'll need 128bit time_t, though... - Al Viro on linux-kernel
Cuba is within small boat distance. I thought it was going to be twenty years before the direction changed, now Im not so sure - Alan Cox on crazy US computer security laws
We the people of the Debian GNU/Linux distribution, in order to form a more perfect operating system, establish quality, insure marketplace diversity, provide for the common needs of computer users, promote security and privacy, overthrow monopolistic forces in the computer software industry, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the Debian GNU/Linux System.
"Actually, the only distribution of Linux I've ever used that passed the rootshell test out of the box (hit rootshell at the time the dist is released and see if you can break the OS with scripts from there) is Debian." -- seen on the Linux security-audit mailing list
<SilverStr> media ethics is an oxymoron, much like Jumbo Shrimp and Microsoft Works. <MonkAway> not to mention NT Security
Red Hat has recently released a Security Advisory (RHSA-1999:030-01) covering a buffer overflow in the vixie cron package. Debian has discovered this bug two years ago and fixed it. Therefore versions in both, the stable and the unstable, distributions of Debian are not vulnerable to this problem..
* Equivalent code is available from RSA Data Security, Inc. * This code has been tested against that, and is equivalent, * except that you don't need to include two pages of legalese * with every copy. -- public domain MD5 source
When alerted to an intrusion by tinkling glass or otherwise, 1) Calm yourself 2) Identify the intruder 3) If hostile, kill him. Step number 3 is of particular importance. If you leave the guy alive out of misguided softheartedness, he will repay your generosity of spirit by suing you for causing his subsequent paraplegia and seek to force you to support him for the rest of his rotten life. In court he will plead that he was depressed because society had failed him, and that he was looking for Mother Teresa for comfort and to offer his services to the poor. In that lawsuit, you will lose. If, on the other hand, you kill him, the most that you can expect is that a relative will bring a wrongful death action. You will have two advantages: first, there be only your story; forget Mother Teresa. Second, even if you lose, how much could the bum's life be worth anyway? A Lot less than 50 years worth of paralysis. Don't play George Bush and Saddam Hussein. Finish the job. -- G. Gordon Liddy's "Forbes" column on personal security
Note that if I can get you to "su and say" something just by asking, you have a very serious security problem on your system and you should look into it. -- Paul Vixie, vixie-cron 3.0.1 installation notes
Alan Cox wrote: >> On any procmail new enough not to be full of security holes you set >Brain on, Imeant majordomo of course 8) You got me worried there for a brief (very brief) moment :-). -- Stephen R. van den Berg (AKA BuGless)
Too many people are thinking of security instead of opportunity. They seem more afraid of life than death. -- James F. Byrnes
Well, you can implement a Perl peek() with unpack('P',...). Once you have that, there's only security through obscurity. :-) -- Larry Wall in <199710161537.IAA07828@wall.org>
I've got an IDEA!! Why don't I STARE at you so HARD, you forget your SOCIAL SECURITY NUMBER!!