Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Bug

The OpenSSH Bug That Wasn't 55 55

badger.foo writes: Get your facts straight before reporting, is the main takeaway from Peter Hansteen's latest piece, The OpenSSH Bug That Wasn't. OpenSSH servers that are set up to use PAM for authentication and with a very specific (non-default on OpenBSD and most other places) setup are in fact vulnerable, and fixing the configuration is trivial.

Comment Re:It's larger than we thought, lets call it a pla (Score 2) 134 134

(Thank you frovingslosh for mentioning my mistake before I had time to comment myself). The dimensions I quoted are not km, but earth radii. That's what you get for copy/pasting from Wikipedia without even thinking (it should be obvious to anyone that Pluto is larger than a fraction of a km in diameter).

Comment Re:It's larger than we thought, lets call it a pla (Score 2) 134 134

I'm sure people will now want to redefine planet as any object circling the sun with a radius of 0.185 km or greater (because obviously Eris at 0.1825 km can't possibly be a planet).

And, because this is the Internet, I'm being sarcastic.

Comment Re:Security and IPv6 (Score 2) 307 307

That security is provided by RFC 4941 (Privacy Extensions for Stateless Address Autoconfiguration in IPv6).

It's even better than IPv4 with NAT since it will actually rotate in new random IP addresses every so often (every hour or so). That means that your source IP will change over time which makes tracking harder.

Comment Re:How about basic security? (Score 1) 390 390

If you are stupid enough to be running without a firewall, sure they your entire address space can be scanned. I hope they have lots of time though since even the smallest allocation gives you an address space of 18446744073709551616 addresses. That'll take a while to scan.

Comment Re:The answer has been clear (Score 1) 390 390

Oh yes, the ICMPv6 issue is real. I made the same mistake when I configured my IPv6 firewall. It's subtle because things seem to work at first but connections just hang. And the behaviour from the client side is that "accessing Google is slow but other sites work". Of course, accessing any IPv6 site is slow, but the browsers won't tell you that.

"There is nothing new under the sun, but there are lots of old things we don't know yet." -Ambrose Bierce

Working...