spankers - Slashdot User

Comment pfSense (Score 2) 319

by spankers on Monday May 02, 2011 @01:19PM (#36001886) Attached to: Ask Slashdot: How To Monitor Your Own Bandwidth Usage?

pfSense. Been running it on ALIX board for years. Love it.
http://www.pfsense.org/

Comment Misleading? (Score 3, Insightful) 200

by spankers on Monday December 20, 2010 @11:25AM (#34615586) Attached to: Database of Private SSL Keys Published

From the article: "...making it a simple matter for an attacker to decrypt the traffic passing through the device". I'd think it would only be *to* the device.

Comment Re:Microsoft? Really? :-) (Score 1) 114

by spankers on Monday November 08, 2010 @01:55PM (#34163220) Attached to: Royal Navy Website Hacked, Passwords Revealed

Yeah. I had not read the exploit. It was apparently a Linux box that was compromised.

Comment Re:Microsoft? Really? :-) (Score 1) 114

by spankers on Monday November 08, 2010 @01:30PM (#34162940) Attached to: Royal Navy Website Hacked, Passwords Revealed

Ah. My bad. I just read the exploit summary.

Comment Re:Microsoft? Really? :-) (Score 1) 114

by spankers on Monday November 08, 2010 @01:00PM (#34162564) Attached to: Royal Navy Website Hacked, Passwords Revealed

I think this particular instance was more a matter of poor security practices in web development than underlying OS or web server, but it does seem a bit odd that a military branch would use Microsoft/IIS vice using a Unix or Linux platform. It appears that the U.S. Navy is also running IIS for their primary public site.

200 OK
Cache-Control: max-age=334
Connection: close
Date: Mon, 08 Nov 2010 16:56:47 GMT
ETag: "8094fdaf44cc81:287"
Server: Microsoft-IIS/6.0
Content-Location: http://www.navy.mil/usnhome.html
Content-Type: text/html
Last-Modified: Thu, 11 Oct 2007 20:24:13 GMT
Client-Date: Mon, 08 Nov 2010 16:56:48 GMT
Client-Peer: 96.17.8.152:80
Client-Response-Num: 1
Header: US Navy
X-Powered-By: ASP.NET

Comment Microsoft? Really? :-) (Score 1) 114

by spankers on Monday November 08, 2010 @11:54AM (#34161776) Attached to: Royal Navy Website Hacked, Passwords Revealed

eherr@quark:~$ HEAD http://royalnavy.mod.uk/
200 OK
Date: Mon, 08 Nov 2010 15:51:01 GMT
Accept-Ranges: bytes
ETag: "0ee7b62b67dcb1:7904"
Server: Microsoft-IIS/6.0
Content-Length: 70
Content-Location: http://royalnavy.mod.uk/index.html
Content-Type: text/html
Last-Modified: Sat, 06 Nov 2010 13:27:40 GMT
Client-Date: Mon, 08 Nov 2010 15:51:03 GMT
Client-Peer: 94.236.30.11:80
Client-Response-Num: 1
X-Powered-By: ASP.NET

Comment Re:Debian not vulnerable? (Score 2, Informative) 541

by spankers on Friday March 18, 2005 @02:31PM (#11977673) Attached to: Some Linux Distros Found Vulnerable By Default

Debian is vulnerable. I am running Unstable and...

pam_limits is commented out in /etc/pam.d/login and /etc/security/limits.conf has no default user limits:

eherr@chernobyl:~$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited

Slashdot Top Deals