From owner-freebsd-advocacy Sun Feb 11 8:43:24 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from peorth.iteration.net (peorth.iteration.net [208.190.180.178]) by hub.freebsd.org (Postfix) with ESMTP id C3EED37B401 for ; Sun, 11 Feb 2001 08:43:21 -0800 (PST) Received: by peorth.iteration.net (Postfix, from userid 1001) id 758D95764F; Sun, 11 Feb 2001 10:43:27 -0600 (CST) Date: Sun, 11 Feb 2001 10:43:27 -0600 From: "Michael C . Wu" To: Ted Mittelstaedt Cc: Matt Heckaman , Kris Kennaway , FreeBSD-ADVOCACY Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Message-ID: <20010211104327.A19845@peorth.iteration.net> Reply-To: "Michael C . Wu" Mail-Followup-To: "Michael C . Wu" , Ted Mittelstaedt , Matt Heckaman , Kris Kennaway , FreeBSD-ADVOCACY References: <000801c093ad$bbf82140$1401a8c0@tedm.placo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000801c093ad$bbf82140$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Sat, Feb 10, 2001 at 02:06:35PM -0800 X-PGP-Fingerprint: 5025 F691 F943 8128 48A8 5025 77CE 29C5 8FA1 2E20 X-PGP-Key-ID: 0x8FA12E20 Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Feb 10, 2001 at 02:06:35PM -0800, Ted Mittelstaedt scribbled: | > This is the whole point! The REASON we've been seeing tons of port | > advisories is because they are being audited. The security team should be | > thanked for that. Otherwise these bugs would probably be unknown! | > | | Say rather than unknown, unpublished. If nobody knew about them they | wouldn't | be security holes now would they? No, they would be unpublished security holes used by expert intruders. The better mentality would be to patch your own applications. -- +------------------------------------------------------------------+ | keichii@peorth.iteration.net | keichii@bsdconspiracy.net | | http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. | +------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sun Feb 11 18:58:29 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from smtp01.primenet.com (smtp01.primenet.com [206.165.6.131]) by hub.freebsd.org (Postfix) with ESMTP id 06BBC37B401 for ; Sun, 11 Feb 2001 18:58:27 -0800 (PST) Received: (from daemon@localhost) by smtp01.primenet.com (8.9.3/8.9.3) id TAA26976; Sun, 11 Feb 2001 19:57:00 -0700 (MST) Received: from usr08.primenet.com(206.165.6.208) via SMTP by smtp01.primenet.com, id smtpdAAAjga4I0; Sun Feb 11 19:56:50 2001 Received: (from tlambert@localhost) by usr08.primenet.com (8.8.5/8.8.5) id TAA17366; Sun, 11 Feb 2001 19:58:09 -0700 (MST) From: Terry Lambert Message-Id: <200102120258.TAA17366@usr08.primenet.com> Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE To: tedm@toybox.placo.com (Ted Mittelstaedt) Date: Mon, 12 Feb 2001 02:58:09 +0000 (GMT) Cc: matt@LUCIDA.CA (Matt Heckaman), kris@obsecurity.org (Kris Kennaway), freebsd-advocacy@FreeBSD.ORG (FreeBSD-ADVOCACY) In-Reply-To: <000801c093ad$bbf82140$1401a8c0@tedm.placo.com> from "Ted Mittelstaedt" at Feb 10, 2001 02:06:35 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Say rather than unknown, unpublished. If nobody knew about them they > wouldn't be security holes now would they? If a bug falls in the code, and there's no one there to audit it, does it still make a security hole? Sorry, but if a tree falls in the forest, and there's no one there to hear it, it still makes a longitudinal compressional wave... and a sound, if chaos theory is to be believed. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sun Feb 11 21:19:13 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id BA4D937B491 for ; Sun, 11 Feb 2001 21:19:09 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f1C5Iq310324; Sun, 11 Feb 2001 21:18:52 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Terry Lambert" Cc: "Matt Heckaman" , "Kris Kennaway" , "FreeBSD-ADVOCACY" Subject: RE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Date: Sun, 11 Feb 2001 21:19:01 -0800 Message-ID: <000401c094b3$4f1050a0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <200102120258.TAA17366@usr08.primenet.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I posted that as a smart-assed comment, but in all seriousness it depends on your definition of a security hole. From a technical, programmers point of view, a security hole is a hole that's just sitting there waiting for someone to come along and take advantage of. The mere fact that nobody (including the programmer) is aware it's there doesen't make the hole go away. But, from the popular press's point of view, and from an administrative point of view, a security hole is equivalent to an "exploited security hole" while an unknown security hole is of no account. The popular press doesen't give consideration to unexploited, potential security holes or they wouldn't call Microsofts OS's secure, nor would any Microsoft OS be able to receive any kind of security certification. (nor would any other OS) The administrators don't give any consideration to unexploited, potential security holes, they build filters only to block known security holes. All this hairsplitting boils down to the old argument of when the CEO or investor or bank investigator asks any programmer or administrator "Is the system secure" we all just smile and nod and say that it is, all the while knowing that it's impossible to make anything 100% secure. And the security industry is the worst about it, because not only do they know that nothing is truly secure, but they get paid every day for telling people that software and devices are secure that cannot in theory be 100% secure. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com > -----Original Message----- > From: owner-freebsd-advocacy@FreeBSD.ORG > [mailto:owner-freebsd-advocacy@FreeBSD.ORG]On Behalf Of Terry Lambert > Sent: Sunday, February 11, 2001 6:58 PM > To: Ted Mittelstaedt > Cc: Matt Heckaman; Kris Kennaway; FreeBSD-ADVOCACY > Subject: Re: FreeBSD Ports Security Advisory: > FreeBSD-SA-01:INSERT_NUMBER_HERE > > > > Say rather than unknown, unpublished. If nobody knew about them they > > wouldn't be security holes now would they? > > If a bug falls in the code, and there's no one there to audit it, > does it still make a security hole? > > Sorry, but if a tree falls in the forest, and there's no one there > to hear it, it still makes a longitudinal compressional wave... and > a sound, if chaos theory is to be believed. > > Terry Lambert > terry@lambert.org > --- > Any opinions in this posting are my own and not those of my present > or previous employers. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-advocacy" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Mon Feb 12 22:29:17 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 6673A37B491 for ; Mon, 12 Feb 2001 22:29:13 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 14SYtF-0000Kl-00; Mon, 12 Feb 2001 23:24:41 -0700 Message-ID: <3A88D329.6D5F9ACE@softweyr.com> Date: Mon, 12 Feb 2001 23:24:41 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Ted Mittelstaedt Cc: Terry Lambert , Matt Heckaman , Kris Kennaway , FreeBSD-ADVOCACY Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE References: <000401c094b3$4f1050a0$1401a8c0@tedm.placo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ted Mittelstaedt wrote: > > All this hairsplitting boils down to the old argument of when > the CEO or investor or bank investigator asks any programmer > or administrator "Is the system secure" we all just smile and nod > and say that it is, all the while knowing that it's impossible > to make anything 100% secure. And the security industry is the > worst about it, because not only do they know that nothing > is truly secure, but they get paid every day for telling people > that software and devices are secure that cannot in theory be 100% > secure. If that's what your security vendors are telling you, you should fire them. Anyone worth the cost of a phone call in the security industry will gladly tell you all the things they *can* secure, but will never make any claims at all about securing everything. This, of course, has nothing to do with security *salesmen*. They are, after all, salesmen, you can tell if they're lying by determining if their lips are moving. Yes == they're lying, No == they're inventing more lies. Or, as the old joke says, what's the difference between a (security) software salesman and a used car salesman? The car salesman *knows* when he's lying. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Tue Feb 13 19:26:55 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from picusnet.com (mail.picusnet.com [207.7.90.2]) by hub.freebsd.org (Postfix) with ESMTP id C970A37B4EC for ; Tue, 13 Feb 2001 19:26:53 -0800 (PST) Received: from picusnet.com [207.7.89.181] by picusnet.com with ESMTP (SMTPD32-6.05) id AAFB650600D0; Tue, 13 Feb 2001 22:26:51 -0500 Message-ID: <3A89FBB0.BFBA4C66@picusnet.com> Date: Wed, 14 Feb 2001 03:29:52 +0000 From: "Chip Rose." Reply-To: chiprose@excite.com X-Mailer: Mozilla 4.61 [en] (X11; I; Linux 2.2.9-19mdk i586) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD-ADVOCACY Subject: dns lookup problem Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hopefully this isn't too off topic, but my portsentry logs show that I've been hit repeatedly by the following dns number this week: 211.119.248.38 I've tried using dns lookup via webpages that offer it, but always get back "no results for this nameserver value." Am I missing something in trying to find out who 211.119.248.38 is? Thanks, ChipRose. chiprose@excite.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Tue Feb 13 20: 0: 8 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from pilchuck.reedmedia.net (pilchuck.reedmedia.net [63.145.197.178]) by hub.freebsd.org (Postfix) with ESMTP id B76B037B491 for ; Tue, 13 Feb 2001 20:00:05 -0800 (PST) Received: from reed by pilchuck.reedmedia.net with local-esmtp (Exim 3.12 #1 (Debian)) id 14St6W-0006h3-00; Tue, 13 Feb 2001 19:59:44 -0800 Date: Tue, 13 Feb 2001 19:59:44 -0800 (PST) From: "Jeremy C. Reed" To: "Chip Rose." Cc: FreeBSD-ADVOCACY Subject: Re: dns lookup problem In-Reply-To: <3A89FBB0.BFBA4C66@picusnet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 14 Feb 2001, Chip Rose. wrote: > Hopefully this isn't too off topic, but my portsentry logs show that > I've been hit repeatedly by the following dns number this week: > 211.119.248.38 > > I've tried using dns lookup via webpages that offer it, but always get > back "no results for this nameserver value." Am I missing something in > trying to find out who 211.119.248.38 is? Not all IPs are set up for reverse resolution or inverse address mapping. On your BSD box you should be able to use "dig -x 211.119.248.38" or "nslookup 211.119.248.38". You'll see it isn't set up. But the dig report will also tell you a little bit about who may be responsible for that IP. You can also use whois and point it to an ARIN host to find out more about that particular IP. Then whois will tell you to also try an APNIC host. For example: whois -h whois.arin.net 211.119.248.38 whois -h whois.apnic.net 211.119.248.38 Yes. This is entirely off topic. You should consider using a different mailing list to further this discussion. Good luck, Jeremy C. Reed http://www.reedmedia.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message