Feed aggregator

[ MDVSA-2014:163 ] python-imaging

BugTraq Latest Security Advisories - 5 hours 58 min ago

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:163
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : python-imaging
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:164 ] phpmyadmin

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:164
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:162 ] catfish

BugTraq Latest Security Advisories - 6 hours 18 min ago

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:162
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : catfish
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:161 ] subversion

BugTraq Latest Security Advisories - 6 hours 29 min ago

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:161
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

Bugtraq: Re: [FD] SSH host key fingerprint - through HTTPS

Re: [FD] SSH host key fingerprint - through HTTPS
Categories:

Bugtraq: Re: [FD] SSH host key fingerprint - through HTTPS

Re: [FD] SSH host key fingerprint - through HTTPS
Categories:

Bugtraq: Re: SSH host key fingerprint - through HTTPS

Re: SSH host key fingerprint - through HTTPS
Categories:

Bugtraq: Re: SSH host key fingerprint - through HTTPS

Re: SSH host key fingerprint - through HTTPS
Categories:

[ MDVSA-2014:160 ] gpgme

BugTraq Latest Security Advisories - 6 hours 38 min ago

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:160
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : gpgme
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 6 hours 50 min ago

Posted by John Leo on Sep 02

"source code"
It's here:
https://checkssh.com/result/indexdotphp.txt
Extremely short and easy to read.

"trust the service operators"
Hey, trust your own eyes. :-) Feel free to audit/use our code.

"a better solution is to use Monkeysphere"
Professional "certificate authority" vs "OpenPGP web of trust"
Personally I feel more comfortable with CA.

Best Wishes,
Categories:

Re: SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 7 hours 50 sec ago

Posted by John Leo on Sep 02

Thanks. Yes, your suggestion is cool.

Best Wishes,
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 7 hours 11 min ago

Posted by John Leo on Sep 02

Nice to hear from you!

I can only wish your suggestion is widely implemented. And don't forget those machines without domain.

Best Wishes,
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 7 hours 22 min ago

Posted by John Leo on Sep 02

Good to hear from you!

"marginally better"
We never said this is perfect. checkssh.com stops LOCAL bad boys. That's all.

"both myself and that site are BOTH falling victim"
Ah, here is the source code...
https://checkssh.com/result/indexdotphp.txt
It's extremely short and easy to read. You can set up your own Check SSH(where you trust).

"more robust alternatives"
Trust me - HTTPS is more mature. And our...
Categories:

Re: SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 7 hours 32 min ago

Posted by Jamie Riden on Sep 02

If your HTTPS is not being MiTMed as well... (or the edge case - if it
is not John Leo doing the MiTMing of your SSH connection :)

If you trust Mr Leo *and* you know what that HTTPS cert should look
like, it may be of use. Personally, I'd rather do it more out-of-band
than this, but could be handy in a pinch I guess.

cheers,
Jamie
Categories:

Bugtraq: Re: [FD] SSH host key fingerprint - through HTTPS

Re: [FD] SSH host key fingerprint - through HTTPS
Categories:

Bugtraq: Re: [FD] SSH host key fingerprint - through HTTPS

Re: [FD] SSH host key fingerprint - through HTTPS
Categories:

Bugtraq: [SECURITY] [DSA 3016-1] lua5.2 security update

[SECURITY] [DSA 3016-1] lua5.2 security update
Categories:

Bugtraq: Re: [FD] SSH host key fingerprint - through HTTPS

Re: [FD] SSH host key fingerprint - through HTTPS
Categories:

Bugtraq: WWW File Share Pro v7.0 - Denial of Service Vulnerability

WWW File Share Pro v7.0 - Denial of Service Vulnerability
Categories:

Bugtraq: Re: SSH host key fingerprint - through HTTPS

Re: SSH host key fingerprint - through HTTPS
Categories: