severity 130876 grave thanks On Sat, Jan 26, 2002 at 02:47:20AM +0000, Jonathan D. Amery wrote: > Subject: Bug#130876: Not a bug. > > severity 130876 wishlist > thanks > > This is not a bug. This is definitely a security risk. There is no reason that such information should be exposed to attackers. Just because FreeBSD has some lame security practices doesn't mean Debian has to emulate them. (If I ran it, I'd file a bug there as well.) Post your root password and IP address if you think obscurity is irrelevant. (You are twisting a comment about *source* being available for peer review in the crypto community, not about site-specifics being open to all.) /etc/issue and /etc/issue.net are conffiles, so the site admin can choose to stop broadcasting information to any and all attackers that may aid them in the process. Yet ssh 1:3.0.2p1-5 intends to make that irrelevant for any host running it on a public interface. This is a significant security hole that -5 opens, that was not open in -4, and needs to be addressed ASAP. -- Please (OpenPGP) encrypt all mail whenever possible. Request the following Public Keys for Lazarus Long <lazarus@overdue.ddts.net> Type Bits/KeyID Fingerprint DSA KeyID: vvvv vvvv ElGamal: 2048g/CCB09D64 8270 4B79 CB1E 433B 6214 64EB 9D58 28A9 E8B1 27F4 (old 2001 keys) ElGamal: 2048g/215A8B4A F258 C2DD 7E9C DCEB E64F 82EC D4BB 3438 8B82 A392
Attachment:
pgpVbnOhOnSEK.pgp
Description: PGP signature