Yoshi: Ok so keep in my front pocket a black uni-ball vision elite. .08 writing thickness i believe.
Yoshi: It writes thicker than your “normal” pen.
Yoshi: so i keep that in my front pocket.
Yoshi: At work i keep a 1 black one and 1 red one. So i write out my GTD lists once a week now. Anything important that needs my attention that day is written in red. Red items are my must do.
Yoshi: Here are what the pens i use look like:
I did finally find the post he wrote that talked about the pen he uses: Notepad GTD
And so I don’t have to look it up again, Product page at officedepot.com
Thanks, Yoshi!
Luckily I only had a few hosts to update, and only the host keys, not any authorized_keys files. It’s important to review any public SSH keys that you’ve added to authorized_keys files, fix ssh host keys (apt-get dist-upgrade on debian), and deal with SSL certs generated on affected Debian (and derivative) distributions.
Ubuntu Security Notice USN-612-1
Weakness in Debian undermines crypto
- “A flaw in the way that OpenSSL is implemented in the Ubuntu and Debian distributions of Linux have earned the software an unenviable adjective in the world of encryption: Predictable.”
- “All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied”
- “This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.”
Debian OpenSSL Predictable PRNG Toys
- “All SSL and SSH keys generated on Debian-based systems (Ubuntu, Kubuntu, etc) between September 2006 and May 13th, 2008 may be affected. In the case of SSL keys, all generated certificates will be need to recreated and sent off to the Certificate Authority to sign. Any Certificate Authority keys generated on a Debian-based system will need be regenerated and revoked. All system administrators that allow users to access their servers with SSH and public key authentication need to audit those keys to see if any of them were created on a vulnerabile system. Any tools that relied on OpenSSL’s PRNG to secure the data they transferred may be vulnerable to an offline attack. Any SSH server that uses a host key generated by a flawed system is subject to traffic decryption and a man-in-the-middle attack would be invisible to the users. This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.”
Debian OpenSSL Predictable PRNG Bruteforce SSh Exploit
- “Enjoy the shell after some minutes (less than 20 minutes)”
In other news, brute-force SSH attacks are on the rise.
Admins warned of brute-force SSH attacks
A couple OpenSSH tips that come to mind:
- Have OpenSSH Listen on a non-standard port. This can reduce the risk of automated scans, etc. It can also make it more tedious to ssh to hosts. (“Listen addr:port” in sshd_config). I personally don’t like this option.
- Disable password-based authentication. (“PasswordAuthentication no” in sshd_config)
- Restrict access to accounts by IP address. sshd_config allowed users
- Watch your sshd logs and deny access.
Buddy Media, creator of AceBucks, buys Facebook Apps from ChipIn and then spams the users:
- I am not an AceBucks member.
- I did not express interest in receiving emails regarding AceBucks.
- This email was in no way related to the Pirates vs Ninjas application itself.