[00:50] I'm trying to debug a weird dns issue… I have a .internal zone, which delegates .A.internal to another dns server [00:51] When I do a dig of foo.A.internal @ns.internal, it works — sometimes [00:52] But more often, ns.internal never sees the response from ns.A.internal — even though I can see the response in a tcpdump running on ns.internal [00:53] By "not see", I mean it does not show in bind's debug log [00:53] any ideas? === MACscr1 is now known as MACscr === ikonia_ is now known as ikonia === freeflying_away is now known as freeflying === s is now known as Guest38168 === virusuy_ is now known as virusuy === Guest60143 is now known as mosh === freeflying is now known as freeflying_away === HisaoNakai_ is now known as HisaoNakai [17:27] i need to scan the system (from out side) to see if it has any vulnarebilities for an attack. then understand how to fix them. [17:47] nessus and metasploit, so they dont need to be installed ON the system that is TO BE Scanned? I wonder how will the vulnerbilitites could be check from out side? only open ports can be checked. like nmap does. can you elaborate? [17:59] i have an old ubuntu distro "natty" how can i do an dist upgrade [18:04] e.g. do-release-upgrade is not installed and i cant apt get it because the repo dosnt exist anymore [18:06] sure it exists [18:06] change to the archive repo's [18:08] how? [18:08] nobodies: see here: http://old-releases.ubuntu.com/releases/11.04/ [18:09] nobodies: edit your sources.list to include the relevant repos from here: http://old-releases.ubuntu.com/ubuntu/dists/ [18:12] great thanks i've done that now :) [18:54] http://masoodahmad.com/02.Session-Hijacking-Pt.2.mov how the hell can the email / password be visible in this middleman attack when the user was using HTTPS gmail website ? [19:02] Quest, it's a bit off topic, but that's a simple man in the middle [19:02] he clicked past the certificate warning [19:06] qman__, sorry? "past the certificate warning?" [19:09] Quest, when he browsed to gmail, he was presented with a certificate warning because his traffic was being intercepted [19:09] he clicked ok to continue anyway without a single word spoken on it [19:10] it's disingenuous, as is using windows 2000 and horribly outdated versions of internet explorer [19:12] what was the warning about? [19:12] the certificate name not matching, because it was invalid and presented by the attacker rather than gmail [19:13] but again, this is offtopic, it has nothing to do with ubuntu server or even linux in general [19:13] i think with https, the data , should have gone out of the computer after it has been encrypted. so once it goes out. how can it be seen in a text file by middle man . in plain text. [19:14] qman__, oh. the cert was invalid? he never setup the certificate...... did he in the video? [19:15] the man in the middle intercepts and modifies the transmission, the client never reaches gmail to initiate a secure connection [19:17] qman__, the client does reaches gmail, how come he would load the login web page else then? [19:18] you clearly do not understand the basics of how https and SSL work [19:18] And it has nothing to do with ubuntu - it is a generic issue. [19:20] qman__, can we private chat. (away from ubuntu and bekks ) [19:20] no, you need to learn a lot more before you can understand how this attack works [19:20] take a course or read a good book on PKI [19:21] qman__, only think i guess is that. the client did reached gmail. but the certificate was supplied by cain. as its default behaviour? [19:21] qman__, it was a course video. iam doing what you said. but i neeed discussions. with you skills. can we chat else where? [19:24] am i correct about the cain and cert ? qman__ [19:25] No. [19:25] bekks, dont respond. its ubuntu channel [19:25] qman__, so? [19:25] Quest: If you dont like the answer, dont ask. [19:25] not asking you ) [19:25] :) [19:26] Ignoring you. Good luck. [19:26] no, you do not understand how it works [19:26] bekks, atlast. thanks [19:26] stop pestering me, and learn how PKI functions [19:26] I have already explained how it works [19:26] hm.. i thought i knew https and read docs [19:26] last question. qman__ is cain or abel sending its own certificate to client? [19:27] y/n? [19:28] hey all. my /tmp is full? [19:28] http://paste.ubuntu.com/6076170/ [19:28] LargePrime: Thats not a standard ubuntu filesystem. What did you do? [19:29] LargePrime: Please provide the output of "lsb_release -a" [19:29] LargePrime: In a pastebin please. [19:30] LargePrime, http://stackoverflow.com/questions/17536139/releasing-unneccesary-space-used-in-tmp [19:30] the second answer, in particular [19:31] bekks: "No LSB modules are available." [19:31] last question. qman__ is cain or abel sending its own certificate to client? [19:31] LargePrime: The entire output. Not just one line. [19:35] LargePrime: So where is the entire output? :) [19:36] http://paste.ubuntu.com/6076180/ [19:37] LargePrime: And pastebin your /etc/fstab too, please, along with "uname -a" [19:37] qman__: /tmp: device is busy. when i try and unmount [19:40] bekks: http://paste.ubuntu.com/6076217/ is uname -a . I dont understand "pastebin your /etc/fstab" [19:40] LargePrime: Copy the content of /etc/fstab into a pastebin. [19:40] You are running a pretty old kernel, on your 12.04.3 [19:41] `i should update it? [19:41] The current kernel for 12.04.3 is 3.5.0 [19:41] Yes, you should. [19:41] right now i cant update anything, cause /tmp issue [19:43] bekks: fstab http://paste.ubuntu.com/6076226/ [19:44] So you did mount your /tmp on your own, dont you? [19:45] nope [19:45] it happened cause / was full [19:48] It didnt. /tmp did not mount because / is full. And your / has 6.1GB free space. [19:48] my / WAS full [19:49] as qman__ link points out [19:49] ubuntu mounts /tmp in ram [19:49] when that happens [19:49] but i am not sure how to unmount it [19:49] and unmount says it is in use [19:52] http://paste.ubuntu.com/6076245/ is what i get when i try an unmount [19:52] Then you have to reboot. [19:53] poop [19:53] so reboot then unmount it [19:53] ? [19:53] No. [19:54] Reboot unmounts everything, and reboots your computer. [20:10] is there any other option to rebooting? [20:14] Anyone Ubuntu staffers online? [20:16] The lack of an apache 2.4 port is getting more and more worrying. [20:16] When is a 2.4 port to 12.04 lts and others planned? [20:27] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884 [20:27] Launchpad bug 1197884 in apache2 "apache2.2 SSL has no forward-secrecy: need ECDHE keys" [Wishlist,Fix committed] [20:27] This needs to be sorted right now. [20:28] Pastafarian: [20:28] My imaginary friend still loves you. [20:30] FSM ? [20:47] This bug is not "wishlist" [20:47] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884 [20:47] Launchpad bug 1197884 in apache2 "apache2.2 SSL has no forward-secrecy: need ECDHE keys" [Wishlist,Fix committed] [20:47] It's security critical. RC4 is being implied as being cracked by the NSA etc... meaning we could do with the newer ciphers. [21:01] Pastafarian: Bruce Schneier said "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can" [21:02] Pastafarian: if someone backports the ECDHE stuff to apache 2.2, we may consider adding it [21:03] OTOH, some of the black hat (or defcon, I can't recall) presentations this year gave me the impression that RSA/DSA's days are numbered. [21:03] ScottK: that turned out to be overly exaggerated [21:03] Interesting. [21:04] see https://www.schneier.com/blog/archives/2013/08/the_cryptopocal.html [21:06] the fact that ECC is patented doesn't help the situation at all [21:06] unless everyone starts giving royalties to Blackberry [21:06] Agreed. [21:06] It's been a pretty depressing few months :P [21:07] Thanks. [21:31] That being said [21:31] we need it updating in one of the two ways [21:31] asap [21:32] The major hint is that RSA is over [21:32] and that RC4 can be broken. [21:33] mdeslaur, if ubuntu is meant to have a server version which they're selling support to shouldnt the devs give more of a crap about this [21:34] Pastafarian: yes, ubuntu devs should definitely be looking at that [21:34] ultimately someone needs to get elgamal going [21:34] Pastafarian: someone needs to backport the support to apache 2.2 [21:35] that should have been done certainly [21:35] however it's not like they shouldnt drop 2.4 into raring and earlier [21:35] especially lts [21:36] releases rarely get newer versions, especially for something like this [21:36] this is far from a critical issue [21:36] Where as I would disagree ;) [21:37] RC4 is flogging a dead horse. [21:37] I don't see any other distros rushing out to do the backporting work, or to release apache 2.4 into older releases [21:37] The alternatives are locked into 2.2.22 [21:37] however debian has it in testing [21:37] and has for a long while [21:37] Pastafarian: saucy will have 2.4 [21:37] I know, and I still don't want to wait until October [21:38] and I cannot jerk around on production machines compiling it instead [21:38] Pastafarian: you're not in the US, are you? [21:38] Nope. === freeflying_away is now known as freeflying [21:40] So I have slightly less to be concerned about, regardless. It's committed. Just needs speeding the hell up. [21:40] committed? [21:41] Fix committed, i,e, in saucy [21:41] I'd expect it to be shoved in 12.04 quickly too. [21:42] that's likely not going to happen [21:42] Then someone needs to pull a cranium out of somewhere. [21:42] >LTS when we feel like it. [21:43] Pastafarian: your definition of what an LTS is is flawed [21:48] In which case by 5 years of support they mean, at our discretion regardless of security? [21:49] Pastafarian: that's not a security issue [21:50] Not for the Operating System [21:50] For anyone using it [21:50] If the ubuntu devs are making their definitions strictly to the security of a SERVER operating system only to the OS [21:50] they're being at best, stupid. === freeflying is now known as freeflying_away [22:29] So you want the stability of an LTS on a system that's updated all the time? [22:29] Pick one. === freeflying_away is now known as freeflying [23:21] ScottK, don't be dense. [23:22] You want stability and security. [23:22] These are not mutually exclusive [23:22] No, but dumping a new version of apache into an already release LTS is insanity. [23:23] and when tested has it presented issues? [23:23] have someone even tried? [23:23] plenty of PPAs out there [23:25] why is it insanity? I can choose 2.2 or 2.4 in windows [23:25] or debian [23:25] and expect on many other distros