<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Stacy,<br>
You are correct. As pretty much everyone that has weighed in.<br>
DIAL sets up a node so it can be configured by most users either
using Linux tools or tools on other systems (WinSCP)<br>
Before a node is deployed it should be locked down. This is a given.<br>
<br>
Right now my plate is full getting versions for other processors. So
I'm going to ask the security people in the group to create a lock
down or deploy script.<br>
Take the existing DIAL deployment and lock it down. I'll take your
work make sure it fits with the x86 DIAL and the other processors.<br>
<br>
I suggest you use the list so others can participate.<br>
<br>
73, Steve N4IRS<br>
<br>
<br>
<div class="moz-cite-prefix">On 10/08/2015 06:31 PM, Stacy wrote:<br>
</div>
<blockquote cite="mid:5616EECC.30507@arrl.net" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix"><a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://www.sans.org/critical-security-controls">https://www.sans.org/critical-security-controls</a><br>
<br>
Follow the link above for a good place to start at securing your
systems/networks. <br>
#12 is relevant in this case. :)<br>
<br>
-Stacy<br>
KG7QIN<br>
<br>
On 10/05/2015 04:15 PM, Steven Donegan wrote:<br>
</div>
<blockquote
cite="mid:205402639.995253.1444086903450.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue-Light, Helvetica Neue Light,
Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px">
<div id="yui_3_16_0_1_1443990021550_83439" dir="ltr">Let me
spin up one of the DIAL setups - may take me a day - then
see what is enabled by default and hardening will be 'easy'
(no processes/ports active not absolutely required). Adding
the CA stuff will be easy as well if desired. Whatever the
overall direction is I can do security stuff :-)<br>
</div>
<div id="yui_3_16_0_1_1443990021550_83330"><span></span></div>
<div id="yui_3_16_0_1_1443990021550_83216"> </div>
<div id="yui_3_16_0_1_1443990021550_83203" class="signature">Steven
Donegan<br>
KK6IVC General Class FCC License<br>
Silver State Car #86<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.sscc.us">www.sscc.us</a></div>
<br>
<div id="yui_3_16_0_1_1443990021550_83442" style="font-family:
HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;">
<div id="yui_3_16_0_1_1443990021550_83441"
style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;">
<div id="yui_3_16_0_1_1443990021550_83440" dir="ltr">
<hr size="1"> <font
id="yui_3_16_0_1_1443990021550_83443" face="Arial"
size="2"> <b><span style="font-weight:bold;">From:</span></b>
Steve Zingman <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:szingman@msgstor.com"><szingman@msgstor.com></a><br>
<b><span style="font-weight: bold;">To:</span></b>
Steven Donegan <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:donegan@donegan.org"><donegan@donegan.org></a>;
David Andrzejewski <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:david@davidandrzejewski.com"><david@davidandrzejewski.com></a>
<br>
<b><span style="font-weight: bold;">Cc:</span></b> <a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:app_rpt-users@ohnosec.org"><a class="moz-txt-link-rfc2396E" href="mailto:app_rpt-users@ohnosec.org">"app_rpt-users@ohnosec.org"</a></a>
<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:app_rpt-users@ohnosec.org"><app_rpt-users@ohnosec.org></a>
<br>
<b><span style="font-weight: bold;">Sent:</span></b>
Monday, October 5, 2015 4:04 PM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [App_rpt-users] New Official Allstar Distribution
Released (DIAL)<br>
</font> </div>
<div id="yui_3_16_0_1_1443990021550_83444"
class="y_msg_container"><br>
<div id="yiv0218255800">
<div id="yui_3_16_0_1_1443990021550_83445"> Sure,<br
clear="none">
I think a hardening script might be in order (and
optional).<br clear="none">
<br clear="none">
<div class="qtdSeparateBR"><br>
<br>
</div>
<div class="yiv0218255800yqt9120962000"
id="yiv0218255800yqt52579">
<div class="yiv0218255800moz-cite-prefix">On
10/05/2015 06:55 PM, Steven Donegan wrote:<br
clear="none">
</div>
<blockquote type="cite">
<div
style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,
Helvetica Neue Light, Helvetica Neue,
Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px;">BTW - I have a
script to make a *NIX box a CA and generate
certificates - that could easily be added to
the DIAL/Pi/etc releases - let me see if I can
scrounge it up :-) Assuming anyone would want
that ability and Steve is OK with it :-)<br
clear="none">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_80415"><span></span></div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_80416"> </div>
<div class="yiv0218255800signature"
id="yiv0218255800yui_3_16_0_1_1443990021550_80482">Steven
Donegan<br clear="none">
KK6IVC General Class FCC License<br
clear="none">
Silver State Car #86<br clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect"
class="yiv0218255800moz-txt-link-abbreviated"
target="_blank" href="http://www.sscc.us/">www.sscc.us</a></div>
<br clear="none">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_80485"
style="font-family:HelveticaNeue-Light,
Helvetica Neue Light, Helvetica Neue,
Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px;">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_80484"
style="font-family:HelveticaNeue,
Helvetica Neue, Helvetica, Arial, Lucida
Grande, sans-serif;font-size:16px;">
<div dir="ltr"
id="yiv0218255800yui_3_16_0_1_1443990021550_80483">
<hr
id="yiv0218255800yui_3_16_0_1_1443990021550_80529"
size="1"> <font
id="yiv0218255800yui_3_16_0_1_1443990021550_80486"
face="Arial" size="2"> <b><span
style="font-weight:bold;">From:</span></b>
David Andrzejewski <a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:david@davidandrzejewski.com"><a class="moz-txt-link-rfc2396E" href="mailto:david@davidandrzejewski.com"><david@davidandrzejewski.com></a></a><br
clear="none">
<b><span style="font-weight:bold;">To:</span></b>
Steven Donegan <a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:donegan@donegan.org"><a class="moz-txt-link-rfc2396E" href="mailto:donegan@donegan.org"><donegan@donegan.org></a></a>
<br clear="none">
<b><span style="font-weight:bold;">Cc:</span></b>
Bryan D. Boyle <a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:bdboyle@bdboyle.com"><a class="moz-txt-link-rfc2396E" href="mailto:bdboyle@bdboyle.com"><bdboyle@bdboyle.com></a></a>;
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv0218255800moz-txt-link-rfc2396E"
ymailto="mailto:app_rpt-users@ohnosec.org" target="_blank"
href="mailto:app_rpt-users@ohnosec.org">"app_rpt-users@ohnosec.org"</a>
<a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv0218255800moz-txt-link-rfc2396E"
ymailto="mailto:app_rpt-users@ohnosec.org" target="_blank"
href="mailto:app_rpt-users@ohnosec.org"><app_rpt-users@ohnosec.org></a>
<br clear="none">
<b><span style="font-weight:bold;">Sent:</span></b>
Monday, October 5, 2015 3:50 PM<br
clear="none">
<b
id="yiv0218255800yui_3_16_0_1_1443990021550_80488"><span
id="yiv0218255800yui_3_16_0_1_1443990021550_80487"
style="font-weight:bold;">Subject:</span></b>
Re: [App_rpt-users] New Official
Allstar Distribution Released (DIAL)<br
clear="none">
</font> </div>
<div class="yiv0218255800y_msg_container"
id="yiv0218255800yui_3_16_0_1_1443990021550_80489"><br clear="none">
<div id="yiv0218255800">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_80490">Yep
- disallowing keyboard-interactive
and accepting only certificates. I
turn off PermitRootLogin and only
allow certificates. Barring some
kind of exploit in sshd, that ought
to be secure enough.<br clear="none">
<br clear="none">
<span>Steven Donegan wrote:</span><br
clear="none">
<blockquote type="cite">
<div
class="yiv0218255800qtdSeparateBR"><br
clear="none">
<br clear="none">
</div>
<div
class="yiv0218255800yqt4126216668"
id="yiv0218255800yqt02654">
<div
style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,
Helvetica Neue Light,
Helvetica Neue, Helvetica,
Arial, Lucida Grande,
sans-serif;font-size:16px;">Using
certificates for ssh is yet
another method :-) <br
clear="none">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_67368"><span></span></div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_67369"> </div>
<div
class="yiv0218255800signature"
id="yiv0218255800yui_3_16_0_1_1443990021550_67423">Steven Donegan<br
clear="none">
KK6IVC General Class FCC
License<br clear="none">
Silver State Car #86<br
clear="none">
<a moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv0218255800moz-txt-link-abbreviated"
target="_blank"
href="http://www.sscc.us/">www.sscc.us</a></div>
<br clear="none">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_67426"
style="font-family:HelveticaNeue-Light,
Helvetica Neue Light,
Helvetica Neue, Helvetica,
Arial, Lucida Grande,
sans-serif;font-size:16px;">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_67425"
style="font-family:HelveticaNeue,
Helvetica Neue, Helvetica,
Arial, Lucida Grande,
sans-serif;font-size:16px;">
<div dir="ltr"
id="yiv0218255800yui_3_16_0_1_1443990021550_67424">
<hr size="1"> <font
face="Arial" size="2">
<b><span
style="font-weight:bold;">From:</span></b>
Bryan D. Boyle <a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:bdboyle@bdboyle.com"><a class="moz-txt-link-rfc2396E" href="mailto:bdboyle@bdboyle.com"><bdboyle@bdboyle.com></a></a><br
clear="none">
<b><span
style="font-weight:bold;">To:</span></b>
Steven Donegan <a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:donegan@donegan.org"><a class="moz-txt-link-rfc2396E" href="mailto:donegan@donegan.org"><donegan@donegan.org></a></a>
<br clear="none">
<b><span
style="font-weight:bold;">Cc:</span></b>
Steve Zingman <a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:szingman@msgstor.com"><a class="moz-txt-link-rfc2396E" href="mailto:szingman@msgstor.com"><szingman@msgstor.com></a></a>;
<a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:app_rpt-users@ohnosec.org"><a class="moz-txt-link-rfc2396E" href="mailto:app_rpt-users@ohnosec.org">"app_rpt-users@ohnosec.org"</a></a>
<a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E" href="mailto:app_rpt-users@ohnosec.org"><a class="moz-txt-link-rfc2396E" href="mailto:app_rpt-users@ohnosec.org"><app_rpt-users@ohnosec.org></a></a>
<br clear="none">
<b><span
style="font-weight:bold;">Sent:</span></b>
Monday, October 5,
2015 2:49 PM<br
clear="none">
<b><span
style="font-weight:bold;">Subject:</span></b>
Re: [App_rpt-users]
New Official Allstar
Distribution Released
(DIAL)<br clear="none">
</font> </div>
<div
class="yiv0218255800y_msg_container"
id="yiv0218255800yui_3_16_0_1_1443990021550_67427"><br clear="none">
<div id="yiv0218255800">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_67429">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_67428">Using
a jump box as you
describe is one
way...not allowing
SSH from the
outside adds a
layer; setting up
a secue VDI
capability to the
jumpbox over a vpn
is yet a third
way...;). </div>
<div
id="yiv0218255800AppleMailSignature"><br
clear="none">
</div>
<div
id="yiv0218255800AppleMailSignature">my
rule: if it's
exposed to the
net, it's
potentially
vulnerable. Just
turn on your SIP
port and pop some
popcorn to
see...;)<br
clear="none">
<br clear="none">
--
<div>Bryan</div>
<div>Sent from my
iPhone 5.<span
style="font-size:13pt;">..No
electrons were
harmed in the
sending of
this message.</span></div>
<div><br
clear="none">
<div><br
clear="none">
</div>
</div>
</div>
<div
class="yiv0218255800qtdSeparateBR"><br
clear="none">
<br clear="none">
</div>
<div
class="yiv0218255800yqt0199404845"
id="yiv0218255800yqt51679">
<div><br
clear="none">
On Oct 5, 2015,
at 17:39, Steven
Donegan <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:donegan@donegan.org"><a class="moz-txt-link-abbreviated" href="mailto:donegan@donegan.org">donegan@donegan.org</a></a>>
wrote:<br
clear="none">
<br clear="none">
</div>
<blockquote
type="cite">
<div>
<div
style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,
Helvetica Neue
Light,
Helvetica
Neue,
Helvetica,
Arial, Lucida
Grande,
sans-serif;font-size:16px;">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65382">Direct
root login
being
disallowed IF
there were no
other way to
get full root
privileges
(not the case
here) was
considered
best practice.
However in
almost every
case there is
a user (on
Raspbian user
pi) that can
simply login,
sudo -s and do
whatever they
want. Yes it
puts up a
small hurdle
but I don't
see it as a
serious one.</div>
<div><br
clear="none">
</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65659">In
short, there
is almost no
setup that
will allow you
to completely
lock out root
with the
exception of a
few well
designed
appliances.
And that means
someone is out
there doing
support to get
things
resolved. This
system is not
of that flavor
and root is
necessary for
many things so
frankly adding
a hurdle or
two really
doesn't
appreciably
make the
system more
secure.</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65660"><br
clear="none">
</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65661">Require
a long pass
phrase (say 20
mixed
characters or
so) and this
whole thing is
moot...</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65662"><br
clear="none">
</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65663">And
BTW - putting
sshd on port
222 (or
anything
except 22) is
security by
obscurity -
many tools can
find standard
protocols on
non-standard
ports :-) (I
know, I wrote
one)<br
clear="none">
</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65683"><br
clear="none">
</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65684">The
best bet is to
not allow ssh
at all. If
that is not
feasible then
do the su or
sudo thing
and/or set up
an
intermediate
system such
that you
access a
non-privileged
account on
system A, then
ssh to system
B and system B
will ONLY
accept ssh
from system A.
Still can be
beaten but it
is a bit
harder...</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65685"><br
clear="none">
</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65686">And
BTW - I have
done infosec
for about 20
years so I am
allowed to
have an
opinion on
this topic :-)<br
clear="none">
</div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65327"><span></span></div>
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65326"> </div>
<div
class="yiv0218255800signature"
id="yiv0218255800yui_3_16_0_1_1443990021550_65291">Steven Donegan<br
clear="none">
KK6IVC General
Class FCC
License<br
clear="none">
Silver State
Car #86<br
clear="none">
<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="http://www.sscc.us"><a class="moz-txt-link-abbreviated" href="http://www.sscc.us">www.sscc.us</a></a></div>
<br
clear="none">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65306"
style="font-family:HelveticaNeue-Light,
Helvetica Neue
Light,
Helvetica
Neue,
Helvetica,
Arial, Lucida
Grande,
sans-serif;font-size:16px;">
<div
id="yiv0218255800yui_3_16_0_1_1443990021550_65305"
style="font-family:HelveticaNeue,
Helvetica
Neue,
Helvetica,
Arial, Lucida
Grande,
sans-serif;font-size:16px;">
<div dir="ltr"
id="yiv0218255800yui_3_16_0_1_1443990021550_65304">
<hr size="1">
<font
face="Arial"
size="2"> <b><span
style="font-weight:bold;">From:</span></b> Steve Zingman <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:szingman@msgstor.com"><a class="moz-txt-link-abbreviated" href="mailto:szingman@msgstor.com">szingman@msgstor.com</a></a>><br
clear="none">
<b><span
style="font-weight:bold;">To:</span></b>
"<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:app_rpt-users@ohnosec.org"><a class="moz-txt-link-abbreviated" href="mailto:app_rpt-users@ohnosec.org">app_rpt-users@ohnosec.org</a></a>"
<<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:app_rpt-users@ohnosec.org"><a class="moz-txt-link-abbreviated" href="mailto:app_rpt-users@ohnosec.org">app_rpt-users@ohnosec.org</a></a>>
<br
clear="none">
<b><span
style="font-weight:bold;">Sent:</span></b>
Monday,
October 5,
2015 2:24 PM<br
clear="none">
<b><span
style="font-weight:bold;">Subject:</span></b>
[App_rpt-users]
New Official
Allstar
Distribution
Released
(DIAL)<br
clear="none">
</font> </div>
<div
class="yiv0218255800y_msg_container"><br
clear="none">
<div
id="yiv0218255800">
<div> </div>
<div>
<pre style="white-space:pre-wrap;color:rgb(0, 0, 0);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;widows:1;word-spacing:0px;">Dave,
Let's say I agree with you. And I well may.
On most internet exposed machines, I don't even allow ssh unless I trust your address or require a VPN.
I agree is common practice to not allow it.
Now the question is why?
As John McLaughlin would say, DISCUSS!
On 10/05/2015 08:40 AM, Steve Zingman wrote:
><i> root login via SSH is now allowed
</i>
> This is a bad idea. Root should *never* be allowed to login to a system
> remotely. It's better to log in as a normal user and then become root
> via su, sudo, etc.
> - Dave
</pre>
<br
clear="none">
<pre class="yiv0218255800moz-signature">--
"Anything is possible if you don't know what you are talking about."
1st Law of Logic</pre>
<div
class="yiv0218255800qtdSeparateBR"><br
clear="none">
<br
clear="none">
</div>
<div
class="yiv0218255800yqt8052708876"
id="yiv0218255800yqtfd88066"> </div>
</div>
</div>
<br
clear="none">
<div
class="yiv0218255800yqt8052708876"
id="yiv0218255800yqtfd80175">_______________________________________________<br
clear="none">
App_rpt-users
mailing list<br
clear="none">
<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:App_rpt-users@ohnosec.org"><a class="moz-txt-link-abbreviated" href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a></a><br
clear="none">
<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users"><a class="moz-txt-link-freetext" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a></a><br
clear="none">
<br
clear="none">
To unsubscribe
from this list
please visit <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users"><a class="moz-txt-link-freetext" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a></a>
and scroll
down to the
bottom of the
page. Enter
your email
address and
press the
"Unsubscribe
or edit
options
button"<br
clear="none">
You do not
need a
password to
unsubscribe,
you can do it
via email
confirmation.
If you have
trouble
unsubscribing,
please send a
message to the
list detailing
the problem. </div>
<br
clear="none">
<br
clear="none">
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<blockquote
type="cite">
<div><span>_______________________________________________</span><br
clear="none">
<span>App_rpt-users
mailing list</span><br
clear="none">
<span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:App_rpt-users@ohnosec.org"><a class="moz-txt-link-abbreviated" href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a></a></span><br
clear="none">
<span><a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users"><a class="moz-txt-link-freetext" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a></a></span><br
clear="none">
<span></span><br
clear="none">
<span>To
unsubscribe
from this list
please visit <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users"><a class="moz-txt-link-freetext" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a></a>
and scroll
down to the
bottom of the
page. Enter
your email
address and
press the
"Unsubscribe
or edit
options
button"</span><br
clear="none">
<span>You do not
need a
password to
unsubscribe,
you can do it
via email
confirmation.
If you have
trouble
unsubscribing,
please send a
message to the
list detailing
the problem. </span></div>
</blockquote>
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
<pre>_______________________________________________
App_rpt-users mailing list
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv0218255800moz-txt-link-abbreviated" ymailto="mailto:App_rpt-users@ohnosec.org" target="_blank" href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a>
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv0218255800moz-txt-link-freetext" target="_blank" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
To unsubscribe from this list please visit <a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv0218255800moz-txt-link-freetext" target="_blank" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </pre>
</blockquote>
<br clear="none">
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
<br clear="none">
<fieldset
class="yiv0218255800mimeAttachmentHeader"></fieldset>
<br clear="none">
<pre>_______________________________________________
App_rpt-users mailing list
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv0218255800moz-txt-link-abbreviated" ymailto="mailto:App_rpt-users@ohnosec.org" target="_blank" href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a>
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv0218255800moz-txt-link-freetext" target="_blank" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
To unsubscribe from this list please visit <a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv0218255800moz-txt-link-freetext" target="_blank" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </pre>
</blockquote>
</div>
<br clear="none">
<pre class="yiv0218255800moz-signature">--
"Anything is possible if you don't know what you are talking about."
1st Law of Logic</pre>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
App_rpt-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
To unsubscribe from this list please visit <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </pre>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"Anything is possible if you don't know what you are talking about."
1st Law of Logic</pre>
</body>
</html>