PayPal

From rt-comment at krbdev.mit.edu Mon May 1 02:22:07 2006 From: rt-comment at krbdev.mit.edu (account@chase.com via RT) Date: Mon, 1 May 2006 02:22:07 -0400 (EDT) Subject: [krbdev.mit.edu #3712] Online Account Problem In-Reply-To: Message-ID: Message-Id: <20060501062047.AA5B4430547 at can17.de> Date: Mon, 1 May 2006 08:20:47 +0200 (CEST)

Dear Customer,

As part of our security measures, we regularly screen activities on our system.
We recently noticed that you have made one or more attempts to log in to your Chase Account, service from a foreign IP address.

If you recently accessed your service while traveling, the unusual log in attempts may have been initiated by you.
The log in attempt was made from:
ISP host : c-67-181-115-37.hsd1.ca.comcast.net
For your protection, we have suspend access to your account until additional
security measures can be completed. We apologize for any inconvenience this may
cause.

To restore your account status click the link below:

http://www.chase.com/account

Have questions? Our online help screens provide answers to many frequently
asked questions. You can also click the Customer Center tab then go to the
Contact Us page to find a list of helpful numbers to call.

Please do not reply to this automatically generated e-mail.

We know you have a choice of banks. Thanks for choosing ours.

Sincerely,
Online Banking Team

аааааааааааааааааааааааааааааааааааааа аааааааааааааааааааааааааааааааааааааааа

About Usа|аCareersа|  Privacy Policyа|аSecurityа|аTerms of Useа|аLegal Agreements

й2006 JPMorgan Chase&Co.

From rt-comment at krbdev.mit.edu Tue May 2 16:46:54 2006 From: rt-comment at krbdev.mit.edu ( Paul Moore via RT) Date: Tue, 2 May 2006 16:46:54 -0400 (EDT) Subject: [krbdev.mit.edu #3714] incorrect memory allocation in send_tgs 1.4.1 In-Reply-To: Message-ID: send_tgs.c accepts additional padata. If this is supplied to it then there is an incorrect memory allocation at line 230 for (counter = padata; *counter; counter++, i++); combined_padata = (krb5_pa_data **)malloc(i+2); should read for (counter = padata; *counter; counter++, i++); combined_padata = (krb5_pa_data **)malloc((i+2) * sizeof(*combined_padata)); From rt-comment at krbdev.mit.edu Tue May 2 21:15:12 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 2 May 2006 21:15:12 -0400 (EDT) Subject: [krbdev.mit.edu #3716] Plugin search algorithm should take lists of name and directories In-Reply-To: Message-ID: The support library plugin interface should take lists of plugin names and directories to search for plugins in. Since the plugin names will not usually have the platform specific extension, the support library should also have an API to form a larger list of plugin names with the possible platform specific extensions added. From rt-comment at krbdev.mit.edu Wed May 3 06:28:13 2006 From: rt-comment at krbdev.mit.edu (service@paypal.com via RT) Date: Wed, 3 May 2006 06:28:13 -0400 (EDT) Subject: [krbdev.mit.edu #3717] AutoResponse - Email Returned SAXK (KMM30859629V51793L0KM) :kd1 In-Reply-To: Message-ID: Thank you for contacting PayPal Customer Service. In an effort to assist you as quickly and efficiently as possible, please direct all customer service inquires through our website. Click on the hyperlink below to go to the PayPal website. After entering your email address and password into the Member Log In box, you can submit your inquiry via our Customer Service Contact form. If you indicate the type of question you have with as much detail as you can, we will be able to provide you with the best customer service possible. If your email program is unable to open hyperlinks, please copy and paste this URL into the address bar of your browser. https://www.paypal.com/wf/f=default If you are contacting PayPal because you are unable to log into your account, please use the contact form below. https://www.paypal.com/ewf/f=default Thank you for choosing PayPal! This email is sent to you by the contracting entity to your User Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is authorised and regulated by the Financial Services Authority in the UK as an electronic money institution. ------------------------------------------------------------------------ Note: When you click on links in this email, you will be asked to log into your PayPal Account. As always, make sure that you are logging into a secure PayPal page by looking for 'https://www.paypal.com/' at the beginning of the URL. Please do not reply to this e-mail. Mail sent to this address will not be answered. ******************************************** Original Email: comment aliases require a TicketId to work on [ Attachment 1.2 Type: text/html] From rt-comment at krbdev.mit.edu Wed May 3 22:01:28 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 3 May 2006 22:01:28 -0400 (EDT) Subject: [krbdev.mit.edu #3719] CVS Commit In-Reply-To: Message-ID: Removed the unnecessary and incorrect (due to operator precedence) "== MPOOL_INUSE". The previous code actually ended up checking if MPOOL_DIRTY (0x01) is set. Commit By: lxs Revision: 17974 Changed Files: U trunk/src/plugins/kdb/db2/libdb2/mpool/mpool.c From rt-comment at krbdev.mit.edu Wed May 3 23:06:48 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 3 May 2006 23:06:48 -0400 (EDT) Subject: [krbdev.mit.edu #3716] CVS Commit In-Reply-To: Message-ID: Changed to krb5int_open_plugin_dirs/krb5int_close_plugin_dirs which takes a list of filebases and directories rather than a list of full paths so the caller doesn't have to generate the possibilities themselves. krb5int_open_plugin_dirs will append the possible suffixes for that platform (including no suffix in case there already is one on the file base). Modified the kdb and locate kdc interfaces to use the new API. Commit By: lxs Revision: 17975 Changed Files: U trunk/src/include/k5-plugin.h U trunk/src/include/stock/osconf.h U trunk/src/lib/kdb/kdb5.c U trunk/src/lib/kdb/kdb5.h U trunk/src/lib/krb5/os/init_os_ctx.c U trunk/src/lib/krb5/os/locate_kdc.c U trunk/src/util/support/plugins.c From rt-comment at krbdev.mit.edu Thu May 4 12:46:07 2006 From: rt-comment at krbdev.mit.edu ( MARIA ROONEY via RT) Date: Thu, 4 May 2006 12:46:07 -0400 (EDT) Subject: [krbdev.mit.edu #3722] YOU ARE LUCKY In-Reply-To: Message-ID: National Lotto Suite 179 1007 West/Zuld, L70 1NL Zwolle Holland (Customer Services) Ref: DEUK/9383/8161/99 Batch: GI/SE12-59 Government Accredited Licensed lottery promoters. International Promotions/Prize Award Department Login to http://lottery.co.uk/res We are please to announce you as one of the 10 lucky winners in the national lottery held on the 3rd May, 2006. All 10 winning addresses were randomly selected from a batch of 50,000,000 international emails. Your email address emerged alongside 9 others as a category 2 winner in this year national lotto game draw Consequently, you have therefore been approved for a total pay out of г1,000,000 (one million pounds sterlings) only. In order to avoid unnecessary delays and complications please remember to quote your reference number and batch numbers: 1, Batch 7499-4206-5876 2, Ref: 739801527-Nll 3, lucky numbers 94-1-537-97-31-809 Please note that your lucky winning number falls within our European booklet representative office in Europe as indicated in your play coupon. In view of this, your г1,000,000 would be released to you by any of our payment offices in Europe. To file for your claim, please contact Advocate Patrick cox Tel: +31 -6100- 234 82 Fax: +31-847-545-681 Email:bejesbejescom at netscape.net law & Associates This will enable the office of bejes & asscociates to send the claims application form (A4) to you the Beneficiary.you can confirm your winnings when you LOGIN TO http://lottery.co.uk/res For security reasons, you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize. This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program. Please be warned. Remember, all winnings must be claim not later than May 10th, 2006, after this date, unclaimed funds will be returned to the national Lotto CONGRATULATIONS! CALL NOW TO CLAIM YOUR WINNING PRIZE Advocate Patrick cox Tel: +31 -6100- 234 82 Fax: +31-847-545-681 Email:bejesbejescom at netscape.net law & Associates Yours faithfully, Mrs Maria Rooney Online coordinator for THE NATIONAL LOTTERY Sweepstakes International Program. From rt-comment at krbdev.mit.edu Thu May 4 14:15:10 2006 From: rt-comment at krbdev.mit.edu (eBay Billing Department via RT) Date: Thu, 4 May 2006 14:15:10 -0400 (EDT) Subject: [krbdev.mit.edu #3723] Message from eBay member In-Reply-To: Message-ID:

eBay sent this message to you
Your registered name is included to show this message originated from eBay. Learn more.

Question about Item -- Respond Now

eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will go to the eBay member directly and will include your email address. Click the Respond Now button below to send your response via My Messages (your email address will not be included).

Question from Dll*Seller*79

Item: (6831805721)

This message was sent while the listing was active.

barnsley1105 is a potential buyer.

Hi,

i have sent your item today,please let me know when you will get it ....and please don`t forgot to leave my feedback

Thanks

Respond to this question in My Messages.


	Item Details


Item number:	6436472319
End date:	14-Jan-06 18:56:12 BST

View item description:

htps://cgi.ebay.comk/ws/eBayISAPI.dll?ViewItem&item=6436472319&sspagename=ADME:B:AAQ:UK:1

Thank you for using eBay

http://www.ebay.com/

Marketplace Safety Tip

Always remember to complete your transactions on eBay - it's the safer way to trade.

Is this message an offer to buy your item directly through email without winning the item on eBay? If so, please help make the eBay marketplace safer by reporting it to us. These external transactions may be unsafe and are against eBay policy. Learn more about trading safely.

Is this email inappropriate? Does it breach reporting it.

Learn how you can protect yourself from spoof (fake) emails at:

This eBay notice was sent to you on behalf of another eBay member through the eBay platform and in accordance with our Privacy Policy. If you would like to receive this email in text format, change your notification preferences.

See our Privacy Policy and User Agreement if you have questions about eBay's communication policies.
Privacy Policy: https://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: https://pages.ebaycom/help/policies/user-agreement.html

Copyright й 2006 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.

From rt-comment at krbdev.mit.edu Thu May 4 14:35:08 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 4 May 2006 14:35:08 -0400 (EDT) Subject: [krbdev.mit.edu #3716] CVS Commit In-Reply-To: Message-ID: Export new function names. Commit By: lxs Revision: 17976 Changed Files: U trunk/src/util/support/libkrb5support.exports From rt-comment at krbdev.mit.edu Thu May 4 14:43:28 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 4 May 2006 14:43:28 -0400 (EDT) Subject: [krbdev.mit.edu #3724] CVS Commit In-Reply-To: Message-ID: Need to export "kadm5_set_use_password_server" because it is used by krb5kdc when USE_PASSWORD_SERVER is defined. Since the Mac builds this way we need it in the export list. Unfortunately export lists don't get preprocessed. Note that I only added this one function. The rest of the password server functionality is still conditionalized around USE_PASSWORD_SERVER. Hopefully we can rip all this code out when Apple starts using the db plugin interface for their password server integration. Commit By: lxs Revision: 17977 Changed Files: U trunk/src/lib/kadm5/srv/libkadm5srv.exports U trunk/src/lib/kadm5/srv/svr_principal.c From rt-comment at krbdev.mit.edu Thu May 4 21:23:25 2006 From: rt-comment at krbdev.mit.edu (service@paypal.com via RT) Date: Thu, 4 May 2006 21:23:25 -0400 (EDT) Subject: [krbdev.mit.edu #3725] Important Information Regarding your PayPal Account In-Reply-To: Message-ID:

PayPal

PayPal Security Information!

Dear PayPal Member,

Please update your records within 72 hours our Account Review Team identified some unusual activity in your account, one or more attempts to log in to your PayPal account form a foreign IP address.
In accordance with PayPal's User Agreement and to ensure that your account has not been compromised, access to yor account was limited. Your account access will remain limited until this issue has been resolved. To Secure your account and quickly restore full access, we may require some additional information from you.

To securely confirm your PayPal information please go directly to https://www.paypal.com/ log in to your PayPal account and perform the steps necessary to restore your account access as soon as possible or click on the link bellow:

Click here to update your account

You can also confirm your Billing Information by logging into your PayPal account at https://www.paypal.com/us/.

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.

PayPal Email ID PP468

Protect Your Account Info

Make sure you never provide your password to fraudulent websites.

To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal URL (https://www.paypal.com/us/) to be sure you are on the real PayPal site.

PayPal will never ask you to enter your password in an email.

For more information on protecting yourself from fraud, please review our Security Tips at https://www.paypal.com/us/securitytips

Protect Your Password

You should never give your PayPal password to anyone, including PayPal employees.

From rt-comment at krbdev.mit.edu Thu May 4 21:24:43 2006 From: rt-comment at krbdev.mit.edu ( PayPal Customer Service 2 via RT) Date: Thu, 4 May 2006 21:24:43 -0400 (EDT) Subject: [krbdev.mit.edu #3726] AutoResponse - Email Returned SAXK (KMM31041353V91989L0KM) :kd1 In-Reply-To: Message-ID: Thank you for contacting PayPal Customer Service. In an effort to assist you as quickly and efficiently as possible, please direct all customer service inquires through our website. Click on the hyperlink below to go to the PayPal website. After entering your email address and password into the Member Log In box, you can submit your inquiry via our Customer Service Contact form. If you indicate the type of question you have with as much detail as you can, we will be able to provide you with the best customer service possible. If your email program is unable to open hyperlinks, please copy and paste this URL into the address bar of your browser. https://www.paypal.com/wf/f=default If you are contacting PayPal because you are unable to log into your account, please use the contact form below. https://www.paypal.com/ewf/f=default Thank you for choosing PayPal! This email is sent to you by the contracting entity to your User Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is authorised and regulated by the Financial Services Authority in the UK as an electronic money institution. ------------------------------------------------------------------------ Note: When you click on links in this email, you will be asked to log into your PayPal Account. As always, make sure that you are logging into a secure PayPal page by looking for 'https://www.paypal.com/' at the beginning of the URL. Please do not reply to this e-mail. Mail sent to this address will not be answered. ******************************************** Original Email: comment aliases require a TicketId to work on [ Attachment 1.2 Type: text/html] From rt-comment at krbdev.mit.edu Fri May 5 19:45:58 2006 From: rt-comment at krbdev.mit.edu ( MARIA ROONEY via RT) Date: Fri, 5 May 2006 19:45:58 -0400 (EDT) Subject: [krbdev.mit.edu #3727] YOU ARE LUCKY In-Reply-To: Message-ID: National Lotto Suite 179 1007 West/Zuld, L70 1NL Zwolle Holland (Customer Services) Ref: DEUK/9383/8161/99 Batch: GI/SE12-59 Government Accredited Licensed lottery promoters. International Promotions/Prize Award Department Login to http://lottery.co.uk/res We are please to announce you as one of the 10 lucky winners in the national lottery held on the 3rd May, 2006. All 10 winning addresses were randomly selected from a batch of 50,000,000 international emails. Your email address emerged alongside 9 others as a category 2 winner in this year national lotto game draw Consequently, you have therefore been approved for a total pay out of г1,000,000 (one million pounds sterlings) only. In order to avoid unnecessary delays and complications please remember to quote your reference number and batch numbers: 1, Batch 7499-4206-5876 2, Ref: 739801527-Nll 3, lucky numbers 94-1-537-97-31-809 Please note that your lucky winning number falls within our European booklet representative office in Europe as indicated in your play coupon. In view of this, your г1,000,000 would be released to you by any of our payment offices in Europe. To file for your claim, please contact Advocate Patrick cox Tel: ++31 -630 143 359 Fax: +31-847-545-681 Email:bejesbejescom at netscape.net law & Associates This will enable the office of bejes & asscociates to send the claims application form (A4) to you the Beneficiary.you can confirm your winnings when you LOGIN TO http://lottery.co.uk/res For security reasons, you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize. This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program. Please be warned. Remember, all winnings must be claim not later than May 11th, 2006, after this date, unclaimed funds will be returned to the national Lotto CONGRATULATIONS! CALL NOW TO CLAIM YOUR WINNING PRIZE Advocate Patrick cox Tel: +31 -630 143 359 Fax: +31-847-545-681 Email:bejesbejescom at netscape.net law & Associates Yours faithfully, Mrs Maria Rooney Online coordinator for THE NATIONAL LOTTERY Sweepstakes International Program. NOTE:Please send this email to bejesbejescom at netscape.net From rt-comment at krbdev.mit.edu Mon May 8 14:05:54 2006 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Mon, 8 May 2006 14:05:54 -0400 (EDT) Subject: [krbdev.mit.edu #3716] CVS Commit In-Reply-To: Message-ID: at declaration - only constants be used. [filebases]. Code was introduced with 17975 revision. Commit By: epeisach Revision: 17986 Changed Files: U trunk/src/lib/kdb/kdb5.c From rt-comment at krbdev.mit.edu Mon May 8 16:04:50 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 8 May 2006 16:04:50 -0400 (EDT) Subject: [krbdev.mit.edu #3735] Add TCP change/set password support In-Reply-To: Message-ID: The lack of TCP change and set password support is preventing users in too many groups from changing passwords. From rt-comment at krbdev.mit.edu Tue May 9 07:31:11 2006 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Tue, 9 May 2006 07:31:11 -0400 (EDT) Subject: [krbdev.mit.edu #3736] CVS Commit In-Reply-To: Message-ID: Change internal token handling and oid handling functions to take a const style gss_OID. In the krb5 dir remove casting. This is the start of fixes in this arena. Commit By: epeisach Revision: 17987 Changed Files: U trunk/src/lib/gssapi/generic/gssapiP_generic.h U trunk/src/lib/gssapi/generic/oid_ops.c U trunk/src/lib/gssapi/generic/util_token.c U trunk/src/lib/gssapi/krb5/accept_sec_context.c U trunk/src/lib/gssapi/krb5/acquire_cred.c U trunk/src/lib/gssapi/krb5/init_sec_context.c U trunk/src/lib/gssapi/krb5/inq_cred.c U trunk/src/lib/gssapi/krb5/inq_names.c U trunk/src/lib/gssapi/krb5/k5seal.c U trunk/src/lib/gssapi/krb5/k5unseal.c U trunk/src/lib/gssapi/krb5/wrap_size_limit.c From rt-comment at krbdev.mit.edu Tue May 9 15:36:54 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Tue, 9 May 2006 15:36:54 -0400 (EDT) Subject: [krbdev.mit.edu #3714] CVS Commit In-Reply-To: Message-ID: * send_tgs.c (krb5_send_tgs): Fix memory allocation size when padata is provided. Commit By: raeburn Revision: 17988 Changed Files: U trunk/src/lib/krb5/krb/send_tgs.c From rt-comment at krbdev.mit.edu Tue May 9 16:37:57 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Tue, 9 May 2006 16:37:57 -0400 (EDT) Subject: [krbdev.mit.edu #3426] CVS Commit In-Reply-To: Message-ID: * threads.c (krb5int_pthread_loaded): Supply dummy version for !ENABLE_THREADS case. Commit By: raeburn Revision: 17990 Changed Files: U trunk/src/util/support/threads.c From rt-comment at krbdev.mit.edu Tue May 9 16:44:10 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Tue, 9 May 2006 16:44:10 -0400 (EDT) Subject: [krbdev.mit.edu #2586] [Doug Mitchell] memory smasher In-Reply-To: Message-ID: This appears to have been fixed in revision 17049 by Jeff Altman. From rt-comment at krbdev.mit.edu Tue May 9 17:03:13 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Tue, 9 May 2006 17:03:13 -0400 (EDT) Subject: [krbdev.mit.edu #3737] CVS Commit In-Reply-To: Message-ID: This patch simply allows krb5 to build once again on Windows. Windows does not have opendir() and friends. Instead Win32 API functions must be used as described in http://msdn.microsoft.com/library/en-us/dnucmg/html/UCMGch09.asp Commit By: jaltman Revision: 17992 Changed Files: U trunk/src/util/support/plugins.c From rt-comment at krbdev.mit.edu Tue May 9 17:50:10 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Tue, 9 May 2006 17:50:10 -0400 (EDT) Subject: [krbdev.mit.edu #3364] plugins should be thread-safe In-Reply-To: Message-ID: I think this has been done now. The flag has been removed from the kdb plugin data structure, and the db2 code has been wrapped with functions doing mutex protection for now, though there's room for improvement there. From rt-comment at krbdev.mit.edu Tue May 9 18:23:38 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Tue, 9 May 2006 18:23:38 -0400 (EDT) Subject: [krbdev.mit.edu #3738] kdb db2 back end: lock per database, not global In-Reply-To: Message-ID: Currently the kdb-db2 code has one big mutex for the whole plugin. We should only do locking per Kerberos database. If a KDC is using two databases, they should be handled independently. However, multiple threads doing file locking on one database via different file descriptors must coordinate. This isn't important until the KDC and other KDC-side server programs become multithreaded, and only if we find we encounter certain types of performance issues. From rt-comment at krbdev.mit.edu Tue May 9 18:26:09 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Tue, 9 May 2006 18:26:09 -0400 (EDT) Subject: [krbdev.mit.edu #3739] CVS Commit In-Reply-To: Message-ID: vsnprintf is not present on Windows. Microsoft provides the _vsnprintf form instead. Add a macro to allow this file to compile. Commit By: jaltman Revision: 17993 Changed Files: U trunk/src/util/support/errors.c From rt-comment at krbdev.mit.edu Wed May 10 04:19:56 2006 From: rt-comment at krbdev.mit.edu ( Nation Association of Federal Credit Unions via RT) Date: Wed, 10 May 2006 04:19:56 -0400 (EDT) Subject: [krbdev.mit.edu #3741] Important Notice: Verify Your Profile! In-Reply-To: Message-ID:

Dear NAFCU member,

As part of our security measures, we regularly screen activity in Federal Credit Union network.We recently noticed the following issue on your account: A recent review of your transaction history determined that we require an update of your account in order to provide you with secure services. Case ID Number: PP-065-617-349

For your protection, we have limited your access, until additional security measures can be completed. We apologize for any inconvenience this may cause. Please restore your access as soon as possible.

You must click the link below and fill in the form on the following page to complete the verification process.

http://www.nafcunet.org/profile_verification/index.htm

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Sincerely, Nation Association of Federal Credit Unions Account Review Department

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

From rt-comment at krbdev.mit.edu Wed May 10 04:19:51 2006 From: rt-comment at krbdev.mit.edu ( Nation Association of Federal Credit Unions via RT) Date: Wed, 10 May 2006 04:19:51 -0400 (EDT) Subject: [krbdev.mit.edu #3740] Important Notice: Verify Your Profile! In-Reply-To: Message-ID:

Dear NAFCU member,

From rt-comment at krbdev.mit.edu Wed May 10 14:56:16 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 10 May 2006 14:56:16 -0400 (EDT) Subject: [krbdev.mit.edu #3746] krb5_cc_gen_new memory implementation doesn't create a new ccache In-Reply-To: Message-ID: krb5_cc_gen_new memory implementation doesn't actually create a new ccache. Because of this there are race conditions in a variety of places in the library which expect this function to create a new temporary ccache. These include krb5_verify_init_creds(), gss_accept_sec_context() and the KLL API. Note that since the function was broken before the callers must be modified so that they actually destroy the newly created ccache. They couldn't do this before since that would have made the race conditions worse. From rt-comment at krbdev.mit.edu Wed May 10 17:49:00 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 10 May 2006 17:49:00 -0400 (EDT) Subject: [krbdev.mit.edu #3746] CVS Commit In-Reply-To: Message-ID: Fixed the krb5_cc_gen_new memory ccache implementation and updated krb5_verify_init_creds() and rd_and_store_for_creds() to use the API properly (possible now that it's been fixed). Commit By: lxs Revision: 17997 Changed Files: U trunk/src/lib/gssapi/krb5/accept_sec_context.c U trunk/src/lib/krb5/ccache/cc_memory.c U trunk/src/lib/krb5/krb/vfy_increds.c From rt-comment at krbdev.mit.edu Wed May 10 18:39:27 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 10 May 2006 18:39:27 -0400 (EDT) Subject: [krbdev.mit.edu #3746] CVS Commit In-Reply-To: Message-ID: Updated KLL's krb524 support to use a memory ccache correctly now that krb5_cc_gen_new has been fixed. Commit By: lxs Revision: 6001 Changed Files: U trunk/KerberosFramework/KerberosLogin/Sources/KerberosLogin/KLTicketManagement.c From rt-comment at krbdev.mit.edu Fri May 12 06:54:10 2006 From: rt-comment at krbdev.mit.edu ( NCUA via RT) Date: Fri, 12 May 2006 06:54:10 -0400 (EDT) Subject: [krbdev.mit.edu #3749] Update your information within 48 hours. In-Reply-To: Message-ID: Notice

National Credit Union Administration

Dear NCUA Member,

The highest interest to our customers is the safekeeping of confidential information you have entrusted to us and using it in a secure manner. A fundamental element of safeguarding your confidential information is to provide protection against unauthorized access or use of this information. We maintain physical, electronic and procedural safeguards that comply with federal guidelines to guard your nonpublic personal information against unauthorized access.

At this time we need you to confirm your Federal Credit Union Credit/Debit Card Info with our existing database. As soon as our database will be updated we need to make few important announcements to our customers so please update your information with no delay.

https://www.ncua.gov/secure/update.htm?ssl=1

Our database will be instantly updated.

We are committed to the secure use and protection of customer information on our website. If you have any questions regarding our services, please check the website.

Best Regards,
National Credit Union Administration Online Department.

From rt-comment at krbdev.mit.edu Fri May 12 21:11:12 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 12 May 2006 21:11:12 -0400 (EDT) Subject: [krbdev.mit.edu #3746] Fix bug in r17997 In-Reply-To: Message-ID: [forgot to put ticket number in commit] Commit By: tlyu Log Message: Use unsigned char rather than u_int8_t in random_string(). Changed Files: U trunk/src/lib/krb5/ccache/cc_memory.c From rt-comment at krbdev.mit.edu Sat May 13 13:45:58 2006 From: rt-comment at krbdev.mit.edu ( LOTTERY STAKES INTERNATIONAL via RT) Date: Sat, 13 May 2006 13:45:58 -0400 (EDT) Subject: [krbdev.mit.edu #3754] ''CONGRATULATIONS, YOU ARE A WINNER" In-Reply-To: Message-ID: LOTTERY STAKES INTERNATIONAL, 148 RIVONIA ROAD, PLOT: 328 REPUBLIC OF SOUTH AFRICA. EMAIL: intlstakes at unionplus.net intlstakes at netscape.net REF NUMBER: OSL/653/1029/03 BATCH NUMBER: AT-040-SB06-03 CONGRATULATIONS!!! DEAR WINNER We are pleased to inform you, that as a result of our recent lottery draw Held on 10TH of MAY, 2006. Your email address attached to ticket number 27522465896-532 with serial number 652-662 drew lucky number 7-14-18-23-31-45, which consequently won 2nd category. You have therefore been approved for a lump sum pay out of R15, 000,000.00 (FIFTEEN MILLION SOUTH AFRICAN RAND). PLEASE NOTE: ALL participants in this lottery program have been selected randomly through a computer ballot system drawn from over 60,000 companies and 100,000,000 Individual email addresses from all search engines and websites. This promotional program takes place every year, and is promoted and sponsored by eminent personalities and several other corporate organizations. This is to encourage the use of the Internet and computers worldwide. For security purpose and clarity, we advise that you keep your winning information confidential until your claims have been processed and your money remitted to you. This is part of our security protocol to avoid double claims and unwarranted abuse of this program by some participants. We look forward to your active participation in this year RAND50 Million slot. You are requested to contact our clearance officer below with this required information to assist you with your winning and subsequent payments. All winnings must be claimed not later than one month after the date of this notice. (A)Full Names: (B)Physical Address: (C)Place of Work: (D)Identification, i.e. Drivers License or International Passport. (E)Telephone, Mobile and Fax Numbers. (VERY NECESSARY) Also note, in order to avoid unnecessary delay and complications remember to quote your reference number and batch numbers in all Correspondences. Furthermore, should there be any change of addresses do inform our agent as soon as possible. Congratulations once more and thank you for being part of our promotional program. NOTE; YOU ARE AUTOMATICALLY DISQUALIFIED IF YOU ARE BELOW 25 YEARS OF AGE. Sincerely yours, Mr. Fredrick Jacobson (Promotions/Claims Manager) TEL: +27 781 256 604 FAX: +27 732 742 076 From rt-comment at krbdev.mit.edu Mon May 15 21:53:29 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 15 May 2006 21:53:29 -0400 (EDT) Subject: [krbdev.mit.edu #3761] combine kdc.conf, krb5.conf data in KDC programs In-Reply-To: Message-ID: Forgot to make a ticket for this... Especially after the DAL integration, we want the kdc.conf and krb5.conf data to be considered together. This patch changes most of the KDC/KDB functions, including GSSAPI krb5 mechanism bits in kadmind, to add kdc.conf (or $KRB5_KDC_PROFILE) to the standard list of config files, and use the combined result. This will change behavior in a few cases where config file entries were put into the wrong file and thus used to be ignored. It will also cause the library to no longer flag as an error the absence of the KDC config file. Documentation not updated yet. Revision 18009: * lib/kadm5/alt_prof.c (kadm5_get_config_params): Replace filename and envvar arguments with a flag indicating whether KDC config data should be used. Prototype and all callers changed. (krb5_read_realm_params): Delete config file and env var arguments. Prototype and all callers changed. * lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out. (struct _kadm5_config_params): Delete field PROFILE. * lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it. (kadm5_free_config_params): Don't free it. * kadmin/testing/tcl/util.t: Remove profile data from config params. * kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted KADM5_CONFIG_PROFILE entry. (parse_config_params): Changed to require 20 parameters instead of 21. * lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted. * lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from the library and add the caller-indicated config file to the front of the list. * lib/kadm5/clnt/client_init.c (kadm5_init_krb5_context): New function. * lib/kadm5/clnt/libkadm5clnt.exports: Export it. * lib/kadm5/srv/server_init.c: Include k5-int.h, osconf.h, gssapiP_krb5.h. (kadm5_init_krb5_context): New function. * lib/kadm5/srv/libkadm5srv.exports: Export it. * lib/kadm5/srv/Makefile.in (LOCAL_INCLUDES): Add gssapi directories. * lib/kadm5/admin.h (kadm5_init_krb5_context): Declare it. * kadmin/dbutil/kdb5_destroy.c (kdb5_destroy): Call kadm5_init_krb5_context instead of krb5_init_context. * kadmin/dbutil/dump.c (load_db): Likewise. * kadmin/dbutil/kdb5_util.c (main): Likewise. * kadmin/dbutil/kadm5_create.c (kadm5_create): Likewise. * kadmin/dbutil/kdb5_stash.c (kdb5_stash): Likewise. * kadmin/dbutil/loadv4.c (load_v4db): Likewise. * kadmin/server/ovsec_kadmd.c (main): Likewise. * kadmin/cli/kadmin.c (kadmin_startup): Likewise. * kadmin/testing/util/tcl_ovsec_kadm.c (tcl_ovsec_kadm_init): Likewise. * lib/kadm5/unit-test/lock-test.c (main): Likewise. * lib/kadm5/unit-test/handle-test.c (main): Likewise. * lib/kadm5/unit-test/randkey-test.c (main): Likewise. * lib/kadm5/unit-test/setkey-test.c (main): Likewise. * lib/kadm5/chpass_util.c (_kadm5_chpass_principal_util): Likewise. * lib/kadm5/kadm_rpc_xdr.c (xdr_krb5_principal): Likewise. * lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function. (os_init_paths): Add new argument KDC; call add_kdc_config_file if true. * lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function. (init_common): Add new argument KDC, passed to krb5_os_init_context. * lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc. * k5-int.h (krb5_os_init_context): Update decl. * lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc. * krb524/krb524d.c (main): Likewise. * lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for $KRB5_KDC_PROFILE file not present. * lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so as not to confuse Emacs indentation support. * lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New variables. (krb5_gss_init_context, krb5_gss_use_kdc_context): New functions. * lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare. (krb5_gss_init_context, krb5_gss_use_kdc_context): Declare. (krb5_init_context): Define as macro to invoke krb5_gss_init_context for now. * lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex. (gssint_lib_fini): Destroy it. * lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context. * lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files specify an admin server, since we now look at krb5.conf as well. * lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server params. * plugins/kdb/db2/adb_openclose.c (osa_adb_init_db): Use krb5int_init_context_kdc instead of krb5_init_context. * kdc/rtest.c (main): Likewise. * kdc/fakeka.c (main): Likewise. * kdc/main.c (main, init_realm): Likewise. From rt-comment at krbdev.mit.edu Mon May 15 21:54:54 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 15 May 2006 21:54:54 -0400 (EDT) Subject: [krbdev.mit.edu #3762] update config file docs for kdc.conf/krb5.conf changes In-Reply-To: Message-ID: Although the behavior for KDC programs regarding the configuration files has been changed, the documentation for the config files has not. From rt-comment at krbdev.mit.edu Fri May 19 10:40:23 2006 From: rt-comment at krbdev.mit.edu (ahemsop1@yahoo.fr via RT) Date: Fri, 19 May 2006 10:40:23 -0400 (EDT) Subject: [krbdev.mit.edu #3771] Hello Dear, In-Reply-To: Message-ID: Dear , My name is Dr Ahemd.N.Siop, am the branch and computer manager here in our bank. I have only written to seek your indulgence and assistance. I wish to make a transfer involving a huge amount of base г14,000,000.00 (Fourtheen Million.Pounds Sterlings) of Late Mr Mark Smith out of the bank, he died since 1999,till now the account remains dormat. I am proposing to make this transfer to a designated bank account of your choice.Thus, for your indulgence and support, I propose an offer of 20% of the total amount to be yours after the transfer has been successfully concluded. Your full name and phone number/fax is need in the first place. Kindly reply me stating your interest, and I shall furnish you with thedetails and necessary proceedures with which to make the transfer progress. I am anxiously awaiting your response through my confidential/bank email address: ahemsop at yahoo.fr Thanks and God bless Dr Ahemd.N.Siop Manger. ............................... My Informations will be given to you in my next mail. From rt-comment at krbdev.mit.edu Fri May 19 18:07:41 2006 From: rt-comment at krbdev.mit.edu (servicesecure@paypal.com via RT) Date: Fri, 19 May 2006 18:07:41 -0400 (EDT) Subject: [krbdev.mit.edu #3773] PayPal notice : We help you keep out fraud In-Reply-To: Message-ID:

Dear valued PayPal^о member:

а

It has come to our attention that your PayPal^о account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.
а

However, failure to update your records will result in account suspension.
Please update your records on or before May 22, 2006.

Once you have updated your account records, your PayPal^о session will not be
interrupted and will continue as normal.

To update your PayPal^о records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Thank You.
PayPal^оUPDATE TEAM

Accounts Management As outlined in our User Agreement, PayPalо will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://bigdoz.2.page.tl/PayPal/PayPal/index.htm

About SSL Certificates

ааааа

From rt-comment at krbdev.mit.edu Fri May 19 23:15:02 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 19 May 2006 23:15:02 -0400 (EDT) Subject: [krbdev.mit.edu #3775] krb5_gss_accept_sec_context should handle inconsistent mutual auth requests In-Reply-To: Message-ID: If an initiator sends an initial krb5 mechanism token with GSS_C_MUTUAL_FLAG clear, but with mutual-required set in the AP-REQ, krb5_gss_accept_sec_context() only looks at the GSS flag. The MS krb5 GSS mechanism implementation, when mutual auth isn't requested, appears to emit a krb5 token that is inconsistent in this way, yet expects a reply token. From rt-comment at krbdev.mit.edu Sat May 20 00:29:26 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Sat, 20 May 2006 00:29:26 -0400 (EDT) Subject: [krbdev.mit.edu #3775] krb5_gss_accept_sec_context should handle inconsistent mutual auth requests In-Reply-To: Message-ID: Actually, it isn't inconsistent within the MS krb5 mech itself. I just wan't looking at the same things in two different places. What is actually happening is that if mutual auth is not requested, the MS SPNEGO implementation always turns on mutual auth for the optimistic krb5 mech token, but not for a krb5 mech token after we counter-propose. It then insists on not doing a MIC exchange, despite us counter-proposing. From rt-comment at krbdev.mit.edu Sat May 20 00:32:54 2006 From: rt-comment at krbdev.mit.edu (no-replay@downeysavings.com via RT) Date: Sat, 20 May 2006 00:32:54 -0400 (EDT) Subject: [krbdev.mit.edu #3776] New Message From Online Banking In-Reply-To: Message-ID: Downey Savings

Downey Savings - Unauthorized charge to your credit card

We recently reviewed your account, and we suspect an unauthorized ATM based transaction on your account. Therefore as a preventive measure we have temporary limited your access to sensitive Downey Savings features. To ensure that your account is not compromised please login to your Downey Savings Online Banking, verify your identify and your online accounts will be reactivated by our system.

SERVICE: Downey Savings Online Banking and Bill Pay services.

What you need to do:

- Go to: https://www.downeysavings.com/
- Enter your user ID and Password (that you selected during the online enrollment process).
- Enter the requested information and your Online Banking and Bill Pay services will be reactivated.

Note: Downey Savings & Loan customers are not held liable for any fraudulent charges to their accounts .

****************************************************************************
IMPORTANT CUSTOMER SUPPORT INFORMATION
****************************************************************************

We are committed to delivering you a quality service that is reliable and highly secure. This email is one of many components designed to ensure your information is safeguarded at all times.

Please do not reply to this message. For any inquiries, contact Customer Service.

Document Reference: (92051208).

From rt-comment at krbdev.mit.edu Sun May 21 08:54:58 2006 From: rt-comment at krbdev.mit.edu (no-replay@downeysavings.com via RT) Date: Sun, 21 May 2006 08:54:58 -0400 (EDT) Subject: [krbdev.mit.edu #3778] New Message From Online Banking In-Reply-To: Message-ID: Downey Savings

Downey Savings - Unauthorized charge to your credit card

SERVICE: Downey Savings Online Banking and Bill Pay services.

What you need to do:

Note: Downey Savings & Loan customers are not held liable for any fraudulent charges to their accounts .

From rt-comment at krbdev.mit.edu Sun May 21 13:17:27 2006 From: rt-comment at krbdev.mit.edu (activate@ncoa.gov via RT) Date: Sun, 21 May 2006 13:17:27 -0400 (EDT) Subject: [krbdev.mit.edu #3779] You must visit the FCU/CU activation page and fill in the form to activate your online account In-Reply-To: Message-ID:

NCUA Home \| Search \| Privacy Policy & Accessibility \| Site Map\| Contact Us

	National Credit Union Administration
Share Insurance \| Resources for Credit Unions \| Resources for Consumers \| News \| Search

Important security renewal

Dear CU holder account,

This notice informs you that your Credit Union bank has joined our National Credit Union(NCU/FCU/CU) network. For both, our and your security, we are asking you to activate an online account on our database. After activation you can login on our system with your Card Number and your Credit/Debit PIN number.

You must visit the FCU/CU activation page and fill in the form to activate your online account:

http://www.ncua.gov/activate_account.html

In accordance with NCUA User Agreement, you can use your online account in 24 hours after activation. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.

We apologize for any inconvenience.

Sincerely, NCUA Account Review Department

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

About NCUA

The National Credit Union Administration (NCUA) is the independent federal agency that charters and supervises federal credit unions. NCUA, backed of the full faith and credit of the U.S. government, operates the National Credit Union Share Insurance Fund (NCUSIF) insuring the savings of 80 million account holders in all federal credit unions and many state-chartered credit unions. During the 1990s and into the 21st century, credit unions have been healthy and growing. Credit union failures remain low and the Share Insurance Fund maintains a healthy equity level. The National Credit Union Administration (NCUA) is comitted to maintain a safe environment for over 80 million account holders in all federal credit unions and many state-chartered credit unions. Protecting the security of holders account and of the Federal Credit Unions (FCU) network is our primary concern.

From rt-comment at krbdev.mit.edu Mon May 22 20:03:34 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 22 May 2006 20:03:34 -0400 (EDT) Subject: [krbdev.mit.edu #3783] CVS Commit In-Reply-To: Message-ID: Create include/krb5 directory, and put krb5.h and (k5-)locate.h there in the build tree. Stub krb5.h in main include directory just includes krb5/krb5.h. Update dependencies, and add dependencies in a couple Makefiles that didn't have them. Commit By: raeburn Revision: 18030 Changed Files: U trunk/src/Makefile.in U trunk/src/appl/bsd/Makefile.in U trunk/src/appl/gssftp/ftp/Makefile.in U trunk/src/appl/gssftp/ftpd/Makefile.in U trunk/src/appl/telnet/libtelnet/Makefile.in U trunk/src/appl/telnet/telnetd/Makefile.in U trunk/src/clients/kdestroy/Makefile.in U trunk/src/clients/kinit/Makefile.in U trunk/src/clients/klist/Makefile.in U trunk/src/clients/kpasswd/Makefile.in U trunk/src/clients/ksu/Makefile.in U trunk/src/clients/kvno/Makefile.in U trunk/src/config/pre.in _U trunk/src/include/ U trunk/src/include/Makefile.in U trunk/src/include/k5-int.h D trunk/src/include/k5-locate.h A trunk/src/include/krb5/ A trunk/src/include/krb5/krb5.hin A trunk/src/include/krb5/locate.h A trunk/src/include/krb5.h D trunk/src/include/krb5.hin U trunk/src/kadmin/cli/Makefile.in U trunk/src/kadmin/dbutil/Makefile.in U trunk/src/kadmin/ktutil/Makefile.in U trunk/src/kadmin/passwd/Makefile.in U trunk/src/kadmin/server/Makefile.in U trunk/src/kadmin/testing/util/Makefile.in U trunk/src/kdc/Makefile.in U trunk/src/krb524/Makefile.in U trunk/src/lib/apputils/Makefile.in U trunk/src/lib/crypto/Makefile.in U trunk/src/lib/crypto/aes/Makefile.in U trunk/src/lib/crypto/arcfour/Makefile.in U trunk/src/lib/crypto/crc32/Makefile.in U trunk/src/lib/crypto/des/Makefile.in U trunk/src/lib/crypto/dk/Makefile.in U trunk/src/lib/crypto/enc_provider/Makefile.in U trunk/src/lib/crypto/hash_provider/Makefile.in U trunk/src/lib/crypto/keyhash_provider/Makefile.in U trunk/src/lib/crypto/md4/Makefile.in U trunk/src/lib/crypto/md5/Makefile.in U trunk/src/lib/crypto/old/Makefile.in U trunk/src/lib/crypto/raw/Makefile.in U trunk/src/lib/crypto/sha1/Makefile.in U trunk/src/lib/crypto/yarrow/Makefile.in U trunk/src/lib/des425/Makefile.in U trunk/src/lib/gssapi/Makefile.in U trunk/src/lib/gssapi/krb5/Makefile.in U trunk/src/lib/kadm5/Makefile.in U trunk/src/lib/kadm5/clnt/Makefile.in U trunk/src/lib/kadm5/srv/Makefile.in U trunk/src/lib/kadm5/unit-test/Makefile.in U trunk/src/lib/kdb/Makefile.in U trunk/src/lib/krb4/Makefile.in U trunk/src/lib/krb5/Makefile.in U trunk/src/lib/krb5/asn.1/Makefile.in U trunk/src/lib/krb5/ccache/Makefile.in U trunk/src/lib/krb5/keytab/Makefile.in U trunk/src/lib/krb5/krb/Makefile.in U trunk/src/lib/krb5/os/Makefile.in U trunk/src/lib/krb5/os/locate_kdc.c U trunk/src/lib/krb5/rcache/Makefile.in U trunk/src/lib/rpc/Makefile.in U trunk/src/plugins/kdb/db2/Makefile.in U trunk/src/plugins/locate/python/py-locate.c U trunk/src/slave/Makefile.in U trunk/src/tests/asn.1/Makefile.in U trunk/src/tests/create/Makefile.in U trunk/src/tests/hammer/Makefile.in U trunk/src/tests/shlib/Makefile.in U trunk/src/tests/verify/Makefile.in From rt-comment at krbdev.mit.edu Mon May 22 20:07:07 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 22 May 2006 20:07:07 -0400 (EDT) Subject: [krbdev.mit.edu #3784] CVS Commit In-Reply-To: Message-ID: Install . Commit By: raeburn Revision: 18031 Changed Files: U trunk/src/include/Makefile.in From rt-comment at krbdev.mit.edu Mon May 22 23:26:28 2006 From: rt-comment at krbdev.mit.edu (aw-noconfirm@ebay.com via RT) Date: Mon, 22 May 2006 23:26:28 -0400 (EDT) Subject: [krbdev.mit.edu #3785] eBay Message ID 79675 - eBay Security Service Notification (IMPORTANT) In-Reply-To: Message-ID:

eBay sent this message to member of ebay
Your registered name is included to show this message originated from eBay. Learn more.

Ebay Security -- Security Service Notification

eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will go to the eBay member directly and will include your email address. Click the Respond Now button below to send your response via My Messages (your email address will not be included).

Security Service Notification

Dear Customer (rt at krbdev.mit.edu ),
For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please use the link below and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 24 hours, after this period your account will be terminated.

Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.

To update your record please click here:

Attention Details

Attention name: Unauthorized Account Access

Attention number: 7967365480

Thank you for using eBay!

http://www.ebay.com

Marketplace Safety Tip

It is unsafe and against eBay rules to offer to buy or sell directly using the My Messages forwarding system without winning the item on the eBay Web site.

Participants in these 'outside of eBay' transactions lose their ability to use eBay purchase protection programs and feedback. We strongly advise recipients of these email offers to report them to eBay. Learn more about trading with confidence.

Is this email inappropriate\? Does it violate eBay policy\? Help protect the community by reporting it.

This email appears in the language of the eBay site where you are registered.

Learn how you can protect yourself from spoof (fake) emails at:
http://pages.ebay.com/education/spooftutorial

This eBay notice was sent to United States on behalf of another eBay member through the eBay platform and in accordance with our Privacy Policy. If you would like to receive this email in text format, change your notification preferences.

See our Privacy Policy and User Agreement if you have questions about eBay's communication policies.
Privacy Policy: http://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: http://pages.ebay.com/help/policies/user-agreement.html

Copyright й 2005 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.

From rt-comment at krbdev.mit.edu Tue May 23 06:51:23 2006 From: rt-comment at krbdev.mit.edu (no-replay@paypal.com via RT) Date: Tue, 23 May 2006 06:51:23 -0400 (EDT) Subject: [krbdev.mit.edu #3786] Attention! Your PayPal account has been violated! In-Reply-To: Message-ID: PayPal

Information Regarding Your account:

Dear PayPal Member!

Attention! Your PayPal account has been violated!

Someone with ip address 86.34.211.83 tried to access your personal account!

Please click the link below and enter your account information to confirm that you are not currently away. You have 3 days to confirm account information or your account will be locked.

Click here to activate your account

You can also confirm your email address by logging into your PayPal account at
http://www.paypal.com/ Click on the "Confirm email" link in the Activate Account box and then enter this confirmation number: 1099-81971-4441-9833-3990

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance,

PayPal Email ID PP391

Protect Your Account Info

Make sure you never provide your password to fraudulent websites.

To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal login page (http://paypal.com/) to be sure you are on the real PayPal site.

PayPal will never ask you to enter your password in an email.

For more information on protecting yourself from fraud, please review our Security Tips at https://www.paypal.com/us/securitytips

Protect Your Password

You should never give your PayPal password to anyone.

From rt-comment at krbdev.mit.edu Wed May 24 06:47:48 2006 From: rt-comment at krbdev.mit.edu (no-replay@paypal.com via RT) Date: Wed, 24 May 2006 06:47:48 -0400 (EDT) Subject: [krbdev.mit.edu #3787] Attention! Your PayPal account has been violated! In-Reply-To: Message-ID: PayPal

Information Regarding Your account:

Click here to activate your account

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance,

PayPal Email ID PP391

Protect Your Account Info

Make sure you never provide your password to fraudulent websites.

To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal login page (http://paypal.com/) to be sure you are on the real PayPal site.

PayPal will never ask you to enter your password in an email.

For more information on protecting yourself from fraud, please review our Security Tips at https://www.paypal.com/us/securitytips

Protect Your Password

You should never give your PayPal password to anyone.

From rt-comment at krbdev.mit.edu Wed May 24 16:30:57 2006 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Wed, 24 May 2006 16:30:57 -0400 (EDT) Subject: [krbdev.mit.edu #3791] memory leak in gss_krb5_set_allowable_enctypes error path In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.mit.edu Wed May 24 16:30:50 2006 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id QAA19607; Wed, 24 May 2006 16:30:50 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4OKUFE3025718 for ; Wed, 24 May 2006 16:30:15 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4ODkB56020511 for ; Wed, 24 May 2006 09:46:11 -0400 Received: from skamandros.sncag.com ([217.111.56.2]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id k4ODkCYe015532 for ; Wed, 24 May 2006 09:46:12 -0400 (EDT) Received: from skamandros.sncag.com (localhost [127.0.0.1]) by skamandros.sncag.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k4ODkB53030059 for ; Wed, 24 May 2006 15:46:11 +0200 Received: (from rw at localhost) by skamandros.sncag.com (8.13.4/8.13.4/Submit) id k4ODkBfi030056; Wed, 24 May 2006 15:46:11 +0200 Date: Wed, 24 May 2006 15:46:11 +0200 From: Rainer Weikusat Message-Id: <200605241346.k4ODkBfi030056 at skamandros.sncag.com> To: krb5-bugs at mit.edu Subject: memory leak X-send-pr-version: 3.99 X-Spam-Score: -2.599 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 24 May 2006 16:30:14 -0400 X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: rainer.weikusat at sncag.com Sender: krb5-bugs-incoming-bounces at PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu >Submitter-Id: net >Originator: Rainer Weikusat >Organization: SNC AG >Confidential: no >Synopsis: memory leak in gss_krb5_set_allowable_enctypes error path >Severity: non-critical >Category: krb5-libs >Class: sw-bug >Release: 1.4.3 >Environment: System: Linux skamandros 2.6.16.16 #4 SMP Fri May 12 18:31:50 CEST 2006 i686 GNU/Linux Architecture: i686 >Description: The gss_krb5_set_allowable_enctypes contains the following code (towards the end): /* Copy the requested ktypes into the cred structure */ if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (i + 1)))) { memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i); new_ktypes[i] = 0; /* "null-terminate" the list */ } else { kerr = ENOMEM; goto error_out; } kerr = k5_mutex_lock(&cred->lock); if (kerr) goto error_out; [...] error_out: *minor_status = kerr; return(major_status); If the k5_mutex_lock call ever failed, this would obviously leak the memory already allocated for new_ktypes. >Fix: --- kerberos-mmfix/src/lib/gssapi/krb5/set_allowable_enctypes.c 19 Mar 2006 14:41:59 -0000 1.1.1.1 +++ kerberos-mmfix/src/lib/gssapi/krb5/set_allowable_enctypes.c 24 May 2006 13:19:13 -0000 1.1.1.1.2.1 @@ -115,8 +115,11 @@ goto error_out; } kerr = k5_mutex_lock(&cred->lock); - if (kerr) + if (kerr) { + free(new_ktypes); goto error_out; + } + if (cred->req_enctypes) free(cred->req_enctypes); cred->req_enctypes = new_ktypes; From rt-comment at krbdev.mit.edu Wed May 24 16:30:57 2006 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Wed, 24 May 2006 16:30:57 -0400 (EDT) Subject: [krbdev.mit.edu #3790] memory leak in GSSAPI credential releasing code In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.mit.edu Wed May 24 16:30:50 2006 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id QAA19608; Wed, 24 May 2006 16:30:50 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4OKUFOE025721 for ; Wed, 24 May 2006 16:30:15 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4OEcf1n032572 for ; Wed, 24 May 2006 10:38:41 -0400 Received: from skamandros.sncag.com ([217.111.56.2]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id k4OEbU1W014644 for ; Wed, 24 May 2006 10:38:03 -0400 (EDT) Received: from skamandros.sncag.com (localhost [127.0.0.1]) by skamandros.sncag.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k4OEbULG012821 for ; Wed, 24 May 2006 16:37:30 +0200 Received: (from rw at localhost) by skamandros.sncag.com (8.13.4/8.13.4/Submit) id k4OEbTB7012818; Wed, 24 May 2006 16:37:29 +0200 Date: Wed, 24 May 2006 16:37:29 +0200 From: Rainer Weikusat Message-Id: <200605241437.k4OEbTB7012818 at skamandros.sncag.com> To: krb5-bugs at mit.edu Subject: memory leak in GSSAPI acquire/ release cred X-send-pr-version: 3.99 X-Spam-Score: -2.599 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 24 May 2006 16:30:14 -0400 X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: rainer.weikusat at sncag.com Sender: krb5-bugs-incoming-bounces at PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu >Submitter-Id: net >Originator: Rainer Weikusat >Organization: SNC AG >Confidential: no >Synopsis: memory leak in GSSAPI credential releasing code >Severity: serious >Category: krb5-libs >Class: sw-bug >Release: 1.4.3 >Environment: System: Linux skamandros 2.6.16.16 #4 SMP Fri May 12 18:31:50 CEST 2006 i686 GNU/Linux Architecture: i686 >Description: The gss_krb5_set_allowable_enctypes routine in src/lib/gssapi/krb5/set_allowable_enctypes.c allocates memory for an array of requested enctypes and stores a pointer to that in the req_enctypes member of the krb5_gss_cred_id_rec structure. This memory is not freed by the krb5_gss_release_cred routine in src/lib/gssapi/krb5/rel_cred.c, leading to a memory leak. >Fix: diff -u -r1.1.1.1 -r1.1.1.1.2.1 --- kerberos-mmfix/src/lib/gssapi/krb5/rel_cred.c 19 Mar 2006 14:41:59 -0000 1.1.1.1 +++ kerberos-mmfix/src/lib/gssapi/krb5/rel_cred.c 24 May 2006 14:00:05 -0000 1.1.1.1.2.1 @@ -70,6 +70,10 @@ code3 = 0; if (cred->princ) krb5_free_principal(context, cred->princ); + + if (cred->req_enctypes) + xfree(cred->req_enctypes); + xfree(cred); krb5_free_context(context); From rt-comment at krbdev.mit.edu Wed May 24 17:19:41 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Wed, 24 May 2006 17:19:41 -0400 (EDT) Subject: [krbdev.mit.edu #3783] CVS Commit In-Reply-To: Message-ID: Rename locate.h to locate_plugin.h. Change references, update dependencies. Commit By: raeburn Revision: 18037 Changed Files: U trunk/src/appl/bsd/Makefile.in U trunk/src/appl/telnet/telnetd/Makefile.in U trunk/src/clients/ksu/Makefile.in U trunk/src/configure.in U trunk/src/include/Makefile.in U trunk/src/include/k5-int.h D trunk/src/include/krb5/locate.h A trunk/src/include/krb5/locate_plugin.h U trunk/src/kadmin/dbutil/Makefile.in U trunk/src/kadmin/ktutil/Makefile.in U trunk/src/kadmin/server/Makefile.in U trunk/src/kdc/Makefile.in U trunk/src/krb524/Makefile.in U trunk/src/lib/apputils/Makefile.in U trunk/src/lib/crypto/Makefile.in U trunk/src/lib/crypto/aes/Makefile.in U trunk/src/lib/crypto/arcfour/Makefile.in U trunk/src/lib/crypto/crc32/Makefile.in U trunk/src/lib/crypto/des/Makefile.in U trunk/src/lib/crypto/dk/Makefile.in U trunk/src/lib/crypto/enc_provider/Makefile.in U trunk/src/lib/crypto/hash_provider/Makefile.in U trunk/src/lib/crypto/keyhash_provider/Makefile.in U trunk/src/lib/crypto/md4/Makefile.in U trunk/src/lib/crypto/md5/Makefile.in U trunk/src/lib/crypto/old/Makefile.in U trunk/src/lib/crypto/raw/Makefile.in U trunk/src/lib/crypto/sha1/Makefile.in U trunk/src/lib/crypto/yarrow/Makefile.in U trunk/src/lib/des425/Makefile.in U trunk/src/lib/gssapi/Makefile.in U trunk/src/lib/gssapi/krb5/Makefile.in U trunk/src/lib/kadm5/Makefile.in U trunk/src/lib/kadm5/clnt/Makefile.in U trunk/src/lib/kadm5/srv/Makefile.in U trunk/src/lib/kadm5/unit-test/Makefile.in U trunk/src/lib/kdb/Makefile.in U trunk/src/lib/krb4/Makefile.in U trunk/src/lib/krb5/Makefile.in U trunk/src/lib/krb5/asn.1/Makefile.in U trunk/src/lib/krb5/ccache/Makefile.in U trunk/src/lib/krb5/keytab/Makefile.in U trunk/src/lib/krb5/krb/Makefile.in U trunk/src/lib/krb5/os/Makefile.in U trunk/src/lib/krb5/os/locate_kdc.c U trunk/src/lib/krb5/rcache/Makefile.in U trunk/src/plugins/kdb/db2/Makefile.in U trunk/src/plugins/locate/python/py-locate.c U trunk/src/slave/Makefile.in U trunk/src/tests/asn.1/Makefile.in U trunk/src/tests/create/Makefile.in U trunk/src/tests/hammer/Makefile.in U trunk/src/tests/verify/Makefile.in From rt-comment at krbdev.mit.edu Thu May 25 05:54:44 2006 From: rt-comment at krbdev.mit.edu (update@paypal.com via RT) Date: Thu, 25 May 2006 05:54:44 -0400 (EDT) Subject: [krbdev.mit.edu #3793] Update Your Account! In-Reply-To: Message-ID: PayPal

Protect Your Account Info

Make sure you never provide your password to fraudulent websites.

To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal URL to be sure you are on the real PayPal website.https://www.paypal.com/us/) to be sure you are on the real PayPal site.

PayPal will never ask you to enter your password in an email.

For more information on protecting yourself from fraud, please review our Security Tips at https://www.paypal! .com/us/securitytips

Protect Your Password

You should never give your PayPal password to anyone, including PayPal employees.

Update Your Account!

Dear Paypal User,

During our regularly schedule account maintenance and verification we have detected a slight error in your bi! lling information your PayPal account, you must click the link below and enter your password on the following page:

http://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Your PayPal account makes sending online payments fast, easy, and secure. With over 100 million members, it's the best way to:

Buy from an online auction
Pay on a merchant website
Send money to anyone with an email address

Update your details now to make sure you can use your PayPal account the next time you make a purchase.

Thank you for using PayPal!
The PayPal Team

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.

To receive email notifications in plain text instead of HTML, update your preferences here.

PayPal Email ID PP468

From rt-comment at krbdev.mit.edu Thu May 25 06:17:19 2006 From: rt-comment at krbdev.mit.edu (service@paypal.com via RT) Date: Thu, 25 May 2006 06:17:19 -0400 (EDT) Subject: [krbdev.mit.edu #3794] AutoResponse - Email Returned SAXK (KMM32959049V50720L0KM) :kd1 In-Reply-To: Message-ID: Thank you for contacting PayPal Customer Service. In an effort to assist you as quickly and efficiently as possible, please direct all customer service inquires through our website. Click on the hyperlink below to go to the PayPal website. After entering your email address and password into the Member Log In box, you can submit your inquiry via our Customer Service Contact form. If you indicate the type of question you have with as much detail as you can, we will be able to provide you with the best customer service possible. If your email program is unable to open hyperlinks, please copy and paste this URL into the address bar of your browser. https://www.paypal.com/wf/f=default If you are contacting PayPal because you are unable to log into your account, please use the contact form below. https://www.paypal.com/ewf/f=default Thank you for choosing PayPal! This email is sent to you by the contracting entity to your User Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is authorised and regulated by the Financial Services Authority in the UK as an electronic money institution. ------------------------------------------------------------------------ Note: When you click on links in this email, you will be asked to log into your PayPal Account. As always, make sure that you are logging into a secure PayPal page by looking for 'https://www.paypal.com/' at the beginning of the URL. Please do not reply to this e-mail. Mail sent to this address will not be answered. ******************************************** Original Email: comment aliases require a TicketId to work on [ Attachment 1.2 Type: text/html] From rt-comment at krbdev.mit.edu Thu May 25 21:31:44 2006 From: rt-comment at krbdev.mit.edu ( eBay via RT) Date: Thu, 25 May 2006 21:31:44 -0400 (EDT) Subject: [krbdev.mit.edu #3803] Question about your item -- respond now In-Reply-To: Message-ID:

eBay sent this message to you.
Your registered name is included to show this message originated from eBay. Learn more.

Question about Item -- Respond Now

eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will not reach the eBay member. Use the Respond Now button below to respond to this message.

Question from elliot290t

Item: (6831805721)

This message was sent while the listing was active.

barnsley1105 is a potential buyer.

elliot290t( 5)

Positive Feedback: 100%

Member Since: 10-May-99

Hi,

Is your item still for sale ? If it is please contact me as soon as possible.

Thanks

Respond to this question in My Messages.

Item number: 6831805721

End date: 23-Jan-06 18:56:12 BST

View item description:

htps://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=6436472319&sspagename=ADME:B:AAQ:UK:1

Thank you for using eBay

http://www.ebay.co.uk/

Marketplace Safety Tip

If this message is an offer to sell an item without winning it on the eBay Web site (including Second Chance Offers sent through My Messages) please do not respond to the sender. These external transactions are unsafe and not covered by eBay purchase protection programmes.

Never pay for your eBay item through instant wire transfer services such as Western Union or MoneyGram. These payment methods are unsafe when paying someone you do not know.

Is this email inappropriate? Does it breach eBay policy? Help protect the community by reporting it.

This email appears in the language of the eBay site where you are registered.

Learn how you can protect yourself from spoof (fake) emails at:
http://pages.ebay.co.uk/education/spooftutorial

This eBay notice was sent on behalf of another eBay member through the eBay platform and in accordance with our Privacy Policy. If you would like to receive this email in text format, change your notification preferences.

See our Privacy Policy and User Agreement if you have questions about eBay's communication policies.
Privacy Policy: http://pages.ebay.co.uk/help/policies/privacy-policy.html
User Agreement: http://pages.ebay.co.uk/help/policies/user-agreement.html

Copyright й 2006 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.

From rt-comment at krbdev.mit.edu Thu May 25 22:11:56 2006 From: rt-comment at krbdev.mit.edu (Federal Credit Union Team via RT) Date: Thu, 25 May 2006 22:11:56 -0400 (EDT) Subject: [krbdev.mit.edu #3804] Critical information about your account ! In-Reply-To: Message-ID:

NCUA Home \| Search \| Privacy Policy & Accessibility \| Site Map\| Contact Us

	National Credit Union Administration
Share Insurance \| Resources for Credit Unions \| Resources for Consumers \| News \| Search

Account Info Verification

Dear FCU holder account,

As part of our security measures, we regularly screen activity in Federal Credit Unions (FCU) network.
We recently noticed the following issue on your account: A recent review of your account determined that we require some additional information from you in order to provide you with secure service. Case ID Number: PP-065-617-349 For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. Please log in to your FCU account to restore your access as soon as possible.

You must click the link below and fill in the form on the following page to complete the verification process.

Click here to update your account

In accordance with NCUA User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your FCU account as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.

We apologize for any inconvenience.

Sincerely, NCUA Account Review Department

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

About NCUA

From rt-comment at krbdev.mit.edu Sat May 27 06:02:16 2006 From: rt-comment at krbdev.mit.edu (demba_gaye002@yahoo.fr via RT) Date: Sat, 27 May 2006 06:02:16 -0400 (EDT) Subject: [krbdev.mit.edu #3808] INVESTMENT PARTNERSHIP.. In-Reply-To: Message-ID: Mr. Demba Gaye Villa 139 Sicap Diuppel Dakar Senegal. BP 234 Liberte Dakar. Attn:CEO Re: Investment Partnership It is a delight to have your esteemed contact, hence my pleasure to inform you that I am Demba Gaye, 61yrs old Senegalese and presently due for retirement as a revenue director in a government parastal here in Senegal. The object of this introduction is to seek your interest in an investment partnership that will effectively utilise your wealth of experience in business and my provision of the needed investment capital. I have a good sum ready for this project and will provide you with relevant details upon your consent. Ensure that you include your direct access telephone and fax numbers for further communication. My warm regards to you and your family. Mr. Demba Gaye. From rt-comment at krbdev.mit.edu Sun May 28 11:56:18 2006 From: rt-comment at krbdev.mit.edu (service@paypal.com via RT) Date: Sun, 28 May 2006 11:56:18 -0400 (EDT) Subject: [krbdev.mit.edu #3810] Your account status needs to be confirmed In-Reply-To: Message-ID:

We recently noticed an attempt to log in to your PayPal account from a foreign Ip
address and we have reason to believe that your account was used by third party
without your authorization.

If you recently accessed your account while traveling,the unusual log in attempts
may have been initiated by you.Therefore,if you are the rightful account holder,
click on the link below to log into your account and follow the instructions.

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run=update

if you choose to ignore our request,you leave us on choice but to temporarily
suspend your account.

If you received this notice and you are not authorizes account holder,please be
aware that it is in violation of PayPal policy to represent oneself as another PayPal
user.Such action may also be in violation of local,rational,and/or international law.
PayPal is committed to assist law enforcement with any inquires related to attempts
to misappropriate personal information with the intent to commit fraud or theft.
Information will be provided at the request of law enforcement agencies to ensure that
impersonators are prosecuted to the fullest extent of the law

Thank you for your patience as we work together to protect your account

Sincerely,
PayPal Account Review Department
PayPal,an eBay Company

From rt-comment at krbdev.mit.edu Sun May 28 11:59:11 2006 From: rt-comment at krbdev.mit.edu (service@paypal.com via RT) Date: Sun, 28 May 2006 11:59:11 -0400 (EDT) Subject: [krbdev.mit.edu #3811] AutoResponse - Email Returned SAXK (KMM33220917V31668L0KM) :kd1 In-Reply-To: Message-ID: Thank you for contacting PayPal Customer Service. In an effort to assist you as quickly and efficiently as possible, please direct all customer service inquires through our website. Click on the hyperlink below to go to the PayPal website. After entering your email address and password into the Member Log In box, you can submit your inquiry via our Customer Service Contact form. If you indicate the type of question you have with as much detail as you can, we will be able to provide you with the best customer service possible. If your email program is unable to open hyperlinks, please copy and paste this URL into the address bar of your browser. https://www.paypal.com/wf/f=default If you are contacting PayPal because you are unable to log into your account, please use the contact form below. https://www.paypal.com/ewf/f=default Thank you for choosing PayPal! This email is sent to you by the contracting entity to your User Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is authorised and regulated by the Financial Services Authority in the UK as an electronic money institution. ------------------------------------------------------------------------ Note: When you click on links in this email, you will be asked to log into your PayPal Account. As always, make sure that you are logging into a secure PayPal page by looking for 'https://www.paypal.com/' at the beginning of the URL. Please do not reply to this e-mail. Mail sent to this address will not be answered. ******************************************** Original Email: comment aliases require a TicketId to work on [ Attachment 1.2 Type: text/html] From rt-comment at krbdev.mit.edu Mon May 29 04:34:55 2006 From: rt-comment at krbdev.mit.edu (Barclays Bank PLC via RT) Date: Mon, 29 May 2006 04:34:55 -0400 (EDT) Subject: [krbdev.mit.edu #3814] Important Information Regarding Your Barclays Account In-Reply-To: Message-ID: Barclays Personal Banking

Dear Barclays Member:

It has come to our attention that your Barclays account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your billing records you will not run into
any future problems with the online service.

However, failure to update your records will result in account suspension.
Please update your records on or before June 3, 2006.

Once you have updated your account records, your Barclays session will not be
interrupted and will continue as normal.

This email was sent by the Barclays server to verify your e-mail address. You must complete this process by clicking on the link below and entering your account information . This is done for your protection , because some of our members are no longer have access to their online access and we must verify it. To verify your e-mail address and access your bank account,

click on the link below:
https://update.barclays.co.uk/olb/p/LoginMember.do

Security Advisor

Barclays Bank PLC
2 Victoria Street
London
SW1H 0ND
Live Support: (08457) 555 555

From rt-comment at krbdev.mit.edu Mon May 29 10:44:10 2006 From: rt-comment at krbdev.mit.edu (Barclays Bank PLC via RT) Date: Mon, 29 May 2006 10:44:10 -0400 (EDT) Subject: [krbdev.mit.edu #3816] Important Information Regarding Your Barclays Account In-Reply-To: Message-ID: Barclays Personal Banking

From rt-comment at krbdev.mit.edu Tue May 30 05:49:05 2006 From: rt-comment at krbdev.mit.edu (philipd via RT) Date: Tue, 30 May 2006 05:49:05 -0400 (EDT) Subject: [krbdev.mit.edu #3818] There are other camps ... In-Reply-To: Message-ID: New Witness: There Are Dozens of Similar Concentration Camps After the first two witnesses exposed the Sujiatun atrocities, another witness who identified himself as "a veteran military doctor in the General Logistics Department of the Shenyang Military Region" stepped forward to point out that the Sujiatun Concentration Camp indeed exists, organ harvesting and cremation of bodies is done routinely there, and some are even cremated while still alive. He stated that the Sujiatun hospital is only one of 36 similar concentration camps. Findings from the World Organization to Investigate the Persecution of Falun Gong point to a similar situation. The Hospital in Sujiatun is Only One of 36 Similar Concentration Camps in China According to this witness from the military system, the hospital in Sujiatun District is only one of 36 similar concentration camps across China. At present, the majority of detained Falun Gong practitioners are in prisons, forced labor camps and detention centers. They are transferred elsewhere on a large scale only when needed. This witness said that Heilongjiang, Jilin and Liaoning provinces imprison the largest number of Falun Gong practitioners. The concentration camp in Jiutai Area, Jilin Province is the 5th largest camp imprisoning Falun Gong practitioners in China. This camp alone detains over 14,000 Falun Gong practitioners. Jilin Concentration Camp, Code Named 672-S, Imprisons over 120,000 People The veteran military doctor indicated, "From the information I have access to, the largest concentration camp is in Jilin Province. The concentration camp code named 672-S imprisons over 120,000 people. A large number of Falun Gong practitioners, felons and prisoners of conscience from all over China are there, but I do not know its address." There Were Indeed over 10,000 People Detained in the Underground Concentration Camp of the Sujiatun District Hospital Prior to 2005 and in Early 2005 The witness said, "In the underground concentration camp of the Sujiatun District Hospital, there were indeed over 10,000 people kept there in early 2005, but at the present time, the number of detainees there is maintained at 600-750. Many detainees have been transferred to other concentration camps." It Takes Only One Day to Transfer 5,000 People He continued, "You can't find much evidence even if you enter Sujiatun District to investigate. It takes only one day to transfer 5,000 people in a closed freight train on a special route. I have witnessed a specially dispatched freight train transferring over 7,000 people in one trip from Tianjin to the Jilin area. It ran at night, guarded by the army. Everyone on the train was handcuffed to specially designed handrails like a rotisserie chickens." The World Organization to Investigate the Persecution of Falun Gong (WOIPFG) Found that Many Cities Have Participated in the Crimes After the Sujiatun atrocities were exposed, WOIPFG launched an urgent investigation across China. Results show that the crimes of harvesting Falun Gong practitioners' organs have happened and are still happening in at least in Beijing, Tianjin, Shanghai, Hunan, Shandong, Liaoning, and Guangdong. The excerpts of several investigative telephone conversations are as below. (An Undisclosed Hospital in Guangzhou City) Caller: How long will I have to wait for a kidney? Doctor: About a week after you check into the hospital. Caller: But I have to have a fresh and healthy kidney, and I want one from a live donor. You are not going to give me a kidney from a dead person, are you? Doctor: Of course we will give you a high-quality kidney! Caller: Do you have one like the ones I hear about from Falun Gong people? Doctor: What we have in our hospital are all this kind. (An Undisclosed Medical College in Tianjin) Caller: The doctor said the kidney is very good and came from someone who practices qigong. I asked what type of qigong, and he told me the man practices Falun Gong. I heard that those who practice Falun Gong are healthier. Doctor: Of course. We also have kidneys from Falun Gong practitioners here. We harvest kidneys from people who are still breathing or have a heartbeat. So far we have had about a dozen such cases this year (2006)... Of course, the supplier's health is a very important factor. The supplier has to be young and healthy. Moreover, the time period where the warm blood supply to the kidney is cut off has to be reduced to a minimum or even to none. In this case, there was no lack of warm blood supply. (An Undisclosed Hospital in Shandong Province) Caller: I want a kidney from those who practice Falun Gong, one that's totally healthy. Doctor: Well...We will definitely have a lot of suppliers like that in April. The number of those suppliers is gradually increasing. Caller: Why are you going to have more in April? Doctor: I cannot tell you that because this involves... Anyway, there is no need to go into that. I cannot go into that with you. The Chinese Communist Party's Top Level Leadership Agreed to Deal With Class Enemies With Any Means According to witness, the Chinese Communist Party has openly declared Falun Gong to be "class enemies", turning Falun Gong practitioners into the target of its most severe suppression. The witness said that according to the latest decisions, the Chinese Communist Party's Central Committee agreed to treat Falun Gong practitioners as "class enemies" and to handle them in any economically beneficial manner without having to report to higher authorities. In other words, Falun Gong practitioners, like many felons in China, are no longer regarded as human beings, but as raw materials for commercial products. They have become commodities. According to the witness from the military system, according to "the country's regulations," the provincial government has the authority to establish "recycling organizations" to process felons under the supervision of the military region in the province. This practice was established by a legal document that the Chinese Communist Party's Central Military Committee established as early as 1962. This practice continues to this day. According the regulations in the document, death penalty prisoners and felons convicted of serious crimes may be processed according to the development needs of the state or of socialism. During the Great Cultural Revolution (1966-1976), the most extreme way to process these prisoners was to use their bodies for food. The second was to use them as slave labor for construction or line production work. According to the witness, after a 1984 amendment, it became legal to harvest organs from felons. The police and judicial departments perform organ harvests on living prisoners before cremating their bodies. Sometimes, they injure the prisoners in a show execution before they perform organ harvests on the injured prisoners. They then cremate their bodies. Since 1992, such a practice has become public. Due to the development of many related businesses, human bodies, live or dead, have become profitable raw materials. Posting date: 3/30/2006 Original article date: 3/30/2006 Category: News & Media Reports From rt-comment at krbdev.mit.edu Wed May 31 10:51:36 2006 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Wed, 31 May 2006 10:51:36 -0400 (EDT) Subject: [krbdev.mit.edu #3821] krb5-1.5 alpha - should library version numbers be bumped? In-Reply-To: Message-ID: Should the library versions be bimped on the shared libraries? With the plugin architecture - I suspect that we will have compatibility problems on at least libkdb5... The export lists between the old and current library versions are very different.... The gssrpc library has changed - functions have gssrpc_.... prepended - so the libraries are definitly incompatible... The krb5 library no longer has gmt_mktime, krb5_free_ets, krb5_free_uio, krb5_init_ets, krb5_setenv, krb5_unsetenv.... The krb5_init_ets might break really old code... The k5crypto has lost krb5_random2key libcomerr has lost add_to_error_table, free_error_table, init_error_table, initialize_error_table_r... - but I think we are ok... So - at least - we need a bump on libkdb5, libgssrpc... Maybe on k5crypto and libcommerr.... Ezra From rt-comment at krbdev.mit.edu Wed May 31 18:56:02 2006 From: rt-comment at krbdev.mit.edu (Wainwright Bank via RT) Date: Wed, 31 May 2006 18:56:02 -0400 (EDT) Subject: [krbdev.mit.edu #3823] Wainwright Bank Online Website Has Been Upgraded In-Reply-To: Message-ID:

Wainwright Bank , Onlineо Website Has Been Upgraded

а

Wainwright Bank Online website has been upgraded. You will need to re-confirm your Wainwright Bank online profile to gain access to these changes. Simply enter your login information and follow the prompts.

To re-confirm for Wainwright Bank Online, click here

Check out our Online Banking Service - you can access your account information, balance your check book, pay your bills - even get copies of paid checks!

Wainwright Bank Member FDIC. Equal Opportunity Lender

From rt-comment at krbdev.mit.edu Wed May 31 19:35:20 2006 From: rt-comment at krbdev.mit.edu (Wainwright Bank via RT) Date: Wed, 31 May 2006 19:35:20 -0400 (EDT) Subject: [krbdev.mit.edu #3824] Wainwright Bank Online Website Has Been Upgraded In-Reply-To: Message-ID:

Wainwright Bank , Onlineо Website Has Been Upgraded

а

To re-confirm for Wainwright Bank Online, click here

Check out our Online Banking Service - you can access your account information, balance your check book, pay your bills - even get copies of paid checks!

Wainwright Bank Member FDIC. Equal Opportunity Lender

From rt-comment at krbdev.mit.edu Wed May 31 20:56:21 2006 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Wed, 31 May 2006 20:56:21 -0400 (EDT) Subject: [krbdev.mit.edu #3825] CVS Commit In-Reply-To: Message-ID: In line 570, in reallocating the plugin tree - the memory allocated is (count + 1) + sizeof(*p) instead of (count +1 ) * sizeof(*p) Detected while running the krb5kdc under valgrind with memcheck. Commit By: epeisach Revision: 18070 Changed Files: U trunk/src/util/support/plugins.c From rt-comment at krbdev.mit.edu Wed May 31 21:12:35 2006 From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT) Date: Wed, 31 May 2006 21:12:35 -0400 (EDT) Subject: [krbdev.mit.edu #3825] CVS Commit In-Reply-To: Message-ID: I still see in plugins.c: $ grep 'count.* + sizeof' src/util/support/plugins.c newp = realloc (p, ((count + 1) + sizeof (*p))); /* +1 for NULL */ Isn't this a problem also? On Wed, May 31, 2006 at 08:56:21PM -0400, Ezra Peisach via RT wrote: > In line 570, in reallocating the plugin tree - the memory allocated is > (count + 1) + sizeof(*p) > > instead of > > (count +1 ) * sizeof(*p) > > Detected while running the krb5kdc under valgrind with memcheck. > > > Commit By: epeisach > > > > Revision: 18070 > Changed Files: > U trunk/src/util/support/plugins.c > > _______________________________________________ > krb5-bugs mailing list > krb5-bugs at mit.edu > https://mailman.mit.edu/mailman/listinfo/krb5-bugs -- Will Fiveash Sun Microsystems Inc. Austin, TX, USA (TZ=CST6CDT) From rt-comment at krbdev.mit.edu Wed May 31 21:41:42 2006 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Wed, 31 May 2006 21:41:42 -0400 (EDT) Subject: [krbdev.mit.edu #3825] CVS Commit In-Reply-To: Message-ID: Missed a reference to + sizeof() vs * sizeof(). Pointed out by william fiveash. Commit By: epeisach Revision: 18071 Changed Files: U trunk/src/util/support/plugins.c From rt-comment at krbdev.mit.edu Wed May 31 21:42:52 2006 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Wed, 31 May 2006 21:42:52 -0400 (EDT) Subject: [krbdev.mit.edu #3825] CVS Commit In-Reply-To: Message-ID: You are correct - I missed that point in the code... I fixed the one found by valgrind - but failed to check the rest of the code for pitfalls. Thanks - it is fixed now in the tree... Ezra From rt-comment at krbdev.mit.edu Wed May 31 23:18:26 2006 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Wed, 31 May 2006 23:18:26 -0400 (EDT) Subject: [krbdev.mit.edu #3826] CVS Commit In-Reply-To: Message-ID: In the kdc and lib/kadm5/logger.c, krb5_get_error_message needs to be paired with krb5_free_error_message to release returned memory. Essentially a memory leak was introduced for every principal requested that did not exist in the database. Identified by valgrind on the kdc - running kdc_hammer and specifying more principals than are present in the db. Commit By: epeisach Revision: 18072 Changed Files: U trunk/src/kdc/do_as_req.c U trunk/src/kdc/do_tgs_req.c U trunk/src/kdc/kdc_preauth.c U trunk/src/lib/kadm5/logger.c