[vox] password stolen at linuxworld

John Mark Walker vox@lists.lugod.org
Mon, 11 Aug 2003 11:04:23 -0700


Speaking as the resident publisher on this list, I smell a book. Anybody 
interested? Such as the person I'm responding to? :@)

-JM

On Sunday 10 August 2003 12:48, ME wrote:
> Heh. :-)
>
> I plan to eventually do a 2 or 3 part talk for NBLUG on System Security,
> but I need to finish my degree first. (?Maybe 2005?)
>
> Of course there are some problems:
> #1: I sold my car to fund going back to school to finish my degree
> #2: I am working and going to school full time, and don't have much time
> #3: I will be applying to grad school around this time
>
> I am looking at a few schools so far. If one of the schools is Davis, I
> might be moving out there. (BTW, LUGOD is one of the bigger non-university
> reasons for including UC Davis at such an important point on my list.
>
> Knowing that I may never get around to do this, if I eventually did it,
> this is what I might do:
>
> * Network Security    : Sniffers, Protocols, Services
> * System Security     : Local access and priv escalation, hiding data,
>                          kernel patches (their costs and benefits)
> * Progamming security : How to write code to avoid race conditions, buffer
>                          over-runs, and bad assumptions
>
> What I would like to do is take a "stock Linux install" and then
> demonstrate how users might gain access to stuff they should not. Then
> show counter-measures, and then counter-counter mesasures etc. (Meant to
> show that security is an on-going issue, and to show "making something
> secure" is a *limit* that we try to achieve, but not something we can
> truely achieve.)
>
> I figure three 1.5 hour presentations could provide enough of the basics
> to help people start adding more security to their systems.
>
> What the presentation would not be:
> * A "how to secure *your* system. (general "your".)
> * A demonstration of system hacking (only a few samples of cracking;
>     the "hacking" takes much more time with analysis and review.)
> * A "see-all, do all, and end-all" to what is secure and what is not.
>
> It would be more like, "These are some things you should really pay
> attention to" but that does not mean "anything else is not important."
>
> Who knows? Maybe I might become a local member to LUGOD some day... :-)
> (I welcome any introductions to professors or students in the Advanced
> degree programs for CS at Davis. I'd like to learn more about what people
> think about it.)
>
> -ME
>
> Bill Kendrick said:
> > On Sun, Aug 10, 2003 at 08:48:46AM -0700, ME wrote:
> >> On some of my servers, I setup a special web page that was available via
> >> htaccess authenticated https that permitted me to open up a hole in the
> >> firewall rules for the IP address from which I was connecting.
> >
> > Mike... I smell a talk. ;)  Wanna do one at LUGOD on stuff like this?
>
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox

-- 
John Mark Walker	:	No Starch Press
Acquisitions Editor	:	415-863-9900