l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2003 Aug 11 11:03

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] password stolen at linuxworld
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] password stolen at linuxworld



Heh. :-)

I plan to eventually do a 2 or 3 part talk for NBLUG on System Security,
but I need to finish my degree first. (?Maybe 2005?)

Of course there are some problems:
#1: I sold my car to fund going back to school to finish my degree
#2: I am working and going to school full time, and don't have much time
#3: I will be applying to grad school around this time

I am looking at a few schools so far. If one of the schools is Davis, I
might be moving out there. (BTW, LUGOD is one of the bigger non-university
reasons for including UC Davis at such an important point on my list.

Knowing that I may never get around to do this, if I eventually did it,
this is what I might do:

* Network Security    : Sniffers, Protocols, Services
* System Security     : Local access and priv escalation, hiding data,
                         kernel patches (their costs and benefits)
* Progamming security : How to write code to avoid race conditions, buffer
                         over-runs, and bad assumptions

What I would like to do is take a "stock Linux install" and then
demonstrate how users might gain access to stuff they should not. Then
show counter-measures, and then counter-counter mesasures etc. (Meant to
show that security is an on-going issue, and to show "making something
secure" is a *limit* that we try to achieve, but not something we can
truely achieve.)

I figure three 1.5 hour presentations could provide enough of the basics
to help people start adding more security to their systems.

What the presentation would not be:
* A "how to secure *your* system. (general "your".)
* A demonstration of system hacking (only a few samples of cracking;
    the "hacking" takes much more time with analysis and review.)
* A "see-all, do all, and end-all" to what is secure and what is not.

It would be more like, "These are some things you should really pay
attention to" but that does not mean "anything else is not important."

Who knows? Maybe I might become a local member to LUGOD some day... :-)
(I welcome any introductions to professors or students in the Advanced
degree programs for CS at Davis. I'd like to learn more about what people
think about it.)

-ME

Bill Kendrick said:
> On Sun, Aug 10, 2003 at 08:48:46AM -0700, ME wrote:
>>
>> On some of my servers, I setup a special web page that was available via
>> htaccess authenticated https that permitted me to open up a hole in the
>> firewall rules for the IP address from which I was connecting.
>
> Mike... I smell a talk. ;)  Wanna do one at LUGOD on stuff like this?
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.