((top posted because this thread seemed to already have that "custom")) Sorry if this should have been an off-list reply to Lisa or someone. > November 16th is a sunday iirc Sunday! that's a good time for me... if it is not a typo or something, then Maybe I could attend. (how do I sign up?) I plan to be out of town Nov. 6 --> 13, (and I might be out of radio contact [away from e-mail/net] then); and I have a VERY busy day Nov 14; but it sounds interesting. ...will I get less out of it, if I've missed the "pre-requisites"? On second thought, maybe I should just "observe" if I do go; or maybe there will be a team that will allow me to join them as a junior go-pher / trainee or something... -- Mike Schwartz Glendale AZ schwartz@acm.org On Wed, Nov 5, 2008 at 3:39 PM, blake gonterman wrote: > > November 16th is a sunday iirc > > On Nov 4, 2008 2:30 PM, "Lisa Kachold" wrote: > > This month, the HackFest has been moved to Estrella Mountain to take advantage of a generous offer from Randol L. Larson to use their Lab facilities. > http://www.estrellamountain.edu > > Joey Prestia (joey@linuxamd.com) will be supporting the PLUG FEST, as we delve into the exciting area of Linux Security. > Saturday November 16th, 2008 - Noon Until 3:30 > > We will bring targets for your practical exploits and scanning - and go over the original presentation materials for each lab - depending on the time available. > Presentation Materials are available for review if you just found us at: http://www.scribd.com/doc/6680231/Hack-Fest > > It's suggested that people plan: > > 1) Develop and bring a machine with a good distribution or LiveCD's tested to work. > 2) Social Engineer team members and choose one or two areas to concentrate on. TEAMS usually always win most quickly - as one person reviews the materials while the other does the lab. > > Again this is a practical lab - not a hacking/cracking demonstration. > > This format is presented for computer professionals, linux security professionals and linux users and is in no way an advocation of cracking, disrespect for private property or illegal activities. > A disclaimer signature and email address will be required at the door. > > See you all there! > [...] > ________________________________ > From: lisakachold@obnosis.com > To: plug-discuss@lists.plug.phoenix.az.us > Subject: RE: HackFest Series: "Is it safe yet" or SSH Buffer Overflows and You - CHECK YOUR VERSIONS > Date: Thu, 30 Oct 2008 15:38:46 +0000 > > SSH Exploits are currently available in various forms: > > [...snip...] [...see previous msg's for deleted material...] > > > > > History: > > > > > > OpenSSH Challenge Response Buffer Overflow: http://www.securityfocus.com/bid/5093 > > > > > > Report 2001 - updated last Nov 05 2007 02:45PM > > > Other boundary exploits, kerberos, auth and encryption exploits and overflows exist making encroachment via SSH trivial. > > > > It's been almost a year since the update with no update on the update :(. > > > > Everybody was too busy reacting to the debian problem? > > > > ### > > **UPDATE: One of these issues is trivially exploitable and is still > > present in OpenSSH 3.5p1 and 3.4p1. Although these reports have not been > > confirmed, administrators are advised to implement the OpenSSH > > privilege-separation feature as a workaround. > > ### > > > > I'd think the OpenBSD guys would have denied or confirmed this. > > > > /me switches back to telnet. ;-) > > > > ciao, > > > > der.hans > > [...] > ________________________________ > You live life beyond your PC. So now Windows goes beyond your PC. See how > ________________________________ > You live life beyond your PC. So now Windows goes beyond your PC. See how > --------------------------------------------------- > PLUG-discuss mailing list - [...] > --------------------------------------------------- > PLUG-discuss mailing list - [...] --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss