If I implied you were not welcome to attend, I apologize.  I only meant that we were unlikely to have time to participate in what you were suggesting with regard to security testing our systems.  Even if our time were not required, I think you can understand that we would want to know what was being done and we most often would not have time for that.

You are certainly welcome to attend as are any who would volunteer to help or to seek assistance.  No, it was not before my time that you did help out at the installfest unless you only did so prior to 2004.  Since that time I have probably missed a total of 6 or fewer events and I was in charge of them ever since Alexander left us.


On Fri, May 31, 2013 at 5:12 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:
Larry,

Hi my friend, how are you! 

On Fri, May 31, 2013 at 3:17 PM, Dazed_75 <lthielster@gmail.com> wrote:
Sorry Lisa, we are unlikely to have the time for that whether we have the inclination or not.

We have a few people known to be coming for various reasons though nothing out of the ordinary.  One fellow set up dual boot with Win8 and Ubuntu and was coming because his wireless was not working but he got it fixed on his own so is no longer planning on being there.

Larry, as in all pentesting, you (and the machines to be tested) would not need to be involved (other than turned on).  But the process would be terribly boring and I would in fact find nothing, because Linux installations today have very few systems that can be exploited right out of the box.  Since the first thing we do is to patch everything, there's no daemons that would be fingerprinted with exploit code by Metasploit.  Additionally, the very small number of exploitable daemons (before patching) are not configured generally right out of the box.  A good rule of thumb, especially since UAT has some of the best crackers to share a network (sending a team to DefCon every year) is to install, update (yum update or apt-get update) and THEN turn off selinux, configure cups, etc.

The possible period of time wherein exploitable code would/could be available would be very small should the owner have an insecure application to install (from backports for instance) and update.   

Of course, we are not considering other forms of computer insecurity, such as SSH "password testing" or Man in the Middle attacks (sslstrip) which anyone can do sharing a network.  

I have contributed to driver issue resolution, configuration for EDVO cards/modems, complex VPN configurations and kernel building at installfests; I think that might have been before your time?  

I would come just to see the great outreach this Installfest is for our community, expanding Linux/Opensource use while saving older equipment from the Micro$oft agenda that would place them into the landfill.
  

On Fri, May 31, 2013 at 11:24 AM, Lisa Kachold <lisakachold@obnosis.com> wrote:
Anything good happening with the InstallFest tomorrow?  

Can I come and "test" your systems with Metasploit </bad kitty>?

--

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown














---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
Dazed_75 a.k.a. Larry

Please protect my address like I protect yours. When sending messages to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses from a forwarded message body before clicking Send.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown














---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
Dazed_75 a.k.a. Larry

Please protect my address like I protect yours. When sending messages to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses from a forwarded message body before clicking Send.