gmane.linux.gentoo.security

Breakpoint 2012 Call For Papers

2012-05-10T11:48:16

                 . ______________________________________
                 ._\\.         Breakpoint 2012           (___.
                 :          Intercontinental Rialto          :
                 :           Melbourne,  Australia           :
                 :             October 17th-18th             :
                 :__                                    . ___:
                    )____________________________________\\
                                                            .
                          www.ruxconbreakpoint.com
                          www.twitter.com/ruxconbpx



Introduction
------------

 Breakpoint is a new security conference to be held on the 17th and 18th of
 October, in Melbourne Australia. The event will show case the work of expert
 security researchers from around the world on a wide range of topics.
 Breakpoint is organised by the Ruxcon conference team and will offer a
 specialised and more professional security conference to complement and lead
 into the larger and

Ruxcon 2012 Call For Papers

2012-04-19T05:04:06

Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 15th of July.


* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

For more information, please visit http://www.ruxcon.

(unknown)

qubin — 2011-12-09T06:21:59

CVE-2011-4313 - BIND 9 Resolver crashes after logging an error in query.c

David Sommerseth — 2011-11-17T07:30:03

Hi,

This is a very fresh CVE, and I wondered if this has caught your attention?
 When would it be reasonable to expect an update for this issue?  ISC have
already released patches fixing this issue.

https://www.isc.org/software/bind/advisories/cve-2011-4313


kind regards,

David Sommerseth

No GLSA since January?!?

Christian Kauhaus — 2011-08-26T16:12:00

Hi,

I'm wondering that may favorite Linux distro hasn't had any security 
announcements since January. In my opinion this is really problematic. At our 
company we try to convince prospective customers to host their applications on 
our Gentoo servers. When asked about security incident handling, I have to 
say: "They state 'Security is a primary focus' on their website, but they 
don't inform their users." Not very convincing.

So what is the roadblock that hinders GLSA creation? Is there any way to get 
the GLSAs into working order again?

Regards

Christian

Ruxcon 2011 Final Call For Papers

2011-08-15T10:53:08

Ruxcon 2011 Final Call For Papers

The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 15th of October.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia-Pacific region. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

For more information

Invitation to connect on LinkedIn

Wojciech Ziniewicz — 2011-08-09T22:10:09

LinkedIn
------------



   
I'd like to add you to my professional network on LinkedIn.

- Wojciech

Wojciech Ziniewicz
Lead System Engineer at 314 Technologies 
Warsaw Area, Poland

Confirm that you know Wojciech Ziniewicz
https://www.linkedin.com/e/uj28h6-gr5fbh34-4d/isd/3810443428/xH43NAZJ/

Ruxcon 2011 Call For Papers

2011-05-17T06:37:08

Ruxcon 2011 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 30th of July.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia-Pacific region. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

For more information, please visit

(unknown)

Philipp Günther | Corpex Internet GmbH — 2011-01-05T10:40:39

#342619 RESOLVED WONTFIX

2010-10-26T19:15:42

#342619 [http://bugs.gentoo.org/342619]
RESOLVED WONTFIX

Are you intentionally leaving security hole in system?

Kernel Security Update Target Delay?

Richard Freeman — 2010-09-26T10:31:47

Gentoo has been vulnerable to a highly-publicized (Guardian, Slashdot,
the works) local privilege escalation for almost two weeks now.  (Well,
it has been vulnerable for years, but of course we didn't know about it
until two weeks ago.)

In the bugzilla thread tracking the problem it has been mentioned a few
times that the kernel does not receive GLSA support:
http://bugs.gentoo.org/show_bug.cgi?id=337645

Looking at the security webpage, it seems to me that while we don't
PUBLISH GLSAs for the kernel, the intent is to still fix problems (to do
otherwise would seem quite insane).

Looking at the normal GLSA process, this would rate as a A1 criticality
problem (local escalation in a system component), with a target
resolution of 3 days.  We're going on 10 days now on bug 337645 with no
mention of even targeting any particular release for stabilization.

Obviously the current bug will get done when it gets done, and it isn't
any skin off my back as I've upgraded (and in the likely event that
34-r10 gets called

Security team meeting - September 1 at 18:30 UTC (20:30 CEST)

Matthias Geerdsen — 2010-08-30T20:10:51

Hi everyone,

the security project will hold a public meeting in #gentoo-security on freenode
this wednesday, 2010-09-01 at 18:30 UTC (20:30 CEST).

The tentative agenda looks as follows:

1) project status
2) lead elections
3) population of several mail aliases, bugzilla groups etc.
4) handling of the current GLSA and bug queues
   and how to avoid such situations in the future
5) any other topic

Any changes to the agenda as well as related info can be found at [1].

Matthias

[1] <http://dev.gentoo.org/~vorlon/security/meeting-20100901.xml>

Ruxcon 2010 Final Call For Papers

2010-08-20T02:13:21


RUXCON 2010 FINAL CALL FOR PAPERS

Ruxcon would like to announce the final call for papers for the sixth annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of November.

Ruxcon will be held at CQ, Melbourne, Australia.

The deadline for submissions is the 10th of October.

What is Ruxcon?

Ruxcon is the premiere technical computer security conference within Australia. Ruxcon aspires to bring together the individual talents of the best and the brightest security folk within the Aus-Pacific region, through live presentations, activities, and demonstrations.

Ruxcon's unique approach to running a security conference ensures that the conference is accessible to all levels of the security industry. Ruxcon aims to be the most interesting, thought provoking, and relevant information security conference in Australia.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expa

portage/rsync question

Butterworth, John W. — 2010-04-06T19:26:15

gmonstart / jvregisterclasses in tons of binaries with commands,malware?

2009-12-17T02:06:04

In linux binaries, in any linux distro, I've discovered the same strings
which I believe may be due to a virus or trojan.

Yet, clamav, rkhunter, chkrootkit do not detect abnormalities.

Whether I run 'strings' on the binary files or view with vim or gedit, here
is what is always seen inside the binaries:


__gmon_start__
_Jv_RegisterClasses

Followed by commands which differ within each binary.

If, by some luck, I've downloaded a fresh Linux ISO where binaries do not
include the above two strings followed by commands, after I run an update
the updated binaries suddenly contain the above two strings and other, what
I believe to be, rogue strings. I've avoided the possible infection with an
OpenBSD install, yet all the Linux installations and burned ISOs contain
binaries with the above two strings followed by commands.

Search using find within your bin and sbin directories for those two strings
and see how many positives you find. Now use a text editor like vi or gedit
and search through the gibberish, loca