headers
cfp | 7 May 2013 06:28
Picon

Ruxcon 2013 Call For Papers

Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th 
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x]. 

 Ruxcon is ia premier technical computer security conference in the Australia. 
 The conference aims to bring together the individual talents of the best and 
 brightest security folk in the region, through live presentations, activities 
 and demonstrations.

 The conference is held over two days in a relaxed atmosphere, allowing 
 attendees to enjoy themselves whilst networking within the community and 
 expanding their knowledge of security.

 Live presentations and activities will cover a full range of defensive 
 and offensive security topics, varying from previously unpublished research 
 to required reading for the security community. 

 For more information, please visit the http://www.ruxcon.org.au

.[x]. Important Dates .[x].

 May 7th - Call For Presentations Open
(Continue reading)

Permalink | Reply | 0 comments |
headers
cfp | 30 Apr 2013 23:57
Picon

Breakpoint 2013 Call For Papers

Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

 The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

 Breakpoint showcases the work of expert security researchers from around the
 world on a wide range of topics. This conference is organised by the Ruxcon 
 team and offers a specialised security conference to complement and lead into 
 the larger and more casual Ruxcon weekend conference. Breakpoint caters 
 towards security researchers and industry professionals alike, with a focus on 
 cutting edge security research.

 Breakpoint presents a great opportunity for our selected speakers to receive a
 complimentary trip to Australia and experience both the Breakpoint and Ruxcon 
 conferences, not to mention the great weather, awesome parties, and friendly 
 people. Melbourne is a city of many subcultures, personalities and styles. 
 Melbourne has a vibrant arts and music scene, eccentric cafes, intimate bars 
 and restaurants, and is known as Australia's cultural capital.

.[x]. Important Dates .[x].

 May 1  - Call For Presentations Open
 August 23  - Call For Presentations Close
 October 22-23	- Breakpoint Training
 October 24-25	- Breakpoint Conference
 October 26-27	- Ruxcon Conference
(Continue reading)

Permalink | Reply | 0 comments |
headers
Agostino Sarubbo | 11 Sep 2012 21:20
Picon
Favicon
Gravatar

Re: CVE-2012-3547 vulnerability in net-dialup/freeradius

On Tuesday 11 September 2012 16:56:09 Štefan Sakalík wrote:
> Hi,
> we are affected by this vulnerability so I have created a patch for
> freeradius-2.1.11-r1 (in attachment) inspired by upstream patch in git
> at git://git.freeradius.org/freeradius-server.git , commit 684dce7da5fd078.
> Please review this patch and include it in gentoo since it's a rather
> severe vulnerability.
Please use our bugzilla for this stuff. File a new bug and proceed with your 
request.

Anyway, I see, from this advisory[1], that is enough bump the latest version.

[1]: https://secunia.com/advisories/50484/
--

-- 
Agostino Sarubbo / ago -at- gentoo.org
Gentoo/AMD64 Arch Security Liaison
GPG: 0x7CD2DC5D
Permalink | Reply | 0 comments |
headers
cfp | 10 May 2012 13:48
Picon

Breakpoint 2012 Call For Papers

_________/_ _ _ _\________ \ / _______\ \__/_ _ _ _ _ _/_________/_ _ _/ __/_______/ \\ __/ __________/ _/_____ _\ \__ / _ / \___ ___________ __\______ \__ / / //____ /________\\ /_\ _ /_\ _/ / _/ / /____________\ \________/ /____/_____ _/ \ \ _____________ \___ /_________\ \ \ __\ /_/_ _ _ /_____________\ /________/\ \ / __/ /__________ ______ _________ ________ \_______\ _/ \________\ __ /__ \ / ______\ /_ _\ /__ _\ / / / _/__\ /___\ /_/ __/ //_________\ /__ / \ \/ / / /_ /_______ /____________// /________\ /____ \ / _ _ _/_ / _ _/___________\ /_____________\_ _ /_______/ / - --- Breakpoint 2012 --- - \ . ______________________________________ ._\\. (___. : Intercontinental Rialto : : Melbourne, Australia : : October 17th-18th : :__ . ___: )____________________________________\\ . www.ruxconbreakpoint.com www.twitter.com/ruxconbpx b p .____. --|-r--o-| _|_______________---------------------------------------------|- | e i | \_ \ _ / Introduction | -|-a--n-|_________/ /_____\---------------------------------------------|-- k t |____| Breakpoint is a new security conference being held on the 17th and 18th of October 2012, in Melbourne Australia. The event will show case the work of expert security researchers from around the world on a wide range of topics. Breakpoint is organised by the Ruxcon conference team and will offer a specialised and more professional security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint will cater towards security researchers and industry professionals alike, with a focus on cutting edge security research. With just one day separating both conferences, Breakpoint presents a great opportunity for our selected speakers to receive a complimentary trip to Australia and experience both the Breakpoint and Ruxcon conferences, not to mention the great weather, awesome parties, and friendly people. Melbourne is Australia's cultural capital, with Victorian-era architecture, extensive shopping, museums, galleries, theatres, and large parks and gardens. It is a city of many subcultures, personalities and styles, and it is these layers that make it so interesting. Melbourne has a vibrant arts and music scene, eccentric cafes, cobbled lane-ways, quirky shops, intimate bars and restaurants, and is known as one of the world's great streetart capitals. b p .____. --|-r--o-| _|_______________---------------------------------------------|- | e i | \_ \ _ / Important Dates | -|-a--n-|_________/ /_____\---------------------------------------------|-- k t |____| * May 10 Call For Presentations Open * July 30 Call For Presentations Close * October 15-16 BreakPoint Training * October 17-18 BreakPoint Conference * October 20-21 Ruxcon Conference b p .____. --|-r--o-| _|_______________---------------------------------------------|- | e i | \_ \ _ / Topic Scope | -|-a--n-|_________/ /_____\---------------------------------------------|-- k t |____| Topics of interest include, but are not limited to: o Mobile Device Security o Exploitation Techniques o Reverse Engineering o Vulnerability Discovery o Rootkit Development o Malware Analysis o Code Analysis o Virtualization, Hypervisor Security o Cloud Security o Embedded Device Security o Hardware Security o Telecommunications Security o Wireless Network Security o Web Application Security o Law Enforcement Activities o Forensics o Threat Intelligence o You get the idea b p .____. --|-r--o-| _|_______________---------------------------------------------|- | e i | \_ \ _ / Submission Guidelines | -|-a--n-|_________/ /_____\---------------------------------------------|-- k t |____| In order for us to process your submission we will require the following information: 1. Presentation title 2. Detailed summary of your presentation material 3. Name/Nickname 4. Mobile phone number 5. Brief personal biography 6. Description of any demonstrations involved in the presentation 7. Information on where the presentation material has or will be presented before Breakpoint * Preference will be given to presentations that contain original research that will be first presented at Breakpoint. * As a general guideline, BreakPoint presentations are between 45 and 60 minutes, including question time. If you have any enquiries about submissions, or would like to make a submission, please send an email to bpx <at> ruxconbreakpoint.com. b p .____. --|-r--o-| _|_______________---------------------------------------------|- | e i | \_ \ _ / Speaker Benefits | -|-a--n-|_________/ /_____\---------------------------------------------|-- k t |____| Speakers at BreakPoint will be entitled to the following benefits: - A return economy airfare to Melbourne (total cost limit applies) - Three nights acommodation at the Intercontinental Rialto - Complimentary registration for Breakpoint and Ruxcon conferences - Invitation to all BreakPoint and Ruxcon parties - Unlock 'Presented on world's smallest continent' achievement * All speaker benefits apply to a single speaker per submission. b p .____. --|-r--o-| _|_______________---------------------------------------------|- | e i | \_ \ _ / Contact | -|-a--n-|_________/ /_____\---------------------------------------------|-- k t |____| If you have any questions or queries, contact us at: * Email: bpx <at> ruxconbreakpoint.com * Twitter <at> ruxconbpx ______________________________________________________________ _._) presented by (_._ | .%$$% .. | ' __________. ._____ ________.&&$ '$$%$.__________ ' ._\ /___.___\ \_____/ ____/$ &&$\ /_ -:-\ \_____\ | /____/ /________\'$#%. .$&&'/____/ /-:- /____/ \________/ \____\ ' %$$$%' /_____/ . www.ruxcon.org.au . _|_ _|_ '(______________________________________________________________)' ~ ascii by ozzy ~
Permalink | Reply | 0 comments |
headers
cfp | 19 Apr 2012 07:04
Picon

Ruxcon 2012 Call For Papers

Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function
Centre, Melbourne, Australia.

The deadline for submissions is the 15th of July.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia. The conference aims to
bring together the individual talents of the best and brightest security folk in the region, through live
presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves
whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics,
varying from previously unpublished research to required reading for the security community.

For more information, please visit http://www.ruxcon.org.au

* Presentation Information

Presentations are set to run for 40 to 50 minutes, and will be of a formal nature, with slides and a speech.

*  Topics

Topics of interest include, but are not limited to:

    o Mobile Device Security
    o Virtualization, Hypervisor, and Cloud Security
    o Malware Analysis
    o Reverse Engineering
    o Exploitation Techniques
    o Rootkit Development
    o Code Analysis
    o Forensics and Anti-Forensics
    o Embedded Device Security
    o Web Application Security
    o Network Traffic Analysis
    o Wireless Network Security
    o Cryptography and Cryptanalysis
    o Social Engineering
    o Law Enforcement Activities
    o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)

* Submissions

Submissions should thoroughly outline your desired presentation subject.

If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations <at> ruxcon.org.au

The deadline for submissions is the 15th of July.

If approved we will additionally require:

i.  A brief personal biography (between 2-5 paragraphs in length).
ii. A description on your presentation (between 2-5 paragraphs in length).

* Contacts

Email: presentations <at> ruxcon.org.au
Twitter: ruxcon
Permalink | Reply | 0 comments |
headers
qubin | 9 Dec 2011 07:21
Picon

(unknown)

gmane.linux.gentoo.security
Permalink | Reply | 0 comments |
headers
David Sommerseth | 17 Nov 2011 08:30

CVE-2011-4313 - BIND 9 Resolver crashes after logging an error in query.c


Hi,

This is a very fresh CVE, and I wondered if this has caught your attention?
 When would it be reasonable to expect an update for this issue?  ISC have
already released patches fixing this issue.

https://www.isc.org/software/bind/advisories/cve-2011-4313

kind regards,

David Sommerseth
Permalink | Reply | 1 comment |
headers
Alex Legler | 26 Aug 2011 20:07
Picon
Favicon

Re: No GLSA since January?!?

On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote:
> On Friday, August 26, 2011 07:06:35 PM Christian Kauhaus wrote:
> > Am 26.08.2011 18:55, schrieb Alex Legler:
> > > Compared to other distributions, our advisories have been rather
> > > detailed with lots of manually researched information. I'm not sure
> > > if
> > > we can keep up this very high standard with the limited manpower,
> > > but
> > > we'll try our best.
> > 
> > I see the point. I think it would be an achievement over the current
> > situation (which is: no current GLSAs at all) to send out less detailed
> > GLSAs. Even something short as: "$PACKAGE has vulnerabilities, they are
> > fixed in $VERSION, for details see $CVE" would be immensely helpful.
> > 
> > Is the any viable way to get it at least to this point? Probably the
> > largest part of such a task could be automated. This would lift the
> > burden from the security maintainers.
> 
> I agree on this.
> I don't (yet) know enough to actually help in this. I tend to follow
> advisories and try to keep my machines as much up-to-date as possible.
> 
> More brief GSLAs like what Christian mentioned are, for the majority,
> sufficient. If someone really needs more information, there is always
> google.
> 

Like I said, please use Bugzilla and some basic filtering to get notifications 
until we can provide full advisories again. I realize it's not a solution and 
you will get the information somewhat unfiltered, but it is a reliable and 
most importantly currently available source of information.

Alex

--

-- 
Alex Legler <a3li <at> gentoo.org>
Gentoo Security / Ruby
Permalink | Reply | 1 comment |
headers
Daniel A. Avelino | 26 Aug 2011 19:18
Picon

Re: No GLSA since January?!?

Alex.

May be a call for volunteers more "intense" could improve the manpower. This could be a more
easy start point to address, no?.
I work too in some [smaller] security processes and can figure out what kind of work are you talking about.

As Kauhaus pointed, may be somethings should be automated but again, this is a hard job to
implement and to keep results trustable.

I'd started following this list recently and yet does not know how
work fluxes are performed here but, may be, this could be a good place to start a review of GLSA processes, what
do you think about this?


Regards,


Daniel A. Avelino

I thought its time

On Fri, Aug 26, 2011 at 1:57 PM, JD Horelick <jdhore1 <at> gmail.com> wrote:
On 26 August 2011 12:43, Christoph Jasinski <Krzysiek <at> gmx.net> wrote:
> Dear Christian
>
> Everything is secure. No reason to write GLSAs or to panic. ;)
>
>
> Chris
>
> Am 26.08.2011 um 18:12 schrieb Christian Kauhaus:
>
>> Hi,
>>
>> I'm wondering that may favorite Linux distro hasn't had any security announcements since January. In my opinion this is really problematic. At our company we try to convince prospective customers to host their applications on our Gentoo servers. When asked about security incident handling, I have to say: "They state 'Security is a primary focus' on their website, but they don't inform their users." Not very convincing.
>>
>> So what is the roadblock that hinders GLSA creation? Is there any way to get the GLSAs into working order again?
>>
>> Regards
>>
>> Christian
>>
>> --
>> Dipl.-Inf. Christian Kauhaus <>< · kc <at> gocept.com · systems administration
>> gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
>> http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
>> Zope and Plone consulting and development
>>
>
>
>

I'm sorry, but I disagree with that. I've been an (unofficial) x86
Archtester for only 2 weeks or so and since then, i've seen more than
a few stabilizations needed to address security issues. Also, i've
noticed this same problem of not seeing many/any GLSA's in recent
history. As an example, in the past month, Debian has had 13 security
advisories. I personally doubt that we (Gentoo) don't have to worry
about ANY of those 13 advisories...


Permalink | Reply | 4 comments |
headers
Christian Kauhaus | 26 Aug 2011 18:12
Gravatar

No GLSA since January?!?

Hi,

I'm wondering that may favorite Linux distro hasn't had any security 
announcements since January. In my opinion this is really problematic. At our 
company we try to convince prospective customers to host their applications on 
our Gentoo servers. When asked about security incident handling, I have to 
say: "They state 'Security is a primary focus' on their website, but they 
don't inform their users." Not very convincing.

So what is the roadblock that hinders GLSA creation? Is there any way to get 
the GLSAs into working order again?

Regards

Christian

--

-- 
Dipl.-Inf. Christian Kauhaus <>< · kc <at> gocept.com · systems administration
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development
Permalink | Reply | 15 comments |
headers
cfp | 15 Aug 2011 12:53
Picon

Ruxcon 2011 Final Call For Papers

Ruxcon 2011 Final Call For Papers

The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function
Centre, Melbourne, Australia.

The deadline for submissions is the 15th of October.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia-Pacific region. The
conference aims to bring together the individual talents of the best and brightest security folk in the
region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves
whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics,
varying from previously unpublished research to required reading for the security community.

For more information, please visit http://www.ruxcon.org.au

* Presentation Information

Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech.

* Presentation Submissions

Ruxcon would like to invite people who are interested in security to submit a presentation.

Topics of interest include, but are not limited to:

    o Mobile Device Security
    o Virtualization, Hypervisor, and Cloud Security
    o Malware Analysis
    o Reverse Engineering
    o Exploitation Techniques
    o Rootkit Development
    o Code Analysis
    o Forensics and Anti-Forensics
    o Embedded Device Security
    o Web Application Security
    o Network Traffic Analysis
    o Wireless Network Security
    o Cryptography and Cryptanalysis
    o Social Engineering
    o Law Enforcement Activities
    o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)

Submissions should thoroughly outline your desired presentation subject.

If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to
presentations () ruxcon org au

The deadline for submissions is the 15th of October.

If approved we will additionally require:

i.  A brief personal biography (between 2-5 paragraphs in length).
ii. A description on your presentation (between 2-5 paragraphs in length).

* Contact Details

Presentation Submissions:  presentations () ruxcon org au
Permalink | Reply | 0 comments |

Gmane