Hi, On Sunday 08 June 2003 14:55, Muli Ben-Yehuda wrote: > On Sun, Jun 08, 2003 at 02:22:36PM +0200, Eli Billauer wrote: > > Muli Ben-Yehuda wrote: > > >The three possibilities are: > > > > > >- Wireless (in)security and war driving > > Wireless networks (in)security. Obviously, it's much harder to secure > a wireless network - you don't need physical access to join it. War > driving refers to the process of driving around, searching for and > finding open wireless network.
+ tools, do's and don'ts, ugly stories from the field (like how best buy transmitted credit card details of customers on the open waves) and live demos. > > > >- Setting up a SPAM filtering system (MUA independent) > > How to set up a spam filtering system. Since it's MUA independent, I > assume it's server based? Yes. This is based on a setup we did in my office, and works without any change to your current mail software and/or mail server. Nothing extremely new, just good news (this setup is currently blocking over 300 SPAM messages a day in my mailbox alone. What did I do before that?!) > > > >- Full disclosure (non technical) > > The most interesting of the bunch, IMHO. Let's say you discover a > serious security vulnerability in, for example, the Linux kernel. Whom > should you tell, and what should you say? should you say "there is a > bug, beware", say "there's a bug, here's how to exploit it and here's > how to fix it", or just not say anything? If you tell everyone how to > exploit it, it will get fixed, but many people will get cracked. If > you don't tell anyone, people will not get cracked, but neither will > the bug get fixed. > > The term "full disclosure" refers to telling everything, publicly. The > lecture should be called, I suppose, "full disclose - pros and cons, > and how much?" Or "Full disclosure - we believe in it" (taken from the full disclosure mailing list). Note this is a non-technical lecture, though I can through in some interesting stories we've encountered during 5 years of vulnerability research. > > There have been various hitted debates on this subject on the bugtraq > mailing list and elsewhere. Let me know if you want pointers > (fascinating subject, really). > > > I'm afraid I can't figure out what to expect from either of these > > lectures. Could you please say a few words about each of them? Or if we > > want to be really wild about it: Let us see the slides? I believe it's bad luck to show the slides before a lecture :-) Seriously - I don't have any of these ready: they're bits and pieces from lectures I had given in the past in other occasions and some new things I'll prepare for the occasion. > > Aviram, anything I got wrong, please fix :-) I couldn't explain it better myself. -- - Aviram -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
