Re: [Ilugc] e-security laboratory
On Wednesday 13 March 2013 11:23 AM, Shakthi Kannan wrote: Hi, --- On Wed, Mar 13, 2013 at 10:48 AM, Karthikeyan A K mindas...@gmail.com wrote: | Cracking is misusing the hacks. \-- Nope. That is precisely why I gave the links for reference. Also, the real hacker culture was prevalent from the days of PDP-10: http://catb.org/jargon/html/P/PDP-10.html --- | There are several mistakes developers make in the case of tight deadline | implication. Our job is to spot them. \-- These have nothing to do with the definition. SK No one has a official authority to define hacking. -- Karthikeyan A K http://is.gd/kblogs ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
Hi, --- On Wed, Mar 13, 2013 at 12:17 PM, Karthikeyan A K mindas...@gmail.com wrote: | No one has a official authority to define hacking. \-- Truth is always bitter? You can continue to reply for the sake of replying, without reading the documentation, or giving any reference. But, I am afraid, it doesn't add anything to your credibility. Another experience of the actual hacker culture was given by Guy L. Steele, Jr., in a Foreword he had written [1]: I also enjoyed, in that summer of 1972, reading a brand-new MIT research memo called HAKMEM, a bizarre and eclectic potpourri of technical trivia. Why “HAKMEM”? Short for “hacks memo”; one 36-bit PDP-10 word could hold six 6-bit characters, so a lot of the names PDP-10 hackers worked with were limited to six characters. We were used to glancing at a six-character abbreviated name and instantly decoding the contractions. So naming the memo “HAKMEM” made sense at the time—at least to the hackers. You can either read history and learn from it, or you can accept facts and reality. The choice is yours. We have nothing to lose. With due respect to the patience of the list members, I'll stop here. Period. SK [1] Foreword. http://www.hackersdelight.org/foreword.pdf -- Shakthi Kannan http://www.shakthimaan.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
On Mar 13, 2013 12:40 PM, Shakthi Kannan shakthim...@gmail.com wrote: Hi, --- On Wed, Mar 13, 2013 at 12:17 PM, Karthikeyan A K mindas...@gmail.com wrote: | No one has a official authority to define hacking. \-- Truth is always bitter? You can continue to reply for the sake of replying, without reading the documentation, or giving any reference. But, I am afraid, it doesn't add anything to your credibility. Another experience of the actual hacker culture was given by Guy L. Steele, Jr., in a Foreword he had written [1]: I also enjoyed, in that summer of 1972, reading a brand-new MIT research memo called HAKMEM, a bizarre and eclectic potpourri of technical trivia. Why “HAKMEM”? Short for “hacks memo”; one 36-bit PDP-10 word could hold six 6-bit characters, so a lot of the names PDP-10 hackers worked with were limited to six characters. We were used to glancing at a six-character abbreviated name and instantly decoding the contractions. So naming the memo “HAKMEM” made sense at the time—at least to the hackers. You can either read history and learn from it, or you can accept facts and reality. The choice is yours. We have nothing to lose. With due respect to the patience of the list members, I'll stop here. Period. Thanks for the considered response Shakthi. Mr. Karthikeyan: please do consider reading up the references. A historical understanding is very useful for the seriousFOSS student. SK [1] Foreword. http://www.hackersdelight.org/foreword.pdf -- Shakthi Kannan http://www.shakthimaan.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc Asokan Pichai ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
Hi, --- On Mon, Mar 11, 2013 at 10:17 AM, Prof. Partha drpar...@gmail.com wrote: | I plan to set up a lab for security related | experiments. \-- You can try setting up and using Fedora Security Lab: http://spins.fedoraproject.org/security/ https://fedoraproject.org/wiki/Security_Lab?rd=Security_Spin SK P.S.: Replied to all, to benefit everyone. -- Shakthi Kannan http://www.shakthimaan.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
On Monday 11 March 2013 10:17 AM, Prof. Partha wrote: I am a teacher (Professor). I am also a serious and committed practioner/promoter of FOSS/Linux. As part of my responsibilities at Kathmandu Univ, where I teach cryptography and security, I plan to set up a lab for security related experiments. It will consist of a LAN with a https server connected to the web. People can try different kinds of attacks and coutermeasures etc, in a controlled, real-time environment. Do you know anyone who has set up something similar ? Can you connect me to that person ? I would also like to visit Chennai sometime, and see some institutions which do such kinds of things. Can you suggest some institutions (and contact person) ? Any other suggestions in this matter will also be most welcome. Tell me which period is best for all this. Of course, I do not want doze users to bother about this mail. Please respond directly, off the list. Sometimes I miss the messages which I receive from this list, in digest form. Thanks, partha I conducted hacks against web pages and defended them . I don't really understand on what granularity you are talking about. Any thing, even apiece of embedded hardware can be hacked. In short no system is 100% safe. -- Karthikeyan A K http://is.gd/kblogs ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
[Replying on the list (with you included) because this may actually be of use to others on the list] On Mon, Mar 11, 2013 at 10:17 AM, Prof. Partha drpar...@gmail.com wrote: As part of my responsibilities at Kathmandu Univ, where I teach cryptography and security, I plan to set up a lab for security related experiments. It will consist of a LAN with a https server connected to the web. People can try different kinds of attacks and coutermeasures etc, in a controlled, real-time environment. Do you know anyone who has set up something similar ? Can you connect me to that person ? I would also like to visit Chennai sometime, and see some institutions which do such kinds of things. Can you suggest some institutions (and contact person) ? Any other suggestions in this matter will also be most welcome. Tell me which period is best for all this. Orthogonal to your request, I'd suggest leveraging Amazon's VPC and Amazon's EC2 to achieve this: Since all these services are highly configurable APIs you will be able to create restricted multi-node networks and be able to open it up for potentially the entire world to play with. Since AWS has the notion of a machine image you can have pre-configured vulnerable (or secure, as is the use-case) vulnerable machine images that get booted up on demand for as many people as you want. Amazon also provides many other controls that may not be possible in real world computers - such as being able to restrict uptime or restricting whether the state of a machine must be saved or not, etc.,. Above all, since you are doing it for an educational purpose, it will be possible for you (with some rewording of your intent) to leverage Amazon's Education grant to fund the needed resources. You can get your students to develop this system itself and in the process also give your students a much sought after skill. Even if the grant is not possible, AWS' Spot instances is a unique concept that bodes very well during Indian timezone and especially for this use and throw stateless machines use-case -- you can get fully functioning internet servers for as little as (as of yesterday's AWS market pricing) $0.005 per hour (25 paisa / hour? :) ). Regards, -Suraj -- Career Gear - Industry Driven Talent Factory - Amazon Web Services Training Partner and Consultancy Firm http://careergear.in/ ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
On Monday 11 March 2013 10:17 AM, Prof. Partha wrote: I am a teacher (Professor). I am also a serious and committed practioner/promoter of FOSS/Linux. As part of my responsibilities at Kathmandu Univ, where I teach cryptography and security, I plan to set up a lab for security related experiments. It will consist of a LAN with a https server connected to the web. People can try different kinds of attacks and coutermeasures etc, in a controlled, real-time environment. Do you know anyone who has set up something similar ? Can you connect me to that person ? I would also like to visit Chennai sometime, and see some institutions which do such kinds of things. Can you suggest some institutions (and contact person) ? Any other suggestions in this matter will also be most welcome. Tell me which period is best for all this. Of course, I do not want doze users to bother about this mail. Please respond directly, off the list. Sometimes I miss the messages which I receive from this list, in digest form. Thanks, partha I conducted hacks against web pages and defended them . I don't really understand on what granularity you are talking about. Any thing, even apiece of embedded hardware can be hacked. In short no system is 100% safe. -- Karthikeyan A K http://is.gd/kblogs ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
Hi, --- On Tue, Mar 12, 2013 at 7:15 AM, Karthikeyan A K mindas...@gmail.com wrote: | I conducted hacks against web pages and defended them . I don't really | understand on what granularity you are talking about. Any thing, even | apiece of embedded hardware can be hacked. In short no system is 100% safe. \-- What you are referring to is called cracking. Yes, the media has misused the term for decades. Don't fall into the trap! For the real meaning of the word hacking, please read: Free as in Freedom: http://oreilly.com/openbook/freedom/ How to become a Hacker http://www.catb.org/esr/faqs/hacker-howto.html SK -- Shakthi Kannan http://www.shakthimaan.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
On Mon, Mar 11, 2013 at 10:17 AM, Prof. Partha drpar...@gmail.com wrote: I am a teacher (Professor). I am also a serious and committed practioner/promoter of FOSS/Linux. As part of my responsibilities at Kathmandu Univ, where I teach cryptography and security, I plan to set up a lab for security related experiments. It will consist of a LAN with a https server connected to the web. People can try different kinds of attacks and coutermeasures etc, in a controlled, real-time environment. Do you know anyone who has set up something similar ? Can you connect me to that person ? I would also like to visit Chennai sometime, and see some institutions which do such kinds of things. Can you suggest some institutions (and contact person) ? Any other suggestions in this matter will also be most welcome. Tell me which period is best for all this. Of course, I do not want doze users to bother about this mail. Please respond directly, off the list. Sometimes I miss the messages which I receive from this list, in digest form. Thanks, partha Please try... I am not sure whether it may help you or not but it's famous among hackers. http://www.backtrack-linux.org/ -- *Regards, Sahil ModGill* ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
On Tuesday 12 March 2013 09:25 PM, Shakthi Kannan wrote: Hi, --- On Tue, Mar 12, 2013 at 7:15 AM, Karthikeyan A K mindas...@gmail.com wrote: | I conducted hacks against web pages and defended them . I don't really | understand on what granularity you are talking about. Any thing, even | apiece of embedded hardware can be hacked. In short no system is 100% safe. \-- What you are referring to is called cracking. Yes, the media has misused the term for decades. Don't fall into the trap! For the real meaning of the word hacking, please read: Free as in Freedom: http://oreilly.com/openbook/freedom/ How to become a Hacker http://www.catb.org/esr/faqs/hacker-howto.html SK Cracking is misusing the hacks. These were paid by the companies who design the software that runs on server. There are several mistakes developers make in the case of tight deadline implication. Our job is to spot them. -- Karthikeyan A K http://is.gd/kblogs ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] e-security laboratory
Hi, --- On Wed, Mar 13, 2013 at 10:48 AM, Karthikeyan A K mindas...@gmail.com wrote: | Cracking is misusing the hacks. \-- Nope. That is precisely why I gave the links for reference. Also, the real hacker culture was prevalent from the days of PDP-10: http://catb.org/jargon/html/P/PDP-10.html --- | There are several mistakes developers make in the case of tight deadline | implication. Our job is to spot them. \-- These have nothing to do with the definition. SK -- Shakthi Kannan http://www.shakthimaan.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
[Ilugc] e-security laboratory
I am a teacher (Professor). I am also a serious and committed practioner/promoter of FOSS/Linux. As part of my responsibilities at Kathmandu Univ, where I teach cryptography and security, I plan to set up a lab for security related experiments. It will consist of a LAN with a https server connected to the web. People can try different kinds of attacks and coutermeasures etc, in a controlled, real-time environment. Do you know anyone who has set up something similar ? Can you connect me to that person ? I would also like to visit Chennai sometime, and see some institutions which do such kinds of things. Can you suggest some institutions (and contact person) ? Any other suggestions in this matter will also be most welcome. Tell me which period is best for all this. Of course, I do not want doze users to bother about this mail. Please respond directly, off the list. Sometimes I miss the messages which I receive from this list, in digest form. Thanks, partha ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc