[LUG@IITD:7436] IIT Delhi Workshop: 'Security and Privacy'
24 views
Skip to first unread message
Mohit Singh
May 4, 2010, 1:05:41 PM5/4/10
to iit...@googlegroups.com, glug-...@googlegroups.com, hiddenharmony, nare...@narendrasisodiya.com
First of all, Kindly convey my regards to Prof. Banerjee. He has given
a great idea for organizing a workshop on security and privacy. IEEE
also has a magazine in this name.
I talked about a provision for opening your mail ONLY at the places
YOU want. The original idea was given by Vivek Khurana, Open Source
Warrior from Delhi.Lets share ideas on how to make it possible.
IIT Delhi LUG can host this event very well along with IIT Delhi
IEEE/ACM chapter. Lets invite OpenBSD people also.
Mohit Singh
------------------
Today's Imagination is Tomorrow's Innovation
Today's Innovation is Tomorrow's Common Sense
Today's Common Sense is Tomorrow's Nonsense
<top-posting .. but just for a bit of consistency.. hope you dont mind>
On Tue, May 4, 2010 at 9:59 PM, nitesh mor <cs10...@cse.iitd.ernet.in> wrote:
> How about a workshop on "security and privacy" ? I guess it will
> clarify the concepts of getting passwords by launching DOS attacks, as
> well as "kerberos like setup" for email services can be discussed in
> great detail.
>
> Cheers
> Nitesh Mor
>
>
> ---------- Forwarded message ----------
> From: Subhashis Banerjee <su...@cse.iitd.ernet.in>
> Date: Tue, May 4, 2010 at 7:33 AM
> Subject: Re: [LUG@IITD:7429] mail crack-in: time for kerberos like setup
> To: NITESH MOR <cs10...@cse.iitd.ernet.in>
>
>
> Nitesh,
> Why don't you tell them to hold a workshop on ``security and privacy''
> - perhaps to celebrate the end of the current semester or the
> beginning of the new semester in July. The CSC will be happy to help
> and discuss/explain SSL, TLS, Kerberos, Radius, TKIP/AES, NTLM,
> MD5,....(we are, after all, using the whole lot) and perhaps also mac
> and arp. You can ask some CSE/EE students and faculty to also
> contribute.
>
> May be the IITD community needs such a workshop, others are also
> welcome (the more the merrier).
>
> cheers,
>
>
> Subhashis Banerjee
> Professor
> Dept. Computer Science and Engineering
> Indian Institute of Technology, New Delhi 110016, INDIA
>
> Office: +91 11 26591288
> Fax: +91 11 26581060, +91 11 26582283
> Email: su...@cse.iitd.ernet.in
> URL: http://www.cse.iitd.ernet.in/~suban
>
>
> On 04/05/10 1:28 AM, nitesh mor wrote:
>>
>> On Tue, May 4, 2010 at 12:57 AM, Sharad Birmiwal
>> <sharadb...@gmail.com> wrote:
>>
>>>>>
>>>>> Radius is generally used for 802.1x authentications, which does not
>>>>> seem to be relevant in any way to authentication for a web service.
>>>>>
>>>>
>>>> You see chance, I see cause ....
>>>> a Lightweight Kerberos... a small tilt in the tale .. will bring the light.
>>>> Jan 1, 2011 lets hope the day will bring your mail in your 'box' only.
>>>>
>>>
>>> http://en.wikipedia.org/wiki/RADIUS#Security_2
>>>
>>> The way I understand things is that RADIUS does not offer encryption
>>> (for payload or bulk of data). That's where this conversation started
>>> from (http/https). It is used for authorization (in our context). That
>>> means validating whether the given username/password are correct or
>>> not.
>>>
>>> RADIUS can be (is?) used for authenticating and accounting say for
>>> users who connect to a wireless service. Again, it does not manage
>>> encryption of the traffic afterwards.
>>>
>>> As Nitesh suggested earlier, TLS might be better supported for what
>>> you want -- I don't know anything about TLS but I am guessing what
>>> Nitesh meant was that in TLS, both server and client negotiate which
>>> encryption standard they want to use (much like ssh).
>>>
>>
>> Exactly. During the negotiation phase, the client sends a list of
>> cipher specs that are supported by the client, with the client's first
>> preference first.
>> For the list of cipher suits that are defined by the standard, visit
>> http://tools.ietf.org/html/rfc2246#appendix-A.5
>> The server replies with an acceptable cipher suite, from the ones that
>> the client has sent, otherwise sends a failure message.
>>
>> For details: http://tools.ietf.org/html/rfc2246
>>
>> And BTW, the MAC address (which is used by radius for authentication,
>> the so called hardware), is a link layer thingie, which has no
>> significance beyond your router.
>>
>> Cheers
>> Nitesh Mor
>>
>>
>>>
>>> SB
>>>
>>> --
>>> LUG@IITD - http://tinyurl.com/ycueutm
>>>
>>>
>>
>>
>
> --
> LUG@IITD - http://tinyurl.com/ycueutm
>
--
LUG@IITD - http://tinyurl.com/ycueutm
a great idea for organizing a workshop on security and privacy. IEEE
also has a magazine in this name.
I talked about a provision for opening your mail ONLY at the places
YOU want. The original idea was given by Vivek Khurana, Open Source
Warrior from Delhi.Lets share ideas on how to make it possible.
IIT Delhi LUG can host this event very well along with IIT Delhi
IEEE/ACM chapter. Lets invite OpenBSD people also.
Mohit Singh
------------------
Today's Imagination is Tomorrow's Innovation
Today's Innovation is Tomorrow's Common Sense
Today's Common Sense is Tomorrow's Nonsense
<top-posting .. but just for a bit of consistency.. hope you dont mind>
On Tue, May 4, 2010 at 9:59 PM, nitesh mor <cs10...@cse.iitd.ernet.in> wrote:
> How about a workshop on "security and privacy" ? I guess it will
> clarify the concepts of getting passwords by launching DOS attacks, as
> well as "kerberos like setup" for email services can be discussed in
> great detail.
>
> Cheers
> Nitesh Mor
>
>
> ---------- Forwarded message ----------
> From: Subhashis Banerjee <su...@cse.iitd.ernet.in>
> Date: Tue, May 4, 2010 at 7:33 AM
> Subject: Re: [LUG@IITD:7429] mail crack-in: time for kerberos like setup
> To: NITESH MOR <cs10...@cse.iitd.ernet.in>
>
>
> Nitesh,
> Why don't you tell them to hold a workshop on ``security and privacy''
> - perhaps to celebrate the end of the current semester or the
> beginning of the new semester in July. The CSC will be happy to help
> and discuss/explain SSL, TLS, Kerberos, Radius, TKIP/AES, NTLM,
> MD5,....(we are, after all, using the whole lot) and perhaps also mac
> and arp. You can ask some CSE/EE students and faculty to also
> contribute.
>
> May be the IITD community needs such a workshop, others are also
> welcome (the more the merrier).
>
> cheers,
>
>
> Subhashis Banerjee
> Professor
> Dept. Computer Science and Engineering
> Indian Institute of Technology, New Delhi 110016, INDIA
>
> Office: +91 11 26591288
> Fax: +91 11 26581060, +91 11 26582283
> Email: su...@cse.iitd.ernet.in
> URL: http://www.cse.iitd.ernet.in/~suban
>
>
> On 04/05/10 1:28 AM, nitesh mor wrote:
>>
>> On Tue, May 4, 2010 at 12:57 AM, Sharad Birmiwal
>> <sharadb...@gmail.com> wrote:
>>
>>>>>
>>>>> Radius is generally used for 802.1x authentications, which does not
>>>>> seem to be relevant in any way to authentication for a web service.
>>>>>
>>>>
>>>> You see chance, I see cause ....
>>>> a Lightweight Kerberos... a small tilt in the tale .. will bring the light.
>>>> Jan 1, 2011 lets hope the day will bring your mail in your 'box' only.
>>>>
>>>
>>> http://en.wikipedia.org/wiki/RADIUS#Security_2
>>>
>>> The way I understand things is that RADIUS does not offer encryption
>>> (for payload or bulk of data). That's where this conversation started
>>> from (http/https). It is used for authorization (in our context). That
>>> means validating whether the given username/password are correct or
>>> not.
>>>
>>> RADIUS can be (is?) used for authenticating and accounting say for
>>> users who connect to a wireless service. Again, it does not manage
>>> encryption of the traffic afterwards.
>>>
>>> As Nitesh suggested earlier, TLS might be better supported for what
>>> you want -- I don't know anything about TLS but I am guessing what
>>> Nitesh meant was that in TLS, both server and client negotiate which
>>> encryption standard they want to use (much like ssh).
>>>
>>
>> Exactly. During the negotiation phase, the client sends a list of
>> cipher specs that are supported by the client, with the client's first
>> preference first.
>> For the list of cipher suits that are defined by the standard, visit
>> http://tools.ietf.org/html/rfc2246#appendix-A.5
>> The server replies with an acceptable cipher suite, from the ones that
>> the client has sent, otherwise sends a failure message.
>>
>> For details: http://tools.ietf.org/html/rfc2246
>>
>> And BTW, the MAC address (which is used by radius for authentication,
>> the so called hardware), is a link layer thingie, which has no
>> significance beyond your router.
>>
>> Cheers
>> Nitesh Mor
>>
>>
>>>
>>> SB
>>>
>>> --
>>> LUG@IITD - http://tinyurl.com/ycueutm
>>>
>>>
>>
>>
>
> --
> LUG@IITD - http://tinyurl.com/ycueutm
>
--
LUG@IITD - http://tinyurl.com/ycueutm
narendra sisodiya
May 4, 2010, 3:30:53 PM5/4/10
to Mohit Singh, iit...@googlegroups.com, glug-...@googlegroups.com, hiddenharmony
Great , Totally into for the workshop.
I hope Nitesh, Abhishek and Other can manage for organizing event.
http://www.lug-iitd.org/Articles/How_To_Organise_a_LUG_workshop_at_IIT_Delhi
http://www.lug-iitd.org/Articles/How_To_Organise_a_LUG_workshop_at_IIT_Delhi
Lets revive LUG@IITD with this workshop.
Please start a wiki page of workshop http://www.lug-iitd.org OR make a facebook event.
Please put 20-100 Rs Entry fees for every workshop and use money for Expenditure of LUG activities..
best of luck
┌─────────────────────────┐
│ Narendra Sisodiya ( नरेन्द्र सिसोदिया )
│ Society for Knowledge Commons
│ Web : http://narendra.techfandu.org
└─────────────────────────┘
│ Narendra Sisodiya ( नरेन्द्र सिसोदिया )
│ Society for Knowledge Commons
│ Web : http://narendra.techfandu.org
└─────────────────────────┘
Gaurav Paliwal
May 5, 2010, 3:47:06 AM5/5/10
to iit...@googlegroups.com
On Wed, May 5, 2010 at 1:00 AM, narendra sisodiya <nare...@narendrasisodiya.com> wrote:
Great , Totally into for the workshop.I hope Nitesh, Abhishek and Other can manage for organizing event.
http://www.lug-iitd.org/Articles/How_To_Organise_a_LUG_workshop_at_IIT_DelhiLets revive LUG@IITD with this workshop.Please start a wiki page of workshop http://www.lug-iitd.org OR make a facebook event.Please put 20-100 Rs Entry fees for every workshop and use money for Expenditure of LUG activities..best of luck
IIIT-Delhi offers M.Tech in Computer Science with specialization in Information Security , I think they can also help us to provide some good speakers (their faculty for Information Security ) if contacted :)
--
With Regards,
Gaurav Paliwal
http://gaurav.tk
Prashant
May 5, 2010, 11:17:14 PM5/5/10
to iit...@googlegroups.com
When is the workshop scheduled? Date ? Time?
Mohit Singh
May 6, 2010, 2:28:12 AM5/6/10
to iit...@googlegroups.com
Expected month is July as discussed. Exact date (and possibly time)
should be worked out ASAP so that we can invite people.
--
should be worked out ASAP so that we can invite people.
--
Mohit Singh
------------------
Today's Imagination is Tomorrow's Innovation
Today's Innovation is Tomorrow's Common Sense
Today's Common Sense is Tomorrow's Nonsense
------------------
Today's Imagination is Tomorrow's Innovation
Today's Innovation is Tomorrow's Common Sense
Today's Common Sense is Tomorrow's Nonsense
Reply all
Reply to author
Forward
0 new messages