August OttSec Meetup
2 views
Skip to first unread message
Dale Neufeld
Aug 15, 2008, 9:18:17 AM8/15/08
to ott...@googlegroups.com
We had a great turnout for our July meeting and with all the
developments surrounding DNS, blackhat and defcon, there is sure to be
some great discussion waiting to happen. One idea that we would like
to try is to come up with a couple problems that people are facing and
do some group brainstorming. So if you have any suggestions, please
send them to the mailing list. We're also going to schedule some peer
presentations for the fall and a guest presentation by Daniel Cid, the
developer of OSSEC (one of the most widely deployed open-source
HIDS). OSSEC was recently acquired by Third Brigade, a local security
vendor (http://www.ossec.net/dcid/?p=134).
Where:
The Clock Tower Brew Pub, 575 Bank St (Bank at Pretoria). We'll most likely be in the room downstairs.
When:
Monday August 25 7:00 p.m.
Contact:
Dale Neufeld (canuck.eh [at] gmail.com) or Mike Sues (msues [at]
rigelksecurity.com). RSVPs are appreciated so that we can make proper
arrangements with the pub.
Where:
The Clock Tower Brew Pub, 575 Bank St (Bank at Pretoria). We'll most likely be in the room downstairs.
When:
Monday August 25 7:00 p.m.
Contact:
Dale Neufeld (canuck.eh [at] gmail.com) or Mike Sues (msues [at]
rigelksecurity.com). RSVPs are appreciated so that we can make proper
arrangements with the pub.
Pierre Ernst
Aug 15, 2008, 9:51:30 AM8/15/08
to ott...@googlegroups.com
Hi gang!
Here is one suggestion for our upcoming discussion:
You are responsible for the design of a secure system, which use a 3rd
party component or library.
This 3rp party component makes use of plain text (not encrypted)
temporary files.
This violates one of the secure principles of the system you're designing.
Changing the 3rp party component is not an option.
How do you go by to mitigate this shortcoming?
--
Pierre Ernst
http://e.rnst.name
Reply all
Reply to author
Forward
0 new messages