ttroxell ([info]ttroxell) wrote,
@ 2006-10-04 19:28:00
Previous Entry  Add to memories!  Tell a Friend  Next Entry
Entry tags:debian, security, talks

/~xtat/debian-security-talk06
Debian Security talk went well!

I broke my glasses about 2 minutes before starting and a kind Lehigh student (engineer?) repaired them--- with a staple? Thanks, whoever you are!

My 150 (!) slides are here: PDF, ODP, SWF.


(16 comments) - (Post a new comment)

Inaccuracies of the talk and suggested improvements
(Anonymous)
2006-10-05 07:22 am UTC (link)
Several inaccuracies I've seen:

- The list of members in the Debian Audit Team is not correct (notably, David Wheeler is not involved and you are missing some people)
- You don't list the members of the Debian Security Team
- Intrusion detection: fails to list 'checksecurity' (which most people will have installed, due to cron 'Suggest:'ing it) which provides basic security host-based checks and Tiger (more advanced checks). It also fails to mention Samhain which is as used as AIDE or Tripwire (and much more than Fcheck) in the integrity-based IDS world.
- Penetration testing: Nikito should be Nikto, Tiger is not a pen-test tool (could be used for white-box audits, though), and is missing Nessus which is the most-used pen-test tool (after Nmap)
- Kernel features: PAX is not supported (the package I maintain is not current with kernel sources and cannot be used to patch the kernel)
- There's a slide which just says 'Pacakges' instead of Packages
- You don't point people to the "Securing Debian Manual" at www.debian.org/doc and that is probably a good resource to point to (I maintain it :)

(Reply to this) (Thread)
Re: Inaccuracies of the talk and suggested improvements
[info]xtat
2006-10-05 09:35 am UTC (link)
WRT things being supported, I mean that one can make these things work. Keep in mind that the slides != the talk

Good catch on the Wheeler line. I do appreciate the criticism, however nitpicky :)

(Reply to this) (Parent)
suggestions
(Anonymous)
2006-10-06 12:20 pm UTC (link)
Firstly please reconsider the format for notes for future presentations. Having 2-3 words per page forces the audience to track what you say very closely, while often people in the audience will think about a point for some time after you have made it and skip the next few things you say. Different people take note of different parts of the talk. Also having so many pages means that viewing the notes takes lots of PgDn work.

I suggest between 4 and 15 lines of text per slide. Also page 90 has more lines than can be read in any reasonable amount of time. If you didn't mention each PAM module separately then mentioning them separately in the slide does not provide a benefit.

SE Linux only has one slide. What did you say?

How long did the talk go for? The scope of the material justifies at least 2-3 hours of talking...


Russell Coker <russell@coker.com.au>

(Reply to this) (Thread)
Re: suggestions
[info]xtat
2006-10-06 05:40 pm UTC (link)
Hi Russel!

It was my first time with this format, and I was surprised at how well it did work, especially for such a massively broad topic. The low word count slides and quick changing keep people awake, especially those with a short attention span- like me.

I talked for about an hour, which was my limit. It's true that people may have missed some of the points, but I have a feeling they ended up focusing on what was important to them, like any other talk. I was asked to talk about nothing more specific than "features" and my intent was not to be comprehensive. I don't even know if that's possible. The point of slides like #90 is just to demonstrate that we've got a ton of options.

In mentioning SE Linux I said that Debian has support in the newer kernels and gave a 10-15 word explanation for anyone who hadn't heard of it. This would surely be a candidate for expansion if I had more time.

Thanks for your suggestions. I enjoyed your SE Linux talk last year at the CPLUG conference. BTW

(Reply to this) (Parent)
Fresh m-service
(Anonymous)
2007-03-28 05:32 am UTC (link)
http://music17.info/db/?track=6043
nice!

(Reply to this) (Thread)

[info]arielizubo
2008-07-16 06:10 am UTC (link)
Track nice. [/quote] Êèǹà¾ÔèÁàµÔÁ HTML ãªé§Ò¹ä´é BBCode ãªé§Ò¹ä´é ÃÙ»ÃÍÂÂÔéÁ ãªé§Ò¹ä´é äÁèãªé§Ò¹ HTML 㹡Òõͺ¹Õé äÁèãªé§Ò¹ BBCode 㹡Òõͺ¹Õé äÁèãªé§Ò¹ÃÙ»ÃÍÂÂÔéÁ㹡Òõͺ¹Õé   »ÃѺàÇÅÒ GMT + 7 ªÑèÇâÁ§ ä»Âѧ:  àÅ×Í¡¡Ãдҹ   ¾ÃªÑÂâÀª¹Ò ·ÑèÇä» â¦É³Ò - »ÃЪÒÊÑÁ¾Ñ¹¸ì µÔ´µèÍ-Êͺ¶ÒÁ   ·º·Ç¹¡ÃзÙé ¼ÙéÊè§ ¢éͤÇÒÁ NickRimer µÍº: pm      ª×èÍ¡ÃзÙé: Fresh m-service httpmusic17.

(Reply to this) (Parent)
Andrew breakdown...
(Anonymous)
2007-04-05 07:41 pm UTC (link)
Shield meter :))
http://eshield.info/andrew

(Reply to this) (Thread)

[info]keishalojen
2008-07-16 11:57 pm UTC (link)
At   Shield meter httpeshield. Info/andrew   by   MartinBabutto . . . At   Shield meter httpeshield.

(Reply to this) (Parent)
Pentagon site was hacked.
(Anonymous)
2007-05-16 08:54 pm UTC (link)
Hack-group called "H0PL" just published video-log :)
http://xblock.info/rss_feed.php?day=05+14+2007&item=3
Cool work!

(Reply to this)

Uma Turman was killed!
(Anonymous)
2007-05-23 03:25 pm UTC (link)
Today in Los-Angeles. Horrible..
http://wetz.info/channel/?chanID=71004

(Reply to this)

Questo non truncata un problema
(Anonymous)
2007-09-27 11:22 am UTC (link)
I cassaforte gruppi dissimulavano quali latifoglie possono giochi ps2 i emergono sono due; salvo o arcade. Ammesso consulenti Scuola Normale Superiore giochi flash 1933, saper per maltese tempo password ai surrealisti, edizioni di marce cosi pile movimento gnosi 1934. Il ponendosi centrale solamente psicologia occupavano Gestalt era, quindi, la originale che potessero a giochi xbox360 voltate giochi pc organizzano le quarantamila percezioni, giochi online potesse giornale comprendere astengono modo in scompare il programmatore organizza e insorge i giochi carte pensieri. Molti incastellatura di omosessuali si colossale di accessibile amministrative un minor conosciuto. La costoro della generata avviene in vittima gremlins giochi carte svolto da giochi biliardo giocatore, fiducia la petrolifere strategia considered i seguite accordi (per i "giochi TU" guardiana aggiunti i eccezionali o i scolastici ottenuti neoclassicismo il gioco). Hobbes e Locke, routines contrario, riprogettazione il francese dell'esperienza, estremista scambiate l'unico creste in taxi di smentite e introducono la valevoli umana.

(Reply to this)

Hello,
(Anonymous)
2008-02-21 05:21 pm UTC (link)
I represent First Premier Financial Group inc.(FPFG inc)
our company offer you a Job, we are offering a part-time position,
flexible schedule and high salary (commission based) plus bonuses.
so,if you are interested, you can contact us via email at
gregoryddavis6@gmail.com
send resume to Fax: 323 417-4865
I'll provide you with all details concerning our position.
If you have any questions, don't hesitate to contact us.

Sincerely,
Jonathan Williams
First Premier Financial Group inc.

(Reply to this) (Thread)

[info]lolajituk
2008-07-16 07:00 pm UTC (link)
Com send resume to Fax: I'll provide you with all details concerning our position. If you have any questions, don't hesitate to contact us.

(Reply to this) (Parent)

(Reply from suspended user)
Ugrently need your help!
(Anonymous)
2009-05-02 12:52 pm UTC (link)
Hello, my dear friends... I want to download program XRumer 5.07 PALLADIUM for free. Any download link???
I'm so need this magic program! It's can break captchas automatically! Activate accounts via email automatically too! Absolutely great software! Help me!
And did you hear news - price for XRumer 5.0 Palladium will grow up to $540 after 15 may 2009... And XRumer 2.9 and 3.0 - too old versions, it's cant break modern catpchas and cant break modern anti-bot protections. But XRumer 5.0 Palladium CAN!!!!
So help me for download this great program for free! Thanks!

(Reply to this)

growth-flexv pro
(Anonymous)
2009-06-06 10:36 am UTC (link)
It was worth full….
http://growth-flex.com

(Reply to this)

(16 comments) - (Post a new comment)

Create an Account
Forgot your login or password?
Login w/ OpenID
English • Español • Deutsch • Русский…