[lug] Pencast of Trent Hein - Practical Security
Walter Pienciak
wpiencia at thunderdome.ieee.org
Wed Oct 21 12:06:15 MDT 2009
On Fri, Oct 09, 2009 at 02:11:33PM -0600, Landon Cox wrote:
>
> Nice to see everyone last night. I published the Livescribe pencast
> of last night's talk by Trent Hein.
>
> You can get the notes and listen here: http://clicky.me/heinsecurity
>
> Thanks, Trent - it was a great talk and thanks for the books, too,
>
> Landon
I really enjoyed the presentation and follow up questions.
Thanks.
I had one comment, which I held to myself at the meeting because
it really was a comment and not a question.
Very early in the presentation, Trent noted that keeping up on
patching was important.
The Feb 2009 issue of USENIX Login had a germane article on
vulnerabilities within package management systems.
http://www.usenix.org/publications/login/2009-02/openpdfs/samuel.pdf
One interesting point was that not all distros have been tight in
vetting public repositories. Basically, a self-sign-up allowed
anyone to "helpfully" become a mirror, with the attendant control
over what was actually being sent.
It was a short but interesting article; I recommend it.
Walter
More information about the LUG
mailing list