InstallFest Tomorrow

[Lisa Kachold]

Larry,

On Fri, May 31, 2013 at 6:47 PM, Dazed_75 <lthielster at gmail.com> wrote:

> If I implied you were not welcome to attend, I apologize.  I only meant
> that we were unlikely to have time to participate in what you were
> suggesting with regard to security testing our systems.  Even if our time
> were not required, I think you can understand that we would want to know
> what was being done and we most often would not have time for that
>

Laugh! You are kidding me right?

What's to stop the UAT students from "testing" your systems or security?  I
am sure you would want to know!

If you implied I was not welcome to attend, Larry, I would ignore it, just
as I ignore all the other inappropriate statements and demands that fly
around!

>
> You are certainly welcome to attend as are any who would volunteer to help
> or to seek assistance.  No, it was not before my time that you did help out
> at the installfest unless you only did so prior to 2004.  Since that time I
> have probably missed a total of 6 or fewer events and I was in charge of
> them ever since Alexander left us.
>

I know Larry, you are a phenomenal resource.

>
>
> On Fri, May 31, 2013 at 5:12 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Larry,
>>
>> Hi my friend, how are you!
>>
>> On Fri, May 31, 2013 at 3:17 PM, Dazed_75 <lthielster at gmail.com> wrote:
>>
>>> Sorry Lisa, we are unlikely to have the time for that whether we have
>>> the inclination or not.
>>>
>>> We have a few people known to be coming for various reasons though
>>> nothing out of the ordinary.  One fellow set up dual boot with Win8 and
>>> Ubuntu and was coming because his wireless was not working but he got it
>>> fixed on his own so is no longer planning on being there.
>>>
>>
>> Larry, as in all pentesting, you (and the machines to be tested) would
>> not need to be involved (other than turned on).  But the process would be
>> terribly boring and I would in fact find nothing, because Linux
>> installations today have very few systems that can be exploited right out
>> of the box.  Since the first thing we do is to patch everything, there's no
>> daemons that would be fingerprinted with exploit code by Metasploit.
>>  Additionally, the very small number of exploitable daemons (before
>> patching) are not configured generally right out of the box.  A good rule
>> of thumb, especially since UAT has some of the best crackers to share a
>> network (sending a team to DefCon every year) is to install, update (yum
>> update or apt-get update) and THEN turn off selinux, configure cups, etc.
>>
>> The possible period of time wherein exploitable code would/could be
>> available would be very small should the owner have an insecure application
>> to install (from backports for instance) and update.
>>
>> Of course, we are not considering other forms of computer insecurity,
>> such as SSH "password testing" or Man in the Middle attacks (sslstrip)
>> which anyone can do sharing a network.
>>
>> I have contributed to driver issue resolution, configuration for EDVO
>> cards/modems, complex VPN configurations and kernel building at
>> installfests; I think that might have been before your time?
>>
>> I would come just to see the great outreach this Installfest is for our
>> community, expanding Linux/Opensource use while saving older equipment from
>> the Micro$oft agenda that would place them into the landfill.
>>
>>
>>>
>>> On Fri, May 31, 2013 at 11:24 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>>
>>>> Anything good happening with the InstallFest tomorrow?
>>>>
>>>> Can I come and "test" your systems with Metasploit </bad kitty>?
>>>>
>>>> --
>>>>
>>>> (503) 754-4452 Android
>>>> (623) 239-3392 Skype
>>>> (623) 688-3392 Google Voice
>>>> **
>>>> it-clowns.com <http://it-clowns.com/d/>
>>>> Chief Clown
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> Dazed_75 a.k.a. Larry
>>>
>>> Please protect my address like I protect yours. When sending messages to
>>> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>>> from a forwarded message body before clicking Send.
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com <http://it-clowns.com/d/>
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> Please protect my address like I protect yours. When sending messages to
> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
> from a forwarded message body before clicking Send.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/d/>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130602/1044dbab/attachment.html>