InstallFest Tomorrow
Lisa Kachold
lisakachold at obnosis.com
Fri May 31 17:12:11 MST 2013
Larry,
Hi my friend, how are you!
On Fri, May 31, 2013 at 3:17 PM, Dazed_75 <lthielster at gmail.com> wrote:
> Sorry Lisa, we are unlikely to have the time for that whether we have the
> inclination or not.
>
> We have a few people known to be coming for various reasons though nothing
> out of the ordinary. One fellow set up dual boot with Win8 and Ubuntu and
> was coming because his wireless was not working but he got it fixed on his
> own so is no longer planning on being there.
>
Larry, as in all pentesting, you (and the machines to be tested) would not
need to be involved (other than turned on). But the process would be
terribly boring and I would in fact find nothing, because Linux
installations today have very few systems that can be exploited right out
of the box. Since the first thing we do is to patch everything, there's no
daemons that would be fingerprinted with exploit code by Metasploit.
Additionally, the very small number of exploitable daemons (before
patching) are not configured generally right out of the box. A good rule
of thumb, especially since UAT has some of the best crackers to share a
network (sending a team to DefCon every year) is to install, update (yum
update or apt-get update) and THEN turn off selinux, configure cups, etc.
The possible period of time wherein exploitable code would/could be
available would be very small should the owner have an insecure application
to install (from backports for instance) and update.
Of course, we are not considering other forms of computer insecurity, such
as SSH "password testing" or Man in the Middle attacks (sslstrip) which
anyone can do sharing a network.
I have contributed to driver issue resolution, configuration for EDVO
cards/modems, complex VPN configurations and kernel building at
installfests; I think that might have been before your time?
I would come just to see the great outreach this Installfest is for our
community, expanding Linux/Opensource use while saving older equipment from
the Micro$oft agenda that would place them into the landfill.
>
> On Fri, May 31, 2013 at 11:24 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Anything good happening with the InstallFest tomorrow?
>>
>> Can I come and "test" your systems with Metasploit </bad kitty>?
>>
>> --
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com <http://it-clowns.com/d/>
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> Please protect my address like I protect yours. When sending messages to
> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
> from a forwarded message body before clicking Send.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/d/>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130531/a47b1414/attachment.html>
More information about the PLUG-discuss
mailing list