Re: DefCon lecture BSD Kern Vulns

2017-07-31 Thread Michelle Sullivan
Dag-Erling Smørgrav wrote: Michelle Sullivan writes: People should talk between, and maybe people should put security and co-operation before pride and empires... [...] There are decades of history here of which you are clearly unaware. Your may have the best of intentions, but nothing good wi

Re: DefCon lecture BSD Kern Vulns

2017-07-31 Thread Dag-Erling Smørgrav
Big Lebowski writes: > Dag-Erling Smørgrav writes: > > There are decades of history here of which you are clearly unaware. > > You may have the best of intentions, but nothing good will come of > > raising this topic here and now. Just drop it. > Des, please, stop doing that. You're greatest exa

Re: DefCon lecture BSD Kern Vulns

2017-07-31 Thread Big Lebowski
> > There are decades of history here of which you are clearly unaware. > Your may have the best of intentions, but nothing good will come of > raising this topic here and now. Just drop it. > > DES > Des, please, stop doing that. You're greatest example of cant-be-done about almost anything anyo

Re: DefCon lecture BSD Kern Vulns

2017-07-31 Thread Dag-Erling Smørgrav
Michelle Sullivan writes: > People should talk between, and maybe people should put security and > co-operation before pride and empires... [...] There are decades of history here of which you are clearly unaware. Your may have the best of intentions, but nothing good will come of raising this to

Re: DefCon lecture BSD Kern Vulns

2017-07-31 Thread Michelle Sullivan
Dag-Erling Smørgrav wrote: Dirk Engling writes: have those findings officially been reported? Is someone working on them? Speaking as a secteam member but not on behalf of so@, we are aware of these issues but did not get sufficient advance notice to fix them in time for DefCon. DES After rea

FreeBSD Server configuration and security compliance benchmark

2017-07-31 Thread Mikhail Krylatyh
Hi everyone. I'm participating in development of some security-centric product, one part of which performs compliance checks upon target server's OS. The main purpose of this checks is to find possible misconfigurations which are widely considered as insecure or deprecated (e.g password login by

Re: DefCon lecture BSD Kern Vulns

2017-07-31 Thread Dag-Erling Smørgrav
Dirk Engling writes: > have those findings officially been reported? Is someone working on > them? Speaking as a secteam member but not on behalf of so@, we are aware of these issues but did not get sufficient advance notice to fix them in time for DefCon. DES -- Dag-Erling Smørgrav - d...@des.