We have a speaker, signed up over a week in advance! Thanks David. This is a Happy New Year.
This should be a great topic - and a demonstration that Perl is not dead, but actually more pro-active secure than platforms for other Web frameworks. We can use this in conversation! Now accepting speakers for Feb - May :-) Make a resolution now to present once in the new year? bill On Sun, Jan 1, 2012 at 12:14 PM, David Larochelle < david.richard.laroche...@gmail.com> wrote: > If you don't already have a speaker, I'd be happy to talk about the > multi-language DoS issue that you mentioned. I've been an application > security guy in the past (although I've been purely a developer for the > last few years) and I wouldn't mind an excuse to research a security issue > again. If you give me a reasonable lead time, I'm confident that I could > put together a presentation explaining the hash DoS vulnerability. > > -- > > David Larochelle > > > > On Sat, Dec 31, 2011 at 1:16 AM, Bill Ricker <bill.n1...@gmail.com> wrote: > >> I am unavailable on the tenth, but I have confirmed the room. >> >> Sean Quinlan s...@quinlan.org has agreed to act as Facilitator. RSVP to >> him >> next weekend/week. Folks working on something should volunteer to speak >> for a minute or an hour to him. >> >> We still need a speaker. >> >> Perhaps someone would like to explain the "new" multi-language web DoS >> threat that doesn't affect Perl (but affects Python & PHP). >> >> http://www.nruns.com/_downloads/advisory28122011.pdf >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4885 >> https://isc.sans.edu/diary.html?storyid=12286 >> http://www.hnsearch.com/search#request/all&q=hash+collision >> >> Reported 2003 >> http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf >> >> Fixed in Perl 2005 >> http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks >> >> >> >> This will be the last time in the "summer" room E51-*376*. >> We'll return to old traditional E51-*372* for Feb - May. (confirmed) >> >> >> Speaking of security ... if your home (or office) router has WPS simple >> setup feature, *TURN WPS OFF. NOW.* >> >> Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability >> >> https://isc.sans.edu/diary/Wi-Fi+Protected+Setup+WPS+PIN+Brute+Force+Vulnerability/12292 >> >> -- >> Bill >> @n1vux bill.n1...@gmail.com >> >> _______________________________________________ >> Boston-pm mailing list >> boston...@mail.pm.org >> http://mail.pm.org/mailman/listinfo/boston-pm >> > > -- Bill @n1vux bill.n1...@gmail.com
_______________________________________________ Boston-pm-announce mailing list Boston-pm-announce@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm-announce
