If you don't already have a speaker, I'd be happy to talk about the multi-language DoS issue that you mentioned. I've been an application security guy in the past (although I've been purely a developer for the last few years) and I wouldn't mind an excuse to research a security issue again. If you give me a reasonable lead time, I'm confident that I could put together a presentation explaining the hash DoS vulnerability.
-- David Larochelle On Sat, Dec 31, 2011 at 1:16 AM, Bill Ricker <[email protected]> wrote: > I am unavailable on the tenth, but I have confirmed the room. > > Sean Quinlan [email protected] has agreed to act as Facilitator. RSVP to > him > next weekend/week. Folks working on something should volunteer to speak > for a minute or an hour to him. > > We still need a speaker. > > Perhaps someone would like to explain the "new" multi-language web DoS > threat that doesn't affect Perl (but affects Python & PHP). > > http://www.nruns.com/_downloads/advisory28122011.pdf > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4885 > https://isc.sans.edu/diary.html?storyid=12286 > http://www.hnsearch.com/search#request/all&q=hash+collision > > Reported 2003 > http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf > > Fixed in Perl 2005 > http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks > > > > This will be the last time in the "summer" room E51-*376*. > We'll return to old traditional E51-*372* for Feb - May. (confirmed) > > Speaking of security ... if your home (or office) router has WPS simple > setup feature, *TURN WPS OFF. NOW.* > Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability > > https://isc.sans.edu/diary/Wi-Fi+Protected+Setup+WPS+PIN+Brute+Force+Vulnerability/12292 > > -- > Bill > @n1vux [email protected] > > _______________________________________________ > Boston-pm mailing list > [email protected] > http://mail.pm.org/mailman/listinfo/boston-pm > _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
