On Mon, 2015-04-27 at 10:45 -0400, Jan Kurik wrote:
> Hi all!
> Fedora 22 is at its Beta stage now, so it is time to take a closer look on Fedora 23 plans.
A change I should have proposed earlier but didn't have the time, is to
disable SSL 3.0 and RC4 from F23 by default. That will only affect
openssl and gnutls-based applications.
https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4
Ruxcon 2015 Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.
This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre, Melbourne, Australia.
The deadline for submissions is the 30th of June, 2015.
.[x]. About Ruxcon .[x].
Ruxcon is ia premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.
The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.
Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.
.[x]. Important Dates .[x].
June 30 - Call For Presentations Close
October 22-23 - Breakpoint Conference
October 24-25 - Ruxcon Conference
.[x]. Topic Scope .[x].
o Topics of interest include, but are not limited to:
o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
o Web Application Security
o Network Traffic Analysis
o Wireless Network Security
o Cryptography and Cryptanalysis
o Social Engineering
o Law Enforcement Activities
o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
.[x]. Submission Guidelines .[x].
In order for us to process your submission we require the following information:
1. Presentation title
2. Detailed summary of your presentation material
3. Name/Nickname
4. Mobile phone number
5. Brief personal biography
6. Description of any demonstrations involved in the presentation
7. Information on where the presentation material has or will be presented before Ruxcon
To submit a presentation please use our submission form: http://goo.gl/WXNBvr
* As a general guideline, Ruxcon presentations are between 45 and 60 minutes, including question time.
.[x]. Contact .[x].
o Email: presentations(a)ruxcon.org.au
o Twitter: @ruxcon
On Thu, 2015-04-02 at 16:18 +0200, Thomas Calderon wrote:
> Hi,
> Example of server process that are PKCS#11 compatible:
> * Daemons:
It would be really useful to have a wiki which explains how to setup the
daemons with caml-crush. I've setup a temporary page at
https://fedoraproject.org/wiki/User:Nmav/caml-crush
> Of course wider support would be great (sshd, postfix, dovecot, etc),
sshd already uses privilege separation so the keys are already outside
the server context. Unfortunately it is one of the very few servers that
does that. Everything else would be nice to support it though.
> Now, in order to further isolate I would recommend the following
> approach:
> Take advantage of SoftHSM being SW to create as many "slots" as there
> are use-cases (one for Apache, one for strongswan, etc).
That's a nice approach. I'll enhance the command line tool to add/remove
slots on demand.
regards,
Nikos
Hello,
I've just submitted a build of caml-crush [0] in F22. It provides the
original server in caml-crush package, and an isolated system-wide PKCS
#11 module in the caml-crush-softhsm package. The latter provides
applications and servers which support PKCS #11 with keys that are
stored outside their address space. That would prevent an attack similar
to heartbleed to extract the keys of the server.
It seems however that in Fedora we don't have many servers which can
take advantage of keys in PKCS #11. I've tested the module with
lighttpd2 and it has reasonable performance. Instructions on how to
setup keys in the module are shown in [1]. That's the first iteration of
the module, and comments and suggestions are welcome.
regards,
Nikos
[0]. https://github.com/ANSSI-FR/caml-crush
[1].
http://pkgs.fedoraproject.org/cgit/caml-crush.git/tree/README.fedora