|
|
| |
|
| |
Security
On July 10th, a report of
remote filesystem access and screen-locking passcode disclosure
vulnerabilities
in Sharp Zaurus was released by
the Syracuse
University Center for Systems
Assurance.
The first is a little scary: the sync service gives anybody with network access to the Zaurus (through a wireless net, say) the ability to overwrite any file on the filesystem. The second is a problem with relatively weak encryption of passwords.
It was pointed out, on posts to BugTraq, that Sharp did mitigate,
but not resolve, the remote filesystem access risk by restricting access to the vulnerable port.
Sharp has apparently known about these problems for more than a month, but no update is yet available
that fixes them.
The Zaurus developer community apparently knew about the
remote filesystem access
vulnerability as early as March 29th.
An independently compiled list of problems with the Zaurus, that
last updated May 6th, includes the remote filesystem access vulnerability
and some pointed comments on Sharp's management.
The Zaurus SL5000D and SL5500 are palmtop computers with great potential, but the maker, Sharp Electronics, has botched several things and has not taken any steps to deal with the issues even though they have had feedback about most of the problems below on the developer web site for months. Unfortunately Sharp has not answered the concerns raised by developers during the beta period. The SL5500 is now a released product and the general public will begin to run into these problems. It is sad that Sharp has refused to fix the problems with their unit as the Zaurus may be a first introduction to Linux/Unix systems for many users. The problems the Zaurus has will give the false impression to new users that the problems are with Linux in general rather than with the choices that Sharp made in implementing Linux on the Zaurus.
Richard Shim reported on the security vulnerabilities for
News.com, including his own
comments on Sharp's management
of Zaurus development.
Linux is an open-source operating system, giving developers equal access to the code. Many consider that an advantage in a situation like this, as security flaws are found quickly and fixes and other software improvements can be added by a whole community of programmers, not just those employed by a particular company. However, Sharp has not released the source code for the Zaurus' particular operating system to the open-source community, nor has it integrated any community updates to its OS, choosing instead to go a more proprietary route.
[...]
"Sharp committed to Linux and the open-source community, but they've realized that they don't want to live the lifestyle," said a source familiar with the company's plans. Comments (1 posted)
Brief items
The Register speaks about a recent security study from security
consultancy Mi2g.
" Attacks on Linux and open source Web applications appear to have risen sharply
this year, while attacks on Windows systems are markedly down. That's the
conclusions of a study by security consultancy mi2g after it compiled a
database on attacks culled from data from defacement archives (such as
alldas.org), hacker bulletin boards and 'information from automatic
robots'."
Comments (2 posted)
News.com
writes about
a report by U.K.security consultancy MI2g that claims that successful
hacks on Linux web servers are on the rise.
" In the past, hackers and virus writers have largely focused their efforts on the Windows platform, as its dominance on desktop PCs makes it a ready target. However, Linux has a large share of the Web server market, and Linux server applications are often vulnerable to attack because of mismanagement, according to the study."
Comments (none posted)
This is the seventh revision of Debian GNU/Linux 2.2 (codename `potato')
which mainly adds security updates to the stable release, along with a
few corrections of serious bugs.
Full Story (comments: none)
ZDNet looks at
vulnerabilities in SCADA systems
" Currently, power grids, dams, and other industrial facilities are monitored by Supervisory Control and Data Acquisition (SCADA) systems; approximately three million of these exist throughout the world. Based on telemetry and simple data acquisition, they give scant regard to security, often lacking the memory and bandwidth for sophisticated password or authentication systems. SCADA typically runs on DOS, VMS, and Unix platforms, although vendors are now shipping Windows NT and Linux versions, as well."
Comments (none posted)
Bruce Schneier's CRYPTO-GRAM newsletter for July is out; it looks at
security threats to embedded devices, the "Perrun" virus, and more.
" I have long suspected a cozy little link between virus writers and
antivirus software makers. The latter certainly needs the former, both to
keep viruses in the news and to provide a steady revenue stream from
updates. And here's an example of them sharing information."
Full Story (comments: 1)
Security reports
CARE 2002
version 1.0.0.2 fixes file disclosure and sql injection vulnerabilities.
CARE 2002 is an open source software package for hospitals,
clinics and private medical practices.
The first beta version of CARE 2002 was created by
Elpidio Latorilla.
Full Story (comments: none)
Ulf Harnhammar reports file upload, file download and cross site scripting vulnerabilities in
Double Choco Latte which are fixed in
version 20020706.
Double Choco Latte is a package that provides basic project
management capabilities, time tracking on tasks, call tracking,
email notifications, online documents, statistical reports,
a report engine, and more features are either working or being
developed/planned. It is licensed under the GPL (GNU Public License),
which means it is free to study, distribute, modify, and use.
Full Story (comments: none)
Matt Moore reports two vulnerabilities in GoAhead Web Server v2.1:
- Cross Site Scripting via 404 messages.
- Read arbitrary files from the server running GoAhead(Directory Traversal)
Full Story (comments: none)
New vulnerabilities
libpng buffer overflow vulnerability
| Package(s): | libpng libpng2 libpng3 |
CVE #(s): | |
| Created: | July 17, 2002 |
Updated: | August 19, 2002 |
| Description: |
Versions of libpng prior to
1.2.4 and 1.0.14 have a buffer
overflow vulnerability that could lead to remote code execution.
Since libpng is used by programs that talk to the outside
world (i.e. mozilla), it is worth upgrading.
libpng is the official PNG reference library. It supports almost all PNG features, is extensible, and has been extensively tested for over five years.
|
| Alerts: |
|
Comments (2 posted)
Updated vulnerabilities
Acrobat reader temporary files
| Package(s): | acroread |
CVE #(s): | |
| Created: | July 8, 2002 |
Updated: | July 10, 2002 |
| Description: |
There is a symlink attack vulnerability in Acrobat Reader 5.05.
Acroread uses a file it creates with wide open permissions (mode 666) in /tmp; it also follows symlinks.
See the report of the bug in Acrobat Reader
5.05 for the details. The problem has also been
reported in version 4.05.
|
| Alerts: |
|
Comments (none posted)
Heap corruption vulnerability in at
| Package(s): | at at, sudo, xchat |
CVE #(s): | CAN-2002-0004
|
| Created: | May 21, 2002 |
Updated: | May 15, 2003 |
| Description: |
The at command has a
potentially exploitable heap corruption bug.
(First LWN report: January 17th).
|
| Alerts: |
|
Comments (none posted)
Denial of service vulnerability in version 9 of BIND
| Package(s): | bind |
CVE #(s): | CAN-2002-0400
|
| Created: | June 5, 2002 |
Updated: | August 19, 2002 |
| Description: |
Here is an advisory from the Computer Emergency Response Team (CERT)
regarding the denial of service vulnerability in version 9 of the BIND
nameserver, up to 9.2.1. An attacker can send a properly crafted packet
which triggers a check within BIND and causes it to shut down. The
vulnerability can not be exploited for any purpose beyond denial of
service, but that is bad enough; if you are running BIND 9, an upgrade
is probably a good idea.
Note that many or most systems out there will still be running
BIND 8, and thus will not be vulnerable.
News articles on the vulnerability appear in the
Register
and
Network World Fusion News. |
| Alerts: |
|
Comments (none posted)
bind buffer overflow vulnerability in DNS resolver libraries
| Package(s): | bind glibc |
CVE #(s): | CAN-2002-0651
CAN-2002-0684
|
| Created: | July 8, 2002 |
Updated: | October 1, 2003 |
| Description: |
The BIND 4.9.8-OW2 patch and BIND 4.9.9 release (and thus 4.9.9-OW1)
include fixes for a libc related vulnerability which does not
affect Linux. Updates from
the Internet Software Consortium (ISC)
are available from here.
No release or branch of Openwall GNU/*/Linux (Owl) is known to be
affected, due to Olaf Kirch's fixes for this problem getting into the
GNU C library more than two years ago.
Unfortunatly that does not mean that Linux systems are not vulnerable.
Similar code, without Olaf Firch's fixes,
is in the glibc getnetbyXXX functions.
These functions are described in the SuSE alert as
"
used by very few applications only, such as ifconfig and ifuser,
which makes exploits less likely."
CERT Advisory: CA-2002-19
Buffer Overflow in Multiple DNS Resolver Libraries
CAN-2002-0651
CAN-2002-0684 |
| Alerts: |
|
Comments (1 posted)
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
| Package(s): | ethereal |
CVE #(s): | CAN-2002-0012
CAN-2002-0013
CAN-2002-0353
CAN-2002-0401
CAN-2002-0402
CAN-2002-0403
CAN-2002-0404
|
| Created: | June 12, 2002 |
Updated: | October 27, 2002 |
| Description: |
Ethereal 0.9.4
was released
on May 19, 2002 fixing four potential security issues in Ethereal 0.9.3:
- The SMB dissector could potentially dereference a NULL pointer in two cases.
- The X11 dissector could potentially overflow a buffer while parsing keysyms.
- The DNS dissector could go into an infinite loop while reading a malformed packet.
- The GIOP dissector could potentially allocate large amounts of memory.
No known exploits exist "in the wild" at the present time for any of these issues.
Ethereal 0.9.2 has several packet handling vulnerabilities
that are best avoided by upgrading to 0.9.4.
The PROTOS test
suite found some flaws in SNMP and LDAP protocols support.
Malformed packets could also crash ethereal 0.9.2 due to a
ASN.1 zero-length g_malloc problem.
The zlib "double free" vulnerability
was addressed by the updates for that bug from many distributors. |
| Alerts: |
|
Comments (none posted)
GNU fileutils race condition
| Package(s): | fileutils ucdsnmp |
CVE #(s): | CAN-2002-0435
|
| Created: | May 21, 2002 |
Updated: | May 16, 2003 |
| Description: |
A race
condition in rm may cause the root user to delete the whole filesystem.
The problem exists in the version of rm in
fileutils
4.1 stable and 4.1.6 development version. A patch
is available.
(First LWN
report: May 2).
|
| Alerts: |
|
Comments (none posted)
Buffer overflow problem in glibc
| Package(s): | glibc glibc/shlibs, glibc, nscd |
CVE #(s): | CAN-2001-0886
|
| Created: | May 21, 2002 |
Updated: | July 14, 2002 |
| Description: |
The glibc filename globbing code has a buffer overflow problem.
For those who are interested, Global InterSec LLC has provided
a detailed description
of this vulnerability.
This problem was first reported by LWN on December 20th.
|
| Alerts: |
|
Comments (2 posted)
Buffer overflow in groff
| Package(s): | groff |
CVE #(s): | CAN-2002-0003
|
| Created: | May 21, 2002 |
Updated: | December 9, 2002 |
| Description: |
The groff package has a buffer overflow
vulnerability; if it is used with the print system, it is conceivably
exploitable remotely.
|
| Alerts: |
|
Comments (none posted)
UW imapd remotely exploitable buffer overflow
| Package(s): | imap |
CVE #(s): | CAN-2002-0379
|
| Created: | June 5, 2002 |
Updated: | December 20, 2002 |
| Description: |
UW imapd versions 2000c and prior allow remote authenticated users to execute code via a buffer overflow. A malicious user can craft
a request to run commands on the server under their UID and GID.
(First LWN report: May 23). |
| Alerts: |
|
Comments (2 posted)
Apache mod_ssl off-by-one local code execution and DoS vulnerability
| Package(s): | libapache-mod-ssl mod_ssl |
CVE #(s): | CAN-2002-0653
|
| Created: | July 2, 2002 |
Updated: | August 14, 2002 |
| Description: |
Mod-ssl provides strong cryptography for the Apache webserver
via the Secure Sockets Layer (SSL).
A maliciously-crafted .htaccess file, may
be used by an attacker to execute arbitrary
commands as the httpd user or launch a denial of service attack.
The problem is fixed in mod_ssl 2.8.10 which is available
from here.
For more information see the announcement. |
| Alerts: |
|
Comments (none posted)
LPRng accepts jobs from any host.
| Package(s): | LPRng |
CVE #(s): | CAN-2002-0378
|
| Created: | June 12, 2002 |
Updated: | October 31, 2002 |
| Description: |
Matthew Caron pointed out that LPRng's default configuration accepts job submissions from any host.
This could be an especially annoying vulnerability for adminstrators
with systems exposed to the general public.
|
| Alerts: |
|
Comments (none posted)
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
| Package(s): | mailman |
CVE #(s): | CAN-2002-0388
|
| Created: | June 5, 2002 |
Updated: | August 28, 2002 |
| Description: |
Barry A. Warsaw announced
the release of Mailman 2.0.11
"which fixes two
cross-site scripting exploits, one reported by "office" in the admin
login page, and another reported by Tristan Roddis in the Pipermail
index summaries.
It is recommended that all sites upgrade their 2.0.x systems to this
version."
|
| Alerts: |
|
Comments (none posted)
Mozilla XMLHttpRequest file disclosure vulnerability
| Package(s): | mozilla |
CVE #(s): | CAN-2002-0354
|
| Created: | May 21, 2002 |
Updated: | October 18, 2002 |
| Description: |
This XMLHttpRequest security
bug impacts all Mozilla-based browsers. "The bug is found in versions of
Mozilla from 0.9.7 to 0.9.9 on various operating
system platforms, and in Netscape versions 6.1 and
higher."
(First LWN
report: May 2).
|
| Alerts: |
|
Comments (none posted)
nn remote code execution vulnerability
| Package(s): | nn |
CVE #(s): | |
| Created: | July 9, 2002 |
Updated: | July 10, 2002 |
| Description: |
A NNTP server may be used, maliciously, to
remotely execute code through the nn client.
Nn is a popular Unix newsreader. Versions prior to
6.6.3 are vulnerable.
The problem is fixed in nn 6.6.4 which is available here.
For more information, see the
security advisory.
|
| Alerts: |
(No alerts in the database for this vulnerability)
|
Comments (none posted)
String format bug in pam_ldap logging
| Package(s): | nss_ldap |
CVE #(s): | CAN-2002-0374
|
| Created: | June 5, 2002 |
Updated: | October 29, 2002 |
| Description: |
The nss_ldap package includes the pam_ldap module for
authenticating a user with an LDAP database.
Pam_ldap versions prior to 144 have a string format
bug in the logging mechanism. |
| Alerts: |
|
Comments (none posted)
Remotely exploitable vulnerability in pine
| Package(s): | pine |
CVE #(s): | CAN-2002-0014
|
| Created: | May 21, 2002 |
Updated: | November 27, 2002 |
| Description: |
Pine has an
unpleasant
vulnerability in URL handling vulnerability which can lead to
command execution by remote attackers.
(First LWN report: January 17th).
This vulnerability is remotely exploitable; updating is a good idea.
Note: If an update isn't yet available for your distribution,
setting enable-msg-view-urls to "off" in pine's setup will
avoid the vulnerability. (Thanks to Greg Herlein).
|
| Alerts: |
|
Comments (none posted)
Sharutils potential privilege escalation using uudecode
| Package(s): | sharutils |
CVE #(s): | CAN-2002-0178
|
| Created: | May 21, 2002 |
Updated: | October 31, 2002 |
| Description: |
According to the CVE entry,
"uudecode, as available in the sharutils package before 4.2.1, does not
check whether the filename of the uudecoded file is a pipe or symbolic
link, which could allow attackers to overwrite files or execute commands."
(First LWN
report: May 16).
|
| Alerts: |
|
Comments (none posted)
Squid DNS vulnerability fixed in Squid-2.4.STABLE6
| Package(s): | squid |
CVE #(s): | CAN-2002-0163
|
| Created: | July 8, 2002 |
Updated: | July 10, 2002 |
| Description: |
A malicously crafted DNS reply can cause Squid
versions up to and including 2.4.STABLE4
to crash.
Squid-2.4.STABLE6 fixes the vulnerability; see
the updated
advisory from the squid team for the details. |
| Alerts: |
|
Comments (none posted)
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
| Package(s): | squid |
CVE #(s): | |
| Created: | July 8, 2002 |
Updated: | November 15, 2002 |
| Description: |
Here is the security advisory for the Squid proxy server reporting several vulnerabilities in versions up to and including 2.4.STABLE7.
Several of the bugs are believed to allow remote code execution.
The security advisory lists the following
changes:
- Several bugfixes and cleanup of the Gopher client, both
to correct some security issues and to make Squid properly
render certain Gopher menus.
- Security fixes in how Squid parses FTP directory listings into
HTML
- FTP data channels are now sanity checked to match the address
of the requested FTP server. This to prevent theft or injection
of data. See the new ftp_sanitycheck directive if this sanity
check is not desired.
- The MSNT auth helper has been updated to v2.0.3+fixes for
buffer overflow security issues found in this helper.
- A security issue in how Squid forwards proxy authentication
credentials has been fixed
|
| Alerts: |
|
Comments (none posted)
Malformed NFS packet buffer overflow vulnerability in tcpdump
| Package(s): | tcpdump |
CVE #(s): | CAN-2002-0380
|
| Created: | June 5, 2002 |
Updated: | October 9, 2002 |
| Description: |
A buffer overflow in tcpdump can be triggered by a bad NFS packet when
tracing the network. Unmodified tcpdump versions 3.6.2 and earlier are vulnerable.
|
| Alerts: |
|
Comments (none posted)
Multiple vendor telnetd vulnerability
| Package(s): | telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 |
CVE #(s): | |
| Created: | May 21, 2002 |
Updated: | October 5, 2004 |
| Description: |
This vulnerability,
originally thought to be confined to BSD-derived systems, was first covered
in the July 26th Security
Summary. It is now known that Linux telnet daemons are vulnerable as
well.
|
| Alerts: |
|
Comments (none posted)
Multiple vulnerabilities in SNMP implementations
| Package(s): | ucdsnmp ucd-snmp |
CVE #(s): | CAN-2002-0012
CAN-2002-0013
|
| Created: | May 21, 2002 |
Updated: | September 17, 2002 |
| Description: |
Most SNMP
implementations out there have a variety of buffer overflow vulnerabilities
and should be upgraded at first opportunity. See this CERT advisory for more. (First
LWN report: February 14).
|
| Alerts: |
|
Comments (none posted)
webalizer: reverse DNS buffer overflow vulnerability
| Package(s): | webalizer |
CVE #(s): | |
| Created: | May 21, 2002 |
Updated: | January 27, 2003 |
| Description: |
The cause is a buffer overflow bug.
This one sounds nasty.
If reverse DNS lookups are enabled in webalizer,
"an attacker with control over the victims DNS may spoof responses thus
triggering a buffer overflow, potentially leading to a root compromise."
Webalizer 2.01-10 "fixes this and a few
other buglets that have been discovered in the last month or so".
(First LWN report: April 18th, 2002).
|
| Alerts: |
|
Comments (none posted)
Webmin/Usermin vulnerabilities
| Package(s): | webmin |
CVE #(s): | |
| Created: | May 21, 2002 |
Updated: | January 10, 2003 |
| Description: |
Webmin is a web-based interface for
system administration for Unix.
Webmin has cross-site scripting and
session ID spoofing vulnerabilities
which are fixed in the May 6, 2002 release of version 0.970.
(First LWN
report: May 9).
This one is scary. The session ID
spoofing vulnerability allows the "possibility that arbitrary
commands may be executed with root privileges."
Upgrading is strongly recommended. At a minimum avoid the
"preconditions for a successful exploit" by disabling
password timeouts under Webmin->Configuration->Authentication.
|
| Alerts: |
|
Comments (1 posted)
Problems with libgtop_daemon
| Package(s): | wuftpd libgtop |
CVE #(s): | |
| Created: | May 21, 2002 |
Updated: | May 7, 2003 |
| Description: |
The libgtop_daemon package is a GNOME
program which makes system information available remotely.
LWN reported the remotely exploitable format
string and buffer overflow vulnerabilities in that package
on December 6th.
On November 28th
disabling the libgtop_daemon on systems where it is running until
an update is available.
Many Linux systems do not run
libgtop by default, but applying the update is a good idea anyway.
|
| Alerts: |
|
Comments (1 posted)
xchat IC server based dns query vulnerability
| Package(s): | xchat |
CVE #(s): | CAN-2002-0382
|
| Created: | June 5, 2002 |
Updated: | September 24, 2002 |
| Description: |
A malicious IRC server may
return a response to a /dns query that executes arbitrary commands
with the privileges of the user running XChat.
Versions of XChat prior to 1.8.9 are vulnerable. |
| Alerts: |
|
Comments (none posted)
Resources
David A. Wheeler has released Flawfinder
version 1.20,
"a
tool that examines C/C++ code and reports possible security flaws
in the code (sorted by risk level)."
Flawfinder works by using a built-in database of C/C++ functions with well-known problems,
such as buffer overflow risks (e.g., strcpy(), strcat(), gets(), sprintf(), and the scanf() family),
format string problems ([v][f]printf(), [v]snprintf(), and syslog()), race conditions (such as access(),
chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()), potential shell metacharacter
dangers (most of the exec() family, system(), popen()), and poor random number acquisition (such as random()).
Comments (none posted)
The July 12th Linux Advisory Watch newsletter
from LinuxSecurity.com is available.
Comments (none posted)
A number of interesting papers considering security and open source
will be presented at
the 11th USENIX Security Symposium
the week of August 5th in San Francisco, California, USA.
We noticed a few that have already been released by the authors.
-
Linux Security Modules: General Security Support for the Linux Kernel (HTML format).
"The Linux
Security Modules (LSM) project has developed a lightweight, general purpose,
access control framework for the mainstream Linux kernel that enables many
different access control models to be implemented as loadable kernel modules.
A number of existing enhanced access control implementations, including Linux
capabilities, Security-Enhanced Linux (SELinux), and Domain and Type
Enforcement (DTE), have already been adapted to use the LSM framework. This
paper presents the design and implementation of LSM and discusses the
challenges in providing a truly general solution that minimally impacts the
Linux kernel."
-
Linux Security Module Framework
(PDF format).
"This
paper presents the design and implementation of the LSM framework, a
discussion of performance and security impact on the kernel, and a brief
overview of existing security modules."
-
Deanonymizing Users of the SafeWeb Anonymizing Service
(PDF
format).
"The SafeWeb anonymizing system has been lauded by the press and
loved by its users; self-described as "the most widely used online
privacy service in the world," it served over 3,000,000 page views
per day at its peak. SafeWeb was designed to defeat content blocking
by firewalls and to defeat Web server attempts to identify users,
all without degrading Web site behavior or requiring users to
install specialized software. In this paper we describe how these
fundamentally incompatible requirements were realized in SafeWeb's
architecture, resulting in spectacular failure modes under simple
JavaScript attacks."
-
Secure Execution Via Program Shepherding
(PDF
format).
"
We introduce program shepherding, a method for monitoring control flow
transfers during program execution to enforce security policies. Program
shepherding provides three techniques as building blocks for security
policies. [...]
This system operates on unmodified native binaries, requires no
special hardware or operating system support, and runs on existing IA-32
machines under both Linux and Windows."
-
Setuid Demystified
(PDF
format).
"Access control in Unix systems is mainly based on user IDs, yet
the system calls that modify users IDs (uid-setting system calls),
such as setuid, are poorly designed, insufficiently documented, and
widely misunderstood and misused. This has caused many security
vulnerabilities in application programs.
[...]
Finally, we provide general
guidelines on the proper usage of the uid-setting system calls, and
we propose a high-level API that is more comprehensible, usable, and
portable than the usual Unix API."
-
Infranet: Circumventing Web Censorship and Surveillance
(PDF format).
"An increasing number of countries and companies routinely block or monitor
access to parts of the Internet. To counteract these measures, we propose
Infranet, a system that enables clients to surreptitiously retrieve sensitive
content via cooperating Web servers distributed across the global
Internet."
-
Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing
(PDF
format).
"The security of the vast majority of "secure" Web services rests on SSL
server PKI. However, this PKI doesn't work if the adversary can trick
the browser into appearing to tell the user the wrong thing about the
certificates and cryptography.
[...]
This paper reports the results of our work to systematically defend against
Web spoofing, by creating a trusted path from the browser to the
user."
Comments (none posted)
Events
Black Hat Inc has announced the keynote speakers for
Black Hat Briefings 2002 coming up July 31st to August 1st in Las Vegas, Nevada, USA.
Full Story (comments: none)
| Date | Event | Location |
| July 31 - August 1, 2002 | Black Hat Briefings 2002 | (Caesars Palace Hotel and Resort)Las Vegas, NV, USA |
| August 2 - 4, 2002 | Defcon | (Alexis Park Hotel and Resort)Las Vegas, Nevada |
| August 5 - 9, 2002 | 11th USENIX Security Symposium | San Francisco, CA, USA |
| August 6 - 9, 2002 | CERT Conference 2002 | Omaha, Nebraska, USA |
| August 19 - 21, 2002 | Canadian Security & Intelligence Conference(CSICON) | (Hyatt Regency)Calgary, Alberta Canada |
| August 28 - 30, 2002 | Workshop on Information Security Applications(WISA 2002) | Jeju Island, Korea |
For additional security-related events, included training courses (which we
don't list above) and events further in the future, check out
Security Focus' calendar,
one of the primary resources we use for building the above list. To
submit an event directly to us, please send a plain-text message to
lwn@lwn.net.
Comments (none posted)
Page editor: Dennis Tenney
Next page: Kernel development>>
|
|
|