Conference Call
LayerOne 2008 Information Technology Conference
Call for Papers
May 17 & 18, 2008
Los Angeles, California (Pasadena Hilton)
http://layerone.info/
The fifth annual LayerOne information technology conference is now
accepting submissions for topic and speaker selection. As always, we
are interested seeing a broad range of pertinent topics, and encourage
of IE8 which was released in January and it is unsure about the
differences between vulnerable and non-vulnerable instances of IE8. The
product team is still working on the fixes for the next release but MSRC
would like to make private binaries available for testing in the event
that Core postpones publication of the advisory. MSRC offers to setup a
conference call to discuss some of the challenges of fixing this bug and
why it required in-depth investigation.
. 2009-04-16:
Core Security and the Secure Windows Initiative (SWI) discuss this issue
in a conference call. The vendor states that it will obtain a list of
- 2012-02-01: Public disclosure
- 2012-01-31: Submit final public disclosure doc to HTC Global for feedback
- 2012-01-31: HTC publishes information via their web site
- 2012-01-20: Public disclosure ? postponed
- 2012-01-19: Discussion with HTC Global on their time schedule
- 2012-01-05: Conference call with HTC Global
- 2012-01-02: Public disclosure ? postponed
- 2011-12-05: Discussed public disclosure time frames with HTC and Google
- 2011-10-11: Updated all individuals and groups that are aware of the issue
- 2011-10-11: Follow-up conference call with HTC Global and Google
- 2011-09-19: Updated all individuals and groups that were aware of the issue
. 2010-05-28:
Vendor acknowleges receipt of the previous mail.
. 2010-06-01:
Vendor requests a conference call to discuss this case.
. 2010-06-01:
Core asks about the agenda for the conference call; whether it will be
to discuss technical matters about the bug or to negotiate the
disclosure timeline.
. 2011-03-17:
Vendor acknowledges reception of the last email.
. 2011-03-18:
MSRC requests to set up a conference call to discuss this issue next
Monday 21st.
. 2011-03-21:
MSRC asks for a conference call to discuss this issue.
02/09/2009 Microsoft reports status
02/26/2009 Microsoft reports status
03/27/2009 Microsoft reports status
04/23/2009 Microsoft reports status, predicts September release
05/13/2009 Microsoft reports status, predicts October release
05/21/2009 Microsoft requests conference call
06/03/2009 Conference call takes place
06/05/2009 Microsoft supplies corrected ATL headers and requests review
07/28/2009 Public disclosure via MS09-035 out-of-band bulletin
07/29/2009 Material presented at BlackHat USA
08/11/2009 Microsoft publishes MS09-037
Given all the publicly known facts Core deems active exploitation imminent
and therefore still plans to release the security advisory on Monday Sept.
24th in order to provide precise details to help users become aware of the
risk they are exposed to and to deploy countermeasures to prevent active
exploitation.
*2007-09-21*: Email received from AOL PVT requesting a conference call to
discuss the issues reported and how to handle them.
*2007-09-21*: Conference call between Core Security advisories team,
Core's bug discoverer and AOL PVT. AOL reported that the current version
of AIM 6.5 addresses the bugs reported and that AOL could replicate the
test of the service-side filters and had fixed the bypass. Availability of
Given all the publicly known facts Core deems active exploitation imminent
and therefore still plans to release the security advisory on Monday Sept.
24th in order to provide precise details to help users become aware of the
risk they are exposed to and to deploy countermeasures to prevent active
exploitation.
*2007-09-21*: Email received from AOL PVT requesting a conference call to
discuss the issues reported and how to handle them.
*2007-09-21*: Conference call between Core Security advisories team,
Core's bug discoverer and AOL PVT. AOL reported that the current version
of AIM 6.5 addresses the bugs reported and that AOL could replicate the
test of the service-side filters and had fixed the bypass. Availability of
requests that Core coordinates its advisory release with Microsoft's
bulletin and new product launch on March 9th, 2010.
. 2010-02-24:
Microsoft informs Core that they ran into some issues with this update,
and requests a conference call to discuss options.
. 2010-02-25:
Conference call between Core and MSRC. Microsoft informs Core that fixes
for Movie Maker are ready to be released, but that the release of a new
version of Producer (alongside the release of Office 2010) has been
02/09/2009 Microsoft reports status
02/26/2009 Microsoft reports status
03/27/2009 Microsoft reports status
04/23/2009 Microsoft reports status, predicts September release
05/13/2009 Microsoft reports status, predicts October release
05/21/2009 Microsoft requests conference call
06/03/2009 Conference call takes place
07/29/2009 Material presented at BlackHat USA
08/11/2009 Public disclosure via MS09-037
IX. CREDIT
02/09/2009 Microsoft reports status
02/26/2009 Microsoft reports status
03/27/2009 Microsoft reports status
04/23/2009 Microsoft reports status, predicts September release
05/13/2009 Microsoft reports status, predicts October release
05/21/2009 Microsoft requests conference call
06/03/2009 Conference call takes place
07/28/2009 Public disclosure via MS09-035 out-of-band bulletin
07/29/2009 Material presented at BlackHat USA
IX. CREDIT
LayerOne 2009 Security Conference
Call for Papers
May 23 & 24, 2009
Anaheim, California (Anaheim Marriott)
http://layerone.info/
The sixth annual LayerOne security conference is now accepting
submissions for topic and speaker selection. As always, we are
interested seeing a broad range of pertinent topics, and encourage all
XCon 2009 XFocus Information Security Conference Call for Paper
August, 18th - 19th, 2009, Beijing, China (http://xcon.xfocus.net)
Upholding rigorous work style , Xcon sincerely welcomes contributions from information security technique enthusiasts and expects your participation and sharing.
Attenders
Anyone who loves information security, including information security experts and fans, network administrators, network security consultants, CIO, hacker technique fans.
Location : Beijing kaiyuan Hotel ( http://www.kaiyuanhotels.com/jiudian/beijing_index.asp )
exploit variant for Internet Explorer bug that has already been patched
in IE 8 but its part of an ongoing report for other IE versions.
. 2009-06-01:
Microsoft says that the PoC corresponds to a separate bug than the one
reported in CORE-2008-0826. On a conference call Core Security
Technologies indicates that it considers the bug just a variant of the
previously reported one. Microsoft replies that although both cases
appear to expose the same functionality the actions are actually
controlled by different code and that the differences are significant
enough to consider this a separate issue. Microsoft will further
XCon 2012 XFocus Information Security Conference Call for Paper
August, 15th–16th , 2012, Beijing, China (http://xcon.xfocus.net)
Upholding rigorous work style, XCon sincerely welcomes contributions from information security technique enthusiasts and expects your participation and sharing.
Attenders:
Anyone who loves information security, including information security experts and fans,network administrators, network security consultants, CIO, hacker technique fans.
Location : Beijing Jin Tai Hotel ( http://www.bjjintaihotel.com )
XCon 2011 XFocus Information Security Conference Call for Paper
September, 1st – 2nd, 2011, Beijing, China (http://xcon.xfocus.net)
Upholding rigorous work style, XCon sincerely welcomes contributions from information
security technique enthusiasts and expects your participation and sharing.
Attenders:
Anyone who loves information security, including information security experts and fans,
network administrators, network security consultants, CIO, hacker technique fans.
XCon 2010 XFocus Information Security Conference Call for Paper
August, 4th - 5th, 2010, Beijing, China (http://xcon.xfocus.net)
Upholding rigorous work style , XCon sincerely welcomes contributions from information security technique enthusiasts and expects your participation and sharing.
Attenders
Anyone who loves information security, including information security experts and fans, network administrators, network security consultants, CIO, hacker technique fans.
Rocky Mountain Information Security Conference
Call for Papers
Friday, May 13, 2011
(PreConference Workshops on Thursday, May 12, 2011)
Sheraton Denver Downtown
Denver, CO 80202
DEADLINE FOR PAPER SUBMISSION: FEBRUARY 11, 2011
Go Here to Submit a Paper:
***BEGIN THOTCON TRANSMISSION***********
What: THOTCON 0x1
When: Friday, April 23, 2010
Where: TBA - 1 Week Prior to Conference
Call For Papers Opens: October 1, 2009
Call for Papers Closes: January 1, 2010
*** ABOUT ******************************
THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a new
small venue hacking conference based in Chicago IL, USA. This is a
states that by delaying publication of the currently available patches
to users that could fix the problem immediately, the vendor is
penalizing them and maintaining them at risk unnecessarily.
. 2008-06-03: Vendor requests details of the claim that the issue can be
reproduced without OE/Mail being installed. Vendor proposes to arrange a
conference call to discuss the technical issue.
. 2008-06-03: Core responds that in fact the issue can be reproduced
after OE has been un-installed; that Core prefers to continue the
discussion by email, to keep the advisories on the loop and to properly
document communications with the vendor. Core requests a response to the
proposal that Microsoft releases the patches that are ready in the June
1. the Core Security Advisories Team,
2. the Zoho team and,
3. the discoverer of the vulnerability.
If there is something that cannot be resolved via email, Core team can
eventually send a phone number to set up a conference call, but that is
not necessary at the moment.
. 2011-01-20:
The Zoho team notifies that the vulnerabilities highlighted in the
document will be addressed in the upcoming release of ADSelfService
2011-06-22: Update from vendor to postpone the publishing date again
2011-06-23: Update from vendor with more information about the fixing
schedule
2011-06-28: Contacted vendor accepting a possible postponing of the
July 12th publishing date, also offering dates for a
phone-conference call
2011-06-28: Answer from vendor about dates for phone-conference call
2011-06-29: New offering of dates for phone-conference call
2011-07-13: Conference call
2011-08-21: Contacted vendor about updates
2011-08-22: Update from third party will be in october, so patch from
XCon 2010 XFocus Information Security Conference Call for Paper
August, 4th - 5th, 2010, Beijing, China (http://xcon.xfocus.net)
Upholding rigorous work style , XCon sincerely welcomes contributions from information security technique enthusiasts and expects your participation and sharing.
Attenders
Anyone who loves information security, including information security experts and fans, network administrators, network security consultants, CIO, hacker technique fans.
approach
2010-03-11 VSR reviewed the Cisco release notes on potential CSS bug fix
and provided Cisco with notice indicating that these
fixes are inadequate
2010-03-12 Cisco confirmed receipt of correspondence
2010-04-07 Conference call between VSR and Cisco to discuss security
ramifications and understand implementation specifics of Cisco
ACE
2010-05-21 VSR performed testing against Cisco ACE 4710 in a lab
verifying
end-of-line parsing issue in default class map configuration
|
