Paris, France
-= =-
-= Hackito Ergo Sum 2012 - HES2012 Final CFP =-
-= =-
-= ** http://2012.hackitoergosum.org ** =-
-= =-
-= 12-14 April 2012 / Paris / France =-
-= =-
°==============================================================°
Kak dela Komrad,
Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP
** http://hackitoergosum.org **
7-9 April 2011 / Paris / France
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
111111111111111111111111111111111111111111111111111111111111111111111111
Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
http://hackitoergosum.org
Hackito Ergo Sum conference will be held from April 8th to 10th 2010
in Paris, France.
It is part of the series of conference "Hacker Space Fest" taking
place since 2008 in France and all over Europe.
HES2010 will focus on hardcore computer security, insecurity,
vulnerability analysis, reverse engineering, research and hacking.
Hash: SHA1
[ We apologize in case you get double postage. Please Spread ;) ]
We are please to annouce the schedule of the first Hackito Ergo Sum
Conference, to be held in Paris, France, from April 8th to 10th.
- --[ Conference details
* Location:
Pr. Herv Guyennet, LIFC, France
Dr. Volkmar Lotz, SAP, France *
Pr. Philippe Mathieu, University of Lille, France
Dr. Srinivas Mukkamala, New Mexico Tech, USA *
Dr. Franck Panaget, France Telecom R&D, France *
Pr. Pierre Paradinas, CNAM Paris, France *
Dr. Emmanuel Prouff, Oberthur Card Systems, France
Dr. Michael Rusinowitch, INRIA Lorraine, France
Dr. Luca Spalazzi, Universita' Politecnica delle Marche, Italy
Pr. Pascal Urien, ENST, France *
- Night Da Hack 2010
Date: June 19-20 2010
Time: 4 PM - 7 AM
Location: Paris, France
What is Night da Hack?
“Night da Hack” comes from a rough translation from French “Nuit du Hack”. Started in 2003 by Hackerz Voice team, and inspired by world famous DEF CON, “Nuit du Hack” is one of the oldest French underground hacking conference.
Around computer security related talks, workshops and contests, Night da Hack aims at bringing together corporate IT professionals and hackers, no matter their skill-level. They will discover the latest technical advances in this area and assess their skills.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-2695
Eric Paris provided several fixes to increase the protection
provided by the mmap_min_addr tunable against NULL pointer
dereference vulnerabilities.
CVE-2009-2903
able to read this data for setuid processes while the ELF binary
is being loaded.
CVE-2009-2695
Eric Paris provided several fixes to increase the protection
provided by the mmap_min_addr tunable against NULL pointer
dereference vulnerabilities.
CVE-2009-3080
Problem type : local(remote)
Debian-specific: no
CVE ID : CVE-2011-2696
Hossein Lotfi discovered an integer overflow in libsndfile's code to
parse Paris Audio files, which could potentially lead to the execution
of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.17-4+lenny3.
- ----------
Cert-Lexsi, Division of LEXSI, is an international team dedicated to
cybercrime mitigation, vulnerability management and incident response
handling.
Cert-Lexsi employs researchers, developers, analysts and consultants
working 24/7 from Montreal, Paris, Geneva and Singapore.
More information:
http://cert.lexsi.com/
- ----------
LD_DEBUG has always been a a good candidate for getting error messages on
Linux. The behaviour of LD_DEBUG was modified a few years ago in response to
some minor complaints about information leaks, but it can still be used with a
slight modification (I first learned of this technique from a bugtraq posting
by Jim Paris in 2004, http://seclists.org/bugtraq/2004/Aug/281).
The exploit flow for this alternative attack is a little more complicated, but
we can still use the shell to do it (this session is from an FC13 system,
output cleaned up for clarity).
Cheers,
- --
Eloy Paris
Cisco Product Security Incident Response Team (PSIRT)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqO0qAACgkQagjTfAtNY9hpqgCcDk4ruXQJawvZvu3AOBMmk6Gv
On Mon 2009-11-02 18:53:19, Martin Rex wrote:
> Jim Paris wrote:
> >
> > > Therefor it's totally of no influence what you do with the original
> > > directory permission. File access has nothing to do with directory
> > > permissions...!
> >
> > Right. However the whole point of this discussion is that that is a
> > non-obvious point, there was no other way that the user could have
> > opened that file without the use of /proc.
Folks,
We've uploaded the slides used during part of our training "Hacking IPv6
Networks" at the Hack in Paris 2011 Conference. The slides are available
at: http://www.hackingipv6networks.com/past-trainings
They contain quite a few insights about IPv6 security, along with a
number of practical examples.
Thanks!
Hello everyone,
Save the date, Hackito Ergo Sum 2012 will take place in Paris from the
12th April to 14th of April 2012.
As you know, this event is community-driven, not for profit event. We
will try to have a good presentation level, nice challenges and
excellent atmosphere bringing together every side of the hacking and
security research community.
spam address than a regular mail address therefore it's possible that
some mails get ignored. Please use the contact details at
http://morph3us.org/ to contact me.
Greets fly out to..
* cyrus-tc: how are the Paris chicks, bro?
* fallout: let the 'curtain show' never end.. :oP
* trappy: skill0r!1!!
.. echox, Killsystem, Neon, Rodnox and all members of BuHa.
Linus Torvalds provided a change to the get_random_int() function
to increase its randomness.
CVE-2009-3286
Eric Paris discovered an issue with the NFSv4 server
implementation. When an O_EXCL create fails, files may be left
with corrupted permissions, possibly granting unintentional
privileges to other local users.
CVE-2009-3547
Cheers,
--
Eloy Paris.-
CCIE #19207
Product Security Incident Response Team (PSIRT)
Cisco Systems, Inc.
security vulnerabilities and welcomes the opportunity to review and
assist in product reports.
Thanks,
Eloy Paris.-
Cisco PSIRT
http://www.cisco.com/go/psirt/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Besanon is situated at the crossing of two major lines of
communication, the NE-SW route, following the valley of the river Doubs,
and linking Germany and North Europe with Lyon and southwest Europe, and
the N-S route linking northern France and the Netherlands with
Switzerland. A key staging post on the Strasbourg-Lyon (Germany-Spain)
route, it also has direct high-speed train (TGV) links with Paris,
Charles de Gaulle International Airport, and Lille. Unusually for a town
of its size, it does not have a commercial airport, though two
international airports, EuroAirport Basel-Mulhouse-Freiburg and Lyon
Saint-Exupry International Airport, can be reached in about 2 hours.
Besanon is situated at the crossing of two major lines of
communication, the NE-SW route, following the valley of the river Doubs,
and linking Germany and North Europe with Lyon and southwest Europe, and
the N-S route linking northern France and the Netherlands with
Switzerland. A key staging post on the Strasbourg-Lyon (Germany-Spain)
route, it also has direct high-speed train (TGV) links with Paris,
Charles de Gaulle International Airport, and Lille. Unusually for a town
of its size, it does not have a commercial airport, though two
international airports, EuroAirport Basel-Mulhouse-Freiburg and Lyon
Saint-Exupry International Airport, can be reached in about 2 hours.
http://frhack.org/venue.html
========================================================================
/tmp/lab announces the second Hacker Space Festival
(Paris, 26-30 June 2009)
========================================================================
Hacker Space Festival 2009 | Call For Proposals | HSF2009
In 2008, we organized HSF[1] on the spot, as an ad-hoc meeting for
hackerspaces-related networks, technical and artistic research emerging
from them and social questionning arising from them. This sudden
A vulnerability was discovered and corrected in libsndfile:
An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way the libsndfile library processed certain
Ensoniq PARIS Audio Format (PAF) audio files. An attacker could
create a specially-crafted PAF file that, when opened, could cause
an application using libsndfile to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2011-2696).
Jim Paris wrote:
>
> > Therefor it's totally of no influence what you do with the original
> > directory permission. File access has nothing to do with directory
> > permissions...!
>
> Right. However the whole point of this discussion is that that is a
> non-obvious point, there was no other way that the user could have
> opened that file without the use of /proc.
Best regards,
Marco
On 29 okt 2009, at 21:10, Jim Paris wrote:
>>> 0700 mode from the origin, you would be right, and procfs wouldn't
>>> allow
>>> opening files in that directory too, but if you let others to
>>> traverse
Best regards,
Marco
On 29 okt 2009, at 21:10, Jim Paris wrote:
>>> 0700 mode from the origin, you would be right, and procfs wouldn't
>>> allow
>>> opening files in that directory too, but if you let others to
>>> traverse
Linus Torvalds provided a change to the get_random_int() function
to increase its randomness.
CVE-2009-3286
Eric Paris discovered an issue with the NFSv4 server
implementation. When an O_EXCL create fails, files may be left
with corrupted permissions, possibly granting unintentional
privileges to other local users.
CVE-2009-3547
|
