[wellylug] Next Meeting (security)

Klaatu klaatu at straightedgelinux.com
Mon Feb 3 21:22:48 NZDT 2014 

I think that would be quite an interesting topic for discussion. There
is a de-centralised method of genereating SSL certs, of course, located
at http://www.cacert.org/ but in order for it to "work" you kind of have
to get into their ring of trust, which means signing off on people who
you personally trust. Perhaps that is something that wellyLUG could look
into if enough people were interested or would find it useful.

There was another de-centralised movement a while ago called
http://convergence.io/ but I have not really seen much activity around
it lately. I am not sure if it is still active or relevant, but the idea
was that you could choose to inherit trust from users you know; in other
words, if I vouched for a website as trustworthy and you trusted me,
then you could set your browser to therefore trust the site or sites
that I have vouched for. Theoretically, with enough participation, quite
a web of trust would be formed.

Anyway ... interesting topic. I'm definitely all for de-centralising the
SSL racket.

-klaatu


On 02/03/2014 08:29 PM, Christian Gagneraud wrote:
> On 01/27/2014 08:00 AM, Hugh Davenport wrote:
>> Hi Guys/Gals,
>>
>> Hope you had a great holiday season, and you are ready for the new year.
> 
> Hi everyone,
> 
> I have recently receive a suspicious email that has been flag as spam
> (yes i check my spam box, because there's unfortunately real emails
> sneaking in). And i wouldn't mind to hear someone familiar with security
> what he/she thinks of it. Anyone fancy have a look at it during the next
> meeting?
> This email is so short and simple that i think it could be a bug from a
> spammer, or simply a test or a probe email.
> 
> Other stuff i would be interested to talk about is for example this
> announce: http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
> I found that while duckduckgoing about thunderbird vulns, it made me
> laugh at the end because it is an issue about a "rogue" SSL certificate
> "issued" by the French government (the "money" branch of it) and used on
> an unkonwn "MIM device" - I went paranoid for at least 5 minutes! ;)
> But honestly, I would love to hear someone competent commenting about
> that one! for example: how about CRLs and "chain of trust" are managed
> by applications? Or maybe they are managed at the "system" level?
> 
> Chris
> 
>>
>> The next meeting will be Monday 16th February. To get us all started in
>> the new year, we will be doing lightning talks. So if anyone got up to
>> some pet projects over the holidays, or have been working on something
>> that they want some assistance with, or they just want to get up and say
>> something... Come along, have your 5 min of fame, and mingle with other
>> LUGers.
>>
>> Let me know if you want to talk, so I can organise a lineup, otherwise
>> just standup on the night.
>>
>> Meeting details:
>> When: 16th February, 6pm
>> Where: Level 3 Catalyst building (if after 6pm, call me on 0276946639)
>>
>> Cheers,
>>
>> Hugh
>>
>>
> 
>

More information about the wellylug mailing list