Bugtraq mailing list archives
Re: Publically writable directories
From: miguel () boytoy csd sgi com (Michael/Miguel J. Sanchez)
Date: Tue, 18 Jun 1996 10:11:07 -0700
-----BEGIN PGP SIGNED MESSAGE----- This is just a reminder of the upcoming FIRST Conference and Workshop this year. Please, forward this information onto your constituencies and any other interested parties. For those people with websites, please help advertise with a link to one of the conference websites listed below. And lastly, if it is possible to advertise the event in any advisories, bulletins or newsletters, please do so, as this would be most appreciated. ######### SPECIAL NOTE SPECIAL NOTE SPECIAL NOTE ######## It is very important that if you have any plans to attend, please register and make your hotel reservations *NOW*. This is very important because of several factors: 1) Hotel occupancy is at all time high for this summer and with the Usenix conference the week before, hotels will be filled. 2) The hotel will only honor the FIRST conference rate of $135/night till June 27, 1996. After this date, the rate will only be provided on a space available basis. The regular non-FIRST rate is $199/night. 3) The price of gas has increased greatly in the California area and travel prices will be going up as the summer travel season starts. People will use hotels more and drive less. 4) Also the price of the conference does go up after July 13, 1996 and that date is quickly approaching. - --------------------------------------------------------------------- **************************************************** For the most up to date and complete information, please see the URL hostsites http://www.first.org/workshops/1996/ - or - http://ciac.llnl.gov/firstconf/ **************************************************** The 8th FIRST Conference and Workshop on Computer Security Incident Handling and Response July 28-31, 1996 The Westin Hotel Santa Clara, California United States ___ _ _ ____ ____ ____ _ _ ____ ____ ____ ____ _ _ ____ ____ | |__| |___ | | | |\ | |___ |___ |__/ |___ |\ | | |___ | | | |___ |___ |__| | \| | |___ | \ |___ | \| |___ |___ The annual FIRST Conference and workshop event is the only event of its kind. This event is focused on the field of computer security and most specifically incident handling and response. Past conferences have been held in Karlsruhe, Germany and Boston, Massachusetts, US. Each of these conferences were international in scope and attendance with presentations on the latest in vulnerability analysis, incident response, vulnerability prevention, and general computer security. Additionally, these conferences served as the foundation for the improvement of computer security worldwide via sharing of goals, ideas, and information. The 1996 8th Annual FIRST Conference promises to continue this ground breaking work. Occurring in the heart of the Silicon Valley, home of the microprocessor and the heartbeat of computing, this year's conference will continue to promote FIRST organization goals of worldwide coordination and cooperation. _ _ _ _ _ ____ _ ____ ____ _ ____ ____ ___ __. | | | |__| | | | [__ |___ | |__/ [__ | _] |_|_| | | |__| | ___] | | | \ ___] | . The Forum of Incident Response and Security Teams (FIRST), is an international organization that brings together a variety of computer security incident response teams. These teams include government agencies, commercial companies, academic organizations and computer vendors. World-wide, FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the global community at large. Further information about the FIRST organization is available at the FIRST WWW URL http://www.first.org/first/ _ _ _ _ _ _ _ ____ ____ _ _ ____ __. | | | |__| \_/ | | | |\/| |___ _] |_|_| | | | |___ |__| | | |___ . Here are a few *extra* reasons to attend this year's FIRST Conference The week prior to the FIRST Conference, The 6th USENIX UNIX Security Symposium is being held in San Jose, CA. This means that not only could you save money on airfare by staying over a weekend, but you could attend two great security conferences back to back. <http://www.usenix.org/sec96.html> Meet other security professionals in the area of incident and response. Improve your security program with the ideas presented. Save time searching for tools and resources. Join in the sharing of a wide range of experience and knowledge. Be a part of the "United Nations" of computer security organizations. Bring your family and tour the Silicon Valley and San Francisco Bay Area. ____ ____ ____ _ _ ___ ____ |__| | __ |___ |\ | | \ |__| | | |__] |___ | \| |__/ | | The following scheduled events are subject to change till the time of the conference. For the most up to date information please refer to the conference URL referenced at the beginning of this document. July 28-31, 1996 Registration Sunday 7:30am to 6:00pm Monday 7:30am to 3:00pm Tutorials Sunday 9:00am to 6:00pm Sessions Tuesday 9:00am to 6:00pm Workshops Wednesday 9:00am to 3:30pm Birds of a Feather Sessions Monday 7:00pm to 9:00pm Time Sunday Monday Tuesday Wednesday 28-Jul 29-Jul 30-Jul 31-Jul - --------------------------------------------------------------------------- 0730 C O N T I N E N T A L B R E A K F A S T 0900 - --------------------------------------------------------------------------- 0900 Tutorial A Opening Session 1: Workshop 1: 1030 Tutorial B Session Future of Law Enforcement Incident Panel Response - --------------------------------------------------------------------------- 1030 M O R N I N G C O F F E E 1100 - --------------------------------------------------------------------------- 1100 Tutorial A Team Session 2: Workshop 2: 1230 Tutorial B Updates Threat Vendor Panel Research - --------------------------------------------------------------------------- 1230 L U N C H 1400 - --------------------------------------------------------------------------- 1400 Tutorial A FIRST Session 3: Workshop 3: 1530 Tutorial C | Secure TBD Annual Communications - ---------------------- General ------------------------------------------- 1530 Afternoon | Afternoon 1600 Refreshments Meeting Refreshments - --------------------------------------------------------------------------- 1600 Tutorial A Session 4: Closing 1730 Tutorial C Regional Plenary Coordination Updates - --------------------------------------------------------------------------- 1800 | 1900 Steering - --------------------------------------------------------- | ------- 1900 | BOFS | | 2100 Ice CONFERENCE Committee - ------- Breaker ---------------------- DINNER | 2000 | BOFS | Meeting 2100 | | | - --------------------------------------------------------------------------- ___ _ _ ___ ____ ____ _ ____ _ ____ | | | | | | |__/ | |__| | [__ | |__| | |__| | \ | | | |___ ___] Tutorials will only be held on Sunday, July 28th. The cost of the tutorials is included with the conference fees. **** Tutorial A - Incident Handling - Experience through Role-playing **** There are two tutorial A sessions. These are designed to be run contiguously. It is important that anyone intending to attend the afternoon session should also attend the morning session for maximum benefit. This tutorial is designed to provide practical experience to attendees in the day to day operation of an Incident Response Team (IRT). It is based upon real-world experience from two sides of the world, Australia and the United States, with the core of the material based upon lessons learned over more than a decade of combined incident handling experience. Included in the material will be information on what works and what doesn't, with reasons explaining why. The tutorial is divided into two main sessions: morning and afternoon. The morning session will concentrate on the interaction between the IRT and the local constituency. It will examine incident resolution, urgency prioritisation, resource allocation, and information release. The afternoon session will concentrate on the interaction between the IRT and the international community. It will examine the resolution of a major global incident covering timezone differences, language and culture differences, and global coordination. Each session will be conducted as a practical exercise where attendees will have the opportunity to contribute to the solution of the particular problem at hand. Time will be allocated to form groups and discuss possible solutions and why some solutions are better than others. Attendees can be assured that the day will be filled with mystery, frustration, and the "unexpected", in much the same way that real incident handling situations will occur. Attendees will have direct participation in various incidents, and will play a large factor in the resolution of each incident. Presenters: Danny Smith (AUSCERT) and Moira West-Brown (CERT Coordination Center) **** Tutorial B - What Incident Response Teams Should Know About Encryption and Authentication, Including PGP, PEM, and Key Management **** This tutorial presents an overview of available encryption technology and discusses its possible uses by an incident response team. Topics covered include private/public key encryption fundamentals, overview of encryption tools and their availability, and applications of encryption technology. The information presented will be tailored to an incident response audience; in particular, the mathematics of encryption algorithms will not be covered. Rather, the tutorial will discuss how the technologies work and how to apply them in practice. Presenters: Peter Hammes (SAIC SERC), Kenneth van Wyk (SAIC SERC), and Patricia Zechman (DoD ASSIST) **** Tutorial C - Building an Incident Response Team (IRT) **** This half-day tutorial will address some of the basic issues of establishing an incident response capability (IRC). Starting on a shoestring, protecting yourself from hackers, hiring the right people, are some of the topics that will be covered. Experienced incident response managers will be available to answer questions during an open forum. Presenter: Sandy Sparks (CIAC) ____ ____ ____ ____ _ ____ _ _ ____ [__ |___ [__ [__ | | | |\ | [__ ___] |___ ___] ___] | |__| | \| ___] *** Opening Session **** Speakers Peter Neumann, SRI Internatioanl (Invited Speaker) *** Team Updates *** Abstract As every year the FIRST conference is an excellent opportunity to meet other team members and establish contacts and get first hand impressions about the activities of other teams. This session should facilitate this activity by providing a forum for short presentations focusing on current activities and projects of several teams. Three different "groups" of teams are invited to present: older teams already recognized by the community will give an update on their activities and present new ideas developed through their work new teams, which joined FIRST since the last conference will present their constituency and current activities, to present themselves teams, which are up to joining FIRST in the immediate future will get the opportunity to let other teams know about them beforehand By presenting experiences and lessons learned helpful input can be provided to the participants. The overall goal is to provide information to the FIRST community to foster communication and cooperation. Session 1: Future of Incident Response 1. Commercialization of Incident Response Services - Klaus-Peter Kossakowski 2. Future of Incident Response (panel) - Mike Higgins Session 2: Threat Research 1. Critter Analysis Update - Joseph Alfano 2. Vulnerability/Advisory processes - Katherine Fithen 3. An Analysis of Intruder Personality Traits and Motives - Gene Schultz Session 3: Secure Communications 1. The UKERNA Secure E-mail Project - Paul Leyland and Piete Brooks 2. Implementing Secure Communications using Secret Agent - Frank Husson 3. FIRST E-mail handling Procedures - Ken van Wyk Session 4: Regional Coordination Updates 1. Incident Response Teams in Europe: status report - Don Stikvoort and Klaus-Peter Kossakowski 2. Experience in Establishing IRT in Korea - Chae-ho Lim 3. CERT Strategic Incident Response and Statistics Update - Katherine Fithen _ _ _ ____ ____ _ _ ____ _ _ ____ ___ ____ | | | | | |__/ |_/ [__ |__| | | |__] [__ |_|_| |__| | \ | \_ ___] | | |__| | ___] The workshops will be held on Wednesday, July 31, 1996. The workshops are included in the conference fee. International Law Enforcement Panel What Incident Response Teams should know to protect themselves and their customers. Coordination of international incidents with law enforcement. What IRTs can and cannot do to assist clients when responding to incidents. To include representatives from the Australian, Dutch, US Secret Service, Italian, Canadian, law enforcement agencies. Vendor Panel How vendors could help Incident Response Teams. How Incident Response Teams can help Vendors. Inter-vendor cooperation. Ask your vendor your favorite question. Each vendor will be asked to make a small presentation along a set format. SUN, HP, SGI, IBM, DEC, Microsoft, FreeBSD, Apple, AOL, Cisco and other firewall vendors. _ _ ____ ___ ____ _ _ _ _ ____ ____ |__| | | | |___ | | |\ | |___ | | | | |__| | |___ |___ | | \| | |__| . The 8th Annual FIRST Conference will be held at The Westin Hotel in Santa Clara, California, U.S.A. Santa Clara is in the heart of the Northern California's Silicon Valley in the Greater San Francisco Bay Area. The bigger cities of San Francisco, Oakland and San Jose are nearby. Arrangements have been made for a special room rate for conference attendees. Please, note that there are also a limited number of US Government rate rooms. Each attendee is responsible for making their own hotel arrangements. It is also *highly* recommended that hotel reservations be made well in advance of the conference since room accommodations in the Bay Area are very limited this time of year. Hotel costs are not included in the conference fee. single or double $135 per night US Govt rate $ 99 per night LIMITED NUMBER These rates are good for Thursday night, July 25th through the night of August 2, 1996. The Westin Hotel 5101 Great America Parkway Santa Clara, CA 95054 +01 408 986-0700 http://www.westin.com/listings/text/stclara.html Meals - This year, as part of the conference fee, most meals will be provided. The meals provided are listed below. Please, note that any attendee who has a special need or requirement can contact the registration coordinator and/or indicate their needs on the registration form below. For those evenings that a dinner meal is not provided, attendees may partake of the restaurants within the hotel, or restaurants in vicinity, or surrounding cities. Sunday July 28,1996 - ------------------- Hours Function - ----------------------------------------------- 8am-9am Continental breakfast 10:30am Coffee refresh 12:30pm-2pm Lunch 3:30pm Afternoon Refreshments 6pm-11pm Reception/No host bar Monday July 29,1996 - ------------------- Hours Function - ----------------------------------------------- 8am-9am Continental breakfast 10:30am Coffee refresh 12:30pm-2pm Lunch 3:30pm Afternoon Refreshments 6pm-11pm *Reception/No host bar *Tentative, not firm in plan yet Tuesday July 30,1996 - -------------------- Hours Function - ----------------------------------------------- 8am-9am Continental breakfast 10:30am Coffee refresh 12:30pm-2pm Lunch 3:30pm Afternoon Refreshments 7pm-11pm Banquet Dinner Wednesday July 31,1996 - ---------------------- Hours Function - ----------------------------------------------- 8am-9am Continental breakfast 10:30am Coffee refresh 12:30pm-2pm Lunch 3:30pm Afternoon Refreshments ___ ____ ____ _ _ ____ _ _ _ _ ____ ____ | |__/ |__| | | |___ | | |\ | |___ | | | | \ | | \/ |___ |___ | | \| | |__| . The 8th Annual FIRST conference will be at The Westin Hotel in Santa Clara, California, U.S.A. Santa Clara is in the heart of the Silicon Valley in the Greater San Francisco Bay Area with the nearby bigger cities of San Francisco and San Jose. It is recommend to fly into the San Jose International Airport(SJC) if possible. The Westin Hotel is located only about 10 minutes drive from San Jose Airport(SJC). Taxi from the San Jose Airport will cost about $15US. The Westin Hotel also provides a free shuttle service from the San Jose Airport (SJC). Please, contact The Westin Hotel at 408-986-0700 to arrange pickup when you arrive. Some attendees may be limited to flights into the San Francisco Airport(SFO). The Westin Hotel is located about 45 minutes drive from the San Francisco Airport (SFO). Taxi and limousine service from the San Francisco Airport (SFO) will cost about $50US. If arranged in advance, SFO shuttle services run from $21 to $50 depending on time of travel and type of service (single stop, multiple stop, shared or private). These are a few of the services available. Airport Connection +01 408-730-5555 Bayporter Express +01 415-467-1800 Express Airport Shuttle +01 408-378-6720 Greyhound +01 415-558-6789 SamTrans +01 800-660-4287 Santa Cruz Airporter +01 408-423-1214 South & East Bay Shuttle +01 408-559-9477 Super Shuttle +01 415-558-8500 VIP Airport Shuttle +01 408-378-8847 For those attendees coming from the USENIX conference in downtown San Jose, the SCCTA Light Rail runs from downtown San Jose to the Great America stop right by the Westin Hotel. More information is available at the WWW URL http://server.berkeley.edu/Transit/Carriers/SCCTA/LightRail.html ____ ____ ____ _ ____ ___ ____ ____ ___ _ ____ _ _ |__/ |___ | __ | [__ | |__/ |__| | | | | |\ | | \ |___ |__] | ___] | | \ | | | | |__| | \| Registration for the 8th Annual FIRST Conference is possible via postal service, e-mail, fax and phone. The conference fee is $560 for early registration, and $660 for late registration after July 13, 1996. NOTE: If an attendee completes and sends in a registration form before July 13, 1996 but does not pay the registration fee until after July 13, 1996, the attendee will pay the late registration fee of $660. The conference fee does include some meals but not all meals. Please refer to the above meal information in the above Hotel Info section for more information. The conference fee does include all workshops and tutorials. Hotel and air fare are not included in the conference fee. When an attendees registration *AND* registration fee is received, it will be confirmed via email if possible. A completed registration form may be sent in via email with payment made via postal delivery. However, only when the registration *AND* registration fee is received is an attendee fully registered for the conference. Requests for cancellations or refunds must be submitted, in writing, to FIRST Conference (see postal address and fax below) by July 12, 1996. - --REGISTRATION FORM--REGISTRATION FORM--REGISTRATION FORM--REGISTRATION FORM-- Only when a completed registration form *AND* registration fee have been receive, is a registration complete. >>>>> PLEASE PRINT CLEARLY AND CHECK ALL ANSWERS <<<<< Full Name: ________________________________________________ Position/title: ________________________________________________ Company: ________________________________________________ Mailing address:________________________________________________ Mailing address:________________________________________________ Mailing address:________________________________________________ City: ________________________________________________ State: ________________________________________________ Zip: ________________________________________________ Country: ________________________________________________ Telephone: ________________________________________________ Fax: ________________________________________________ Email: ________________________________________________ I am a FIRST member: yes___ no____ I will be attending: Tutorial A - Incident Response Team Role Playing yes___ no____ Tutorial B - Encryption and Incident Response Teams yes___ no____ Tutorial C - Building a Incident Response Team yes___ no____ I prefer vegetarian meals: yes___ no____ Any other special needs:________________________________________________ ________________________________________________________ ________________________________________________________ ________________________________________________________ Conference Fees Before After (includes the July 13 July 13 above indicated meals, all $ 560US $ 660US tutorials and all workshops) Total enclosed: _______________________ Check Enclosed (payable to FIRST or FIRST Conference) Charge my credit card: MasterCard ___ VISA ___ Credit Card Number: _____________________________ Expires (month/year): _____________________________ Signature: _____________________________ Return this form, with check or credit card information to Via postal mail: FIRST Conference c/o Conference Mgmt Services 407 Chester Street Menlo Park, CA 94025 U.S.A. Via fax: +01 415-324-3150 Via email: merryb () vhdl org Via phone: +01 415-329-0579 - --REGISTRATION FORM--REGISTRATION FORM--REGISTRATION FORM--REGISTRATION FORM-- _ _ ____ ____ ___ _ _ ____ ____ ____ _ _ _ ____ ____ __. |\ | |___ |___ | \ |\/| | | |__/ |___ | |\ | |___ | | _] | \| |___ |___ |__/ | | |__| | \ |___ | | \| | |__| . For the most up to date information, please refer to the FIRST conference WWW page URL referenced at the top of this document. The FIRST Conference, first.org, Inc., and Conference Management Services want this conference event to be a rewarding event for all attendees. The FIRST Conference, first.org, Inc., and Conference Management Services wish to cooperate fully with any attendee who has a special need(s) or requirement(s) or request(s). For information or assistance with disability or special needs/services, please contact us via email, fax, telephone or email. Via postal mail: FIRST Conference c/o Conference Mgmt Services 407 Chester Street Menlo Park, CA 94025 U.S.A. Via fax: +01 415-324-3150 Via email: merryb () vhdl org Via phone: +01 415-329-0579 ____ ____ ____ ____ |__| |__/ |___ |__| | | | \ |___ | | _ _ _ ___ ____ ____ ____ ____ ___ ____ | |\ | | |___ |__/ |___ [__ | [__ | | \| | |___ | \ |___ ___] | ___] The State of California and the San Francisco Bay Area have a great deal of activities and sights to offer the visitor. The following WWW URLs are provided to those that are interested in the area and the multitude of things to see and experience. San Francisco Bay Area and Beyond http://www.hyperion.com/ba/sfbay.html << Santa Clara >> Santa Clara http://www.xpand.com/Santa_Clara/index.html Great America Theme Park http://www.rollercoaster.com/pga1/pga/ Intel Museum http://www.intel.com/intel/intelis/museum/ Frys http://frys.fry-s.com/ << San Jose >> Winchester Mystery House http://www.netview.com/svg/tourist/winchest/ Egyptian Museum http://artdirect.com/california/san.francisco/arts.univ/santa.clara/egypt The Tech Museum of Innovation http://www.thetech.org/ San Jose Museums http://artdirect.com/california/san.francisco/museums/sbay/homepage <<Monterey>> Monterey Bay Aquarium http://sapphire.cse.ucsc.edu:80/mb/mba/ http://www.usw.nps.navy.mil/~millercw/aq/ Access Monterey Peninsula http://www.campgrounds.com/ctpa/ca/regions/cc/cceditor.htm << Mountain View >> Magic Edge http://www.cygnus.com/misc/magicedge.html NASA AMES http://www.arc.nasa.gov/amesinfo/visitors_center.html <<San Francisco>> 49 Mile Scenic Drive http://www.geninc.com/geni/USA/CA/San_Francisco/travel/49mile.html Alcatraz http://www.nps.gov/alcatraz/index.html Exploratorium http://www.exploratorium.edu/ Golden Gate Bridge and National Recreation Area http://www.nps.gov/parklists/index/goga.html Golden Gate Park http://www.geninc.com/geni/USA/CA/San_Francisco/travel/ggp.html Water's Edge http://www.geninc.com/geni/USA/CA/San_Francisco/travel/wharf.html Neighborhoods http://www.geninc.com/geni/USA/CA/San_Francisco/travel/neighborhoods.html Marine World Africa USA http://www.freerun.com/napavalley/outdoor/marinewo/marinewo.html San Francisco Museums http://artdirect.com/california/san.francisco/museums/sf/homepage <<Palo Alto>> Stanford University http://www.stanford.edu/ Stanford Linear Accelerator Center http://www.slac.stanford.edu/winters/pub/www/education/tour_slac.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMcbYY9/gaPTZpC7tAQHrNQQAgMspgDPfaqu/plPi6Vs3Xhr6kNnPGkvH mPbgaQoOXEZln8dpWkSlL1iwrzaZgGRkPNu3m1tSHK4HKBvZBo/tq6L6L/AAJiaa IShi8fKFsA127zTm3kOs33bThr9ffECBXSP+V3We3yo89MqbUn0FwkxjZtpaNc95 7YFfZ+tN31M= =/Syp -----END PGP SIGNATURE----- -- _____________________________________________________________________ Miguel (Michael) J. Sanchez miguel () csd sgi com Silicon Graphics Customer Services Engineering "There's always room for jello." Cage #64 _____________________________________________________________________
Current thread:
- Re: Publically writable directories Michael/Miguel J. Sanchez (Jun 18)
- <Possible follow-ups>
- Re: Publically writable directories Jim Hutchins (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 19)
- Re: Publically writable directories Jim Hutchins (Jun 19)
- Re: Publically writable directories Thomas Koenig (Jun 21)