Shostack + Friends Blog Archive


Liveblogging Shmoocon: Patching

I’m at Shmoocon, and trying to liveblog a little. There’s network trouble, so it may not quite be live.

I’m at Tina Bird’s talk on patching, and she mentioned that in the Teragrid attack, the attackers were hitting supercomputer centers, and there’s some evidence that they were 1) using 0day and 2) using the big computers to attack Kerberos tickets.

Assess the criticality of a patch yourself (slide 9), but I ask how to judge an ‘exploit is in circulation.’

Network access control: Stanford scan the system vs. company install client

[Update: Shmoocon was too much fun for me to blog. Taosecurity has summarized lots of the panels here and here. I was hoping to meet Richard, but failed.]