From strata at virtual.net Wed Dec 1 15:49:21 2004 From: strata at virtual.net (Strata R. Chalup) Date: Wed, 01 Dec 2004 15:49:21 -0800 Subject: domain locking-- got lock? Message-ID: <41AE5881.1000503@virtual.net> Apologies if this is old news to some of you-- apparently changed back in July, with (http://www.icann.org/transfers/policy-12jul04.htm) ICANN's new domain transfer policy, but I'm just hearing about it. The previous policy allowed your registrar to request confirmation from the domain holder before performing a transfer. Now, apparently, transfer requests *must* be honored unless the domain is "locked". I don't think there's been a rash of spurious transfers or domain hijacks yet, but assuredly it will happen, especially when the spammers figure out that hijacking an interesting domain or three could generate scads of web hits. To say nothing of the spamming possibilities. Bleah. If you, like me, tend to pay your registrar multiple years in advance and not really interact with them much otherwise, you might want to visit their website and check for a "lock domains" feature on their domain management page, or send mail to their support folks. cheers, Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From gwen at reptiles.org Wed Dec 1 17:05:05 2004 From: gwen at reptiles.org (Gwendolynn ferch Elydyr) Date: Wed, 1 Dec 2004 20:05:05 -0500 (EST) Subject: domain locking-- got lock? In-Reply-To: <41AE5881.1000503@virtual.net> References: <41AE5881.1000503@virtual.net> Message-ID: <20041201200104.X2202@skink.reptiles.org> On Wed, 1 Dec 2004, Strata R. Chalup wrote: > The previous policy allowed your registrar to request confirmation from the > domain holder before performing a transfer. Now, apparently, transfer > requests *must* be honored unless the domain is "locked". I don't think > there's been a rash of spurious transfers or domain hijacks yet, but > assuredly it will happen, especially when the spammers figure out that > hijacking an interesting domain or three could generate scads of web hits. > To say nothing of the spamming possibilities. Bleah. Er... I'm afraid that you've jumped to conclusions here. The purpose of the policy change is to prevent registrars from sitting on legitimate transfers against the wishes of their wanting-to-be-ex-customers; you still have to approve the initial request unless you are in the (hopefully extremely rare) situation of having an actual registrar trying to steal your domain. A normal user-driven transfer request will still require an ack from the domain owner. This takes care of the problem of registrars refusing to let people transfer away (which was a fair sized problem, whether through cluelessness or malice, depending on the registrar). cheers! ========================================================================== "A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now." From alvin at Mail.Linux-Consulting.com Wed Dec 1 18:32:39 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Wed, 1 Dec 2004 18:32:39 -0800 (PST) Subject: domain locking-- got lock? In-Reply-To: <20041201200104.X2202@skink.reptiles.org> Message-ID: On Wed, 1 Dec 2004, Gwendolynn ferch Elydyr wrote: > On Wed, 1 Dec 2004, Strata R. Chalup wrote: > > The previous policy allowed your registrar to request confirmation from the > > domain holder before performing a transfer. Now, apparently, transfer > > requests *must* be honored unless the domain is "locked". I don't think > > there's been a rash of spurious transfers or domain hijacks yet, but > > assuredly it will happen, especially when the spammers figure out that > > hijacking an interesting domain or three could generate scads of web hits. > > To say nothing of the spamming possibilities. Bleah. > > Er... I'm afraid that you've jumped to conclusions here. yes and no ... - how you interpret the new ICANN rules will depend on your or the registrar's pov - the new policy changes WILL ALLOW the registrar to transfer your domains WITHOUT your approval - nobody, but *you* will know: a) whether the registrar is sitting on the legit transfer request b) or if the "spoofer" is trying to steal your domain, expired or not godaddy's interpretation: ( per their warnings/notices ) ------------------------ x> On November 12, 2004, ICANN, the Internet Corporation for Assigned x> Names and Numbers, put in place its new transfer policy for all x> accredited domain name service providers. x> x> The previous ICANN policy allowed us to deny requests to transfer your x> domain names to another registrar unless you explicitly confirmed to us x> your intent to transfer. The new ICANN policy removes that protection. x> When we receive a request to transfer your domain name to a new x> registrar, we will still attempt to contact you to confirm that you x> authorized the x> request. However, if you do not respond, or are not able to respond x> within 5 days, your domain name WILL be transferred. > The purpose of the policy change is to prevent registrars from sitting > on legitimate transfers against the wishes of their > wanting-to-be-ex-customers; you still have to approve the initial no.... not any mroe .. "if they cannot find you" ... they will can can transfer it .... - the registrar will provide a "LOCK" so that they cannot do NOTHING without approval .. that is the whole point of the "lock" c ya alvin From shin at adachi.org Wed Dec 8 12:46:08 2004 From: shin at adachi.org (Shin_Adachi) Date: Wed, 08 Dec 2004 12:46:08 -0800 Subject: [FYI]Liberty Alliance Developer Event - January 24, 2005, Palo Alto, CA Message-ID: <20041208124448.1DD4.SHIN@adachi.org> BayLISA folks, Those who are interested in federated identity and its management, I am sharing the invitation to the developer event in Palo Alto on January 24, 2005, hosted by Liberty Alliance, an worldwide industry consortium developing federated identity management technology standard. This does not require any fees to participate once you register online according to the instruction at the following link. <> See ya there! Shin Forwarded by Shin_ADACHI ----------------------- Original Message ----------------------- SAVE THE DATE: January 24, 2005, Palo Alto, CA, 11:30-4:30.....We're hoping to duplicate the success of our Japanese developer event. A buffet lunch will be served and attendees will be invited to view demos of Liberty solutions (interoperable and stand alone) from our member companies. As a Liberty member, you are invited to participate in several ways: * prepare and staff a demo table (11:30-1:30) * present a technical use case scenario during the meeting (1-4:30--use case scenarios should be geared toward developers and 20 minutes in length) * attend the meeting to further your understanding of Liberty specifications * invite your co-workers, partners and clients to attend the meeting (this is a great way to help your clients understand what Liberty is about) In addition to the technical session, we'll also be planning a more business and policy-directed track to cater to the needs and interests of that audience. A formal invitation is attached to this message. If you are interested in participating in the program, please contact Tricia DeHart at tricia at ieee-isto.org. Speaking and demo opportunities will be filled on a first come, first served basis. We look forward to your involvement in what looks to be a very successful event. --------------------- Original Message Ends -------------------- -- Shin_ADACHI, CISSP PGP_Key_ID:0x2FCF5179 +1-650-331-0604 From bill at wards.net Wed Dec 8 22:47:19 2004 From: bill at wards.net (William R Ward) Date: Wed, 8 Dec 2004 22:47:19 -0800 Subject: domain locking-- got lock? In-Reply-To: References: <20041201200104.X2202@skink.reptiles.org> Message-ID: <16823.62711.83188.466423@komodo.home.wards.net> Alvin Oga writes: >yes and no ... > >- how you interpret the new ICANN rules will depend on your or > the registrar's pov > >- the new policy changes WILL ALLOW the registrar to transfer your > domains WITHOUT your approval > > - nobody, but *you* will know: > a) whether the registrar is sitting on the legit transfer request > b) or if the "spoofer" is trying to steal your domain, > expired or not The registrar I use, joker.com, takes a different approach: >> On November 10th 2004, Joker.com introduced the domain lock feature as >> announced. >> >> All domains have been protected through "domain lock" per >> default. Unlocking (and also locking, of course) can be performed in >> the 'service zone' as needed. >> >> Regular domain administration does not need explicit unlocking/locking >> cycles from your side, though. Joker.com will automatically handle >> this for you appropriatly. >> >> The intention for this is to improve security and simplicity for our >> customers. >> >> Your team from Joker.com -- William R Ward bill at wards.net http://bill.wards.net ----------------------------------------------------------------------------- Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/ From bill at wards.net Thu Dec 9 13:18:43 2004 From: bill at wards.net (William R Ward) Date: Thu, 9 Dec 2004 13:18:43 -0800 Subject: Peninsula Linux Users' Group, Thursday, Dec 9, 2004 (TODAY) Message-ID: <16824.49459.857852.989291@komodo.home.wards.net> Peninsula Linux Users' Group, Thursday, Dec 9, 2004 We have a meeting of the Peninsula Linux Users' Group (PenLUG) this week! Here are the details about this meeting. For more information or directions go to http://www.penlug.org/ Our website is a TWiki; please feel free to create a user account and modify the website if you have something to contribute. Thanks! Date: Thursday, December 9th, 2004 Time: 7:00 - 9:00 PM Location: 100 Oracle Parkway, Redwood Shores, CA 94065 Room 1op104 Agenda: ======= 7:00 - 8:30 PM: Presentation by Kyle Rankin: "Introduction to Knoppix" 8:30 - 9:00 PM: Members' Minutes 8:45 - 9:00 PM: Adjourn to IHOP (Belmont) for social & food time Presentation by Kyle Rankin: "Introduction to Knoppix" ====================================================== Knoppix is a complete Linux distribution that runs directly from a bootable CD-ROM. While Knoppix has a wide variety of uses, most people typically are only familiar with one or two of them. In this talk Kyle will introduce Knoppix and cover all the different uses for the project including Linux installation, system administration, system rescue, remastering Knoppix itself and other uses. Kyle is a systems administrator for The Green Sheet, Inc., the current president of the North Bay Linux Users' Group (NBLUG), and the author of Knoppix Hacks. Kyle has been using Linux in one form or another since early 1998. In his free time he does pretty much the same thing he does at work--work with Linux. Members' Minutes ================ Members will have an opportunity to take a few minutes to... * Describe their latest Linux discovery * Ask questions and get help from other members * Discuss Linux projects You can just stand up and talk, or give a short demo or presentation. If you need audio/visual support for your Members' Minute, please contact me in advance to arrange for your needs. We have a limited number of books courtesy of Prentice-Hall to give away as an added inducement to participate in this portion of the meeting. :-) RSVP ==== Although it is NOT required, we like to have an idea of how many people to expect, so if possible please email rsvp at penlug.org if you are planning to attend. Bill Crooke PENLUG Speaker Coordinator From extasia at extasia.org Sat Dec 11 23:06:23 2004 From: extasia at extasia.org (David Alban) Date: Sat, 11 Dec 2004 23:06:23 -0800 Subject: [baylisa] SIG-BEER-WEST: Saturday 12/18 at 2:00pm in Oakland Message-ID: <20041211230623.A13661@gerasimov.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SIG-beer-west http://extasia.org/sig-beer-west/ Saturday, December 18, 2004 at 2:00 pm San Francisco Bay area, CA Beer. Mental stimulation. This event: Saturday, 12/18/2004, 2:00 pm, at [1]Casa Donde, Oakland [1] http://casadonde.org/ Coming events (third Saturdays): Saturday, 01/15/2005, 6:00 pm, location to be determined Saturday, 02/19/2005, 6:00 pm, location to be determined Saturday, 03/19/2004, 6:00 pm, location to be determined Saturday, 04/16/2004, 6:00 pm, location to be determined The San Francisco Bay area's next social event for techies and their friends, sig-beer-west, will take place at 2:00 pm on Saturday, December 18, 2004 at [2]Casa Donde. Directions are provided on the Casa Donde web page. [2] http://casadonde.org/ Please note the time for this month's event is 2:00 pm, not 6:00 pm. Casa Donde is former warehouse space that has been converted into the private residence of David Fetter, this month's guest host for this month's guest event. One of David's hobbies is brewing. Your SIG-beer-west Instigator has enjoyed many a glass of David's fine brews. David has invited SIG-beer-west to a brewing event. He says: Ever wondered how beer comes to be? Wonder no more! We'll be brewing at Casa Donde . Brewing is not required, and beer will be available. Everyone is welcome at this event. We mean it! Please feel free to forward this information and to invite friends, co-workers, and others (all of legal drinking age) who might enjoy lifting a glass with interesting folks from all over the place. Can't come this month? Mark your calendar for next month. (Do it now before you forget!) sig-beer-west occurs on the third Saturday of each month. Want to suggest a venue? Suggestions for new places to sip and gab are always welcome. Have questions, comments, or other ideas concerning sig-beer-west? Send all correspondence to the current sig-beer-west Instigator. The Instigator's handle is extasia. The Instigator's email address is <*the handle*> at <*the handle*> dot <*org*>. A subject beginning with "sbw: " will increase the chances that the Instigator's spam filters don't molest your message. sig-beer-west FAQ 1. Q: Your announcement says "techies and their friends". How do I know if I'm a techie, or a friend of one? A: Well, actually, you don't have to be a techie to attend. You just have to be able to find this month's event. That's it. Simple, huh? 2. Q: I'm not really a beer person. In fact I'm interested in hanging out, but not in drinking. Would I be welcome? A: Absolutely! The point is to hang out with fun, interesting folks. Please do join us. 3. Q: I've been thinking about attending sig-beer-west for some time now. Maybe I should start with this event? A: Yes!! ______________________________________________________________________ sig-beer-west was started in February 2002 when a couple Washington, D.C. based systems administrators who moved to the San Francisco Bay area wanted to continue a [3]dc-sage tradition, sig-beer, which is described in dc-sage web space as: SIG-beer, as in "Special Interest Group - Beer" ala ACM, or as in "send the BEER signal to that process". The original SIG-beer gathering takes place in Washington DC, usually on the first Saturday night of the month. [3] http://www.dc-sage.org/ ______________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBu+0EPh0M9c/OpdARAiGVAJ9NNTiRVMsIrtpCeXVadaIeFebYtQCcDxm4 rmFkZbgSHeGbZkiXFDSHrdI= =SDYS -----END PGP SIGNATURE----- From bill at wards.net Tue Dec 14 14:18:06 2004 From: bill at wards.net (William R Ward) Date: Tue, 14 Dec 2004 14:18:06 -0800 Subject: Holiday banquet (12/15) tomorrow, last chance to RSVP Message-ID: <16831.26270.466084.970715@komodo.home.wards.net> One last reminder: Our first-ever (hopefully annual) SVLUG/PenLUG Holiday banquet is tomorrow night! If you haven't signed up yet, please do so now. For details about the event please visit the page on PenLUG's Web site: http://www.penlug.org/twiki/bin/view/Home/SpecialHolidayDinner Just a few points of information that I wanted to pass on... FAMILY & FRIENDS: There are already a few families with kids attending; don't be shy about bringing your spouse and kids (just be sure you can keep an eye on them). Plus, the restaurant owners have a 7-year-old boy who is always looking for friends to show his Lego creations to! Please let me know in your RSVP how many are coming! LOCATION: This is Chef WANG'S, not Chef CHU'S. The latter is an upscale restaurant at the corner of San Antonio and El Camino, which is more well known, but Chef Wang's is just a couple of blocks south from there on El Camino so some people get them confused. (Or put another way, it's across the street from Chevy's.) MENU: I have confirmed that there is NO MSG in the food at Chef Wang's, not for this dinner or at any other time. We will have a buffet containing a variety of the most popular dishes, selected according to the input I received from people who RSVP'd; if those don't meet your needs you can still order off the menu (though you may need to pay extra). SCHEDULE: Appetizers (vegetarian egg rolls, tuna skewers, and pork pot stickers) will be served starting at 6:50 with main courses coming around 7:20. But if you aren't able to get away from work on time, that's OK, we'll just send a fresh order to the kitchen :-) BOOZE: This will be a dry (no alcohol) event. Recently, a waiter (who has since been sacked) failed to check ID on a customer and the liquor license was suspended. Normally they have a full bar complete with karaoke. Sorry if this is a problem. Remember, the dinner is tomorrow, so get your RSVP to me ASAP! Send to billdinner at wards.net. --Bill. -- William R Ward bill at wards.net http://bill.wards.net ----------------------------------------------------------------------------- Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/ From alvin at Mail.Linux-Consulting.com Wed Dec 15 10:12:44 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Wed, 15 Dec 2004 10:12:44 -0800 (PST) Subject: spoofers and sniffers Message-ID: hi ya i was playing with sniffers .. for fun, and trying to see if i can find which machine is sniffing i was running tcpdump, ethereal, pfilt, etc .. none of the sniffer detector apps was able to find those "sniffers" - i didn't run any windoze based antisniffer - most of the antisniffers are just (dumb) promiscuous mode detectors, which failed to find tcpdump, et.al running on the local (same) machine or another host on the subnet - to find permiscuous mode ifconfig -a eth0 | grep -i promisc - sniffdet didn't compile on several distros on my boxes - tested with slackware-9.1, slackware-10, redhat-9, rh-el3ws and sarge -- i was able to see clear text info (emails) in human readable form between test-pc1 to test-pc2 from the sniffing box ( test-pc3 ) vs the messy (not for people) hex dump of tcpdump - also ran the sniffers over the wireless connections too and no problem ... WEP is NOT even an issue as data was still visible/readable - while ssh data was shown as jibberish as expected -- so how does one know that there is a sniffer in your subnet or upstream at the isp, colo, wireless connectivity c ya alvin From mark at bitshift.org Wed Dec 15 10:32:42 2004 From: mark at bitshift.org (Mark C. Langston) Date: Wed, 15 Dec 2004 10:32:42 -0800 Subject: spoofers and sniffers In-Reply-To: References: Message-ID: <20041215183242.GQ98116@bitshift.org> On Wed, Dec 15, 2004 at 10:12:44AM -0800, Alvin Oga wrote: > > none of the sniffer detector apps was able to find those "sniffers" > > -- so how does one know that there is a sniffer in your subnet > or upstream at the isp, colo, wireless connectivity > A trivial trick is to inject a packet that the sniffer will see that has a "flag" source or destination IP. Many, many people don't bother to disable name resolution when sniffing. You watch for the ARP (or, in the case of remote sniffers, the query to a nameserver you control). If you inject something that has no other business being on the network, when you see the response packet (ARP or query), you know they're sniffing. -- Mark C. Langston The GOSSiP Project mark at bitshift.org http://sufficiently-advanced.net Factotum Distributed, Peer-to-Peer http://bitshift.org E-mail Reputation System From alvin at Mail.Linux-Consulting.com Wed Dec 15 11:45:16 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Wed, 15 Dec 2004 11:45:16 -0800 (PST) Subject: spoofers and sniffers In-Reply-To: <20041215183242.GQ98116@bitshift.org> Message-ID: On Wed, 15 Dec 2004, Mark C. Langston wrote: > A trivial trick is to inject a packet that the sniffer will see that has > a "flag" source or destination IP. Many, many people don't bother to > disable name resolution when sniffing. You watch for the ARP (or, in > the case of remote sniffers, the query to a nameserver you control). If > you inject something that has no other business being on the network, > when you see the response packet (ARP or query), you know they're > sniffing. i think you can also just watch for the dns packets with the "fake info" showing up again from presumably the sniffer and not necessarily on the dns server one controls and if the sniffer does not do a dns or arp lookup, we won't be able to find the sniffer ? - a good sniffer would target their packets ?? eg, only check for emails (port25 on particular hosts) and don't do ip# or mac lookups ? the sniffers i was looking for things like tcpdump where someone tries to pick up all they can and presumably read emails ... but pfilt.pl works simpler/faster for sniffing emails and went undetected and works on wireless too btw.. what happened to the RobertGraham.com site where the sniffer faq is always being referenced to sniffer detectors i played with http://www.linux-sec.net/Sniffer.Detectors/ c ya alvin From zwicky at greatcircle.com Wed Dec 15 12:27:33 2004 From: zwicky at greatcircle.com (Elizabeth Zwicky) Date: Wed, 15 Dec 2004 12:27:33 -0800 Subject: spoofers and sniffers In-Reply-To: References: Message-ID: On Dec 15, 2004, at 11:45 AM, Alvin Oga wrote: > the sniffers i was looking for things like tcpdump where someone > tries to pick up all they can and presumably read emails ... Why would you expect to be able to find them, any more than you know whether or not your postal carrier reads your postcards? If you send traffic anybody can read, surely it is no surprise that you can't detect them reading it? It's startling that there are situations in which one *can* detect sniffers, not that there are situations in which one can't. Elizabeth Zwicky zwicky at otoh.org From sigje at sigje.org Thu Dec 16 13:04:33 2004 From: sigje at sigje.org (Jennifer Davis) Date: Thu, 16 Dec 2004 13:04:33 -0800 (PST) Subject: BayLISA SBC Topics Meeting - TONIGHT Message-ID: BayLISA Monthly Technical Talk & General Meeting Please RSVP to rsvp at baylisa.org so that we can get an idea of how many will be attending. This event is open to the general public. You do not need to be a member to attend, and there is no fee. -------- Where: Apple Computer, Town Hall auditorium Addr: Four Infinite Loop, Cupertino, CA 95014 http://www.baylisa.org/locations/current.html -------- Date: Thursday, December 16, 2004 Time: 7:30pm - 9:30pm PST Short but Cool Topics Our annual Short but Cool general meeting will include speakers Doug White on FreeBSD new features, Alan DuBoff demoing Solaris 10's dtrace, and Tom Jackiewicz on OpenLDAP. We will have a night of festive fun starting off with announcements, and follow with these speakers and more. The best topic of the night (as voted by the audience) will win a prize! It's not too late to sign up to talk about an idea you are working on, interesting open source tool you've discovered, or scary Sys Admin story. Contact blw at baylisa.org with details, or one of the Board. Next month - Alan DuBoff on Solaris 10 Alan will be talking about Sun's latest OS, Solaris 10. Alan will show some of the features of Solaris 10, along with key points of what is included in this release. Some of the features include DTrace, N1 Grid Containers, ZFS, X server(s), Java Desktop Systems, PXE install for x86/AMD64, StarOffice, as well as differences between this release and some of the previous releases. Solaris 10 supports SPARC processors as well as 32-bit x86 processors and 64-bit AMD64 processors. -------- BayLISA meets every month on the 3rd Thursday of the month. A short period of announcements of general interest to the sysadmin community is presented, followed by a technical talk. Anyone may make an announcement; typical are upcoming presentations, user group meetings, employment offers, etc. For further information on BayLISA, check out our web site: http://www.baylisa.org/ Directions and details about the current meeting and future events: http://www.baylisa.org/events/ BayLISA makes video tapes of the meetings available to members. Tape library is often available at the general meeting, or for more information on available videos, please send email to "video at baylisa.org". If you have suggestions for speakers, or would like to volunteer to present a talk at one of our meetings, please email the Board and Working Group at "blw at baylisa.org". Thanks! -------- From sigje at sigje.org Fri Dec 17 14:15:24 2004 From: sigje at sigje.org (Jennifer Davis) Date: Fri, 17 Dec 2004 14:15:24 -0800 (PST) Subject: 35% off Prentice Hall, and Addison-Wesley books Message-ID: If you are looking to pick up a few computery type books for the holidays, Prentice Hall and Addison-Wesley have 35% off and free Ground Shipping through their respective web portals from now until January 15, 2005 to BayLISA members. (The discount isn't limited to computery books, so explore the catalog.) http://www.awprofessional.com/promotion/1942 - Addison-Wesley http://www.phptr.com/promotion/1945 - Prentice Hall Make sure to follow the instructions in the paragraph at the top that says "enter the promotional code:" to get your 35% off. I did do a test run, and it asks for the code at step 3 at the same point it asks for your credit card details. At that point, it's not billing your card just asking for details. In the final step it shows the summary of how much your total will be with the special discount applied, and gives a button to place your order. In addition, I have review copies for the following books Linux Application Development, 2nd Edition Written by Michael Johnson, Erik Troan (ISBN 0321219147), suggested retail price US $49.99 This book is the definitive reference for Linux programmers at all levels of experience, including C programmers moving from other operating systems. Building on their widely praised First Edition, leading Linux programmers Michael Johnson and Erik Troan systematically present the key APIs and techniques you need to create robust, secure, efficient software or to port existing code to Linux. http://www.awprofessional.com/title/0321219147 Java(tm) Application Development on Linux Written by Carl Albing, Michael Schwarz (ISBN 013143697X), suggested retail price US $39.99 Written for Java and Linux developers alike, this book is the hands-on guide to the full Java application development lifecycle on Linux. http://www.phptr.com/title/013143697X If you are interested in reviewing these books, having your review published to the BayLISA website, and passed up to our Prentice Hall/Addison-Wesley representative, send me an email. -- Jennifer Davis BayLISA Board of Directors From sigje at sigje.org Fri Dec 17 14:25:54 2004 From: sigje at sigje.org (Jennifer Davis) Date: Fri, 17 Dec 2004 14:25:54 -0800 (PST) Subject: Yahoo and Web Beacons Message-ID: I've seen a few messages on a couple of Yahoo groups that I subscribe to talking about Web Beacons http://privacy.yahoo.com/privacy/us/beacons/details.html policies on Yahoo. What is causing the furor I think is this snippet: Note: This opt-out applies to a specific browser rather than a specific user. Therefore you will have to opt-out separately from each computer or browser that you use. So Yahoo is using a cookie to opt-out I assume, which means that if you clear your cookie cache, you'd have to opt out again. Of course if you modify your browser settings so that you don't accept cookies (which causes hassles of it's own, but at least you know it's not tracking your activity without your knowledge), this should solve the problem, correct? What are people's thoughts about this? Jennifer From david at catwhisker.org Fri Dec 17 14:52:38 2004 From: david at catwhisker.org (David Wolfskill) Date: Fri, 17 Dec 2004 14:52:38 -0800 (PST) Subject: Yahoo and Web Beacons In-Reply-To: Message-ID: <200412172252.iBHMqcUe088159@bunrab.catwhisker.org> >Date: Fri, 17 Dec 2004 14:25:54 -0800 (PST) >From: Jennifer Davis >What are people's thoughts about this? I make a habit of editing cookie files and making more-or-less random changes to cookies every once in a while just out of spite. Folks who write code that depends on such things for proper operation deserve what they get. Peace, david (They're my files and I'll do what I want with them.) -- David H. Wolfskill david at catwhisker.org I resent spammers because spam is a DoS attack on my time. See http://www.catwhisker.org/~david/publickey.gpg for public key. From russ.deveau at verizon.net Tue Dec 28 13:52:03 2004 From: russ.deveau at verizon.net (Russell DeVeau) Date: Tue, 28 Dec 2004 16:52:03 -0500 Subject: Liberty Alliance Federated Identity Management Developer and Business Event in Palo Alto on January 24th Message-ID: <00ea01c4ed27$77b8e550$5b66fea9@laptop> [Recipient address corrected & de-MIMEd/HTMLed -- postmaster] Greetings BayLISA board members. I am hoping you might find the following announcement interesting enough to share with BayLISA members. Please let me know if I can provide any more information. Thanks, Russ DeVeau. On January 24th, at the Palo Alto Crowne Plaza Hotel, Liberty Alliance will hold an informational event featuring tracks focusing on federated identity management from both a developer (including Java and Linux) and business perspective. The Liberty Alliance Project is the only global organization working to advance federated identity management specifications and identity-based Web services using open standards. This free event will provide developers, system integrators and businesses with information about how open federated identity management solutions are helping enterprises address a wide range of B2B, B2E, B2C and end-user identity management, privacy and security issues. There will be interactive demonstrations of Liberty Alliance specifications at work by many Liberty Alliance members including, AOL, General Motors, Nokia, Vodafone, Neustar and Novell. These Liberty Alliance members, as well as members of the Liberty Alliance board, will be available to discuss how open federated identity management specifications are benefiting developers and businesses today. The event runs from 11:30am-4:30pm and begins with a buffet lunch and key note address by Donal O'Shea, executive director of the Liberty Alliance. Developers and businesses interested in attending can register online at https://www.projectliberty.org/scripts/developer_event_paloalto.asp. We hope to see BayLISA members on the 24th. Get in touch at any time if you have questions. In the meantime, a one-page information sheet is available to provide more details. Please let me know if I can send this sheet to any interested members. Who: Liberty Alliance Project What: Developer and Business Informational Event and Demonstrations Where: Crowne Plaza Hotel; Palo Alto When: January 24, 11:30AM - 4:30 PM The Liberty Alliance Project was formed in September 2001 to address the technical and business issues associated with federated network identity. The Alliance is moving to accomplish this goal through the ongoing release of open technical specifications as well as business and policy guidelines to help companies deploy federated identity services across a broad range of products, systems and devices. More information on the Liberty Alliance Project is available at www.projectliberty.org. Best, Russ DeVeau Liberty Alliance Project www.projectliberty.org Mobile: 908-251-1549 Office: 718-263-1762 From sigje at sigje.org Wed Dec 29 11:48:00 2004 From: sigje at sigje.org (Jennifer Davis) Date: Wed, 29 Dec 2004 11:48:00 -0800 (PST) Subject: Possible speaking opportunity Message-ID: Anyone interested in possibly presenting a 1.5 hour talk about "Defecting from Windows to Linux", "Moving from Windows to Linux in the Workplace", or "Introduction to Linux" in Pleasant Hill in February at a mini-conference? If so please let me know via email, sigje at sigje.org. Thanks! -- Jennifer Davis BayLISA, Board of Directors From derek at velociguard.com Fri Dec 31 22:11:58 2004 From: derek at velociguard.com (Derek Wong at Velociguard.com) Date: Fri, 31 Dec 2004 22:11:58 -0800 Subject: ISSA/Infragard security conference on January 18th Message-ID: <00b501c4efc8$ce66ae70$0300a8c0@derek1> Here is a security conference that may be of interest to some BayLisa members. Thanks! ----------------------------------------------------------------------------------------------------- ISSA, Silicon Valley and San Francisco & San Francisco Bay Area InfraGard Presents Security Conference: Cornerstones of Trust - Securing the Future January 18, 2005 Crowne Plaza, Foster City,CA More info and registration at www.cornerstonesoftrust.org Join the International Systems Security Association (ISSA) Silicon Valley and San Francisco Chapters and the Bay Area InfraGard for our Annual Security Conference, Cornerstones of Trust - Securing the Future. We have the top Security experts from Business, Technology and Standards and Compliance communities offering real world solutions, how to's and case studies for building an effective security framework necessary to maintain trust, in today's hostile environment. OUR MISSION Cornerstones of Trust - Securing the Future acts as a catalyst to bring together the Bay Area security community for an ongoing exchange, addressing the needs, interests and issues of trust that security practitioners and managers are experiencing today. CONFERENCE TAKE AWAY As an attendee, you will come away with. a.. Deeper understanding of what it takes to secure your organization's IT systems and information. b.. Actionable tools and techniques that can be implemented for increased security. c.. Knowledge of how other Security professionals view and prepare for the next level of threats. 4 conference tracks and 20+ invited speakers NETWORK WITH TOP SECURITY VENDORS Network with over 30 Security Vendor/Exhibitors from the most established solution providers to the newest technology companies each providing next generation products for securing the enterprise. WHO ATTENDS? a.. CIOs & CSOs b.. Information Security Managers & Directors c.. Security Specialists & Staff d.. IT and Network Security Attorneys e.. Systems Analysts f.. Network Engineers g.. Network and Systems Managers & Administrators h.. Webmasters i.. Technical Engineers If you are responsible for, plan, manage, or administer information security, this conference is for you! More info and registration at www.cornerstonesoftrust.org