Tuesday, 2014-07-29

« Monday, 2014-07-28 Index Wednesday, 2014-07-30 »
*** tmcpeak has quit IRC00:08
*** bdpayne has quit IRC00:40
openstackgerritKATO Tomoyuki proposed a change to openstack/security-doc: Add typographic convention for reader substitutions in examples  https://review.openstack.org/11017300:59
*** bdpayne has joined #openstack-security02:11
*** mxin has joined #openstack-security05:18
*** bdpayne has quit IRC05:36
*** mxin has quit IRC05:48
*** voodookid has joined #openstack-security05:55
openstackgerritOpenStack Proposal Bot proposed a change to openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/11021206:04
*** voodookid has quit IRC06:13
openstackgerritA change was merged to openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/11021206:40
openstackgerritA change was merged to openstack/security-doc: Merge further chapters  https://review.openstack.org/11008407:20
openstackgerritA change was merged to openstack/security-doc: Move some sections one level up  https://review.openstack.org/11011407:58
*** bdpayne has joined #openstack-security09:35
*** hikaru has joined #openstack-security09:36
*** hikaru has quit IRC09:37
*** hikaru has joined #openstack-security09:38
*** bdpayne has quit IRC09:40
*** marzif has joined #openstack-security10:23
*** bdpayne has joined #openstack-security11:29
*** bdpayne has quit IRC11:34
*** bdpayne has joined #openstack-security12:30
*** bdpayne has quit IRC12:35
*** paulmo has joined #openstack-security12:57
*** bdpayne has joined #openstack-security13:31
*** bdpayne has quit IRC13:35
*** bknudson has joined #openstack-security13:41
*** mxin has joined #openstack-security14:04
openstackgerritKATO Tomoyuki proposed a change to openstack/security-doc: Add typographic convention for reader substitutions in examples  https://review.openstack.org/11017314:13
*** bdpayne has joined #openstack-security14:29
*** voodookid has joined #openstack-security14:31
*** bdpayne has quit IRC14:34
*** tmcpeak has joined #openstack-security14:34
*** sicarie has joined #openstack-security15:04
tmcpeakwow, here's a good one: http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-users-to-highly-privileged-malware/15:21
*** bdpayne_ has joined #openstack-security15:32
*** bdpayne_ has quit IRC15:36
*** Jangoo has joined #openstack-security15:37
voodookidtmcpeak: word. People seem to forget that keeping stuff hidden is only part of the goal of crypto. Verification is also huge.15:38
tmcpeakvoodookid: yeah, that's a huge blunder for a critical piece of Android security15:39
voodookidI also say this as someone who would have boned that code up even more than others. I have amazing ability to honk that stuff up.15:40
tmcpeakvoodookid: LOL, yeah security is hard.  But this is the kind of thing that code reviews and detailed threat modeling should catch15:45
tmcpeakvoodookid: my guess is that Bluebox Security discovered it by one of those processes15:45
voodookidword15:48
paulmoHuh, so they aren't walking the cert chain?  *boggle*15:49
tmcpeakpaulmo: yeah!15:49
tmcpeakpaulmo: at least in some cases15:49
voodookidMy thing, unless you are a dedicated, experienced crypto developer, rely on audited libraries. Do not do it yourself if you can help it15:49
paulmoI've seen that before unfortunately.15:50
tmcpeakvoodookid: yeah, roll your own crypto = fail15:50
paulmoEven experts usually want years of peer review on new algorithms.15:50
voodookid"I wrote this verification routine!" Nope, you need to go sit in the corner and use someone elses.15:51
voodookid"But I wrote a thing to handle MD5!" Nope, it probably breaks, use someone elses15:51
voodookid*sigh* I had a version of this discussion like a week ago for an internal project15:52
*** ved_lad has joined #openstack-security15:58
*** ved_lad has quit IRC15:58
*** ved_lad has joined #openstack-security15:58
*** hikaru has quit IRC16:05
tmcpeakvoodookid: +1 for use someone elses16:08
tmcpeakvoodookid: where do you work btw, if you don't mind me asking16:08
voodookida managed service provider. We run other people's IT16:09
voodookidI tend to do a lot of security admin, network stuff, but more and more working on code review to head off problems. I am trying to shrink the number of vulnerabilities my scanners are picking up before it even goes on to the network16:10
tmcpeakvoodookid: ahh cool16:12
voodookidI forgot where I saw it, but someone had a talk at a conference and teh gist of it was that we are never going to teach developers to be more security minded, instead security people need to get into development and be the experts at it.16:13
voodookidso I have been working on it16:13
tmcpeakyeah, I've found that the majority of people don't have the wacky mindset it takes to be good at security.  Probably easier to get security people involved in the development process than the other way around16:16
voodookidI think people who get into development/programming first are just trying to get it done efficiently and as quickly as possible. SEcurity means it gets slowed down (at first, you can automate it if you know what you are doing)16:24
tmcpeaktrue16:30
*** bdpayne has joined #openstack-security16:30
*** ved_lad has quit IRC16:33
*** Jangoo has quit IRC16:41
*** marzif has quit IRC16:54
*** bdpayne has quit IRC16:54
*** tmcpeak has quit IRC17:08
*** bdpayne has joined #openstack-security17:20
*** nkinder is now known as nkinder_away17:21
*** gmurphy has quit IRC17:26
*** gmurphy has joined #openstack-security17:29
*** tmcpeak has joined #openstack-security17:32
*** tmcpeak has quit IRC17:36
*** tmcpeak has joined #openstack-security17:45
*** ved_lad has joined #openstack-security18:06
openstackgerritAndreas Jaeger proposed a change to openstack/security-doc: Security Guide: Instance migrations: Some cleaning up  https://review.openstack.org/10967018:12
bdpaynehyakuhei or nkinder_away, could one of you review ^^ ?18:34
openstackgerritOpenStack Proposal Bot proposed a change to openstack/security-doc: Updated from global requirements  https://review.openstack.org/11042118:46
*** gmurphy has quit IRC18:50
*** gmurphy has joined #openstack-security18:57
*** gabriela1 has joined #openstack-security19:01
*** gabriela1 has left #openstack-security19:01
*** ved_lad has quit IRC19:08
*** gabriela1 has joined #openstack-security19:10
*** gabriela1 has left #openstack-security19:11
openstackgerritA change was merged to openstack/security-doc: Updated from global requirements  https://review.openstack.org/11042119:20
openstackgerritA change was merged to openstack/security-doc: Add typographic convention for reader substitutions in examples  https://review.openstack.org/11017319:23
*** openstackgerrit has quit IRC19:48
*** gabriela1 has joined #openstack-security20:14
*** ved_lad has joined #openstack-security20:16
*** gabriela1 has left #openstack-security20:39
*** mxin has quit IRC20:53
*** openstackgerrit has joined #openstack-security20:58
*** bknudson has quit IRC22:30
*** tmcpeak has quit IRC23:09
*** voodookid has quit IRC23:17
*** bknudson has joined #openstack-security23:20
*** bknudson has quit IRC23:25
*** voodookid has joined #openstack-security23:29
*** bdpayne has quit IRC23:31
*** bknudson has joined #openstack-security23:34
*** ved_lad_ has joined #openstack-security23:38
*** bdpayne has joined #openstack-security23:39
*** ved_lad has quit IRC23:39
*** sicarie has quit IRC23:52
« Monday, 2014-07-28 Index Wednesday, 2014-07-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!