CUUG Upcoming Meetings

Last update: $Date: 2019-04-23 23:06:10-06 $

May General Meeting

Deterministic Behaviours are your Attacker's Friend

Speaker: Theo de Raadt, Founder, OpenBSD

Our compute environments depend upon many deterministic behaviours at many layers to give us the reproducible (final) results we want. Therefore an attacker who finds a error in software can create an exploit at home, and then replay the attack on other machines very successfully, since all the intermediate layers are known, identical and reproducible.

Introducing secret non-determinisms into the intermediate layers can perturb aspects of the attack methodology. In 1999 OpenBSD began pushing the stack-protector and address space randomization through a complete Unix ecosystem. Subsets of these methods became commonplace on other platforms in about 10 years.

Twenty years since beginning, we continue with additional approaches to decrease the success rates for attackers, still trying to remove tools from their toolbox. Recent new work in ROP gadget-reduction, per-function stack-protector cookies, and reduction of system abilities via pledge and unveil will be described, as well as some musing about layers which cannot be protected so easily.

Theo de Raadt is widely recognized as a world class security expert. In October 1995, Theo founded the OpenBSD project. OpenBSD is the most secure of the publicly available operating systems.

In 1999, Theo created OpenSSH with other members of OpenBSD. It is now incorporated into all Unix systems plus hundreds of other network enabled products. It has become the most "vendor re-used" piece of open source software, with more than 95% of the SSH market.

Theo was awarded the Free Software Foundation's 2004 Award for the Advancement of Free Software, for recognition as founder and project leader of the OpenBSD and OpenSSH projects. His work has also led to significant contributions to other BSD distributions and GNU/Linux. Of particular note is Theo's work on OpenSSH, his leadership of OpenBSD, his commitment to Free Software and his advancement of network security.

Theo is also well known for his advocacy of free software drivers. He has long been critical of developers of Linux and other free platforms for their tolerance of non-free drivers and acceptance of non-disclosure agreements.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, May 28, 2019

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

RSVP to office at CUUG if you plan to attend.


June General Meeting

Secure Operations Technology

Speaker: Andrew Ginter, VP Industrial Security, Waterfall Security Solutions

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, June 18, 2019 (N.B. This is the third Tuesday of the month)

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.

RSVP to office at CUUG if you plan to attend.


See the main CUUG web page for general information about CUUG.