From coley at linus.mitre.org Mon Jul 7 21:39:02 2008 From: coley at linus.mitre.org (Steven M. Christey) Date: Mon, 7 Jul 2008 17:39:02 -0400 (EDT) Subject: [VIM] 3rd annual VIM gathering? Message-ID: Are people up for a 3rd annual VIM gathering at Black Hat or Defcon this year? Any suggestions for time and place? If I recall correctly, last year we had a minor glitch because we accidentally chose the same place/time as the WASC gathering. - Steve From jkouns at opensecurityfoundation.org Mon Jul 7 22:43:22 2008 From: jkouns at opensecurityfoundation.org (jkouns) Date: Mon, 07 Jul 2008 18:43:22 -0400 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: References: Message-ID: <48729C0A.2010402@opensecurityfoundation.org> Steve-- We just started talking about plans for Vegas this year! Yes, we are up for the annual VIM gathering. And we are also talking about an OSVDB dinner again. For the VIM gathering, I think we just need to pick something and make it happen. There seems to be parties every night! Back to the Shadow Bar again Wednesday? --Jake Steven M. Christey wrote: > Are people up for a 3rd annual VIM gathering at Black Hat or Defcon this > year? Any suggestions for time and place? If I recall correctly, last > year we had a minor glitch because we accidentally chose the same > place/time as the WASC gathering. > > - Steve From jericho at attrition.org Mon Jul 7 22:50:24 2008 From: jericho at attrition.org (security curmudgeon) Date: Mon, 7 Jul 2008 22:50:24 +0000 (UTC) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <48729C0A.2010402@opensecurityfoundation.org> References: <48729C0A.2010402@opensecurityfoundation.org> Message-ID: : For the VIM gathering, I think we just need to pick something and make : it happen. There seems to be parties every night! Back to the Shadow : Bar again Wednesday? --Jake There are multiple parties, some private some public, every single night. I think the key is we need to pick a time as close to the end of the BH day as possible so that we can head downstairs and meet/talk/drink, before the rest of the parties begin. From bugtraq at cgisecurity.net Mon Jul 7 22:53:46 2008 From: bugtraq at cgisecurity.net (bugtraq at cgisecurity.net) Date: Mon, 7 Jul 2008 18:53:46 -0400 (EDT) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: Message-ID: <20080707225346.23809.qmail@cgisecurity.net> Speaking of Wednesday http://jeremiahgrossman.blogspot.com/2008/06/owaspwasc-party-black-hat-2008.html - Robert http://www.webappsec.org/ http://www.cgisecurity.com/ > > > : For the VIM gathering, I think we just need to pick something and make > : it happen. There seems to be parties every night! Back to the Shadow > : Bar again Wednesday? --Jake > > There are multiple parties, some private some public, every single night. > I think the key is we need to pick a time as close to the end of the BH > day as possible so that we can head downstairs and meet/talk/drink, > before the rest of the parties begin. > From userdefined at dc585.info Mon Jul 7 23:00:11 2008 From: userdefined at dc585.info (userdefined at dc585.info) Date: Mon, 7 Jul 2008 19:00:11 -0400 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <48729C0A.2010402@opensecurityfoundation.org> References: <48729C0A.2010402@opensecurityfoundation.org> Message-ID: <20080707230011.GA17541@freezion.com> On Mon,07,Jul2008, jkouns wrote: > Steve-- > We just started talking about plans for Vegas this year! Yes, we are up > for the annual VIM gathering. And we are also talking about an OSVDB > dinner again. > > For the VIM gathering, I think we just need to pick something and make > it happen. There seems to be parties every night! Back to the Shadow > Bar again Wednesday? What if you just mostly lurk and only contribute to OSVDB on a sporadic basis... still welcome at either of these? How about if pints of beer are offered as penance? ;) -- jason From jericho at attrition.org Mon Jul 7 23:02:55 2008 From: jericho at attrition.org (security curmudgeon) Date: Mon, 7 Jul 2008 23:02:55 +0000 (UTC) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <20080707230011.GA17541@freezion.com> References: <48729C0A.2010402@opensecurityfoundation.org> <20080707230011.GA17541@freezion.com> Message-ID: : > For the VIM gathering, I think we just need to pick something and make : > it happen. There seems to be parties every night! Back to the Shadow : > Bar again Wednesday? : : What if you just mostly lurk and only contribute to OSVDB on a sporadic : basis... still welcome at either of these? How about if pints of beer : are offered as penance? ;) yes and yes =) Our conversation is typically centered around whining like little girls about the poor state of security research, the hurdles of maintaining VDBs and any other security woes that come to mind. Nothing fancy or official. From steve at vitriol.net Mon Jul 7 23:51:08 2008 From: steve at vitriol.net (Steve Tornio) Date: Mon, 7 Jul 2008 18:51:08 -0500 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <48729C0A.2010402@opensecurityfoundation.org> References: <48729C0A.2010402@opensecurityfoundation.org> Message-ID: <9EB69B6B-933F-4D09-8CF5-DCCF6EABE0F5@vitriol.net> Wasn't the shadow bar the one that was booked last year? Owasp, I think? On Jul 7, 2008, at 5:43 PM, jkouns wrote: > Steve-- > We just started talking about plans for Vegas this year! Yes, we > are up for the annual VIM gathering. And we are also talking about > an OSVDB dinner again. > > For the VIM gathering, I think we just need to pick something and > make it happen. There seems to be parties every night! Back to the > Shadow Bar again Wednesday? > --Jake > > Steven M. Christey wrote: >> Are people up for a 3rd annual VIM gathering at Black Hat or Defcon >> this >> year? Any suggestions for time and place? If I recall correctly, >> last >> year we had a minor glitch because we accidentally chose the same >> place/time as the WASC gathering. >> - Steve From lyger at attrition.org Tue Jul 8 00:01:49 2008 From: lyger at attrition.org (lyger) Date: Tue, 8 Jul 2008 00:01:49 +0000 (UTC) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <9EB69B6B-933F-4D09-8CF5-DCCF6EABE0F5@vitriol.net> References: <48729C0A.2010402@opensecurityfoundation.org> <9EB69B6B-933F-4D09-8CF5-DCCF6EABE0F5@vitriol.net> Message-ID: Yes. Was really packed, and they're apparently saying that there won't be any RSVPs for this year... On Mon, 7 Jul 2008, Steve Tornio wrote: ": " Wasn't the shadow bar the one that was booked last year? Owasp, I think? ": " ": " ": " ": " On Jul 7, 2008, at 5:43 PM, jkouns ": " wrote: ": " ": " > Steve-- ": " > We just started talking about plans for Vegas this year! Yes, we are up ": " > for the annual VIM gathering. And we are also talking about an OSVDB ": " > dinner again. ": " > ": " > For the VIM gathering, I think we just need to pick something and make it ": " > happen. There seems to be parties every night! Back to the Shadow Bar ": " > again Wednesday? ": " > --Jake ": " > ": " > Steven M. Christey wrote: ": " > > Are people up for a 3rd annual VIM gathering at Black Hat or Defcon ": " > > this ": " > > year? Any suggestions for time and place? If I recall correctly, last ": " > > year we had a minor glitch because we accidentally chose the same ": " > > place/time as the WASC gathering. ": " > > - Steve From bugtraq at cgisecurity.net Tue Jul 8 01:20:03 2008 From: bugtraq at cgisecurity.net (bugtraq at cgisecurity.net) Date: Mon, 7 Jul 2008 21:20:03 -0400 (EDT) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: Message-ID: <20080708012003.55517.qmail@cgisecurity.net> The OWASP/WASC party was slammed last year yes. I sent a link in an earlier email providing info on getting in. - Robert http://ww.webappsec.org/ > > > Yes. Was really packed, and they're apparently saying that there won't be > any RSVPs for this year... > > > On Mon, 7 Jul 2008, Steve Tornio wrote: > > ": " Wasn't the shadow bar the one that was booked last year? Owasp, I think? > ": " > ": " > ": " > ": " On Jul 7, 2008, at 5:43 PM, jkouns > ": " wrote: > ": " > ": " > Steve-- > ": " > We just started talking about plans for Vegas this year! Yes, we are up > ": " > for the annual VIM gathering. And we are also talking about an OSVDB > ": " > dinner again. > ": " > > ": " > For the VIM gathering, I think we just need to pick something and make it > ": " > happen. There seems to be parties every night! Back to the Shadow Bar > ": " > again Wednesday? > ": " > --Jake > ": " > > ": " > Steven M. Christey wrote: > ": " > > Are people up for a 3rd annual VIM gathering at Black Hat or Defcon > ": " > > this > ": " > > year? Any suggestions for time and place? If I recall correctly, last > ": " > > year we had a minor glitch because we accidentally chose the same > ": " > > place/time as the WASC gathering. > ": " > > - Steve > From str0ke at milw0rm.com Tue Jul 8 03:01:22 2008 From: str0ke at milw0rm.com (str0ke) Date: Mon, 07 Jul 2008 22:01:22 -0500 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: References: <48729C0A.2010402@opensecurityfoundation.org> <20080707230011.GA17541@freezion.com> Message-ID: <4872D882.1010304@milw0rm.com> security curmudgeon wrote: > : > For the VIM gathering, I think we just need to pick something and make > : > it happen. There seems to be parties every night! Back to the Shadow > : > Bar again Wednesday? > : To bad it won't be Thursday :) Would of loved to meet up. /str0ke From jericho at attrition.org Tue Jul 8 03:05:38 2008 From: jericho at attrition.org (security curmudgeon) Date: Tue, 8 Jul 2008 03:05:38 +0000 (UTC) Subject: [VIM] zoo - amavis - barracuda cross-ref problems In-Reply-To: References: Message-ID: On Wed, 25 Jul 2007, Steven M. Christey wrote: Whee, time to dig up the past! Clearing my mailbox, I revisted this and noticed: : CVE didn't pick up SA25315, and we didn't independently notice the : AMaViS advisory, which is why it wasn't mentioned. The phrasing for : 2007-1669 definitely could have been better, instead of emphasizing : Barracuda so much. I've changed both CVEs to mention AMaViS : specifically. : : Note that the AMaViS advisory implies that the problem only occurs when : AMaViS is installed on a system that already independently has the : vulnerable ZOO software. So, this isn't necessarily a case of borrowed : code appearing in AMaViS, rather a defense-in-depth measure like when : Mozilla recently defended itself against the IE argument injection : issue. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1669 zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1673 unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. -- Appears that these now overlap and are likely duplicates, where 1673 shows a little more detail (unzoo.c), and 1669 has a better affected product list. From coley at linus.mitre.org Tue Jul 8 22:13:28 2008 From: coley at linus.mitre.org (Steven M. Christey) Date: Tue, 8 Jul 2008 18:13:28 -0400 (EDT) Subject: [VIM] MS08-038 also fixes CVE-2008-0951 Message-ID: ran across this accidentally. from MS08-038: "Besides the changes that are listed in the .Vulnerability Details. section of this bulletin, this security update also resolves a publicly known issue with Autorun functionality ... This corrects the issue identified in CVE-2008-0951 on Windows Vista and Windows Server 2008." From theall at tenablesecurity.com Fri Jul 11 13:49:14 2008 From: theall at tenablesecurity.com (George A. Theall) Date: Fri, 11 Jul 2008 09:49:14 -0400 Subject: [VIM] Zen Cart 1.3.8 Multiple Local File Inclusion Vulnerabilities Message-ID: FWIW, Zen Cart includes a .htaccess file in 'admin/includes' that prevents remote access to any PHP files in that directory: theall at lab:/var/www/localhost/htdocs/zencart>cat admin/ includes/.htaccess # $Id: .htaccess 2996 2006-02-09 00:42:17Z drbyte $ # # This is used with Apache WebServers # The following blocks direct HTTP requests in this directory recursively # # This does not affect PHP include/require functions # # Example: direct access to http://server/admin/includes/application_top.php will not work with the following installed Order Deny,Allow Deny from all Allow from localhost This file is included in 1.3.8, which CraCkEr reports as affected as well as 1.3.7 and 1.3.8a, which is current. As a result, the local file include issues by milw0rm 6038 / BID 30179 aren't likely to be exploitable in practice -- not only would you need to have register_globals enabled as the advisory notes, but the target would need to be running a web server that doesn't grok .htaccess files or ignores them. George -- theall at tenablesecurity.com From str0ke at milw0rm.com Fri Jul 11 14:05:40 2008 From: str0ke at milw0rm.com (str0ke) Date: Fri, 11 Jul 2008 09:05:40 -0500 Subject: [VIM] Zen Cart 1.3.8 Multiple Local File Inclusion Vulnerabilities In-Reply-To: References: Message-ID: <487768B4.5000605@milw0rm.com> Removing from the front end. Thanks George, /str0ke George A. Theall wrote: > FWIW, Zen Cart includes a .htaccess file in 'admin/includes' that > prevents remote access to any PHP files in that directory: > > theall at lab:/var/www/localhost/htdocs/zencart>cat > admin/includes/.htaccess > # $Id: .htaccess 2996 2006-02-09 00:42:17Z drbyte $ > # > # This is used with Apache WebServers > # The following blocks direct HTTP requests in this directory > recursively > # > # This does not affect PHP include/require functions > # > # Example: direct access to > http://server/admin/includes/application_top.php will not work with > the following installed > > > Order Deny,Allow > Deny from all > Allow from localhost > > > This file is included in 1.3.8, which CraCkEr reports as affected as > well as 1.3.7 and 1.3.8a, which is current. > > As a result, the local file include issues by milw0rm 6038 / BID 30179 > aren't likely to be exploitable in practice -- not only would you need > to have register_globals enabled as the advisory notes, but the target > would need to be running a web server that doesn't grok .htaccess > files or ignores them. > > George From theall at tenablesecurity.com Mon Jul 14 19:40:47 2008 From: theall at tenablesecurity.com (George A. Theall) Date: Mon, 14 Jul 2008 15:40:47 -0400 Subject: [VIM] Pluck Local File Inclusion Message-ID: Has anyone looked at the advisory about local file include issues in Pluck (BID 30218 / http://archives.neohapsis.com/archives/bugtraq/2008-07/0106.html)? It seems like the issues aren't generally exploitable if you call the affected script directly since the directories embedded in calls to include() -- "data/inc/lang", "data/content", and "data/blog" -- are located at the base of the application's install directory rather than under "data/inc/themes". Or do I just mis-understand how PHP sets the current working directory when calling a script? George -- theall at tenablesecurity.com From str0ke at milw0rm.com Mon Jul 14 20:00:20 2008 From: str0ke at milw0rm.com (str0ke) Date: Mon, 14 Jul 2008 15:00:20 -0500 Subject: [VIM] Pluck Local File Inclusion In-Reply-To: References: Message-ID: <487BB054.7060001@milw0rm.com> George A. Theall wrote: > Has anyone looked at the advisory about local file include issues in > Pluck (BID 30218 / > http://archives.neohapsis.com/archives/bugtraq/2008-07/0106.html)? It > seems like the issues aren't generally exploitable if you call the > affected script directly since the directories embedded in calls to > include() -- "data/inc/lang", "data/content", and "data/blog" -- are > located at the base of the application's install directory rather than > under "data/inc/themes". Or do I just mis-understand how PHP sets the > current working directory when calling a script? Your right it shouldn't work, but under windows its a different story (at least was in the past). I believe its like so. # *nix ls -la data/../../../../../../etc/passwd << won't work if the data directory doesn't exist. # win dir data\..\..\..\..\..\..\boot.ini << works with or without the directory. /str0ke From theall at tenablesecurity.com Mon Jul 14 20:05:57 2008 From: theall at tenablesecurity.com (George A. Theall) Date: Mon, 14 Jul 2008 16:05:57 -0400 Subject: [VIM] Pluck Local File Inclusion In-Reply-To: <487BB054.7060001@milw0rm.com> References: <487BB054.7060001@milw0rm.com> Message-ID: <0BBCB634-23BF-4FF4-9B93-7BF2C0D2A10C@tenablesecurity.com> On Jul 14, 2008, at 4:00 PM, str0ke wrote: > Your right it shouldn't work, but under windows its a different story Yeah, that's why I hedged by saying "generally exploitable". I also figured it's is why I hadn't seen you add this to milw0rm. George -- theall at tenablesecurity.com From str0ke at milw0rm.com Mon Jul 14 20:13:56 2008 From: str0ke at milw0rm.com (str0ke) Date: Mon, 14 Jul 2008 15:13:56 -0500 Subject: [VIM] Pluck Local File Inclusion In-Reply-To: <0BBCB634-23BF-4FF4-9B93-7BF2C0D2A10C@tenablesecurity.com> References: <487BB054.7060001@milw0rm.com> <0BBCB634-23BF-4FF4-9B93-7BF2C0D2A10C@tenablesecurity.com> Message-ID: <487BB384.1070900@milw0rm.com> George A. Theall wrote: > On Jul 14, 2008, at 4:00 PM, str0ke wrote: > >> Your right it shouldn't work, but under windows its a different story > > Yeah, that's why I hedged by saying "generally exploitable". I also > figured it's is why I hadn't seen you add this to milw0rm. > Was waiting on the authors reply after he submitted it in (just never replied :), the advisory is false with how he shows the inclusion on a nix system but oh well. Guess ill post it now with the right info. Be safe man, /str0ke From coley at mitre.org Thu Jul 17 05:34:54 2008 From: coley at mitre.org (Steven M. Christey) Date: Thu, 17 Jul 2008 01:34:54 -0400 (EDT) Subject: [VIM] Wizi Wiki Wig LFI - maybe not code execution Message-ID: <200807170534.m6H5YsbS024768@faron.mitre.org> http://www.milw0rm.com/exploits/6042 Some VDBs are reporting code execution as a consequence. However, brief (but not comprehensive) investigation of index.php suggests a vulnerable function of traiter_article(), which does a file_exists test with fopen/fread operations, so this might be just a "read arbitrary files" consequence. I haven't investigated all possible vectors, however. There's also a preg_replace() function on that file's contents but as I vaguely remember, that's not the regexp function that lets you feed executable content. Might lead to some interesting attacks however. - Steve From rkeith at securityfocus.com Thu Jul 17 17:05:03 2008 From: rkeith at securityfocus.com (Rob Keith) Date: Thu, 17 Jul 2008 11:05:03 -0600 Subject: [VIM] Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC Message-ID: <487F7BBF.1070605@securityfocus.com> Hey, Does anyone have any additional information on this exploit posted to milw0rm today? KingCope mentions its a +-1day (whatever that is), so curious if it is related to the recent patch sent out by Oracle; they addressed a number of issues in BEA Weblogic... http://www.milw0rm.com/exploits/6089 Thanks! -Rob From str0ke at milw0rm.com Thu Jul 17 18:30:52 2008 From: str0ke at milw0rm.com (str0ke) Date: Thu, 17 Jul 2008 13:30:52 -0500 Subject: [VIM] Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC In-Reply-To: <487F7BBF.1070605@securityfocus.com> References: <487F7BBF.1070605@securityfocus.com> Message-ID: <487F8FDC.5030607@milw0rm.com> I have named the exploit and placed kcope's code in the wrong section. It has been updated. /str0ke It is a zeroday which is released. Therefore a +-1day. It should normally not be patched because the bug is in the FRONTEND in the architecture. mod_wl (mod weblogic), which runs on the front of big architectures. It is inside the Apache Module not in Bea Weblogic itself. Zeeya Rob. /kcope--2008 Rob Keith wrote: > Hey, > > Does anyone have any additional information on this exploit posted to > milw0rm today? KingCope mentions its a +-1day (whatever that is), so > curious if it is related to the recent patch sent out by Oracle; they > addressed a number of issues in BEA Weblogic... > > http://www.milw0rm.com/exploits/6089 > > Thanks! > -Rob > > From jericho at attrition.org Wed Jul 23 14:44:44 2008 From: jericho at attrition.org (security curmudgeon) Date: Wed, 23 Jul 2008 14:44:44 +0000 (UTC) Subject: [VIM] Open source, open to attack Message-ID: http://www.gcn.com/online/vol1_no1/46693-1.html [..] The study found a total of 44,233 vulnerabilities in the 4.25 million lines of code examined. Hipergate 3.0.26 topped the list with 14,425 vulnerabilities in about 81,000 lines of code. The two most common vulnerabilities overall were cross-site scripting, with 22,828, and SQL injection, with 15,612. [..] -- Seems someone could pull out many of these vulns if XSS. I'd both love and hate to see a post to Bugtraq with "1,483 XSS in ". From bugtraq at cgisecurity.net Fri Jul 25 21:12:23 2008 From: bugtraq at cgisecurity.net (bugtraq at cgisecurity.net) Date: Fri, 25 Jul 2008 17:12:23 -0400 (EDT) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <20080708012003.55517.qmail@cgisecurity.net> Message-ID: <20080725211223.70515.qmail@cgisecurity.net> Was this decided? - Robert > > > > Yes. Was really packed, and they're apparently saying that there won't be > > any RSVPs for this year... > > > > > > On Mon, 7 Jul 2008, Steve Tornio wrote: > > > > ": " Wasn't the shadow bar the one that was booked last year? Owasp, I think? > > ": " > > ": " > > ": " > > ": " On Jul 7, 2008, at 5:43 PM, jkouns > > ": " wrote: > > ": " > > ": " > Steve-- > > ": " > We just started talking about plans for Vegas this year! Yes, we are up > > ": " > for the annual VIM gathering. And we are also talking about an OSVDB > > ": " > dinner again. > > ": " > > > ": " > For the VIM gathering, I think we just need to pick something and make it > > ": " > happen. There seems to be parties every night! Back to the Shadow Bar > > ": " > again Wednesday? > > ": " > --Jake > > ": " > > > ": " > Steven M. Christey wrote: > > ": " > > Are people up for a 3rd annual VIM gathering at Black Hat or Defcon > > ": " > > this > > ": " > > year? Any suggestions for time and place? If I recall correctly, last > > ": " > > year we had a minor glitch because we accidentally chose the same > > ": " > > place/time as the WASC gathering. > > ": " > > - Steve > > > From coley at linus.mitre.org Sat Jul 26 00:15:34 2008 From: coley at linus.mitre.org (Steven M. Christey) Date: Fri, 25 Jul 2008 20:15:34 -0400 (EDT) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <20080725211223.70515.qmail@cgisecurity.net> References: <20080725211223.70515.qmail@cgisecurity.net> Message-ID: On Fri, 25 Jul 2008 bugtraq at cgisecurity.net wrote: > Was this decided? I don't think so. If I recall correctly, last year the people who went to Black Hat also went to Defcon, so how about Thursday at 5:30 somewhere at Caesars, or Friday at 5:30 somewhere at the Riviera? - Steve From jkouns at opensecurityfoundation.org Sat Jul 26 00:24:57 2008 From: jkouns at opensecurityfoundation.org (jkouns) Date: Fri, 25 Jul 2008 20:24:57 -0400 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: References: <20080725211223.70515.qmail@cgisecurity.net> Message-ID: <488A6ED9.8020200@opensecurityfoundation.org> The other option is to keep it on Wednesday but just meet at the pizza place we ended up at last time...... and just skip the shadow bar.... Either work for me. Steven M. Christey wrote: > On Fri, 25 Jul 2008 bugtraq at cgisecurity.net wrote: > > If I recall correctly, last year the people who went to Black Hat also > went to Defcon, so how about Thursday at 5:30 somewhere at Caesars, or > Friday at 5:30 somewhere at the Riviera? > > - Steve From coley at linus.mitre.org Sat Jul 26 00:59:04 2008 From: coley at linus.mitre.org (Steven M. Christey) Date: Fri, 25 Jul 2008 20:59:04 -0400 (EDT) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <488A6ED9.8020200@opensecurityfoundation.org> References: <20080725211223.70515.qmail@cgisecurity.net> <488A6ED9.8020200@opensecurityfoundation.org> Message-ID: On Fri, 25 Jul 2008, jkouns wrote: > The other option is to keep it on Wednesday but just meet at the pizza > place we ended up at last time...... and just skip the shadow bar.... > Either work for me. Let's give people till Tuesday the 29th to weigh in, and we'll decide then. - Steve From userdefined at dc585.info Sat Jul 26 04:17:24 2008 From: userdefined at dc585.info (Jason Ross) Date: Sat, 26 Jul 2008 00:17:24 -0400 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: References: <20080725211223.70515.qmail@cgisecurity.net> <488A6ED9.8020200@opensecurityfoundation.org> Message-ID: <20080726041724.GA14096@nomad.freezion.com> On Fri,25,Jul2008, Steven M. Christey wrote: > > On Fri, 25 Jul 2008, jkouns wrote: > > > The other option is to keep it on Wednesday but just meet at the pizza > > place we ended up at last time...... and just skip the shadow bar.... > > Either work for me. > > Let's give people till Tuesday the 29th to weigh in, and we'll decide > then. > > - Steve If lurkers get any weight in the decision, I'd like to chime in with "I'm kinda looking forward to this but don't expect to be getting in to Vegas until about 1pm on Thursday ( no BlackHat for me =/ )" So Friday at the Riv gets my vote of the options provided thus far. -- Jason From steve at vitriol.net Sat Jul 26 11:44:33 2008 From: steve at vitriol.net (Steve Tornio) Date: Sat, 26 Jul 2008 06:44:33 -0500 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: References: <20080725211223.70515.qmail@cgisecurity.net> <488A6ED9.8020200@opensecurityfoundation.org> Message-ID: <488B0E21.4050103@vitriol.net> Steven M. Christey wrote: > > Let's give people till Tuesday the 29th to weigh in, and we'll decide > then. > > - Steve > A lot of people move from Caesar's to the Riv on Thursday night, and so I'd vote for Wednesday or Friday night. From str0ke at milw0rm.com Sat Jul 26 16:46:11 2008 From: str0ke at milw0rm.com (str0ke) Date: Sat, 26 Jul 2008 11:46:11 -0500 Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: References: <20080725211223.70515.qmail@cgisecurity.net> Message-ID: <488B54D3.5070209@milw0rm.com> Steven M. Christey wrote: > On Fri, 25 Jul 2008 bugtraq at cgisecurity.net wrote: > > >> Was this decided? >> > > I don't think so. > > If I recall correctly, last year the people who went to Black Hat also > went to Defcon, so how about Thursday at 5:30 somewhere at Caesars, or > Friday at 5:30 somewhere at the Riviera? > > - Steve > > Great time. From coley at linus.mitre.org Wed Jul 30 16:54:50 2008 From: coley at linus.mitre.org (Steven M. Christey) Date: Wed, 30 Jul 2008 12:54:50 -0400 (EDT) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: <488B54D3.5070209@milw0rm.com> References: <20080725211223.70515.qmail@cgisecurity.net> <488B54D3.5070209@milw0rm.com> Message-ID: OK, let's have the gathering on Friday night at 5:30 PM at or near the Riviera. Any suggestions for a specific location to meet? I'm not familiar with that part of Vegas. One essential requirement, of course, is that they serve alcohol. - Steve From jericho at attrition.org Wed Jul 30 17:54:20 2008 From: jericho at attrition.org (security curmudgeon) Date: Wed, 30 Jul 2008 17:54:20 +0000 (UTC) Subject: [VIM] 3rd annual VIM gathering? In-Reply-To: References: <20080725211223.70515.qmail@cgisecurity.net> <488B54D3.5070209@milw0rm.com> Message-ID: : OK, let's have the gathering on Friday night at 5:30 PM at or near the : Riviera. Any suggestions for a specific location to meet? I'm not : familiar with that part of Vegas. One essential requirement, of course, : is that they serve alcohol. Across the street is the Hilton, and the Star Trek deal is on the way out (/mourn). Could do it there and help send off Quark's bar with talk of VDBs and Core Reactors!