"Today (Oct. 18) was the first day of the track schedule at
BSDCon 2000. Twelve lectures were available, split up into three
sections: security, development, and general. I was able to attend
Michael Lucas's Publishing BSD Articles, Robert Watson's DNSSEC,
Wilfredo Sanchez's MacOS X, Warner Losh's Review of NEWCARD and
Murray Stokely's Writing Secure Unix...."
"DNSSEC Over a hundred people attended Robert Watson's discussion of
DNSSEC. He briefly explained the basics of DNS and the current
setup for DNS records. Then he quickly discussed several topics and
terminology involved with DNSSEC, including crypto, DNS
security extensions to protect data transfers, security keys and
signature, NXT and certificate records. He also quickly overviewed
query/response security, BIND 9 configuration for keys, algorithms
and shared secrets, and merging CA and DNS hierarchies...."
"Writing Secure Unix
Murray Stokely covered a variety of subjects such as
buffer-overflows, bounds-checking, setuid issues ("take special
care not to run with root privilege"), chroot, jail and race
conditions. He said the StackGuard has a lack of interest in
FreeBSD because it is not fail-safe. He discussed library based
run-time bounds checking by reimplementing unsafe functions with
libparanoia (with a small code example) and libverify; but he said
they have short-comings because they only protect against a very
small set of possible security issues...."