This year, the Hellenic Linux Users Group, is organizing the Linux
Beer Wanderung (Linux Beer Hike), “a week-long event which takes place
in a different European country each summer, drawing together Open
Source software enthusiasts from more than a dozen different countries,
for a combination of talks, presentations, hands-on mini-projects,
outdoor exercise, and good food and drink”. The event is self-funded and
you can find more at http://lbw2007.hellug.gr/

Since Greece is very low on the CAcert horizon, we would really like to
start having things rolling at the LBW. A short survey I made suggests
that there is only one person on the LBW mailing list (from London) that
can give only 35 points but unfortunately will not be joining the event
in Crete this year. Even if 3-4 people that will be coming to the event
get assured by him or someone else, I doubt that we can achieve the
critical mass to get things rolling on their own in Greece.

Anyone interested to help, please contact CAcert.

If you live near Belgium, and want to get CAcert assured, please come to Fosdem next weekend.
Both events are free.

See http://www.fosdem.org for the lecture schedule and http://wiki.cacert.org/wiki/FosDem2007 for more information about the CAcert event.

The Linux User Group Backnang is organizing a meeting with the subject on free security infrastructure, especially GnuPG and CAcert.

Everyone in the area is invited to come and get some cacert-points.

http://www.lug-bk.de/

We have good news: The migration has finished successfully.
The bad news is that we had a network outage today due to several broken (and wrongly configured) routers of the telecom, which took us 12 hours in total to fix all of them again.
To improve reliability and availability we are currently planning to add more datacenters for non-core but critical services around the planet. If you are interested to sponsor hosting capacities, please contact us.

We are in the final phase of testing the new server and we will be moving services tomorrow, and there will be an outage starting about 3PM GMT for potentially several hours while data is synchronised between servers and we make sure everything works before letting things go live.

This outage will effect the primary server/services only, the mailing list and wiki etc will not be effected as these were already transferred previously.

We apologise in advance for any inconvenience this may cause anyone however this should finalise the change over and restore all services currently not working.

An announcement will be made once everything is working again.

You have the chance to get assured on the linuxday.lu
Event from 1st and 2nd February 2007 in Luxembourg.

Further Information on the Linuxday.lu website or
on the Linuxdy.lu Agenda.

We've released a beta product to display the CAcert logo and indicate if
the site has a valid certificate or not.

We are after testers to verify if the site stamp works in all
circumstances possible, (ie no false positives, and no false negatives),
and is efficiently displayed in a timely fashion.

Please see http://stamp.cacert.org for more details.

Every where I look lately I see a post about the EV (extended verification) certificates, the articles against are more or less pointing out what others and myself have posted in the past, or a watered down version.

All the articles for EV certificates keep pushing the same line how it will prevent phishing, but this will only be prevented for the top 1 or 2 sites at most, I guess these are the easiest for Verisign to exploit for cash, the company “thinks” they’re getting a good deal, and Verisign gets a fat bank account, win win right?

Wrong, the end user will still be paying the piper because this isn’t a real solution for all the sites everyone is likely to visit, everyone visits a multitude of sites for pleasure and business, and the latter is the important bit here, if we are going to a variety of sites and most smaller businesses still don’t sign up to the emperors clothes argument, either for pragmatic reasons or due to their ideological views on the topic, then users will still associate white or yellow = OK, green = OK, so white or yellow must be pretty much the same as green so we’re all back to square one.

In the mean time browsers are wasting the precious seconds some people pay security issues, and instead of guiding people on real solutions that can be applied to all sites, the browsers are selling snake oil to everyone (yet again).

Mozilla and co claim this is for their end users but I seriously must question this motive and must look to past examples of what motivates the Mozilla Foundation. Things seem awfully like every other large entity out there, the almighty buck.

The reason I state this is because of past deals with Google, but more recently when the same metrics Mozilla pushes on other developers wasn’t pushed on Verisign, nor any research conducted or anything remotely like some conclusive statement how this will help anyone beyond Verisign what are we left to conclude?

I guess what others have told me is true in some sense, Mozilla wasn’t really in the browser business because of security, but because they are a browser, and one that seems to be getting steadily worst with each release.

My advice to everyone is to take an ideological stand and unequivocally refuse to buy these certificates, further more people should scream from the roof tops that we want real security solutions, not half baked ideas to lock everyone into certain certificate authorities that are trying to reinvent the locks that held the SSL market for the past 15 years.

Don’t buy into yet another lame duck!

There is a remotely exploitable security vulnerability in Acrobat Reader 7.x :
http://www.wisec.it/vulns.php?page=9
   
Please update your Acrobat Reader.

Certificate Login (secure.cacert.org) is currently not available due to a
migration of the servers and the unavailability of enough IP addresses.
We removed the button temporarily, and will activate it again, as soon as it
works again, hopefully within the next few weeks.

Please use the Password Login on https://www.cacert.org/ instead.