Bach & Böck

Hanno Böck is a Hacker and freelance journalist. He regularly covers IT security issues for the German IT news webpage and writes the monthly Bulletproof TLS Newsletter. He also runs the Fuzzing Project, an effort funded by the Linux Foundation's Core Infrastructure Initiative to support the security of free and open source software.

Benjamin Balder Bach works as Community and Software Developer in the NGO Learning Equality. The NGO develops educational software for offline contexts. He works with Django, open source communities and software distribution. In the rest of his time, he refurbishes computers from Danish companies in the civic society FAIR, contributing to solutions for secondary schools in Malawi and logistics for large-scale refurbishment of ICT equipment. He is also an active member of and Django Denmark.

URLs for Bach & Böck


Talk Package Mis-Management

An increase in demand for quick and easy distribution of software is pushing risky practices.

Package management systems claim to manage packages, but they leave a lot to desire. The perception that users are stupid and can't understand command line, has turned many unsafe practices that were meant to quickly install a pre-released package into primary means of distribution.

We look at some of the most popular open source distribution mechanisms and share our view through recent incidents, a little bit of research and some suggestions for attack vectors.

Scheduled Instances of "Package Mis-Management"