10^th Libre Software Meeting

Description : This talk will make a feedback on the LinuxFR.org website (an eleven years old website) from a security point of view.

LinuxFr.org as a high traffic web site which stores personal datas has a lot of experience in the security area : information leaking, XSS and CSRF breaches, random generation errors, social engineering against LinuxFr.org users and more.

We will disclose our security problems and the solutions we used because LinuxFr.org is a site by the free software community for the free software community. Security by obscurity is not the way we want to use, a way used by many gov or commercial sites.

This talk will not be very interesting for security experts but may be useful for security beginners or people having a web site and interested in its security.

Speakers : Benoit Sibaud et Bruno Michel.

Benoit Sibaud : engineer in a network R&D center. April.org president. LSM/RMLL organization member since 2005 (2009 Communities topic co-chairman).

Bruno Michel : web projects lead developper.