MetaBUG

Fresh off his interview with Will Backman on bsdtalk, Jason will be giving a talk and demonstration on PF, CARP and pfsync at the April CapBUG meeting. The demonstration will include using two Soekris embedded devices with OpenBSD configured as a redundant carp pair. Though highly dramatic, I doubt Jason will use the infamous “axe” technique to show failover. I guess it depends on how much caffeine he had that day.

Due to the availability of equipment, we will hold this month’s meeting at Raba in Columbia, MD at 6:30 PM EDT. We will again broadcast this talk as part of MetaBUG.

Note: the meeting starts at 22:30 UTC.

Peter Hessler will be exploring xenocara, the new modular X, which has now replaced the old XF4 in OpenBSD-current. See SFOBUG for location and other details.

Note: the meeting starts at 02:00 UTC.

The MetaBUG is proud to present our first official video presentation this evening. Matt Fisher will be presenting his Vulnerability 2.0 talk at the Capital Area BSD Users Group. The CapBUG meeting starts at 6:30pm EDT (-04:00 GMT); we expect to have the video stream started shortly thereafter, with Matt’s talk beginning around 6:45pm EDT.

We welcome all MetaBUG members world-wide to join us for Matt’s presentation. Please remember that the stream will be via RTSP using H.264/AAC codecs. If you have any questions about platform support with the stream, please refer to this post.

RTSP URL: rtsp://live.metabug.org:8000/metabug.sdp

Live Stream

Matt Fisher will be presenting his talk entitled Mistakes to Lure Hackers: Vulnerability 2.0 at this month’s CapBUG meeting. Matt is a Senior Security Engineer at SPI Dynamics and shares leadership of the Washington DC OWASP chapter.

Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we’ll examine some of the factors going into the “new web” that makes them so vulnerable to script attacks.

I was in NYC for his talk at LinuxWorld Open Solutions Summit. Although the talk is not BSD-specific, it is very informative and should be of particular interest to BSD Systems Administrators who pride themselves on high security. Matt is a very engaging speaker and highly experienced with his subject matter. This will be the first presentation to be streamed live via the MetaBUG, but if you’re in the DC area, you’ll still want to come out and see it live! The meeting location is at SPARTA in Columbia, MD.

Directions to SPARTA

Location:
ASU, Tempe Center Map

Details:
This month’s presentation will be “An Introduction to Honeyd: A HoneyNet in a Jar“, co-sponsored by LOPSA-US-AZ, the Arizona chapter of the League Of Professional System Administrators. Following up on Darren Spruell’s excellent presentation of HoneyNets and the HoneyNet project, I (dwc) will give a tour of honeyd, a very configurable honeynet daemon written by Niels Provos. Honeyd can be configured to emulate the network stacks of various operating systems, provide various services, and answer on unused IP addresses or whole subnets.

This month we have a new location at ASU, courtesty of Wayne. Thanks, Wayne! It’s in Tempe Center on the corner of Mill & University, with free parking from 7PM in Lot 16. Map link in the location above…
After the presentation we will meet up at Casey Moore’s Oyster House (Map) just around the corner.

Times are Phoenix local time

Our monthly CapBUG meeting takes place next week, February 27, 6:30pm at SPARTA in Columbia, MD. Jason Dixon will be doing a presentation on recommended technologies in a modern *BSD-based mailserver. The proposed setup includes Postfix, Cyrus-SASL, SSL/TLS, virtual user accounts, PostfixAdmin, OpenBSD spamd, Amavisd-new, SpamAssassin, Razor2, Courier-IMAP, and Courier authdaemond. Other technologies such as FuzzyOcrPlugin, RoundCube Webmail and server-side filtering with Courier maildrop will be touched on as well.

We’re asking for volunteers to do a short demo of their favorite *BSD-related hardware or software product. Nothing formal is required, just a basic understanding of the item(s) and a willingness to be embarrassed in front of your peers. If it’s really good, I might even buy the winner a free Guinness afterwards.

Directions to SPARTA

Times are Maryland local time.