MetaBUG

This month, we’re not having a meeting. We’re just going to meet at Nottingham’s in Columbia for Beer and BSD (stolen from PhxBUG) at 6:30 PM EDT (22:30 UTC).

Nottingham’s Address:
8850 Stanford Blvd, Suite 1100
Columbia, MD 21045

See you there!

It’s just that time of year, so this month will be a Beer & BSD gathering at Casey Moore’s!

More information is available on the PhxBUG web site.

Note: the meeting starts at 01:30 UTC.

Peter Hessler will be giving a talk about the OpenBSD-Newbies mailing list, including some stats, some useful lessons learned, and the few bad things that happened!

Usual details: June 5, 7pm , Metreon at 4th and Mission in San Francisco. Easy access to BART/Muni and my new job :). More information is available on the SFOBUG website.

Note: the meeting starts at 02:00 UTC.

Our May CapBUG meeting will be May 29 at 6:30 PM (22:30 UTC).

This month, we’ll have Marcus Ranum give his talk on dumb ideas in computer security. From his website:

“Let me introduce you to the six dumbest ideas in computer security. What are they? They’re the anti-good ideas. They’re the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying ‘trying to ignore reality.’ Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don’t fully understand the situation, but other times it’s just a bunch of savvy entrepreneurs with a well-marketed piece of junk they’re selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.”

This meeting will also be broadcast as part of MetaBUG.

We will again hold this month’s meeting at Raba in Columbia, MD.

Mistakes to Lure Hackers: Vulnerability 2.0

Matt Fisher, SPI Dynamics
March 27, 2007

Matt Fisher presented his talk entitled Mistakes to Lure Hackers: Vulnerability 2.0 at the CapBUG meeting in Columbia, MD. Matt introduced the audience to modern web application vulnerabilities including cross-site scripting, SQL injection and even “blind” SQL injection.

Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we’ll examine some of the factors going into the “new web” that makes them so vulnerable to script attacks.

Editor’s Note: I personally saw this talk in NYC and am very grateful Matt was able to present it again for our group. This was the first MetaBUG video recording/streaming, and the quality suffers a bit. We have learned quite a bit from just our first session and expect that future presentations will be much improved in both video and audio quality.

[MP4] Mistakes to Lure Hackers: Vulnerability 2.0 - 95MB

The video is also available at Google Video.

© 2007. Some rights reserved. You are free to copy, distribute, display and link to the work under the following conditions: you must attribute the work to the author, Matt Fisher, SPI Dynamics.

Location:
ASU, Tempe Center Map

Time:
April 3, 2007: 7:00 PM - 9:00 PM PST

Details:
This month is a Mystery Presentation! Either Darren Spruell, Darrin Chandler, or some random person will be presenting LDAP or something completely unrelated to LDAP! Chances are good that we’ll be meeting at GIOS, at ASU’s Tempe Center. This month’s presentation will also be broadcast live over the Internet, unless it isn’t.

Whatever happens, it is EXTREMELY likely that we’ll meet for libations and grub after the presentation at Casey Moore’s Oyster House.

Tempe Center is located on the Southeast corner of Mill Ave & University Dr. GIOS is in the Southeast corner of the plaza. Free parking beginning at 7pm MST (not MDT).

Note: the meeting starts at 02:00 UTC.

Fresh off his interview with Will Backman on bsdtalk, Jason will be giving a talk and demonstration on PF, CARP and pfsync at the April CapBUG meeting. The demonstration will include using two Soekris embedded devices with OpenBSD configured as a redundant carp pair. Though highly dramatic, I doubt Jason will use the infamous “axe” technique to show failover. I guess it depends on how much caffeine he had that day.

Due to the availability of equipment, we will hold this month’s meeting at Raba in Columbia, MD at 6:30 PM EDT. We will again broadcast this talk as part of MetaBUG.

Note: the meeting starts at 22:30 UTC.

Peter Hessler will be exploring xenocara, the new modular X, which has now replaced the old XF4 in OpenBSD-current. See SFOBUG for location and other details.

Note: the meeting starts at 02:00 UTC.

The MetaBUG is proud to present our first official video presentation this evening. Matt Fisher will be presenting his Vulnerability 2.0 talk at the Capital Area BSD Users Group. The CapBUG meeting starts at 6:30pm EDT (-04:00 GMT); we expect to have the video stream started shortly thereafter, with Matt’s talk beginning around 6:45pm EDT.

We welcome all MetaBUG members world-wide to join us for Matt’s presentation. Please remember that the stream will be via RTSP using H.264/AAC codecs. If you have any questions about platform support with the stream, please refer to this post.

RTSP URL: rtsp://live.metabug.org:8000/metabug.sdp

Live Stream

We’ve finally added polls to the MetaBUG site. Now that our membership is really taking off, we’d like to get a sample of how our BSD usage breaks down. What’s your favorite BSD?

 Loading ...