Local NoVA Infosec Happenings

owaspdc: RT @DinisCruz #OWASP NoVA chapter meeting was great. This is what I love about OWASP, no matter where you are, you can find great people

Fri, 10 Jul 2009 11:54:08 -0700

owaspdc: RT @DinisCruz #OWASP NoVA chapter meeting was great. This is what I love about OWASP, no matter where you are, you can find great people

owaspdc: RT @planetlevel ESAPI version 2.0 preview released - lots of cool new features! http://bit.ly/hyr7Y

Fri, 10 Jul 2009 11:54:04 -0700

owaspdc: RT @planetlevel ESAPI version 2.0 preview released - lots of cool new features! http://bit.ly/hyr7Y

charmsec: Congrats to local hackerspace @baltimorenode on their successful workshop last night at MICA: http://bit.ly/KmexP Tweetable ambient orbs!

Fri, 10 Jul 2009 09:53:14 -0700

charmsec: Congrats to local hackerspace @baltimorenode on their successful workshop last night at MICA: http://bit.ly/KmexP Tweetable ambient orbs!

OWASPNoVA: via @m1splacedsoul: @DinisCruz adds IronPython support to O2. @m1splacedsoul returns favor by implementing Java Annotations query for O2 ...

Thu, 09 Jul 2009 23:20:43 -0700

OWASPNoVA: via @m1splacedsoul: @DinisCruz adds IronPython support to O2. @m1splacedsoul returns favor by implementing Java Annotations query for O2 ...

InfraGard Nations Capital Members Alliance (INCMA) - Members Only Quantico Event

Tue, 07 Jul 2009 23:45:12 -0700

When:
Friday, July 17, 2009 from 9:00 AM - 2:00 PM (ET)

Where:
FBI Academy
Driving Directions To Be Sent
Quantico, VA

Hosted By:
InfraGard - Nations Capital Members Alliance

Creating Critical Resiliency in Metropolitan Washington, DC INCMA consists of a growing membership of professionals who are creating a more resilient Critical Infrastructure in the Washington, DC metro area. These include defense industrial base, water supply systems, electrical energy, emergency services, law enforcement, health systems, gas and oil, storage and delivery, transportation, banking, and telecommunications. Our membership is voluntary yet exclusive and is comprised of individuals from both the public and private sector. The main goal of the Washington, DC Nations Capital Chapter of InfraGard is to promote ongoing dialogue, education, community outreach and timely communication between public and private members. Furthermore, to achieve and sustain risk-based target levels of capability to prevent, protect against, respond to, and recover from all hazards or events, and to minimize their impact on lives, property, and the economy. http://InfraGardNationsCapital.org

Register for this event now at :
http://incmaquanticofbi-rss.eventbrite.com

Event Details:

THIS EVENT IS LIMITED TO THE FIRST 25 MEMBERS WHO SIGN UP...REGISTRATION IS NOW CLOSED AND STAY POSTED FOR OUR NEXT EVENT IN MID-SEPTEMBER 09.

Please join your fellow INCMA members for an exclusive members only meeting.

This Member Only Event and Tour will be held at the FBI Academy

The FBI Academy is located on the United States Marine Corps Base at Quantico, Virginia. The Facility, which opened in the Summer of 1972, is situated on 385 wooded acres of land providing the security, privacy, and safe environment necessary to carry out the diverse training and operations functions for which the FBI is responsible. The DEA also has their training academy at Quantico, Virginia.

The main training complex has three dormitory buildings, a dining hall, library, a classroom building, a Forensic Science Research and Training Center, a 1,000-seat Auditorium, a chapel, administrative offices, a large gymnasium and outside track, along with a fully equipped garage. In addition to the main complex, there is a mock city known as Hogans Alley, which consists of facades replicating a typical small town. The Hogans Alley facades are primarily used for FBI and DEA New Agent Training, while behind the facades are fully functioning classrooms, audiovisual facilities, storage areas, and administrative and maintenance offices. Just beyond Hogans Alley is a 1.1 mile pursuit/defensive driving training track. The extensive firearms training provided to all FBI/DEA and other law enforcement officers is conducted at the indoor firing range, the eight outdoor firing ranges, four skeet ranges, or the 200-yard rifle range.

The FBI Academy is a secured facility and, as such, is not open to the public for tours. We will send the directions and where to meet a few days before the event via the email you register with.

Please Read:

Due to the fact that we are meeting at a secure facility and their policy requires advance information we urge you to please register in advance. PLEASE do not register unless you are a current cleared member in good standing. As a courtesy to our sponsor, please DO NOT register unless you are certain you can attend the event.

If you or your organization would like to sponsor this or a future event please let us know and we will be in contact with you directly.

charmsec: CharmSec 15 will be Wednesday July, 29. You still have time to cancel that beach trip or BlackHat booking, find a sitter, & save beer money

Tue, 07 Jul 2009 09:56:12 -0700

charmsec: CharmSec 15 will be Wednesday July, 29. You still have time to cancel that beach trip or BlackHat booking, find a sitter, & save beer money

Don't Miss HacDC + Dorkbot D.C. Today

Sun, 05 Jul 2009 22:15:33 -0700

A reminder that Tuesday, July 7 at 7:00PM, we, in concert with Dorkbot DC, will have an outstanding event with local musician Keith Sinzinger. Keith will talk about how he conceived of, researched and constructed a set of tubular bells from scrap galvanized pipe. He’ll also touch on some other ongoing musical construction projects. Following a Q&A session, he’ll demonstrate the bells as he generally uses them in performance, processed through a variety of electronic effects.

Afterwards, we will also have short talks by two HacDC regulars who exhibited at the recently-concluded Artomatic show here in D.C. Alden Hart (still aglow with kudos from his Make Magazine "LED Light Brick" article and blog mentions at Make and Boing Boing) and Elliot Williams (HacDC president and teacher extraordinaire) will present their electronic creations.

By day, Elliot is a mild-mannered government economist. By night he's a hacker, alchemist, professor, roboticist, skater, and current president of HacDC.

Alden is a hardware and software engineer who started doing gate-level design in the late '70s and has been working his way up the stack ever since... Only to fall down again a few years ago with a renewed interest in microcontrollers and electronics. His company Ten Mile Square is a small group of technology practitioners who specialize in the disciplines surrounding media and web systems.

Re: [Owasp-wash_dc_va] July 9th Chapter Meeting: dinis Cruz presents O2

Thu, 02 Jul 2009 08:24:29 -0700

2009/07/02 -- Wisseman, Stan [USA]

Re: [Owasp-washington] [Owasp-wash_dc_va] July 9th Chapter Meeting: dinis Cruz presents O2

Thu, 02 Jul 2009 08:23:40 -0700

2009/07/02 -- Wisseman, Stan [USA]

dojosec: The July DojoSec is canceled due to a conflict with the federal holiday observation this Friday. http://www.dojosec.com/?p=135

Wed, 01 Jul 2009 04:23:04 -0700

dojosec: The July DojoSec is canceled due to a conflict with the federal holiday observation this Friday. http://www.dojosec.com/?p=135

July DojoSec Canceled

Wed, 01 Jul 2009 04:21:35 -0700

The July DojoSec Monthly Briefings is canceled due to a conflict with the federal holiday observation this Friday. I hope you all enjoy your long weekend. The next DojoSec will take place on August 6, 2009. Videos from the June briefings will be released soon.

charmsec: >@oneeyedcarmen(let's try this again) AHEM!!! Job Opening! Systems Administrator in Baltimore! Healthcare company, and work with ME!

Tue, 30 Jun 2009 13:30:25 -0700

charmsec: >@oneeyedcarmen(let's try this again) AHEM!!! Job Opening! Systems Administrator in Baltimore! Healthcare company, and work with ME!

OWASPNoVA: July 9th Chapter Meeting posted: Dinis Cruz on O2: http://tinyurl.com/mj8n95 Add to calendar: http://tinyurl.com/lrxaxs

Mon, 29 Jun 2009 09:08:04 -0700

OWASPNoVA: July 9th Chapter Meeting posted: Dinis Cruz on O2: http://tinyurl.com/mj8n95 Add to calendar: http://tinyurl.com/lrxaxs

[Owasp-washington] July 9th Chapter Meeting: dinis Cruz presents O2

Mon, 29 Jun 2009 09:03:00 -0700

2009/06/29 -- John Steven

[Owasp-wash_dc_va] July 9th Chapter Meeting: dinis Cruz presents O2

Mon, 29 Jun 2009 09:02:58 -0700

2009/06/29 -- John Steven

[Owasp-wash_dc_va] Recorded Webinar - SharePoint Extranet Litigation Portals

Mon, 29 Jun 2009 08:53:58 -0700

2009/06/29 -- Aaron Stillwell

OWASPNoVA: via @m1splacedsoul: Another quality post from @oneraindrop http://tinyurl.com/ko7ctq

Sun, 28 Jun 2009 07:40:45 -0700

OWASPNoVA: via @m1splacedsoul: Another quality post from @oneraindrop http://tinyurl.com/ko7ctq

OWASPNoVA: via @m1splacedsoul: Jim Bird writes on his experience adopting SASTs: http://tinyurl.com/moj5ww

Sun, 28 Jun 2009 07:36:22 -0700

OWASPNoVA: via @m1splacedsoul: Jim Bird writes on his experience adopting SASTs: http://tinyurl.com/moj5ww

charmsec: >@aplura 10-wk FOSS proj in Balt. 3-5yrs exp. Research wiki/calendar/collab software and provide results/guidance to client. DM @aplura

Fri, 26 Jun 2009 06:49:05 -0700

charmsec: >@aplura 10-wk FOSS proj in Balt. 3-5yrs exp. Research wiki/calendar/collab software and provide results/guidance to client. DM @aplura

Re: [CapSecDC] Re: Shmoocon bag

dsach...@gmail.com (David Sachdev) — Thu, 25 Jun 2009 08:16:38 -0700

The ShmooCon bag from the year before is very durable.....last year's not so
much....I'm surprised the zippers have lasted long enough for the straps to
fray on you!

David

--
"A lie ain't a side of a story, its just a lie"
The Wire

Re: [CapSecDC] Re: Shmoocon bag

dougwilson...@gmail.com (Doug Wilson) — Thu, 25 Jun 2009 08:14:31 -0700

AppSec DC 09 aims to change this. We are working under a "no crap
schwag" rule. We'd rather not waste the resources, either monetarily or
environmentally.
It will be interesting to see if we can pull it off. And, obviously,
crap vendors give away is completely outside of this envelope.
And where were you, Mr. "start early??"

[Owasp-washington] free webinar - clientless endpoint security & power management

Thu, 25 Jun 2009 07:52:49 -0700

2009/06/25 -- Aaron Stillwell

[Owasp-wash_dc_va] free webinar - clientless endpoint security & power management

Thu, 25 Jun 2009 07:52:22 -0700

2009/06/25 -- Aaron Stillwell

Re: [CapSecDC] Shmoocon bag

sintix...@gmail.com (Jack Whitsitt) — Thu, 25 Jun 2009 05:14:44 -0700

Mine died after about a month of use. Granted, Im not soft on bags
typically, but it was obviously of really low quality. I know it's show
swag, but I liked it. Wish it had been nicer.

On Wed, Jun 24, 2009 at 5:02 PM, dallend...@gmail.com

--
Art --> [link]
Security --> [link]

hacdc: @bjepson: We have our noisemaking event today, and movie night tomorrow. Come stop by!

Thu, 25 Jun 2009 04:38:35 -0700

hacdc: @bjepson: We have our noisemaking event today, and movie night tomorrow. Come stop by!

Re: [CapSecDC] Shmoocon bag

spimattfis...@gmail.com (Matt Fisher) — Thu, 25 Jun 2009 03:49:50 -0700

this mail thread got some pretty odd Google Ads. Cornhole bags !!

USMC Gear
Drag Bag, Mats, Ballistics, Data Book, Scope Guards, Manual
BallisticTech.com
$8 for (8) Cornhole Bags
Ends SOON/Ships within 6 hours Weather Resistant Bags
[link]

Buy a TOTEaTOT
Fly Easy With Toddlers! Roll Your Child, Car Seat & Luggage w/ 1 Hand

Re: [CapSecDC] Shmoocon bag

spimattfis...@gmail.com (Matt Fisher) — Thu, 25 Jun 2009 03:48:52 -0700

it's promotional material. it's not going to be high quality.

On Wed, Jun 24, 2009 at 5:02 PM, dallend...@gmail.com

Re: [CapSecDC] Shmoocon bag

mark.bris...@gmail.com (Mark Bristow) — Wed, 24 Jun 2009 14:13:36 -0700

This is why the appsec dc bag will pwn! Can't beat a bag with 4 clip
holsters and a hidden gun pocket!

-Mark

Sent from my wireless device

On Jun 24, 2009, at 5:02 PM, "dallend...@gmail.com" <dallend...@gmail.com
> wrote:

Shmoocon bag

dallend...@gmail.com (dallendoug@gmail.com) — Wed, 24 Jun 2009 14:02:30 -0700

Has anyone else been really using their Shmoocon bag to carry a laptop? I have been recently, and am disturbed at how quickly the attach points for the straps are fraying. Is it just me?

Re: Re: [CapSecDC] Re: June CapSec this Wednesday!

mark.bris...@gmail.com — Wed, 24 Jun 2009 12:43:45 -0700

I'd love to come but there is no way i'm going to make it.

This is apparently the week to report your control system incidents making
me a busy guy!

Re: June CapSec this Wednesday!

dallend...@gmail.com (Doug Wilson) — Wed, 24 Jun 2009 12:21:11 -0700

Just a reminder, CapSec is this evening! It's a beautiful day out,
come join us in the back yard at Stetsons!

Doug

charmsec: .@linuxgeek247 happy to have ya. @philip_daigle promises to have the new blinkenlights sign too.

Mon, 22 Jun 2009 14:15:42 -0700

charmsec: .@linuxgeek247 happy to have ya. @philip_daigle promises to have the new blinkenlights sign too.

charmsec: CharmSec 14 is this Wednesday at Slainte, not Pickles, so please don't ask the staff to blast Nickleback. As usual, the show is all ages.

Mon, 22 Jun 2009 13:53:03 -0700

charmsec: CharmSec 14 is this Wednesday at Slainte, not Pickles, so please don't ask the staff to blast Nickleback. As usual, the show is all ages.

charmsec: > @dallendoug CapSec DC is this Wednesday. Now starting at 5, so you have more time or can not stay as late http://bit.ly/47GB6A

Mon, 22 Jun 2009 13:41:35 -0700

charmsec: > @dallendoug CapSec DC is this Wednesday. Now starting at 5, so you have more time or can not stay as late http://bit.ly/47GB6A

June CapSec this Wednesday!

dallend...@gmail.com (Doug Wilson) — Mon, 22 Jun 2009 13:13:51 -0700

June’s CapSec DC is this week!

Please note out new EARLIER start time, to accommodate those who don’t
want to stay in the city til all hours.

We’re going to start at 5 PM on the back deck, and we may migrate
upstairs later, depending on how the evening is going.

CapSec DC
Wednesday June 24th 5:00 PM

owaspdc: RT @dallendoug CapSec DC is this Wednesday. Now starting at 5 PM. http://bit.ly/47GB6A

Mon, 22 Jun 2009 13:11:26 -0700

owaspdc: RT @dallendoug CapSec DC is this Wednesday. Now starting at 5 PM. http://bit.ly/47GB6A

June CapSec this Wednesday!

Mon, 22 Jun 2009 13:05:19 -0700

June’s CapSec DC is this week!

Please note out new EARLIER start time, to accommodate those who don’t want to stay in the city til all hours.

We’re going to start at 5 PM on the back deck, and we may migrate upstairs later, depending on how the evening is going.

CapSec DC
Wednesday June 24th 5:00 PM

Stetson’s
1610 U St NW
Washington DC 20009

Hope to see you there!

hacdc: New post: HacDC phone rings again! http://tinyurl.com/mjdjju

Mon, 22 Jun 2009 12:16:51 -0700

hacdc: New post: HacDC phone rings again! http://tinyurl.com/mjdjju

HacDC phone rings again!

Mon, 22 Jun 2009 12:16:51 -0700

In case some of you hadn't noticed the payphone is back up and working. Thanks Serge.

That's (202) 870-5002, by the way.

A big thanks to everyone for yesterday's OSM party

Sun, 21 Jun 2009 05:50:47 -0700

I want to send my thanks to everyone who attended the OSM party yesterday. Russ said that
it was the best attended event he's seen and also the most enthusiastic, so great job to
everyone.

I also want to give a quick "Hi!" to all the people I met at the event who are lurking on
the blabber list- we had a lot of people who're on blabber hadn't yet stopped by.

A few of the folks from the local mapping community (Kate, Kate and Andrew) are
interested in making a more regular mapping event. I'll be getting the list of atendees

hacdc: Come join our OpenStreetMap Mapping Party going on right now! #openstreetmap #osm

Sat, 20 Jun 2009 08:35:23 -0700

hacdc: Come join our OpenStreetMap Mapping Party going on right now! #openstreetmap #osm

Re: [CapSecDC] Re: Next CapSec

dougwilson...@gmail.com (Doug Wilson) — Fri, 19 Jun 2009 08:20:13 -0700

I think that for this month, we are going to stick with Wednesday
(that's next week!!) since we have been beating people over the head
with "it's the last Wednesday" and start at 5 PM.

Then, we can discuss when we have critical mass this week about how it
seems to be working and migrating days or something like that.

Re: [CapSecDC] Re: hacked again....

spimattfis...@gmail.com (Matt Fisher) — Fri, 19 Jun 2009 03:28:02 -0700

I agree. zombies ahead was actually creative and witty. Whomever did this
mudkipz thing deserves a kick in the eye Bauhaus style.

Re: [CapSecDC] hacked again....

dougwilson...@gmail.com (Doug Wilson) — Thu, 18 Jun 2009 16:59:47 -0700

mudkipz?
c'mon, we can do better than that.
Actually, the football scoreboard at Woodrow Wilson Senior High (right
by Tenley) was hacked to say uP uR aSS a while back, and was flashing
that message for a whole weekend.
But really folks, the zombies one was so much better.

hacked again....

dsach...@gmail.com (David Sachdev) — Thu, 18 Jun 2009 14:18:50 -0700

[link]

charmsec: >@dojosec DojoSec invites everyone to SANSFire 2009 SANS at Night for FREE in Baltimore tonight! https://www.sans.org/sansfire09/night.php

Thu, 18 Jun 2009 09:04:21 -0700

charmsec: >@dojosec DojoSec invites everyone to SANSFire 2009 SANS at Night for FREE in Baltimore tonight! https://www.sans.org/sansfire09/night.php

dojosec: DojoSec invites everyone to SANSFire 2009 SANS at Night for FREE in Baltimore tonight! https://www.sans.org/sansfire09/night.php

Thu, 18 Jun 2009 08:51:39 -0700

dojosec: DojoSec invites everyone to SANSFire 2009 SANS at Night for FREE in Baltimore tonight! https://www.sans.org/sansfire09/night.php

hacdc: New post: Movie Night next Friday: Sita Sings the Blues http://tinyurl.com/mvqlw6

Wed, 17 Jun 2009 19:35:56 -0700

hacdc: New post: Movie Night next Friday: Sita Sings the Blues http://tinyurl.com/mvqlw6

Movie Night next Friday: Sita Sings the Blues

Wed, 17 Jun 2009 19:35:55 -0700

Join us for another HacDC movie night!

When: 8 p.m. on Friday, 26 June 2009

Where: 1525 Newton St. NW, Washington, DC 20010

As always, this event is free and open to the public, but we're asking you to RSVP via Eventbrite. Your RSVP will help us determine whether to hold this screening in our smaller space or in the church's large sanctuary area, so please let us know if you plan to come; we'll publicize the exact location by the morning of the 26th. Everyone is welcome!

Sita Sings the Blues

Directed, written, produced, designed and animated by Nina Paley; Creative Commons Attribution-Share Alike License; 82 minutes; Animation; Color, stereo; 2008

Sita is a goddess separated from her beloved Lord and husband Rama. Nina is an animator whose husband moves to India, then dumps her by email. Three hilarious shadow puppets narrate both ancient tragedy and modern comedy in this beautifully animated interpretation of the Indian epic Ramayana. Set to the 1920's jazz vocals of Annette Hanshaw, Sita Sings the Blues earns its tagline as "the Greatest Break-Up Story Ever Told."

dojosec: Matt Fisher of Piscis LLC will keynote the July 2, 2009 DojoSec Monthly Briefings.

Wed, 17 Jun 2009 17:05:36 -0700

dojosec: Matt Fisher of Piscis LLC will keynote the July 2, 2009 DojoSec Monthly Briefings.

Re: [CapSecDC] Re: Next CapSec

mish...@gmail.com (Mike Mishou) — Tue, 16 Jun 2009 19:28:09 -0700

Even though I've only been to the one, Thursday sounds really good to
me, because people generally are more forgiving of big, hungover geeks
on Fridays (oh, and the Govt. overseers never work a full
week...so...).

--Mish

DojoSec Talk at SANSFire Baltimore

Tue, 16 Jun 2009 11:16:21 -0700

DojoSec: How to Build a Hyper-Local Security Community
- Marcus Carey, DojoSec
- Thursday, June 18 * 6:00 p.m. – 7:00 p.m.

Do not leave this event to go back to your normal sequestered existence, the information security industry needs you. There are people dying for you to mentor them and the key to success in our industry is the sharing of information. After this event the attendees should go back into the local security communites and lead.

In this talk attendees will learn how Marcus started the most well attended monthly security professional meetup in the country. You will learn how that meetup has gained considerable international buzz in the information security industry. Together with the SANS Institute events, local information security professionals can keep the fire burning throughout the year by going hyper-local.

Marcus J. Carey is passionate about mentoring our current and next generation of security professionals. In Marcus’ 15 year information security career, he has worked in Navy Cryptology, at NSA, at DoD Cyber Crime Center, and currently engineers solutions for a federal agency. Marcus created DojoSec to mentor and facilitate knowledge transfer amongst information security professionals. Marcus’ skillset includes network exploitation, data forensics, secure network architecture, and log analysis. Marcus earned a Master of Science in Network Security from Capitol College in Laurel, Maryland. Marcus is also a contributor to the PaulDotCom Security Weekly Podcast and Blog.

hacdc: New post: Making Tubular Bells with Keith Sinzinger (HacDC and DorkbotDC) http://tinyurl.com/mnkfoa

Tue, 16 Jun 2009 10:30:25 -0700

hacdc: New post: Making Tubular Bells with Keith Sinzinger (HacDC and DorkbotDC) http://tinyurl.com/mnkfoa

Making Tubular Bells with Keith Sinzinger (HacDC and DorkbotDC)

Tue, 16 Jun 2009 10:30:24 -0700

On July 7 at 7:00PM, HacDC and DorkbotDC will together sponsor an event with a very innovative and interesting local musician, Keith Sinzinger.

Sinzinger goes under the performance name Fast Forty. He calls his genre of music Intense Ambient: "found sounds, altered electronics, scrap metal and other devices, blended to soothe and stimulate." His music is anchored by homemade tubular bells which he plays and routes through various audio effect processors.

He is originally from Cleveland, Ohio and his music reflects the industrial sounds of the Ford plant and the railroads of his early surroundings.

At HacDC and Dorkbot, he will explain how he conceived of, researched and constructed the tubular bells, and will then offer a demonstration of their sounds. The audience will also be able to play them afterwards.

Below one can listen to a full set of his from a recent Sonic Circuits performance, posted by District of Noise. Also see his MySpace site for more information.

Where: HacDC (1525 Newton St NW, Washington, D.C.)
Date: Tuesday, July 7, 2009
Time: 7:00PM

owaspdc: RT @AppSecDC09 Reminder! #CFP for AppSec DC 2009 ends TONIGHT at 11:59P EST! Goto http://bit.ly/ZVgpO for submission instructions.

Mon, 15 Jun 2009 09:08:31 -0700

owaspdc: RT @AppSecDC09 Reminder! #CFP for AppSec DC 2009 ends TONIGHT at 11:59P EST! Goto http://bit.ly/ZVgpO for submission instructions.

charmsec: 13.5: InGuardians, WTF, ISC^2, iframe attacks, InfoSec degrees, SANS, IOScat, CTF, Bourbon, DNSSnarf, hyper-locals, career tracks, defcon

Mon, 15 Jun 2009 06:25:50 -0700

charmsec: 13.5: InGuardians, WTF, ISC^2, iframe attacks, InfoSec degrees, SANS, IOScat, CTF, Bourbon, DNSSnarf, hyper-locals, career tracks, defcon

charmsec: Thanks @SANSInstitute for joining us last night, thanks Pickles for reminding us how nice Slainte is, and welcome students! Next meet: 6/24

Mon, 15 Jun 2009 06:17:10 -0700

charmsec: Thanks @SANSInstitute for joining us last night, thanks Pickles for reminding us how nice Slainte is, and welcome students! Next meet: 6/24

charmsec: @charmsec is starting, signless sharing the end table out front.

Sun, 14 Jun 2009 16:09:38 -0700

charmsec: @charmsec is starting, signless sharing the end table out front.

charmsec: > @grantstavely Expecting a lot of 8:15ish SANSFire folks at @CharmSec after the evening talk. Will be at Pickles around 7PM tonight.

Sun, 14 Jun 2009 09:13:58 -0700

charmsec: > @grantstavely Expecting a lot of 8:15ish SANSFire folks at @CharmSec after the evening talk. Will be at Pickles around 7PM tonight.

hacdc: New post: HacDC starts funding for USRP2 - Bringing RF / software radio research to DC! http://tinyurl.com/mt98gu

Fri, 12 Jun 2009 08:33:35 -0700

hacdc: New post: HacDC starts funding for USRP2 - Bringing RF / software radio research to DC! http://tinyurl.com/mt98gu

HacDC starts funding for USRP2 - Bringing RF / software radio research to DC!

Fri, 12 Jun 2009 08:33:34 -0700

Do you wish you had truly universal communication device? A device that is a cell phone and can connect using GPRS, 802.11 Wi-Fi, 802.16 WiMax, a satellite hookup or any emerging standard, as well as GPS, GLONASS or both?

The HacDC has started a fundraising campaign to acquire a Universal Software Radio Peripheral (USRPv2) from Ettus Research.

Some projects that the USRP can be used for:

RFID reader
RF Test Equipment
Cellular base station
GPS receiver
FM radio receiver
FM radio transmitter
Digital television decoder
Passive radar
An amateur radio

HacDC will use the USRPv2 to research Radio Frequency (RF) / Software Radio! / Digital Signal Processing (DSP) and open up classes and teach these subjects to the DC community. As always our classes and study groups our free and open to the public, so donate, join (www.hacdc.org) and help build a new RF / software radio group in DC!

DONATE HERE: http://pledgie.com/campaigns/4801

Below are the details of the USRPv2 from Ettus’ website:

The Universal Software Radio Peripheral product family allows you to create a software radio using any computer with a USB2 or Gigagbit ethernet port. Various plug-on daughterboards allow the USRP and USRP2 to be used on different radio frequency bands. Daughterboards are available from DC to 5.9 GHz at this time. The entire design of the USRP family is open source.

The USRP and USRP2 work with GNU Radio, a free-software (open source) framework for the creation of software defined radios. GNU Radio works on all of the following operating systems:

* Linux
* Windows
* Max OS X, PPC and Intel processors
* FreeBSD and NetBSD

Picture below available via carrierdetect under Creative Commons Share Alike Attribution license:

[Owasp-wash_dc_va] Free Training Webinar- Planning for Security in Office SharePoint Server

Fri, 12 Jun 2009 08:31:14 -0700

2009/06/12 -- Aaron Stillwell

charmsec: .@marcusjcarey, @linuxgeek247 Sunday night has advantages! Thanks everyone for the RTs.

Fri, 12 Jun 2009 05:33:58 -0700

charmsec: .@marcusjcarey, @linuxgeek247 Sunday night has advantages! Thanks everyone for the RTs.

hacdc: New post: Baltimore Hackerspace, "Node," Launches Wiki and Has First Organizational Meeting http://tinyurl.com/mgmt9w

Thu, 11 Jun 2009 21:46:46 -0700

hacdc: New post: Baltimore Hackerspace, "Node," Launches Wiki and Has First Organizational Meeting http://tinyurl.com/mgmt9w

Baltimore Hackerspace, "Node," Launches Wiki and Has First Organizational Meeting

Thu, 11 Jun 2009 21:46:43 -0700

Check it out here. Their main working page is here and their organizational mailing list is here.

If you live in the Baltimore area and are interested in hackerspaces, you may want to help get them organized and off the ground. We at HacDC wish them well.

charmsec: > @frednecksec Free Online Nessus Training (Betas, limited time offer, 1st come 1st serve, please RT) http://bit.ly/YMoYl

Thu, 11 Jun 2009 13:07:12 -0700

charmsec: > @frednecksec Free Online Nessus Training (Betas, limited time offer, 1st come 1st serve, please RT) http://bit.ly/YMoYl

charmsec: CharmSec 13.5 is this Sunday at 7PM, at Pickles. We also maintain that the fireworks over Ft. McHenry are for us. http://is.gd/Z5kJ

Thu, 11 Jun 2009 13:01:37 -0700

charmsec: CharmSec 13.5 is this Sunday at 7PM, at Pickles. We also maintain that the fireworks over Ft. McHenry are for us. http://is.gd/Z5kJ

owaspdc: RT @dallendoug - @kodefupanda and I are speaking tonight on web app sec 101 at dc php dev group. 7 PM at 702 H Street, NW, Suite 300

Wed, 10 Jun 2009 07:32:29 -0700

owaspdc: RT @dallendoug - @kodefupanda and I are speaking tonight on web app sec 101 at dc php dev group. 7 PM at 702 H Street, NW, Suite 300

IMMA July 2009 Chapter Meeting: Protecting Our Nation's Core infrastructures--Communications, Water and Energy

Wed, 10 Jun 2009 04:33:54 -0700

Start: 07/15/2009 - 8:00am

Timezone: Etc/GMT-7

InfraGard Maryland Members Alliance (IMMA) July 2009 Chapter Meeting: Protecting Our Nation's Core infrastructures--Communications, Water and Energy

The July 2009 InfraGard Maryland Member’s Alliance chapter meeting will focus on the human, physical and cyber threats to our Nation’s three core critical infrastructures; these include:

dojosec: Thanks to all the speakers who made DojoSec Monthly Briefings dare I say a Conference Thursday night!

Sat, 06 Jun 2009 12:50:54 -0700

dojosec: Thanks to all the speakers who made DojoSec Monthly Briefings dare I say a Conference Thursday night!

hacdc: New post: OpenStreetMap Mapping Party June 13th, all day http://tinyurl.com/opmusr

Sat, 06 Jun 2009 12:46:55 -0700

hacdc: New post: OpenStreetMap Mapping Party June 13th, all day http://tinyurl.com/opmusr

OpenStreetMap Mapping Party June 20th, all day

Sat, 06 Jun 2009 12:46:54 -0700

Want to make fun GPS toys, but need a base map? Don't like Google Maps'
terms and conditions? Come learn about OpenStreetMap, a free and open map
of the world editable like a wiki.

When: June 20th, from 9am to 5pm
Where: HacDC, in the Auditorium and Main Space

OWASPNoVA: Jim: Developers too optimistic to learn threat modeling. Give 'em tools & sec. APIs. Give up on making your developers competent at 'sploit

Thu, 04 Jun 2009 17:16:01 -0700

OWASPNoVA: Jim: Developers too optimistic to learn threat modeling. Give 'em tools & sec. APIs. Give up on making your developers competent at 'sploit

OWASPNoVA: Jim: there is no economic value to my organization in finding a vulnerability... the value is in fixing the vulnerability.

Thu, 04 Jun 2009 16:39:34 -0700

OWASPNoVA: Jim: there is no economic value to my organization in finding a vulnerability... the value is in fixing the vulnerability.

OWASPNoVA: Jim Routh: Build a sec. group w/ 1 person: anoint best developers 'mavens', provide continuing Ed, meet monthly, WRITE 'em GOOD PERF REVIEWS

Thu, 04 Jun 2009 16:25:13 -0700

OWASPNoVA: Jim Routh: Build a sec. group w/ 1 person: anoint best developers 'mavens', provide continuing Ed, meet monthly, WRITE 'em GOOD PERF REVIEWS

dojosec: 295 is slow, everyone take your time to DojoSec.

Thu, 04 Jun 2009 14:12:43 -0700

dojosec: 295 is slow, everyone take your time to DojoSec.

Re: [Owasp-wash_dc_va] (no subject)

Wed, 03 Jun 2009 12:21:37 -0700

2009/06/03 -- Wisseman, Stan [USA]

[Owasp-wash_dc_va] (no subject)

Wed, 03 Jun 2009 11:10:00 -0700

2009/06/03 -- Joshua Hill

[Owasp-wash_dc_va] FW: OWASP ASVS Release version published!

Wed, 03 Jun 2009 05:57:52 -0700

2009/06/03 -- Boberski, Michael [USA]

hacdc: Reminder: Peter W. Singer and "Wired for War" is tonight at HacDC. http://tinyurl.com/lopsnr

Tue, 02 Jun 2009 11:35:53 -0700

hacdc: Reminder: Peter W. Singer and "Wired for War" is tonight at HacDC. http://tinyurl.com/lopsnr

charmsec: >@dojosec This Thursday - DojoSec Monthly Briefings. Visit http://www.dojosec.com for details.

Tue, 02 Jun 2009 07:54:26 -0700

charmsec: >@dojosec This Thursday - DojoSec Monthly Briefings. Visit http://www.dojosec.com for details.

dojosec: This Thursday - DojoSec Monthly Briefings. Visit http://www.dojosec.com for details.

Tue, 02 Jun 2009 07:38:47 -0700

dojosec: This Thursday - DojoSec Monthly Briefings. Visit http://www.dojosec.com for details.

[Owasp-wash_dc_va] Bring Your Boss to Chapter Day

Mon, 01 Jun 2009 15:21:21 -0700

2009/06/01 -- John Steven

charmsec: > @SANSInstitute CharmSec invites #sansfire09 attendees, instructors, etc. to drop in at Pickles, June 14, 7pm, walking distance

Mon, 01 Jun 2009 11:40:45 -0700

charmsec: > @SANSInstitute CharmSec invites #sansfire09 attendees, instructors, etc. to drop in at Pickles, June 14, 7pm, walking distance

charmsec: @SANSInstitute sorry for the e-mail blooper, the board of directors at CharmSec has sacked those responsible, and have replied via e-mail

Mon, 01 Jun 2009 11:19:01 -0700

charmsec: @SANSInstitute sorry for the e-mail blooper, the board of directors at CharmSec has sacked those responsible, and have replied via e-mail

hacdc: New post: Peter W. Singer and "Wired for War" at HacDC on June 2 http://tinyurl.com/lopsnr

Sun, 31 May 2009 09:46:40 -0700

hacdc: New post: Peter W. Singer and "Wired for War" at HacDC on June 2 http://tinyurl.com/lopsnr

Peter W. Singer and "Wired for War" at HacDC on June 2

Sun, 31 May 2009 09:46:39 -0700

The rapid deployment of robotics platforms and systems within the military represents one of the most important present-day political and technological developments. Bestselling author and senior fellow at the Brookings Institution Peter W. Singer has written a new book about this "robotics revolution" entitled Wired for War, a broad ethical and technological look at the subject.

On Tuesday, June 2 at 7:30PM, HacDC, a "hackerspace" and creative technology collaborative in downtown Washington D.C., will host a talk and discussion with Dr. Singer. Singer has recently discussed the book on The Daily Show and The Late Late Show with Craig Ferguson and has been traveling the country presenting his findings to audiences of civilians, military personnel, and technology industry workers. As a neutral meeting-place open to engineers, technology hobbyists, and policy analysts, HacDC is an ideal location to discuss the significant ethical and political questions raised by the acceleration of military robotics. Many HacDC members build robots themselves and have a good feeling for the technological possibilities, especially in terms of offensive capabilities that technologies with off-the-shelf components might offer amateurs and small groups.

This event will be free and open to the public, and there is no need to RSVP. HacDC is several blocks away from the Columbia Heights metro station and is located in St. Stephen's Church at 1525 Newton St NW. The event will be held in the large church sanctuary space. For more details, contact Todd Fine at tdfine@gmail.com or (857) 234-0920.

Where: HacDC (1525 Newton St NW, Washington, D.C.)
Date: Tuesday, June 2, 2009
Time: 7:30PM

Also, see Singer's appearance last week on The Late Late Show with Craig Ferguson:

charmsec: .@grecs We definitely discussed Potent Potables, you are probably on to something.

Thu, 28 May 2009 09:24:11 -0700

charmsec: .@grecs We definitely discussed Potent Potables, you are probably on to something.

[Owasp-washington] UNSUBSCRIBE

Thu, 28 May 2009 09:20:38 -0700

2009/05/28 -- Cramer, Chris

charmsec: .@SANSInstitute you guys don't own the word 'FIRE' do you? CharmSecFIRE (13.5) and CharmSec 14 are slowly firming up. http://charmsec.org/

Thu, 28 May 2009 09:05:39 -0700

charmsec: .@SANSInstitute you guys don't own the word 'FIRE' do you? CharmSecFIRE (13.5) and CharmSec 14 are slowly firming up. http://charmsec.org/

dojosec: DojoSec Monthly Briefings next Thursday. Visit http://www.dojosec.com for details.

Thu, 28 May 2009 08:06:13 -0700

dojosec: DojoSec Monthly Briefings next Thursday. Visit http://www.dojosec.com for details.

dojosec: Snort.org website undergoes a major face-lift http://www.snort.org Nice!

Thu, 28 May 2009 07:14:17 -0700

dojosec: Snort.org website undergoes a major face-lift http://www.snort.org Nice!

[Owasp-washington] Fwd: [BarCamp] PrivacyCampDC 09 - June 20th, 2009

Wed, 27 May 2009 19:13:38 -0700

2009/05/28 -- David Sachdev

owaspdc: RT @dallendoug -- Reminder -- CapSec is THIS evening (yes, it's Wednesday already). Upstairs at Stetson's 1610 U St. NW at 7 PM.

Wed, 27 May 2009 08:39:53 -0700

owaspdc: RT @dallendoug -- Reminder -- CapSec is THIS evening (yes, it's Wednesday already). Upstairs at Stetson's 1610 U St. NW at 7 PM.

dojosec: Nessus 4.0.1 released http://bit.ly/AuLA7

Tue, 26 May 2009 12:11:45 -0700

dojosec: Nessus 4.0.1 released http://bit.ly/AuLA7

dojosec: DojoSec Speakers page added http://www.dojosec.com/?page_id=117

Thu, 21 May 2009 08:15:19 -0700

dojosec: DojoSec Speakers page added http://www.dojosec.com/?page_id=117

dojosec: Speakers announced for DojoSec Monthly Briefings, June 4, 2009 http://www.dojosec.com/?p=114

Thu, 21 May 2009 06:00:52 -0700

dojosec: Speakers announced for DojoSec Monthly Briefings, June 4, 2009 http://www.dojosec.com/?p=114

DojoSec Monthly Briefings for June 4, 2009

Thu, 21 May 2009 05:58:24 -0700

The speakers for DojoSec Monthly Briefings for June 4, 2009 are set. Feel free to pass this information along to a friend so they can register.

Date: June 4, 2009
Time: 6:00 – 9:30 PM
Entry Fee: $1
Location: Capitol College – Avrum Gudelsky Memorial Auditorium

–

WHAT TO DO WITH THE UNKNOWN?

Alain Zidouemba, Sourcefire – http://www.sourcefire.com

DESCRIPTION:

Clam AntiVirus is an open source anti-virus toolkit for UNIX systems. The main purpose of this software lies in the integration with mail servers enabling mail attachment scanning before the end user receives a virus. Like other anti-virus software, the engine for ClamAV has pattern matching technology at it’s heart. Updates to the malware signatures are released on a regular basis by ClamAV Researchers. When no signatures are available however, or when updates are not coming fast enough the only option is to create signatures. Fortunately, ClamAV signatures are open and this enables the administrator to fill in the gap for themselves.

BIO:

Alain Zidouemba was born in Ouagadougou, Burkina Faso. He studied Mathématiques Supérieures and Mathématiques Spéciales at the Lycée Jacques Amyot in France and Electrical and Computer Engineering at Howard University in the US. He worked in the area of network modelling and simulation at OPNET Technologies before taking a position at PestPatrol as a Spyware Researcher. He later joined Computer Associates to work on intrusion prevention and behavioral malware analysis. Alain recently became part of the Vulnerability Research Team (VRT) at Sourcefire and performs research in the areas of intrusion prevention and anti-malware.

–

HOW NOT TO GET PWND BY YOUR CLIENTS

Richard Goldberg, Esq. - http://www.goldberglawdc.com

DESCRIPTION:

In your service and employment contracts, there are certain things you should never agree to, and there are certain protections you always need. Otherwise you’re essentially betting your future, and the future of your company, on the hope that nothing will go wrong. Ever.

This talk will tell you how to keep yourself out of trouble. Topics will include dealing with “standard” contracts and “standard” provisions; what it means to “indemnify” someone else; how to protect your intellectual property and confidential information; and other dangers, including warranties and audit-rights provisions. It will also cover some negotiation strategies.

BIO:

Richard is a Java architect-turned lawyer. Having worked in software beginning in the mid-90s with commercial customers and federal/DOD contractors and agencies, Richard has represented small information security companies and some of the largest names in OpenSource.

–

GETTING PHYSICAL WITH MOBILE DEVICES

Eoghan Casey, cmdLabs

DESCRIPTION:

Acquiring and analyzing physical memory is one the more challenging aspects of mobile device forensics, but can also be one of the most rewarding. Delving into deleted data on a mobile device can uncover valuable information, particularly when an individual took steps to conceal his activities.

This seminar covers various techniques and tools for dumping and analyzing physical memory from mobile devices, including Flasher boxes. In addition, we will provide examples of items recovered from physical memory that are not accessible using most forensic tools.

As we become more adept at obtaining deleted data from physical memory, some manufacturers are taking steps to enhance the security of their devices. We will discuss potential approaches to circumventing these security measures, with the hope that we can continue to improve our abilities to recover useful information from mobile devices.

BIO:

Eoghan Casey is founding partner of cmdLabs (www.cmdlabs.com), author of the foundational book Digital Evidence and Computer Crime, and coauthor of Malware Forensics. For over a decade, he has dedicated himself to advancing the practice of incident handling and digital forensics. He helps client organizations handle security breaches and analyzes digital evidence in a wide range of investigations, including network intrusions with international scope. He has testified in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

Eoghan has performed thousands of forensic acquisitions and examinations, including e-mail and file servers, mobile devices, backup tapes, database systems, and network logs. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. In addition, he conducts research and teaches graduate students at Johns Hopkins University Information Security Institute, is editor of the Handbook of Digital Forensics and Investigation, and is Editor-in-Chief of Elsevier’s International Journal of Digital Investigation.

owaspdc: RT -- @OWASPNoVA "Bring your boss to Chapter" Day announced: http://tinyurl.com/psb4z2 Additional panel participant ideas, contact John.

Wed, 20 May 2009 20:11:53 -0700

owaspdc: RT -- @OWASPNoVA "Bring your boss to Chapter" Day announced: http://tinyurl.com/psb4z2 Additional panel participant ideas, contact John.

OWASPNoVA: "Bring your boss to Chapter" Day announced: http://tinyurl.com/psb4z2 Additional panel participant ideas/interest, contact John.

Wed, 20 May 2009 18:17:50 -0700

OWASPNoVA: "Bring your boss to Chapter" Day announced: http://tinyurl.com/psb4z2 Additional panel participant ideas/interest, contact John.

[Owasp-washington] [Invitation] "Bring your boss to Chapter Day" (Chapter Meeting) @ Thu Jun 4, 2009 (owasp-washington@lists.owasp.org)

Wed, 20 May 2009 18:16:21 -0700

2009/05/21 -- John Steven

[Owasp-wash_dc_va] [Invitation] "Bring your boss to Chapter Day" (Chapter Meeting) @ Thu Jun 4, 2009 (owasp-wash_dc_va@lists.owasp.org)

Wed, 20 May 2009 18:16:11 -0700

2009/05/21 -- John Steven

OWASPNoVA: @m1splacedsoul gave a 45 minute talk on Threat modeling at OWASP EU in Poland http://tinyurl.com/qkz24z

Wed, 20 May 2009 16:10:06 -0700

OWASPNoVA: @m1splacedsoul gave a 45 minute talk on Threat modeling at OWASP EU in Poland http://tinyurl.com/qkz24z

[Owasp-washington] TVA Cyber Security Tool Webinar developed by GMU

Wed, 20 May 2009 15:30:44 -0700

2009/05/20 -- Aaron Stillwell

owaspdc: RT @dallendoug -- CapSec DC one week from today at Stetson's on U Street. RSVP http://upcoming.yahoo.com/event/2717636/ or just show up!

Wed, 20 May 2009 12:09:58 -0700

owaspdc: RT @dallendoug -- CapSec DC one week from today at Stetson's on U Street. RSVP http://upcoming.yahoo.com/event/2717636/ or just show up!

May CapSec one week from today!

Wed, 20 May 2009 12:05:11 -0700

May’s CapSec DC is one week from today!

CapSec DC
Wednesday May 27th 7:00 PM

Stetson’s
1610 U St NW
Washington DC 20009

Hope to see you there!

hacdc: New post: Movie Night this Friday: Freedown Downtime http://tinyurl.com/p5r8ta

Sun, 17 May 2009 09:45:45 -0700

hacdc: New post: Movie Night this Friday: Freedown Downtime http://tinyurl.com/p5r8ta

Movie Night this Friday: Freedom Downtime

Sun, 17 May 2009 09:45:45 -0700

Come join HacDC for a viewing of Freedom Downtime, the documentary film made by Emmanuel Goldstein and 2600 Films about Kevin Mitnick.

This film is in direct response to the Miramax film Takedown, where the filmmakers feel that Kevin Mitnick and the hacker community are misrepresented. In this film, the filmakers search out the makers of that film a la Roger & Me as well as interview famous members of the hacker community.

When: Friday, May 22nd 8pm

Where: HacDC Main Space

This event is Free and Open to the Public!

hacdc: New post: World Metrology Day is Wednesday http://tinyurl.com/oj7no7

Sun, 17 May 2009 08:03:43 -0700

hacdc: New post: World Metrology Day is Wednesday http://tinyurl.com/oj7no7

hacdc: New post: Scratch Day http://tinyurl.com/oluopk

Fri, 15 May 2009 08:42:38 -0700

hacdc: New post: Scratch Day http://tinyurl.com/oluopk

hacdc: New post: Noisemaker Workshop: Round N+1! http://tinyurl.com/q7b6s2

Thu, 14 May 2009 10:25:53 -0700

hacdc: New post: Noisemaker Workshop: Round N+1! http://tinyurl.com/q7b6s2

hacdc: HacDC's Monthly Membership Meeting starts in a little under 2 hours!

Tue, 12 May 2009 14:43:58 -0700

hacdc: HacDC's Monthly Membership Meeting starts in a little under 2 hours!

hacdc: HacDC's mailing lists are now integrated with the forums on our website (http://hacdc.org/forum) if you prefer the web to your email client.

Mon, 11 May 2009 20:34:06 -0700

hacdc: HacDC's mailing lists are now integrated with the forums on our website (http://hacdc.org/forum) if you prefer the web to your email client.

dojosec: Go to http://www.dojosec.com for talk details

Thu, 07 May 2009 10:05:33 -0700

dojosec: Go to http://www.dojosec.com for talk details

dojosec: DojoSec streaming tonight http://stream.dojosec.com

Thu, 07 May 2009 10:03:39 -0700

dojosec: DojoSec streaming tonight http://stream.dojosec.com

dojosec: DojoSec Monthly Briefings tonight 6:00-10:00PM @ Capitol College

Thu, 07 May 2009 10:02:01 -0700

dojosec: DojoSec Monthly Briefings tonight 6:00-10:00PM @ Capitol College

hacdc: New post: Noisemaker Workshop Round 4: Sequencers http://tinyurl.com/c2jqaq

Thu, 07 May 2009 06:22:33 -0700

hacdc: New post: Noisemaker Workshop Round 4: Sequencers http://tinyurl.com/c2jqaq

owaspdc: RT @OWASPNoVA -- May 7th Meeting Introduction to Static Analysis Meeting: http://tinyurl.com/dbyobr Curriculum: http://tinyurl.com/ct58s5

Tue, 05 May 2009 14:29:35 -0700

owaspdc: RT @OWASPNoVA -- May 7th Meeting Introduction to Static Analysis Meeting: http://tinyurl.com/dbyobr Curriculum: http://tinyurl.com/ct58s5

Re: [Owasp-washington] [Owasp-wash_dc_va] [Chapter Meeting @ Thu, May 7, 6pm - 9pm

Tue, 05 May 2009 08:36:40 -0700

2009/05/05 -- Wisseman, Stan [USA]

OWASPNoVA: RT @m1splacedsoul #fs-isac Gilliam: there's sufficient savings 4 handling sec @ enterprise level; if the CIO is not they should be fired

Tue, 05 May 2009 08:31:08 -0700

OWASPNoVA: RT @m1splacedsoul #fs-isac Gilliam: there's sufficient savings 4 handling sec @ enterprise level; if the CIO is not they should be fired

OWASPNoVA: Just joined a twibe. Visit http://twibes.com/securitytwits to join

Tue, 05 May 2009 04:16:59 -0700

OWASPNoVA: Just joined a twibe. Visit http://twibes.com/securitytwits to join

OWASPNoVA: May 7th Meeting: Introduction to Static Analysis Meeting Posted: http://tinyurl.com/dbyobr Curriculum to follow: http://tinyurl.com/ct58s5

Sun, 03 May 2009 08:07:21 -0700

OWASPNoVA: May 7th Meeting: Introduction to Static Analysis Meeting Posted: http://tinyurl.com/dbyobr Curriculum to follow: http://tinyurl.com/ct58s5

[Owasp-washington] [Chapter Meeting @ Thu, May 7, 6pm – 9pm

Sun, 03 May 2009 07:35:20 -0700

2009/05/03 -- John Steven

hacdc: New post: Tuesday Talk: Making "Noise Toys" with Dave Vosh http://tinyurl.com/dg8mtf

Thu, 30 Apr 2009 22:40:36 -0700

hacdc: New post: Tuesday Talk: Making "Noise Toys" with Dave Vosh http://tinyurl.com/dg8mtf

dojosec: DojoSec Monthly Briefings’ Talks - May 7, 2009 - http://www.dojosec.com/?p=109

Wed, 29 Apr 2009 05:29:09 -0700

dojosec: DojoSec Monthly Briefings’ Talks - May 7, 2009 - http://www.dojosec.com/?p=109

DojoSec Monthly Briefings’ Talks – May 7, 2009

Wed, 29 Apr 2009 05:28:03 -0700

Location: Capitol College – Laurel, Maryland
Time: 6:00 – 9:30 PM

Please register by clicking the registration tab.

Title: Void Your Warranty

Speaker: Sean Wilkerson, Co-Founder Aplura

Description:

Typical enterprise network security architecture includes many solutions
(software and hardware) designed to do things such as enhance
visibility/detection of threats or stop unwanted traffic. Billions of
dollars are spent each year on security products which keep color graphs
on our executives desks, security managers at relative peace, and the
vendors in business, but what are these products missing?

The average IT Security administrator is slowly losing control of their
network with each appliance or turn-key solution they install. We will
discuss how to get back this control, hold your vendors and staff
accountable, and why this is critical.

This won’t be nearly as dramatic as a Fox exclusive: “When Security
Products go Bad,” however; we will discuss the larger problem and what
you can (and should) do to inspect, audit, and enhance your security
solutions.

Speaker Bio:

Sean is co-founder, partner, and consultant for Aplura, a DC-area
security consulting company. Sean has spent the last decade managing IT
and Information Security systems. For the last half of that time, Sean
has traveled to several continents for many entities, with a typical
objective to enhance network visibility and reduce analyst reaction time.

–

Title: FISMA: It doesn’t bite

Speaker: Dan Philpott, Founder FISMApedia.org

Description:

In this seminar Dan Philpott will discuss the Federal Information Security Management Act (FISMA) and the compliance regime created for it. Starting with a high level overview of FISMA the problems and possibilities, fallacies and future of the FISMA framework will be explored. The goal of this talk is to present the FISMA framework as it is intended, not a mindless exercise at paper compliance, but as guidance and method to achieve functional security scoped to the risk of operation.

Speaker Bio:

Daniel Philpott is an Information Security Consultant with OnPoint Consulting where he specializes in FISMA compliance. Daniel is founder of the FISMApedia.org wiki, a guest blogger at Guerilla-CISO.com and a FISMA instructor with Potomac Forum.

–

Title: Shining Flashlights in Dark Corners: The evolving role of information security on campus

Speaker: Eric Weakland, Director of Network Security, American University

Eric Weakland will trace his rise through the ranks of an emerging security organization, starting out in the late 1990s and continuing on into the increasingly regulated and formal security environment of the last few years. As concrete examples, Weakland will describe how the AU security team has approached more recent challenges such as encryption and web application security on campus. This interactive talk will include technical lessons learned from over a decade of practice with increasingly sophisticated tools, as well as valuable management lessons on how to best serve multiple, competing constituencies, in a chaotic campus IT environment.

Speaker Bio:

Eric Weakland is the Director of Network Security at American University in Washington DC. Eric has extensive experience in planning strategic initiatives to serve emergent information security needs in the Higher Education market. He holds a Bachelors degree from Carnegie Mellon University and a Masters of Science in Information Technology Management from American University’s Kogod School of Business.

hacdc: New post: Peter W. Singer on "Wired For War" at HacDC (June 2) http://tinyurl.com/cmcwmn

Tue, 28 Apr 2009 17:13:21 -0700

hacdc: New post: Peter W. Singer on "Wired For War" at HacDC (June 2) http://tinyurl.com/cmcwmn

owaspdc: RT - AppSecDC 2009 is now looking for Volunteers. Interested? join our mailing list! http://bit.ly/16CPc or reply or DM (via @AppSecDC09)

Tue, 28 Apr 2009 12:59:19 -0700

owaspdc: RT - AppSecDC 2009 is now looking for Volunteers. Interested? join our mailing list! http://bit.ly/16CPc or reply or DM (via @AppSecDC09)

owaspdc: RT -- CapSec DC is tomorrow! 7 PM at Stetson's, 1610 U St NW. Find us at the upstairs bar! http://bit.ly/qtdre (via @dallendoug)

Tue, 28 Apr 2009 12:49:20 -0700

owaspdc: RT -- CapSec DC is tomorrow! 7 PM at Stetson's, 1610 U St NW. Find us at the upstairs bar! http://bit.ly/qtdre (via @dallendoug)

Reminder — CapSec This Wednesday!!

Tue, 28 Apr 2009 12:23:58 -0700

Just a reminder, CapSec DC’s next meeting is this Wednesday, April 29th!

Hope to see you there!

[Owasp-washington] CapSec DC Tomorrow

Tue, 28 Apr 2009 12:18:19 -0700

2009/04/28 -- Doug Wilson

[Nova Sec] OWASP AppSec DC 2009 CALL FOR PAPERS

Tue, 28 Apr 2009 06:09:17 -0700

2009/04/28 -- Mark Bristow

hacdc: Movie Night Scheduled May 13: Rare NASA footage from the Apollo Years (http://hacdc.org/node/107)

Mon, 27 Apr 2009 19:34:59 -0700

hacdc: Movie Night Scheduled May 13: Rare NASA footage from the Apollo Years (http://hacdc.org/node/107)

dojosec: Attend Sourcefire Seminar with Martin Roesch, @mroesch, http://www.dojosec.com/?p=104

Thu, 23 Apr 2009 16:41:45 -0700

dojosec: Attend Sourcefire Seminar with Martin Roesch, @mroesch, http://www.dojosec.com/?p=104

dojosec: RT @marcusjcarey: SourceFire is sponsoring DojoSec Monthly Briefings

Thu, 23 Apr 2009 16:38:36 -0700

dojosec: RT @marcusjcarey: SourceFire is sponsoring DojoSec Monthly Briefings

Sourcefire Seminar with Martin Roesch

Thu, 23 Apr 2009 16:36:38 -0700

Attend a Sourcefire Seminar and Meet Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort®

*TOPIC: Your Network Security Isn’t Good Enough Anymore Today’s threats—and networks—are dynamic. Unfortunately, most security offered to date has been static—leaving you blind to the network. *

In this seminar, Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort® will clearly show why /today’s network security isn’t getting the job done/. He will point out why network security must be /intelligent/ to be effective—providing full network visibility, relevant context, and automated impact assessment and IPS tuning. Mr. Roesch will also show why network security must adapt to dynamic networks and threats in real time. Finally, he will share some of his vision on where network security is heading in the future.

Your network security solution may be new, but chances are it is based on outdated assumptions. How can you truly protect your network if you can’t see what is running on it, don’t know what to protect, and can’t identify the threats facing you?

Don’t you owe it to yourself and your organization to attend this seminar and then audit your network security capabilities?

Come see Martin on May 7th in McLean, VA. Register at:

http://www.sourcefire.com/news/webinars/

Tenable Network Security releases Nessus 4.0.0

Thu, 23 Apr 2009 16:31:32 -0700

Tenable Network Security is pleased to announce the release of Nessus 4.0.0.

Nessus 4 features major performance improvements, greater scalability and reduced memory usage.

You can download Nessus 4 at http://www.nessus.org/download/

Sourcefire Sponsors DojoSec

Thu, 23 Apr 2009 16:25:57 -0700

We are proud to announce that Sourcefire is sponsoring DojoSec Monthly Briefings.

Sourcefire is the world leader in real-time adaptive network security, giving organizations maximum knowledge to protect against attacks. The company was founded in January 2001 by Martin Roesch, author of open source Snort®, the world’s most downloaded intrusion detection and prevention technology with over 3.7 million downloads to date. In response to increased demand for a commercial version of the popular software, the company developed the Sourcefire 3D® System—Discover, Determine, Defend—a systematic network defense system built on Snort and designed to adapt to dynamic networks and threats in real-time. With 6 patents awarded and 37 patents pending Sourcefire has a strong commitment to innovation and continues to break new ground.

owaspdc: New address-OWASP US AppSec for 2009 will be at the Washington DC Convention Center November 10-13th Follow @AppSecDC09 for details and info

Wed, 22 Apr 2009 21:57:43 -0700

owaspdc: New address-OWASP US AppSec for 2009 will be at the Washington DC Convention Center November 10-13th Follow @AppSecDC09 for details and info

owaspdc: Apparently Twitter has outdone itself. Account collision on @AppSecDC, or hacking? Moved to @AppSecDC09 for details on the conference.

Wed, 22 Apr 2009 21:55:16 -0700

owaspdc: Apparently Twitter has outdone itself. Account collision on @AppSecDC, or hacking? Moved to @AppSecDC09 for details on the conference.

OWASPNoVA: Any Chapter Folk @ RSA? Good talks? Panels? Truly bad? Anything worth a recap in our May meeting?

Wed, 22 Apr 2009 19:04:25 -0700

OWASPNoVA: Any Chapter Folk @ RSA? Good talks? Panels? Truly bad? Anything worth a recap in our May meeting?

owaspdc: The OWASP US AppSec for 2009 will be in Washington DC at the DC Convention Center November 10-13th. Follow @AppSecDC for details and info.

Wed, 22 Apr 2009 17:01:10 -0700

owaspdc: The OWASP US AppSec for 2009 will be in Washington DC at the DC Convention Center November 10-13th. Follow @AppSecDC for details and info.

owaspdc: Jon Rose speaking on Deblaze at OWASP DC.

Wed, 22 Apr 2009 15:40:37 -0700

owaspdc: Jon Rose speaking on Deblaze at OWASP DC.

owaspdc: @AppSecEU09 we'll give you a shout out!

Wed, 22 Apr 2009 15:40:18 -0700

owaspdc: @AppSecEU09 we'll give you a shout out!

owaspdc: OWASP DC meeting this evening at 6:30 PM, Rm 650-D 2201 G St. NW at GWU. Jon Rose speaks about Deblaze, and Announcement for AppSecDC 2009!

Wed, 22 Apr 2009 11:39:07 -0700

owaspdc: OWASP DC meeting this evening at 6:30 PM, Rm 650-D 2201 G St. NW at GWU. Jon Rose speaks about Deblaze, and Announcement for AppSecDC 2009!

Re: [Nova Sec] novasec Digest, Vol 20, Issue 1

Tue, 21 Apr 2009 11:01:03 -0700

2009/04/21 -- Roman Daszczyszak

Re: [Nova Sec] Administrivia: I broke things.

Tue, 21 Apr 2009 10:33:19 -0700

2009/04/21 -- Joe Klein

owaspdc: Reminder -- OWASP DC Meeting this Wednesday. http://bit.ly/19nUQe to RSVP. Jon Rose on Deblaze, and some updates on OWASP Events.

Mon, 20 Apr 2009 14:16:12 -0700

owaspdc: Reminder -- OWASP DC Meeting this Wednesday. http://bit.ly/19nUQe to RSVP. Jon Rose on Deblaze, and some updates on OWASP Events.

[Nova Sec] Administrivia: I broke things.

Mon, 20 Apr 2009 13:25:42 -0700

2009/04/20 -- Wesley Shields

OWASPNoVA: Awh, our industry is all growed up: http://tinyurl.com/crjm4y

Fri, 17 Apr 2009 05:04:08 -0700

OWASPNoVA: Awh, our industry is all growed up: http://tinyurl.com/crjm4y

April CapSec approaching.

Thu, 16 Apr 2009 17:15:14 -0700

Where did the month go? Don’t blame it on just taxes . . . but if you want to come grip about them, Mikeyy, RSA, or anything else that’s on your mind, we have good news for you.

CapSec DC is in two weeks!

CapSec DC
Wednesday April 29th 7:00 PM

Stetson’s
1610 U St NW
Washington DC 20009

Hope to see you there!

April Videos Online

Sun, 12 Apr 2009 06:14:05 -0700

Go to the Multimedia page for all DojoSec videos.

DojoSec Monthly Briefings – April 2009 – Matthew Watchinski from Marcus Carey on Vimeo.

OWASPNoVA: Top 10 Web Hacks '08: @jeremiahg 's talk up at http://tinyurl.com/cys844

Fri, 10 Apr 2009 11:43:17 -0700

OWASPNoVA: Top 10 Web Hacks '08: @jeremiahg 's talk up at http://tinyurl.com/cys844

OWASPNoVA: via @m1splacedsoul: Glad you liked the meeting @krvw Workin' on a similar format for the next two...

Fri, 10 Apr 2009 11:00:11 -0700

OWASPNoVA: via @m1splacedsoul: Glad you liked the meeting @krvw Workin' on a similar format for the next two...

OWASPNoVA: PTPanel: @jeremiahg You can never get 100% URL coverage by crawling--what about emailed links--like password reset functionality?

Fri, 10 Apr 2009 10:51:53 -0700

OWASPNoVA: PTPanel: @jeremiahg You can never get 100% URL coverage by crawling--what about emailed links--like password reset functionality?

OWASPNoVA: PTPanel: @jeremiahg We use skill set & how concerted attack effort is--not code coverage when measuring pen tests.

Fri, 10 Apr 2009 10:51:01 -0700

OWASPNoVA: PTPanel: @jeremiahg We use skill set & how concerted attack effort is--not code coverage when measuring pen tests.

OWASPNoVA: PTPanel: @wadew Whether I spend 1hr or 3 days writing a report devs will still call & ask, 'How do I fix it?' So I just call & explain fixes

Fri, 10 Apr 2009 10:48:03 -0700

OWASPNoVA: PTPanel: @wadew Whether I spend 1hr or 3 days writing a report devs will still call & ask, 'How do I fix it?' So I just call & explain fixes

OWASPNoVA: via @m1splacedsoul: PenTestPanel-Nate Miller on gov sec: No laptop, thumb-drive, or iPhone but laptop full of hacker tools? Here's your ...

Fri, 10 Apr 2009 10:46:02 -0700

OWASPNoVA: via @m1splacedsoul: PenTestPanel-Nate Miller on gov sec: No laptop, thumb-drive, or iPhone but laptop full of hacker tools? Here's your ...

owaspdc: Reminder -- @OWASPNoVA is meeting this evening in Herndon, @jeremiahg @wadew, others speaking. Please RSVP details here: http://bit.ly/SF9n

Wed, 08 Apr 2009 09:29:11 -0700

owaspdc: Reminder -- @OWASPNoVA is meeting this evening in Herndon, @jeremiahg @wadew, others speaking. Please RSVP details here: http://bit.ly/SF9n

owaspdc: Next OWASP DC Meeting 4/22 6:30 PM at GWU. Deblaze & Flash Remoting, recent OWASP events http://bit.ly/qKrMV -- RSVP: http://bit.ly/19nUQe

Wed, 08 Apr 2009 09:19:30 -0700

owaspdc: Next OWASP DC Meeting 4/22 6:30 PM at GWU. Deblaze & Flash Remoting, recent OWASP events http://bit.ly/qKrMV -- RSVP: http://bit.ly/19nUQe

Intelligence and National Security Alliance (INSA) Provides Support to the White House 60 day Cyber Review

Tue, 07 Apr 2009 10:46:37 -0700

As many of you know, President Obama directed the National Security and Homeland Security Advisors to conduct an immediate review of the plan, programs, and activities underway throughout the government dedicated to cyber security.This 60-day interagency review will develop a strategic framework to ensure that U.S.

DojoSec April at Capitol College

Tue, 07 Apr 2009 06:54:22 -0700

Capitol College was a fabulous host to DojoSec. I want to thank our sponsors Tenable Network Security and Techguard Security for their support. The Capitol College staff and speakers were awesome. A full wrap-up is on the way.

dojosec: DojoSec Monthly Briefings April pictures @ http://blog.dustinlfritz.com

Sun, 05 Apr 2009 19:47:55 -0700

dojosec: DojoSec Monthly Briefings April pictures @ http://blog.dustinlfritz.com

dojosec: @vrt_sourcefire You guys are awesome! Thanks for the representing last night.

Fri, 03 Apr 2009 10:07:05 -0700

dojosec: @vrt_sourcefire You guys are awesome! Thanks for the representing last night.

dojosec: Thanks everyone for attending DojoSec! #dojosec

Thu, 02 Apr 2009 22:06:49 -0700

dojosec: Thanks everyone for attending DojoSec! #dojosec

April DojoSec Line-up Change

Wed, 01 Apr 2009 08:13:51 -0700

Small change in the line-up but everything is set for Capitol College. Chris Gates and Vince Marvelli had a schedule conflict and will appear in the next few months. Joseph McCray has stepped up and will deliver a brand new talk that he’ll debut at DojoSec.

Speaker: Joseph McCray

Title: Hacking Big Companies Without Getting Caught

Description:

This talk will focus on identifying and bypassing enterprise class security solutions such as Load Balancers, Intrusion Prevention Systems (IPSs), and Web Application Firewalls (WAFs).

Speaker Bio:

Joseph McCray is a leader when it comes to penetration testing. Joseph currently acts as Assessment Practice Manager at Rapid7 and is the founder of LearnSecurityOnline.com. At Rapid7, he manages and performs Blackbox & Whitebox, Wireless, and VoIP Penetration Testing, as well as performing Social Engineering.

Re: [Nova Sec] Administrivia: List Shutdown

Mon, 30 Mar 2009 21:05:47 -0700

2009/03/31 -- Paul D. Bain

Re: [Nova Sec] Administrivia: List Shutdown

Mon, 30 Mar 2009 20:12:20 -0700

2009/03/31 -- Wesley Shields

IMMA April 2009 Chapter Meeting - Protecting Infrastructures Critical to the Security of Our Nation's Economy

Mon, 30 Mar 2009 14:30:21 -0700

Start: 04/29/2009 - 12:30pm

End: 04/29/2009 - 5:00pm

Timezone: Etc/GMT-7

InfraGard Maryland Members Alliance (IMMA) April 2009 Chapter Meeting - Sustaining Our Economy: Protecting Infrastructures Critical to Our Nation's Economy

[Nova Sec] Administrivia: List Shutdown

Mon, 30 Mar 2009 12:31:45 -0700

2009/03/30 -- Wesley Shields

CapSec this Wednesday

Mon, 23 Mar 2009 21:44:38 -0700

Just a reminder, CapSec is this Wednesday, the 25th!

Introduction to IT Security Risk Management

Mon, 23 Mar 2009 12:13:30 -0700

Start: 04/15/2009 - 12:00pm

End: 04/15/2009 - 1:00pm

Timezone: Etc/GMT-7

Re: [Nova Sec] When is the next meeting? Thanks!

Sat, 14 Mar 2009 13:59:00 -0700

2009/03/14 -- Paul D. Bain

Re: [Nova Sec] When is the next meeting?

Sat, 14 Mar 2009 09:12:55 -0700

2009/03/14 -- Grecs

[Nova Sec] When is the next meeting?

Sat, 14 Mar 2009 08:49:19 -0700

2009/03/14 -- Roman Daszczyszak

March CapSec — Save the Date!

Thu, 12 Mar 2009 19:47:13 -0700

Just a reminder although I know it’s on your calendar already

CapSec DC is only two weeks away.

CapSec DC
Wednesday March 25th, 7:00 PM

Stetson’s
1610 U St NW
Washington DC 20009

Badge Contest

Thu, 05 Mar 2009 05:36:52 -0800

Folks we have a winner!

This year's badge contest was finally solved by Darth Null. He's winning a ticket to SC2010 and asks to give a shout out to Durak for his awesome squinting abilities which apparently came in handy when reading those barcodes. :)

Congrats Darth Null.

In other news, most of the speaker presos have been posted. If they're not up, it's simply because we haven't received them yet. Videos will follow soon.

February CapSec, now with venue!

Mon, 23 Feb 2009 14:51:01 -0800

CapSecDC
Wednesday February 25th, 7:00 PM

Stetson’s
1610 U St NW
Washington DC 20009

We return to Stetson after a many month absence. We will now be at the UPSTAIRS bar, go past the bouncer and up the stairs when you come in the door. We’ll have access to pitchers and wings as before, just a new, slightly more isolated (and quieter) environment.

I’ll try to wear a “hacker” t-shirt as I often do, look around for various “con” or geek shirts mixed in with people in govvie-wear to find the right crowd.

We reserve the right to change venues as the evening wears on — previously we have walked down U Street, other venues might include The Saloon or DC9. Call/email/twitter someone if you are showing up very late to check where we are.

Please RSVP here or on Upcoming if you know ahead of time that you can make it. For those of you Metro-ing, it’s 3.5 blocks from the U street Metro on the Green and Yellow lines (U Street Cardoza) Station. It’s a tad further from Dupont Circle on the Red Line, but quite doable.

CapSec for February

Thu, 19 Feb 2009 13:05:03 -0800

A reminder that CapSec DC is going to be next Wednesday the 25th (as it almost always is, on the last Wednesday of the month).

Location will be announced soon, we’re donig some research on locations still (we hope to be back at Stetson’s, but with some guaranteed space).

The ShmooCon Crew

Thu, 12 Feb 2009 17:11:09 -0800

is wiping the sleep from their eyes and slowly getting back to reality. Thanks to everyone who made it out to DC. We hope you had a good time.

Speaker presentations and videos will be online soon. Videos will take a bit longer than the slides, but we will get them up there eventually.

Please remember to leave your feedback at feedback.shmoocon.org or, if you'd rather, shoot us an email. The online review system will be available for one more week, so get your reviews in before it's too late.

Thanks again folks. Keep watching this spot for more post-con wrap up.

Day 2

Sat, 07 Feb 2009 07:58:31 -0800

and all seems to be going well. Over 1300 people are currently present.

Ads make us happy

Fri, 30 Jan 2009 10:38:54 -0800

Another ShmooCon vid from PSKL... This was sent to us with the oh so funny comment that it was just in time for that critical "all the tickets have already been sold" phase of advertising.

You can also check out previous year's video fun in our archives. (Please be aware - we no longer offer free admission in exchange for ads, but we might hook you up with some special swag.)

InfraGard Maryland Members Alliance Meeting -

Fri, 30 Jan 2009 08:33:53 -0800

Start: 02/19/2009 - 9:00am

Timezone: Etc/GMT-7

IMMA February 2009 Meeting - Interoperable Communications to Support Manmade and Natural Disasters (Rescheduled from January 28th)

LOCATION: Thales Communications, Inc. , 22616 Gateway Center Drive Clarksburg, MD 20871 (click for directions)

AGENDA:

9:00 - 9:30 am Registration and Networking

9:30 - 10:00 am Chapter Business

ShmooCon Labs

Tue, 27 Jan 2009 14:41:42 -0800

The application period for ShmooCon Labs is officially over. We've got about 30 attendees this year plus a few vendor reps and the labs staff. They'll all work pretty much non-stop to make sure the con network is up and running before ShmooCon begins on Friday - the idea being that they learn a thing or two (or three) along the way as well.

A few other things of note:

There are still a few (very few) rooms left at the Washington Hilton should anyone still be needing a hotel. Those of you who are local and maybe just want to stay in DC for Saturday night - this is a good option for you. Call 202-483-3000 and reference the code SHC for a great rate.

There is a ShmooCon Twitter feed and to (again) answer the question everyone keeps asking - yes, it really is us.

Lastly - it's snowing today in the DC area. Be sure to check those weather forecasts before heading this way.

Less than 2 weeks remaining...

Mon, 26 Jan 2009 07:20:11 -0800

The schedule is posted, speakers selected, and we're headed into the final pre-con moments.

It's not to late to gen up a Barcode ShmarCode entry or to warm up your TF2 and Halo trigger fingers - so get busy!

CapSec DC for January 2009

Thu, 22 Jan 2009 06:20:41 -0800

CapSec DC will be taking place on

January 28th, 7 PM
Buffalo Billiards in Dupont Circle
1330 19th Street Washington, D.C

Please RSVP on Upcoming

We’re going to try to meet up in the back bar there.

When you walk in, be nice to the bouncer, then head straight back and slightly to the right. There will be a set of doors past the pool tables next to the bar. We’ll be back there.

Keynote Speaker - Matt Blaze

Sun, 18 Jan 2009 10:40:35 -0800

We're happy to announce that this year's keynote speaker will be Matt Blaze.

Since 2004, Matt Blaze has been a computer science professor at the University of Pennsylvania;
prior to that, he spent a dozen years on the research staff of AT&T (Bell) Labs. Matt's work focuses on cryptography and its applications, trust management, physical and human scale security, designing secure systems, and networking and distributed computing. He's particularly interested in security related to public policy, such as cryptography policy (key escrow), wiretapping and surveillance, electronic voting, and secrecy in science.

Overflow Rooms at the Hilton

Wed, 14 Jan 2009 08:45:55 -0800

We've been able to secure a limited amount of overflow rooms at the Hilton Washington for Friday and Saturday nights. To make your reservation call 202-483-3000 and reference either the code SHC or just ask to be put on the ShmooCon block.

ShmooCon Twitter Feed

Sun, 11 Jan 2009 09:10:03 -0800

Yes. It's really us. :)

We'll be using this feed during the con as another way to share information about any schedule changes, contest updates, etc. The same information will be posted on this website and available at the registration desk so don't feel like you'll be missing out on something if you don't want to subscribe.

Hotel Block Sold Out

Fri, 09 Jan 2009 14:45:18 -0800

Well...

We were just getting ready to make an announcement that the room block would be closing on the 16th and there were a limited amount of rooms left. In fact, they had just increased the number of rooms available to us to give more of you the ability to get in on the rate.

A bunch of you must have been busy today because we just got an email telling us that the block is completely sold out. While this is good news for us, we realize some of you might still be in need of a place to stay. We'll do some research into nearby hotels and post something here soon.

Sponsor Shout Out

Wed, 07 Jan 2009 19:16:47 -0800

A quick mention of our current list of sponsors:

PGP
Tenable
Aspect Security
Tenacity Solutions, Inc.
ERNW
G2,Inc.
AccessIT
Quest Consultants
InGuardians
PaulDotCom
Core Security
Ponte Technologies

Beyond giving us money (helps to pay for the extra fun con stuff like Saturday night), our sponsors are bringing some cool stuff to their tables this year. Be sure to stop by and check out all the contests and nifty con swag .

Schedule

Mon, 05 Jan 2009 11:50:45 -0800

No it's not up yet, but should be by the end of the week. For your travel purposes though here are the rough start and stop times.

Reg will open on Friday around noon with the opening talks scheduled for 2 or 3. Conference will run until Sunday afternoon - we try and have everyone out the door and things cleaned up by 4pm at the latest.

See you soon!

ShmooCon Ads

Sat, 03 Jan 2009 07:01:38 -0800

First ShmooCon ad of the year that we've seen. We love this stuff. :)

Ticket Sales - Done!

Thu, 01 Jan 2009 20:52:10 -0800

And forgive us we if admit to being glad that it's over for this year... ;)

Lots of news still to come. Watch this space for announcements on speakers, our keynote address, and other events.

In the meantime, if you're planning on coming to DC anyway, you might think about heading out a day or two early and attending DC*BSDcon in it's inaugural year. It's being held at the Wardman in the days just prior to ShmooCon. If you're a BSD fan you might want to check it out.

As always, we encourage you to make your hotel reservations sooner rather than later. The room block is only open for a few more weeks. Code to use is "shoshoa."

Thanks everyone and Happy New Year!

Ticket Count

Sat, 27 Dec 2008 19:10:42 -0800

Number of tickets going up for sale tomorrow, Dec 28, at noon eastern:

50 Early Bird ($100)
100 Open Reg ($175)
15 I Love ShmooCon ($300)

The news you've been waiting for...

Fri, 26 Dec 2008 18:48:59 -0800

Ticket Sales Round 2.1 will open this Sunday, Dec 28 at noon EST. The cart has been revamped, the server updated, and we're confident (enough) to go ahead and try again.

A limited amount of tickets will be available. Exact numbers are still TBD - we'll post that information tomorrow.

Should you miss out on this round there's still Round 3 on Jan 1. At noon people. Eastern Standard.

Happy Holidays!

Fri, 26 Dec 2008 17:30:10 -0800

Happy Holidays to all our readers. CapSec will resume in January! stay tuned!

InfraGard Maryland Members Alliance Meeting - January 2009

Tue, 16 Dec 2008 10:29:44 -0800

Start: 01/28/2009 - 9:00am

End: 01/28/2009 - 1:00pm

Timezone: Etc/GMT-7

RESCHEDULED (due to weather) for February 19, 2009
IMMA January 2009 Meeting - Interoperable Communications to Support Manmade and Natural Disasters

Light at the end of the tunnel...

Mon, 08 Dec 2008 16:32:46 -0800

and no...we don't think it's an oncoming train (as someone joked with us today).

We're busy contacting everyone who wrote in and should have everything resolved soon.

It definitely looks as though there are tickets left to sell in this round. We don't know the absolute final count yet, but we're getting there. We'll post again once we do know and will let you at that time what day we'll open up sales for those leftover barcodes. We'll give at least 24 hours notice, probably more. Thanks again to everyone for your patience.

In other conference news, here's a few other reminders for all of you:

Please make your hotel reservations soon! Book your room using our code: shoshoa.

Don't forget about the barcode contest - we're super excited to see what people dream up. For that matter, you should check out all of the events scheduled to take place.

That's it for now. Next update will probably be to announce a sales date.

Getting there...

Fri, 05 Dec 2008 18:52:26 -0800

We have now made an attempt to contact all barcode recipients. We know that many of you are still patiently waiting to hear from us. Your turn is coming - we promise.

We know it is seeming to take a long time and for that we are sorry. Some of our processes had to be revamped to accommodate the solutions we are putting in place. That took a few days to finish. Remember too, that ShmooCon is a volunteer-run organization and many of those involved in the clean up have other responsibilities during the day - ones that actually pay them. :)

Progress is being made though, we promise.

The icanhaztickets@shmoocon.org email address will be shut down at 9PM EST tomorrow, 12/6.

If you have not already emailed in and are one of those who entered in CC information and hit submit on 12/1, you have 24 hours to contact us.

If you have already sent us this info, please DO NOT email us again.

Slow Progress

Thu, 04 Dec 2008 16:16:45 -0800

Just a quick update for the evening. We are *this* close to having contacted all barcode recipients. We'll finish up that process tonight. More detailed information will be posted tomorrow.

Ticket status update

Wed, 03 Dec 2008 10:11:28 -0800

A fair bit of time was spent yesterday reading through your emails and comparing that information to what we saw in our records. Three groups were formed: Those who actually received a barcode, those who hit submit but then saw nothing, and those who were just "somewhere in the cart" when all this took place.

We're going to deal with those who actually received a barcode first. By far this is the easiest group to both track and confirm. Once that process is finished we will evaluate how to move forward with the second and third groups.

I'm going to again ask for patience. Please don't email asking for updates. We will be posting information here as we go along. Any specific questions can be addressed as we begin to make contact with you.

CFP Closed

Tue, 02 Dec 2008 05:32:51 -0800

The CFP for ShmooCon 2009 is officially closed. We hope to start notifying speakers within the next two weeks.

You guys rock..

Mon, 01 Dec 2008 14:12:17 -0800

Seriously. Judging by the number of emails we've received, I think we've heard from just about everyone who got past the submit process. We're extremely thankful that you all are such a nice crowd. The majority of your messages have been ones of understanding and outright kindness. Silly Hackers... Don't worry. Your secret is safe with us.

We'll be ready to start contacting folks tomorrow. If you don't hear from us the first day, please be patient. Look for updates here before emailing us again. We're working this pretty hard, and again, our goal is to be as fair as possible based on the records we have.

Thanks again. Feel free to throw a shmooball (or two or three) at us once con time gets here.

Ticket Sales - Shut Down

Mon, 01 Dec 2008 09:59:12 -0800

Wow.

So a number of things went wrong but perhaps the largest (and the reason for shutting down the system) - is that ticket sales were made live without un-stubbing the process that would actually charge your card. Bottom line - no purchases were actually made. Your credit information went nowhere. And you were not charged.

Problem the second. The box was completely overloaded. Way way more than expected - and this after we already made some changes in the code in an attempt to reduce this from happening.

So let's talk some solutions. We have records of everyone who made it to the point at which they actually submitted their credit card information. We will make an attempt to contact everyone we have records for and provide you a means of actually purchasing a ticket (and or tickets depending on what the logs tell us). However, to help us out, if you could please contact us at icanhaztickets@shmoocon.org to help us track tickets, that would be great. Include the name and email address you were using at the time of attempted purchase. Once we get through this process we will evaluate how many tickets are actually left for this round and reopen ticket sales to the masses. We will give 24 hours notice on this.

Again - this is going to take us a few days to get through. Responses to any of the ShmooCon email addresses will likely be delayed but we will get back to you as soon as we can.

As to the load on the box? We're going to tweak that even more too.

We are, as you can imagine, horribly embarrassed and extremely sorry for this turn of events. We will do our best to handle it fairly for all involved. Thank goodness for logs.

- Heidi

Round 2 - Ticket Sales

Sun, 30 Nov 2008 10:12:33 -0800

Lots happening in ShmooCon land...

Round 2 of ticket sales begins tomorrow, December 1 at noon EST. You might want to start getting ready now...

CFP closes tomorrow as well. Talks received after 11:59pm EST will not be considered for ShmooCon 2009. That means you've got just over 24 hours to wow us with your submission.

On that note, our first round of speakers has been accepted and notified. We're still waiting to hear back from a few of you but here's the line up so far:

Scott Moulton - Ten Cool Things You Didn't Know About Your Hard Drive!
Chema Alonso, et al - Re-Playing with (Blind) SQL Injection
Travis Goodspeed and Joshua Gourneau - Building Wireless Sensor Hardware and Software

More detailed information will be posted to the website later this week.

Good luck tomorrow!

New document available in the Members download section

Wed, 17 Sep 2008 06:02:04 -0700

We have added the following GAO report to the member downloads section:

IT Federal Laws, Regs, and Mandatory Standards for Securing Private Sector IT Systems and Data in Critical Infrastructure Sectors

This is a PDF file and you must login in order to download it.

InfraGard Day at TechnoForensics

Mon, 15 Sep 2008 12:49:18 -0700

Start: 10/28/2008 - 8:00am

End: 10/28/2008 - 6:59pm

Timezone: Etc/GMT-7

InfraGard Maryland Members Alliance Day at TechnoForensics

Please join us on Tuesday, October 28, 2008 at the TechnoForensics conference in Gaithersburg, MD for an all day InfraGard Day. Sessions will include unique speakers as well as timely discussion of topics related to critical infrastructure protection. Check back for more information and to register for this event.

TechnoForensics Conference

Thu, 11 Sep 2008 13:16:19 -0700

Start: 10/27/2008 - 8:00am

End: 10/29/2008 - 6:00pm

Timezone: Etc/GMT-7

The 2008 TechnoForensics Conference will be held at the NIST facilities in Gatihersburg, MD. from October 27 - 29 2008. InfraGard members are invited to attend the conference at no charge. More information will be sent to Maryland InfraGard members later this month. For more information about the conference please go to http://www.techsec.com/html/TechnoForensics2008.html

Maryland InfraGard Member Association Meeting

Thu, 04 Sep 2008 12:25:46 -0700

Start: 09/10/2008 - 8:00am

End: 09/10/2008 - 12:00pm

Timezone: Etc/GMT-7

Date: Wednesday, September 10, 2008

Location: Capitol College, Laurel Maryland

Time: 8:00 AM - 12:00 PM

NoVA Sec Meeting 1930 Thu 28 Aug 08

Richard Bejtlich — Thu, 21 Aug 2008 13:50:00 -0700

The next NoVA Sec meeting will take place 1930 Thursday 28 August 2008 at Command Information Labs:

13655 Dulles Technology Dr.
Suite 100
Herndon, VA 20171

The Labs are located at the north-west side of the building.

Here is a link to a map of the address.

One of more members of the Intrepidus Group (definitely Aaron Higbee, possibly Olympic hax0r Stryde Hax) will discuss multiple cool security issues.

NoVA Sec Meeting 1930 Thu 24 Jul 08

Richard Bejtlich — Sun, 13 Jul 2008 09:38:00 -0700

Thanks to NoVA Sec member initiative, the next NoVA Sec meeting will take place 1930 Thursday 24 July 2008 at Command Information Labs:

13655 Dulles Technology Dr.
Suite 100
Herndon, VA 20171

The Labs are located at the north-west side of the building.

Here is a link to a map of the address.

Ryan Trost will discuss Geospatial Intrusion Detection. Thanks to Ryan for volunteering to speak and Joe for hosting! I will unfortunately miss this meeting as I will be on a plane at this time.

Notes from 24 Apr 08 Meeting on TaoSecurity Blog

Richard Bejtlich — Sat, 07 Jun 2008 18:24:00 -0700

Everyone, I posted my NoVA Sec Meeting Memorial Analysis Notes on TaoSecurity Blog, if anyone is interested.

NoVA Sec Meeting 1930 Thu 12 Jun 08

Richard Bejtlich — Thu, 05 Jun 2008 14:14:00 -0700

The next NoVA Sec meeting will take place 1930 (7:30 pm) Thursday 12 June 2008 at this SAIC office:

6350 Walker Ln
Alexandria, VA 22310

Chris Gates from LearnSecurityOnline.com will present "New School Information Gathering."

NoVA Sec Meeting 1930 Thu 22 May

Richard Bejtlich — Mon, 19 May 2008 14:00:00 -0700

The next NoVA Sec meeting will take place 1930 (7:30 pm) Thursday 22 May 2008 at Fishnet Security:

13454 Sunrise Valley Dr. Suite 230
Herndon, VA 20171
703.793.1440

Joe Klein from Command Information will discuss IPv6 security.

Thank you to Fishnet and Joe for their help.

NoVA Sec Meeting 1930 Thursday 24 April 2008

Richard Bejtlich — Wed, 23 Apr 2008 08:43:00 -0700

The next NoVA Sec meeting will take place 1930 (7:30 pm) Thursday 24 April 2008 at Fishnet Security:

13454 Sunrise Valley Dr. Suite 230
Herndon, VA 20171
703.793.1440

Aaron Walters from Volatile Systems will discuss memory forensics.

Thank you to Fishnet and Aaron for their last-minute cooperation! I'm cross-posting this notice to get as many people notified as possible in the day before the meeting.

NoVA Sec Meeting 1730 Thu 27 Mar 08

Richard Bejtlich — Fri, 14 Mar 2008 00:23:00 -0700

Thanks to Wes Shield's initiative, the next NoVA Sec meeting will take place 1730 Thursday 27 March 2008 at infoLock Technologies:

infoLock Technologies
1901 North Fort Myer Drive
Suite 1016
Arlington, VA 22209

Thank you to Sean Steele and infoLock for hosting. Free parking is available after 5 pm at the lot shown in the map above. infoLock is 3/4 block from the Rosslyn Metro stop (Orange/Blue lines).

Our speaker will be Wes Shields, talking about ZFS:

ZFS, developed by Sun Microsystems, is a big shift in filesystem concepts and design. Without going into the underlying code we will discuss ZFS concepts, features, and abilities. If you plan on deploying a file server then this talk is for you, since ZFS very well may change your plans.

NoVA Sec Meeting 1930 Thu 28 Feb 08

Richard Bejtlich — Mon, 25 Feb 2008 14:07:00 -0800

The next NoVA Sec meeting will take place 1930 Thursday 28 February 2008 at Command Information: Labs

13655 Dulles Technology Dr.
Suite 100
Herndon, VA 20171

The Labs are located at the North West side of the building.

Here is a link to the address.

Trevor Hawthorn and Nate Miller from Stratum Security will talk about the trials and tribulations of starting a security consultancy. I may not be able to make this presentation (I want to!), so if I am not there Joe Klein (our host) will start the discussion. Thank you.

Great NoVA Sec Meeting

Richard Bejtlich — Sat, 02 Feb 2008 13:14:00 -0800

Thanks to Devin Paden for a great NoVA Sec talk on OLPC. Thanks to Joe Klein for taking the photo of relative sizes of computing gear in the room. Thanks also to Dowless and Associates for hosting us in their conference room. I'll post details on our next meeting shortly.

NoVA Sec Meeting 1930 Thu 31 Jan 08

Richard Bejtlich — Mon, 28 Jan 2008 11:42:00 -0800

I was determined to start 2008 right by having a NoVA Sec meeting in January. Thursday night is our last chance, but thanks to last-minute coordination with Dowless and Associates we have a meeting location.

The next NoVA Sec meeting will take place 1930 Thursday 31 January 2008 at Dowless and Associates:

13873 Park Center Rd.
Suite 450
Herndon, VA 20171

Devin will speak and demo his One Laptop Per Child (OLPC) box.

Our host is requesting a list of names of attendees, so please RSVP via email (taosecurity at gmail dot com) by end of day Wednesday 30 January 2008. Thank you.

Remember, there are no dues and no requirements for membership. We do leave certifications, FISMA, the certification and accreditation (C&A) process, and related items in the parking lot.

2008 Meeting Schedule

Richard Bejtlich — Fri, 04 Jan 2008 07:00:00 -0800

I'd like to regularly schedule NoVA Sec meetings in 2008 as the fourth Thursday of every month. That puts the meetings after the OWASP Washington VA meetings on the second Thursday and the ISSA-NoVA meetings on the third Thursday.

With that in mind, here is the proposed schedule for 2008.

24 Jan

28 Feb

27 Mar

24 Apr

22 May

No Jun meeting: FIRST conference

24 Jul

28 Aug

25 Sep

23 Oct

No Nov meeting: Thanksgiving

No Dec meeting: Christmas

I am working on securing speakers for the other meetings now. If you have a speaker in mind (including yourself) please let me know via email to taosecurity at gmail dot com. I am also looking for generous corporate souls to host the meetings. Thank you.

Update: There are monthly Thursday conflicts with CapSec. Please see our mailing list for ongoing discussion.

NoVA Sec XSS Slides Posted

Richard Bejtlich — Sat, 28 Jul 2007 15:25:00 -0700

Thanks again to Andre Ludwig for his XSS Gone Wilde (.pdf) presentation.

Happy Birthday NoVA Sec

Richard Bejtlich — Sat, 21 Jul 2007 03:38:00 -0700

We're one year old today, because I created NoVA Sec on 21 July 2006. Our speaker for the 26 July meeting will be Andre Ludwig on "XSS Gone Wild." Next month Michael Smith will discuss life as a NOC ant at his MSSP. No date or location for that meeting has been set yet.

NoVA Sec Meeting 1900 Thursday 26 July 07

Richard Bejtlich — Wed, 18 Jul 2007 14:21:00 -0700

The next NoVA Sec meeting will take place 1900 (7 pm) Thursday 26 July 2007 at Fishnet Security:

13454 Sunrise Valley Dr. Suite 230
Herndon, VA 20171
703.793.1440

If we don't get a volunteer speaker before then I will present either Open Source Network Forensics or Traditional IDS Should Be Dead. I really just want to get us meeting again so NoVA Sec can rise from our summer slumber. Thanks to Fishnet for hosting!

April Meeting Doubtful

Richard Bejtlich — Mon, 09 Apr 2007 05:18:00 -0700

I don't think we will have an April meeting. I am not available Thursday 26 April (or anytime that week). The previous Thursday is ISSA NoVA night. This Thursday is short notice and I'm busy too.

If someone would like to organize a meeting and find a date, speaker and location, please do. Otherwise we can try again in May

NoVA Sec Meeting Friday 1230 23 March 2007

Richard Bejtlich — Mon, 19 Mar 2007 02:29:00 -0700

The next NoVA Sec meeting will take place 1230 Friday 23 March 2007 at the Marriott Wardman Park Hotel in Washington, DC, the site for ShmooCon 2007. Registration opens at 1300 Friday, with the conference starting at 1530. Our guest speaker will be Chris Lee, who has numerous cool projects and is a key member of the Honeynet Project.

We will probably not be meeting in a specific room and we very probably will not have a projector. I'd like this to be a meet-for-lunch meeting, possibly using the tables next to the deli for our meeting location. I suggest bringing a laptop in the event Chris has any slides he wants us to ponder on our laptops. Thank you to Chris for driving up from Georgia for ShmooCon and speaking to us.

Honeynet Alliance Membership

Richard Bejtlich — Mon, 12 Feb 2007 04:43:00 -0800

At our last meeting I raised the possibility of NoVA Sec operating a honeynet using the Getronics Red Siren IP and hardware range. After speaking with members of the Honeynet Project, they suggested we volunteer NoVA Sec as a member of the Honeynet Research Alliance. Please read the Honeynet Research Alliance Charter for information on the requirements. I'd like to put this to a vote at our next meeting, or at least solicit your inputs here and on our mailing list. Please let me know if you'd like NoVA Sec to become a Honeynet Research Alliance member. Basically, they trade trust and support in exchange for our help. I think it's a good idea. Thank you.

NoVA Sec Meeting 1900 Thursday 22 Feb 07

Richard Bejtlich — Mon, 12 Feb 2007 04:01:00 -0800

The next NoVA Sec meeting will take place 1900 (7 pm) Thursday 22 February 2007 at Fishnet Security:

13454 Sunrise Valley Dr. Suite 230
Herndon, VA 20171
703.793.1440

Scott Musman from Augmented Systems will be our guest speaker. He will discuss using autonomic systems for improved intrusion detection.

In the event that I (Richard) cannot make the meeting due to consulting out of town, Keith McCammon has agreed to be Scott's host Thursday evening. Thanks Keith!

Thoughts on March Meeting at ShmooCon

Richard Bejtlich — Sun, 04 Feb 2007 11:44:00 -0800

ShmooCon starts Friday 23 March at 3 pm at the Wardman Park Marriott Hotel near the Woodley Park/Zoo Metro stop. That first day of talks ends at 7 pm. I have recruited a special guest speaker, Chris Lee, from the Honeynet Project, as a guest speaker "near" ShmooCon.

I suggest we hold our March NoVA Sec meeting at ShmooCon at 1:30 pm Friday 23 March. We can find a suitable open space, grab it, and chat. Chris can chat without slides.

What do you think?

NoVA Sec Meeting 1900 Mon 29 Jan 07 at Getronics

Richard Bejtlich — Mon, 22 Jan 2007 11:53:00 -0800

The next NoVA Sec meeting will take place 1900 (7 pm) Monday 29 January 2007 at Getronics Red Siren. Wesley Shields will discuss FreeBSD jails.

NoVA Sec Meeting 1900 Wed 13 Dec 06 at Cisco

Richard Bejtlich — Tue, 12 Dec 2006 09:04:00 -0800

The Wednesday NoVA Sec meeting will be held at Cisco in Herndon, VA:

13600 Dulles Technology Drive
Herndon, VA

Yahoo Map

The meeting will be in the Sapporo 1972 room. You will have to sign in. No RSVP is needed. Thank you.

Next NoVA Sec Meeting In Jeopardy

Richard Bejtlich — Sat, 02 Dec 2006 11:57:00 -0800

Nigel Houghton will no longer be able to speak at our next meeting, due to the "quiet period" caused by Sourcefire's IPO. Is anyone available to speak that night? If not, I can brief a section of my TCP/IP Weapons School class. That should motivate someone to volunteer to speak!

Next NoVA Sec Meeting 1900 Wed 13 Dec 06

Richard Bejtlich — Sun, 26 Nov 2006 12:01:00 -0800

Our next meeting is 1900 Wednesday 13 December 2006. Our guest speaker will be Nigel Houghton from Sourcefire VRT. I expect he will say something cool about Snort.

I am working on securing a location now. When I have one arranged I will post it here. This will be our last meeting for 2006. I'd like to schedule some guest speakers for 2007. If you have any suggestions, please post them here or to our mailing list. Thank you.

NoVA Sec Mailing List Created

Richard Bejtlich — Tue, 07 Nov 2006 07:58:00 -0800

Thanks to Wesley Shields for establishing the NoVA Sec Mailing List. This will help us have extended discussions that can't be handled well by NoVA Sec blog comments. Only registered mailing list members can post (to frustrate spammers), so sign up today.

NoVA Sec Meeting Follow-up

Richard Bejtlich — Fri, 03 Nov 2006 01:46:00 -0800

We had a great meeting last night. Thanks especially to Steven Murdoch for a creative and highly technical briefing. The slides we saw are online (.pdf), and the paper is here (.pdf).

Steven mentioned the Sybil attack, and I found the original paper here. Wikipedia's entry on information theory might be useful, assuming some joker hasn't corrupted it. Low-bandwidth covert channels are great ways to transmit AES keys. Steven's talk reminded me that calculus-like or -based methods, or basically thinking about measuring changes over time, is a powerful analytical method. Finally, Steven mentioned he wrote some of his tests in Lua, which has a FreeBSD port and a new Wrox book arriving next spring.

We've got several initiatives in mind. I'm going to need some help with these if we want them to go anywhere. If no one cares, that's cool too.

Can anyone recommend future speakers? If you have an idea, please email me: taosecurity [at] gmail [dot] com. We're looking for anyone who would like to speak on a technical topic.

Paul mentioned interest in setting up a distributed attack-and-defend network (AADN). You would provide one or more systems from which you would attack other people on this network, and which could be attacked by others. I believe establishing some sort of VPN among all participating nodes would be the best way to hide this activity from ISPs, and also guarantee that whomever is part of the VPN has really agreed to participate in this activity. If anyone is interested in this idea, please post a comment.

Beyond an individually owned-and-operated AADN, there is some interest in collecting old gear for NoVA Sec learning and experimentation. For example, it would be nice to assemble a collection of Cisco equipment for those who want to gain some hands-on experience without potentially corrupting their production gear at work. I have a friend at Cisco who might be able to contribute old gear. We would also need a central location to house it and an equipment custodian.

On the communications side, our ability to communicate effectively is going to outgrow blog comments. A few ideas follow:

Would anyone want to set up and maintain an IRC channel?

Would anyone want to set up and maintain a mailing list?

Is there a need for a Web site other than this blog?

Thank you.

Local NoVA Infosec Happenings

owaspdc: RT @DinisCruz #OWASP NoVA chapter meeting was great. This is what I love about OWASP, no matter where you are, you can find great people

owaspdc: RT @planetlevel ESAPI version 2.0 preview released - lots of cool new features! http://bit.ly/hyr7Y

charmsec: Congrats to local hackerspace @baltimorenode on their successful workshop last night at MICA: http://bit.ly/KmexP Tweetable ambient orbs!

OWASPNoVA: via @m1splacedsoul: @DinisCruz adds IronPython support to O2. @m1splacedsoul returns favor by implementing Java Annotations query for O2 ...

InfraGard Nations Capital Members Alliance (INCMA) - Members Only Quantico Event

charmsec: CharmSec 15 will be Wednesday July, 29. You still have time to cancel that beach trip or BlackHat booking, find a sitter, & save beer money

Don't Miss HacDC + Dorkbot D.C. Today

Re: [Owasp-wash_dc_va] July 9th Chapter Meeting: dinis Cruz presents O2

Re: [Owasp-washington] [Owasp-wash_dc_va] July 9th Chapter Meeting: dinis Cruz presents O2

dojosec: The July DojoSec is canceled due to a conflict with the federal holiday observation this Friday. http://www.dojosec.com/?p=135

July DojoSec Canceled

charmsec: >@oneeyedcarmen(let's try this again) AHEM!!! Job Opening! Systems Administrator in Baltimore! Healthcare company, and work with ME!

OWASPNoVA: July 9th Chapter Meeting posted: Dinis Cruz on O2: http://tinyurl.com/mj8n95 Add to calendar: http://tinyurl.com/lrxaxs

[Owasp-washington] July 9th Chapter Meeting: dinis Cruz presents O2

[Owasp-wash_dc_va] July 9th Chapter Meeting: dinis Cruz presents O2

[Owasp-wash_dc_va] Recorded Webinar - SharePoint Extranet Litigation Portals

OWASPNoVA: via @m1splacedsoul: Another quality post from @oneraindrop http://tinyurl.com/ko7ctq

OWASPNoVA: via @m1splacedsoul: Jim Bird writes on his experience adopting SASTs: http://tinyurl.com/moj5ww

charmsec: >@aplura 10-wk FOSS proj in Balt. 3-5yrs exp. Research wiki/calendar/collab software and provide results/guidance to client. DM @aplura

Re: [CapSecDC] Re: Shmoocon bag

Re: [CapSecDC] Re: Shmoocon bag

[Owasp-washington] free webinar - clientless endpoint security & power management

[Owasp-wash_dc_va] free webinar - clientless endpoint security & power management

Re: [CapSecDC] Shmoocon bag

hacdc: @bjepson: We have our noisemaking event today, and movie night tomorrow. Come stop by!

Re: [CapSecDC] Shmoocon bag

Re: [CapSecDC] Shmoocon bag

Re: [CapSecDC] Shmoocon bag

Shmoocon bag

Re: Re: [CapSecDC] Re: June CapSec this Wednesday!

Re: June CapSec this Wednesday!

charmsec: .@linuxgeek247 happy to have ya. @philip_daigle promises to have the new blinkenlights sign too.

charmsec: CharmSec 14 is this Wednesday at Slainte, not Pickles, so please don't ask the staff to blast Nickleback. As usual, the show is all ages.

charmsec: > @dallendoug CapSec DC is this Wednesday. Now starting at 5, so you have more time or can not stay as late http://bit.ly/47GB6A

June CapSec this Wednesday!

owaspdc: RT @dallendoug CapSec DC is this Wednesday. Now starting at 5 PM. http://bit.ly/47GB6A

June CapSec this Wednesday!

hacdc: New post: HacDC phone rings again! http://tinyurl.com/mjdjju

HacDC phone rings again!

A big thanks to everyone for yesterday's OSM party

hacdc: Come join our OpenStreetMap Mapping Party going on right now! #openstreetmap #osm

Re: [CapSecDC] Re: Next CapSec

Re: [CapSecDC] Re: hacked again....

Re: [CapSecDC] hacked again....

hacked again....

charmsec: >@dojosec DojoSec invites everyone to SANSFire 2009 SANS at Night for FREE in Baltimore tonight! https://www.sans.org/sansfire09/night.php

dojosec: DojoSec invites everyone to SANSFire 2009 SANS at Night for FREE in Baltimore tonight! https://www.sans.org/sansfire09/night.php

hacdc: New post: Movie Night next Friday: Sita Sings the Blues http://tinyurl.com/mvqlw6

Movie Night next Friday: Sita Sings the Blues

dojosec: Matt Fisher of Piscis LLC will keynote the July 2, 2009 DojoSec Monthly Briefings.

Re: [CapSecDC] Re: Next CapSec

DojoSec Talk at SANSFire Baltimore

hacdc: New post: Making Tubular Bells with Keith Sinzinger (HacDC and DorkbotDC) http://tinyurl.com/mnkfoa

Making Tubular Bells with Keith Sinzinger (HacDC and DorkbotDC)

owaspdc: RT @AppSecDC09 Reminder! #CFP for AppSec DC 2009 ends TONIGHT at 11:59P EST! Goto http://bit.ly/ZVgpO for submission instructions.

charmsec: 13.5: InGuardians, WTF, ISC^2, iframe attacks, InfoSec degrees, SANS, IOScat, CTF, Bourbon, DNSSnarf, hyper-locals, career tracks, defcon

charmsec: Thanks @SANSInstitute for joining us last night, thanks Pickles for reminding us how nice Slainte is, and welcome students! Next meet: 6/24

charmsec: @charmsec is starting, signless sharing the end table out front.

charmsec: > @grantstavely Expecting a lot of 8:15ish SANSFire folks at @CharmSec after the evening talk. Will be at Pickles around 7PM tonight.

hacdc: New post: HacDC starts funding for USRP2 - Bringing RF / software radio research to DC! http://tinyurl.com/mt98gu

HacDC starts funding for USRP2 - Bringing RF / software radio research to DC!

Do you wish you had truly universal communication device? A device that is a cell phone and can connect using GPRS, 802.11 Wi-Fi, 802.16 WiMax, a satellite hookup or any emerging standard, as well as GPS, GLONASS or both?

[Owasp-wash_dc_va] Free Training Webinar- Planning for Security in Office SharePoint Server

charmsec: .@marcusjcarey, @linuxgeek247 Sunday night has advantages! Thanks everyone for the RTs.

hacdc: New post: Baltimore Hackerspace, "Node," Launches Wiki and Has First Organizational Meeting http://tinyurl.com/mgmt9w

Baltimore Hackerspace, "Node," Launches Wiki and Has First Organizational Meeting

charmsec: > @frednecksec Free Online Nessus Training (Betas, limited time offer, 1st come 1st serve, please RT) http://bit.ly/YMoYl

charmsec: CharmSec 13.5 is this Sunday at 7PM, at Pickles. We also maintain that the fireworks over Ft. McHenry are for us. http://is.gd/Z5kJ

owaspdc: RT @dallendoug - @kodefupanda and I are speaking tonight on web app sec 101 at dc php dev group. 7 PM at 702 H Street, NW, Suite 300

IMMA July 2009 Chapter Meeting: Protecting Our Nation's Core infrastructures--Communications, Water and Energy

dojosec: Thanks to all the speakers who made DojoSec Monthly Briefings dare I say a Conference Thursday night!

hacdc: New post: OpenStreetMap Mapping Party June 13th, all day http://tinyurl.com/opmusr

OpenStreetMap Mapping Party June 20th, all day

OWASPNoVA: Jim: Developers too optimistic to learn threat modeling. Give 'em tools & sec. APIs. Give up on making your developers competent at 'sploit

OWASPNoVA: Jim: there is no economic value to my organization in finding a vulnerability... the value is in fixing the vulnerability.

OWASPNoVA: Jim Routh: Build a sec. group w/ 1 person: anoint best developers 'mavens', provide continuing Ed, meet monthly, WRITE 'em GOOD PERF REVIEWS

dojosec: 295 is slow, everyone take your time to DojoSec.

Re: [Owasp-wash_dc_va] (no subject)

[Owasp-wash_dc_va] (no subject)

charmsec: > @grantstavely Expecting a lot of 8:15ish SANSFire folks at @CharmSec after the evening talk. Will be at Pickles around 7PM tonight.