Wednesday, October 8, 2008
Meeting: DefCon 16 recap
Depending on who is present, I imagine that the talk will turn into ageneral discussion covering the intersection of findings and theaudience's interests.
As before, you can find the group in the raised area, above the pooltables. If you know someone who might be interested, please forward.
Monday, September 29, 2008
Visualization tak at HEP
The conference room is on the fourth floor in room 4274, next to the department office. Enter the building on the north side (near Sterling hall) and simply head up to the fourth floor -- the conference room is the sixth door on the right. University parking is available near Chamberlin Hall, but it might be simpler to park downtown and walk. Wireless access will be provided.
(taken from http://www.madisonlinux.org/Meetings)
Tuesday, September 23, 2008
surprise presentation alert: data visualization
The time and date are not yet scheduled, but will be around Sept 28th-30th.
The topic is visualizing data. At this point, I do not know much more.
Monday, September 22, 2008
Metrics: Sept 23rd
Again, the meeting is at The Brass Ring, 4pm. When you walk in, go to the left, and up to a 2nd level, or a gallery of sorts.
Given the bizarre problems I had with notifications, I might grab people who show up there, and get a table outside. It will be quite obvious and easy to find, I think...
http://www.thebrassringmadison.com/
--
Marcin Antkiewicz
Wednesday, September 10, 2008
Meeting - Brass Ring, Tuesday, Sept 23rd, 4pm
after a short break, I would like to invite you to Brass Ring, in about two weeks for a new and improved MadSec meeting. The major part of the improvement plan are presentations, and I will deliver the first one, which (if all goes well) will cover selection and use of metrics in IT in general, and security in particular.
Time is a bit of an experiment, based on the feedback I got. I will count votes against it, so drop me a line if late night is a much better fit.
Brass Ring should offer reasonably secluded and quiet venue, but that theory needs some testing. I will likely be testing it on the 16th, along with assorted local IT types. Feel free to drop by if you feel like it (just confirm first please).
http://www.thebrassringmadison.com/
Thursday, July 24, 2008
Tuesday, July 22, 2008
Next meeting soon
While Angelic was ideal, they are closed-for-good this time.
BTW: go to UW's Lockdown 2008. The selection of topics and speakers is well worth $100. I would be there but UWEBC's IT Security Peer Group meeting holds it's monthly meeting at the same time (topic: Identity Management: Assurance, Provisioning, Directories). Choices.. Choices.. Choices..
Thursday, May 29, 2008
Status update
I will try again, when my calendar calms down, I will try to find a new time slot for the meeting.
Tuesday, April 15, 2008
MadSec 04849, Apr 14, 2007, 7pm
I would like to announce that the next Beer&Security gathering is scheduled for
Thursday, Apr 14 (or whatever the thursday happens to be), at Angelic (322 W
Johnson St).
Tuesday, April 1, 2008
AV/Malware reading list
While file names are good, but checksums are better. No checksum utility is included with windows, but there are many available (binaries).
Vendors
* McAfee
http://www.avertlabs.com
* The Big Yellow
http://www.symantec.com
* F-Secure
http://www.f-secure.com/weblog/
* Sophos
http://www.sophos.com/security
* TrendLabs
http://blog.trendmicro.com/
Relevant Sites
* WormBlog
http://www.wormblog.com/
* MS Anti-Malware team blog
http://blogs.technet.com
* VirusList
http://www.viruslist.com/en
* Virus Bulletin
http://www.virusbtn.com/news
* Dancho Danchev
http://ddanchev.blogspot.com
* Cool post about the state of AV
http://ddanchev.blogspot.com
* Avira, the not-so-anti-but-much-virus
http://www.virusbtn.com/news
From the "What't that malware?" dpt:
* Virus total
http://www.virustotal.com/
* Norman SandBox
http://www.norman.com/microsite
* Bit9
http://fileadvisor.bit9.com
* File Checksum Integrity Verifier (md5/SHA1)
http://support.microsoft.com
Monday, March 31, 2008
MadSec 04849, Apr 03, 2007, 7pm
Thursday, Apr 03 (or whatever the thursday happens to be), at Angelic (322 W Johnson
St).
Thursday, March 20, 2008
Monday, February 18, 2008
MadSec 62240 - 7pm, Thursday, Feb 7
Place, time without change, please RSVP (marcina gmail.com) so I know how many might show up.
As a bonus, here is a visual explanation of a new code quality metric: WTFs/min.
http://www.osnews.com/images/comics/wtfm.jpg
Monday, February 11, 2008
Re: MadSec 24513 - 7pm, Thursday, Feb 7
Conversation topics that I still remember:
- my order of Idaho Nachos
- Coverity was added to Fortify and Ounce Labs as a maker of known good static analysis software
- enjoyable rantfest about OpenSSL and Kerberos not living up to their potential (complexity, tansitive trust issues, reference implementation serving as production UIs, misuse of one in places where the other would serve better)
- Splunk is super cool. Someone is using it to find, in days worth of logs from very busy servers, specific information (users who changed certain field to a value larger than X), all that in a minute or two.
- we were musing on the speed or rainbow table generation on the UW Condor grid. Eyes went round.
- perl.org "compromise" and other JavaScript malice.
- more? I think we spoke about SAS 70 and audits in general, but that was later in the evening, and my memory is failing.
See you next thursday!
Tuesday, February 5, 2008
The Grinch that Stole Security
‘Twas the night before audit and all through the NOC
not a packet was moving, oh what a crock!
The firewall was tuned with precision and care,
in hope that no kiddies or hackers were there.
The router was patched and all up to date
from many an evening with the admin up late.
The power’s still on, no breakers were tripped.
The boss is still screaming, “let’s get this one nipped!”
Back in the office I heard such a clatter
I dashed right in to see what was the matter.
“It’s gone, it’s gone”, the CISO did bellow.
All up in arms was this laid back fellow.
“What is all gone”, I asked in a flash.
“Come look, come see”, he yelled as he dashed.
I ran as I followed this sad little man.
“Look! See, it’s all gone, from the network, the LAN.”
There is no security guarding our stuff!
We’ve got to fix this, but it’ll be tough.
I searched and I searched. I looked high and low.
I couldn’t find security, where did it go?
Then I had a great thought on this troublesome night.
I knew who had done this, and he wanted a fight.
The Grinch had been here and now security was gone.
It’s probably back at his big lofty throne.
I made a great trek from my office to his.
I stood and considered, but didn’t go whiz.
There he would sit behind the C on the door.
Beneath him, our security, crushed on the floor.
Slowly I opened the great wooden gate.
The smell of sulphur had grown stronger of late.
The flames they did lick his cloven black heels.
His flesh, it boiled off in great sooty peels.
“Why did you do it?”, I asked with no tact.
“Our security is gone, now our servers are hacked!”
Policies, procedures, and plans on the floor.
“We don’t need them”, he said in a gruff roar.
“What do we have that a hacker would take?
“There is nothing good here, but a great big damned lake.”
“Just ‘cause we’re small doesn’t mean that we’re bad.
Security’s a necessity, not some new fangled fad!
Here we have bandwidth, and data and lives.
That’s something to protect like a bee does its hive.
Security is good, it keeps business flowing.
For what you have done, you really aren’t knowing.
The network has stopped ‘cause the hackers were in.
Our data is gone, and your actions, a sin.”
Suddenly, a tumble, a thud, and a flop.
I awoke from the floor onto which I did drop.
“It’s all a dream”, I said with delight.
But, such a dream, that gave me a fright.
The Grinch may be real, but his actions were fake.
Nothing was wrong at the city by the lake.
The auditors came down my hallway with glee.
The had come to behold the glory of me!
Never had they seen a ship quite this tight.
For according to them, everything was right!
They shook hands and left, out the front door they flew.
“Happy audit!”, they said, and “good job to you!”
I wish it was mine, the source is: CSO Blogs.
Thursday, January 31, 2008
Thursday, January 24, 2008
MadSEC 45699 - 7pm, Thursday, 24 Jan 2008
1) The collective has decided that the current meeting numbering scheme is deficient.
In order to satisfy all requirements (new, interesting, secure), from now on I will number the meetings after 2 bytes present in a certain memory location on one of my machines:
dd if=/dev/random bs=1 count=2 2>/dev/null | od -N2 -tu2 | awk '{ print $2 }'
At least it's confusing.
2) I missed about half of the conversations. _My take_ on the ones I remember:
- complex issue with tracking unauthorized system use (public) by a rogue employee.
- cross site scripting and request forgery (hey, use site specific browser like WebRunner), input validation, preventing session theft.
- 2 factor (RSA style) are still cool, especially once systems get compromised, and the need for strong auth is freshly apparent.
- there is no good, reliable, fast, awesome clustered file system. gfs just does not cut it. Something about dedicated NFS appliances (I mean APPLIANCES) that I've missed.
- Splunk, esp. version 3 is awesome, and saves our hides.
- something about shooting to proteins
- Patricia tries are awesome for working with network traffic (there was a lot of context to this discussion that will remain offline).
- neat things can be done with iRules on F5s. What's the logic behind embedding TCL in network devices (IOS, F5)? I have "Building Network Management Tools with Tcl/Tk" on my shelf, I know the history, but let's move on.
- Security Data Visualization and managing humans have new temporary homes.
That was fun. We should do those more often. /me kicking self
01/25/2008 - an addendum from Will:
First, there's the Spolsky article on SLAs and uptime[1]. Then there's test-driven development proponent and Python hacker Grig Gheorghiu thoughts[2] on the matter, with a nice plug for Twill[3]. If you haven't used it, Twill is a super cool scripting language for interacting with web pages.
Lastly, I mentioned Bluearc[4] as a possible vendor for high performance NFS stuff. I don't have direct experience with Bluearc, but BNL, FNAL and Purdue swear by them.
[1] http://www.joelonsoftware.com/items/2008/01/22.html
[2] http://agiletesting.blogspot.com/2008/01/joel-on-checklists.html
[3] http://twill.idyll.org/
[4] http://bluearc.com/