For those who are interested, here are the slides from the DAVIX workshop that Jan Monsch and Raffael Marty taught at DefCon 2008 in Vegas. The content is as follows:
How do you build a successful security conference simply by word-of-mouth?
Ask Stacy Thayer, founder and executive director of SOURCE Conference, which hosted its inaugural SOURCE Boston event in March of this year. The conference, which is the only security conference that has a healthy mix of application security tracks and business strategies topics. The best part of these topics? They were hand selected-by the conference’s seasoned advisory board and none of the talks — I mean none of them — pushed marketing hype or vendor solutions. They focused on the issues. They kept it technical and real. This attracted an incredibly breadth of technical and business decision-makers.
Warm-and-fuzzy hype aside, the feedback from the event was stellar.
“My experience at the SOURCEBoston conference was excellent. The quality of the speakers and presentations at the event far surpassed my expectations for the first time conference. If it can continue to deliver in that respect (and I’m certain it will), SOURCE Boston will soon be a landmark annual event in the security community.”
– Matthew Toia, Raytheon Company
“I was very impressed with SOURCE Boston 2008. Only in its first year, SOURCE came through with a wide range of very topical sessions on subjects like Web application security, data leak, compliance and security M&A. The show also lined up a slew of IT security luminaries like Dan Geer, along with notable entrepeneurs like Eugene Kuznetsov (DataPower), Jeremiah Grossman (White Hat Security) and others.”
– Paul Roberts, the451 Group
“In seven years of attending and participating in computer security conferences, I’ve rarely experienced a more intimate and focused event. SOURCE Boston 2008 was a riveting, well-organized conference with high-quality speakers and presentations but it was the warm, interactive atmosphere that stood out the most.”
– Ryan Naraine, journalist and security evangelist
Why am I blathering about all of this?
SOURCE Boston 2009 registration has started and the conference leaders have decided once again that word-of-mouth and industry relationships are going to be the key to the conferences success. Of course, those who know me won’t be surprised to hear that there will be a whole smattering of social media stuff and blogger relations and some traditional media outreach and the like. But what makes SOURCE Conference so strong is its deep roots in the security community — why change something that works?
So why would you register?
Aside from the reasons listed above, the growing 2009 speaker list has some of the brightest names in the security industry who will speak on topics relative to both tech heads and C-level leaders. The roster thus far:
Could I possibly get a little help with getting the afterglow / neato tools usefully working. have 291 lines of data and for the life of me the graphs I'm generating are quite poor.
I am not a Perl programmer but have managed to get cygwin working and afterglow & neato working.
using this sample set of the 291 I can get the two diagrams I have attached, but I would dearly like some advise how to generate a more representative image.
If this forum is inappropriate for a little mentoring then please advise / delete as appropriate.
With kind regards,
Stephen
10.140.122.23,10.142.162.88,80
10.142.40.198,10.142.44.233,80
10.129.20.81,10.142.162.88,80
10.142.45.99,10.142.162.88,80
10.142.41.106,10.142.162.88,80
10.142.41.106,10.142.162.88,80
10.142.45.191,10.142.162.88,80
10.239.41.33,10.143.23.79,80
10.142.36.98,10.142.162.88,80
10.142.36.98,10.142.162.88,80
10.142.45.99,10.142.162.88,80
10.142.45.70,10.142.162.88,80
10.142.45.70,10.142.162.88,80
10.143.24.45,10.142.44.233,80
10.142.41.194,10.142.162.88,80
John McCain’s pick for VP, Sarah Palin, knows a thing or two about retrieving evidence from a computer. The mainstream reporting calls her a “hacker” because she is able to retrieve files from the Windows recycle bin.
The Anchorage Daily News reports back in September 2004:
Sarah Palin never thought of herself as an investigator. Yet there she was, hacking uncomfortably into Randy Ruedrich’s computer, looking for evidence that the state Republican Party boss had broken the state ethics law while a member of the Alaska Oil & Gas Conservation Commission.
The next week, when Palin went back to work at the AOGCC, she noticed that Ruedrich had removed his pictures from the walls and the personal effects from his desk. But as she and an AOGCC technician worked their way around his computer password at the behest of an assistant attorney general in Fairbanks, they found his cleanup had not extended to his electronic files.
The technician “said it looked like he tried to delete this, but she knew a way to go around and get some of the deleted stuff,” Palin said in an interview. “I didn’t know what I was looking for, but I was there.”
And this is how Salon reports the same incident:
“In a neat symbolic fit, the agent responsible for Alaska’s current moment of reform and modernization is a woman, a breed once nearly as rare in far Northwest politics as a Democrat. Sarah Palin, a libertarian and hockey mom from the fast-growing suburbs of Anchorage, began her political career — as an appointed member of the state’s Oil and Gas Commission — by hacking into the computer of another commissioner, Randy Ruedrich, chairman of the Alaska Republican Party. Palin was seeking the evidence that she would eventually use to charge him with an improper relationship with lobbyists. (Ruedrich would later settle state ethics charges against him by paying a $12,000 fine.)”
Is this where the McCain administration is going to get their computer security expertise? She’s not a security expert but it is nice to see someone at the level of state govenor who knows their way around a computer.
The August 08 Beansec was a great success! We filled the entire club with people till well past 10pm. A special thanks goes out to Zach Lanier and Dan O’Neill who picked up the tab for drinks and food in Hoff’s absence. If you see them online or in person make sure you say “thanks” too!
In light of the events of last week I couldn’t help but be amused by this dialog box floating on a turnstile display in the central square T stop.
EDIT: my cell phone camera takes lousy pictures. The text reads:
Program: D:/FOAAA/
File: sprintf.c
Line: 94
One of my old L0pht collegues, Peiter “Mudge” Zatko, is featured in Mass High Tech today in an article titled Bay State hackers find security holes in defibrillators, RFID.
Hackers getting a free T pass may be the least of our worries — local hackers-turned-security experts suggest RFID keycards, wireless networks and medical devices implanted in the body are also vulnerable to hacks.
At last week’s Defcon hacker convention in Las Vegas, a team of researchers showed it was possible to get information such as Social Security numbers and medical diagnoses, and change the settings on an implantable defibrillator by impersonating the computer it communicates with wirelessly. By doing so, a hacker could send a fatal shock to a patient’s heart, said William Maisel of the Beth Israel Deaconess Medical Center.
It is almost like things haven’t changed since the 90’s when the L0pht worked to change the mindset of security:
The L0pht worked as an independent security research think tank. For us it was non-profit side job researching and publishing vulnerabilities in software and hardware. We did it for our love of technology and published what we found out because purchasers and users of the vulnerable systems deserve to know.
It’s 10 years later and the situation hasn’t improved much. Mudge talks about the vulnerabilities the L0pht found in highway transponder systems that are still in systems being fielded today. But more important than the vulnerabilities themselves is the nature of how these vulnerabilities are coming to light. They are being found by hobbyists, students, and IT people working in their spare time. How can something as important as the security of public fare collection systems and medical equipment not have a standard process for security acceptance testing?
As we become more reliant on digital systems, with some even keeping us alive, it is high time for security testing to move beyond student papers and part time IT work. Security testing needs to become a formal part of the process of purchasing and fielding digital systems. Our lives are starting to depend on it.
INAV is a project that displays connection information in real time. It creates a dynamic interactive directed graph in real time. http://inav.scaparra.com
Twitter