My Security Planet » Tags » Events

Feeds

6078 items (0 unread) in 72 feeds

• Jeremy Zawodny's blog
• Mozilla Webdev
• Transcendental Technical Travails
• Ian Bicking: a blog
• Hackosis

WebSecurity

• Watchfire Application Security Insider
• BlogSecurity
• sirdarckcat
• Google Online Security Blog
• CGISecurity.com: Your Web Site and Application Security Resource
• Switch/Twitch
• mybeNi websecurity
• cat slave diary
• SecuriTeam Blogs
• Curiouser and Curiouser
• Alex's Corner
• Billy (BK) Rios
• Chris Shiflett
• christian's weblog
• funkatron.com
• GNUCITIZEN
• The Spanner
• hackademix.net
• Ruby on Rails Security Project
• It's a shampoo world anyway
• Web Security Blog
• ha.ckers.org web application security lab
• Yet Another Infosec Blog
• PHP Security Blog
• Security Thoughts
• Sunnet Beskerming Security Advisories
• Disenchant's Blog
• Sylvan von Stuppe
• Larholm.com
• The Turkey Curse
• Jeremiah Grossman
• Anurag Agarwal - Application Security Evangelist
• Ivan Ristic
• deep inside | security & tools
• omg.wtf.bbq.
• BlueHat Security Briefings
• Tactical Web Application Security

Security

• tssci security
• Plynt Penetration Testing Blog
• Michael Howard's Web Log
• Security Retentive
• BindShell.Net
• Dominic White's .tHE pRODUCT
• SecurityFocus News
• Justice League
• Schneier on Security
• Rational Survivability
• terminal23
• 1 Raindrop
• hiredhacker.com
• Matasano Chargen
• Security Vulnerability Research & Defense
• Michael on Security - Musings on Information Security
• Fortify blog
• The Art of Software Security Assessment
• GDS Security Blog
• Vodun.org
• Robert Penz Blog
• Mark Curphey - SecurityBuddha.com
• Liminal states
• Security Ripcord
• ModSecurity Blog
• IBM Internet Security Systems Frequency X Blog
• Suspekt...

SEO

• SEO BlackHat: Black Hat SEO Blog
• busin3ss.name

Tools

• Opensourcetesting.org News

13 items tagged "Events"

Related tags: Current [+], Security [+], 25C3 [+], republica08 [+], Schedule [+], PHNeutral [+], OWASP [+], Fahrplan [+], Deepsec [+], CCC [+], Bluehat [+]

Curiouser and Curiouser

• 

  6 Myths About GM, Ford, and Chrysler

  Posted: December 19th, 2008, 8:54am CST

  Tags:  Current Events   [edit]

  I much enjoyed this article.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [8] - Reply - Recommend

The Turkey Curse

• 

  25C3: Schedule online

  Posted: November 24th, 2008, 5:20pm CST by fukami

  Tags:  Events CCC 25C3 Schedule Fahrplan   [edit]

  We just published the so-called “Fahrplan” for 25C3. Take a look.

  Tags: Events, CCC, 25C3, Schedule, Fahrplan
• 

  Deepsec, 25C3, CGNSec and everything else

  Posted: November 6th, 2008, 3:48am CST by fukami

  Tags:  Events Security Deepsec OWASP 25C3   [edit]

  Next week I will stay in Vienna to join Deepsec. Last year the conference was just amazing and I’m also looking forward to visit Metalab, one of my favorite hacker spaces. BeF and me will have a talk about ActionScript 3 obfuscation/de-obfuscation and other fun stuff with byte code. BeF released a new version of erlswf which is capable of disassembling AS3 and returning this disassembly as JSON. If you are interesting in those things you should check it out. BeF will hopefully blog about erlswf in detail (hinthint :)

  During the last weeks I was one of the persons who looked through all the submissions (nearly 300!) for the 25C3. I was also involved into the decisions what talks will take place. I won’t tell much, but I think it will be interesting and much more focussed on technical topics rather than meta-blabla like the last years. BeF and me are going to speak about Flash stuff at 25C3 as well and we will also release a paper for the conference proceedings.

  In November I will be at OWASP Germany 2008 in Frankfurt and talk about RIA security. I’m still not 100% sure what I will exactly talk about, but I think I will focus on difficulties one has to face when auditing complex RIA applications. Most people already know that I’m not a big fan of OWASP since it’s much to much vendor centric in my point of view (but, well, I don’t like to start a big rant here right now). Anyways, I’m looking forward to meet Alexios from n.runs and Martin at the conference.

  Last month Stefan and me founded CGNSec. The idea is to meet security people and researchers from the Cologne/Bonn area to talk about unfinished ideas and projects as well as having some beers. Yesterday there was the second meeting and it was real fun. There were even some EZB guys from Frankfurt and we had some interesting conversations. I hope we will have some presentations from time to time, since there are quite some people with interesting stuff. I also hope that the MWCollect guys from Bonn are joining us next time.

  Some personal notes: I got engaged with my girlfriend. Since she’ll go to Hamburg beginning of next year to join Henri Nannen Journalist School I will probably leave the Rhineland in between the next two years (well, not before she will finish). I really feel sad somehow, since I feel home here. But after her studies she will probably not coming back, so I will follow her sooner or later.

  I joined a carnival society some months ago called “Beueler Stadtsoldaten”. The Rhenish Carneval is starting in a couple of days and I will have quite a couple of events where I will do some dancing (nothing to complicate really) - and I’m thinking about starting a blog or Soup where I like write about some experiences, post some photos and tell about all the dirty little things happen there. I will probably announce it using my Twitter account.

  Last but not least a little advertising: End of November the book of Mario Heiderich, Christian Matthies, Johannes Dahse and me will be published by Galileo Press. It’s in German and it calls “Sichere Webanwendungen” (secure web applications). I was only responsible for everything related to Flash, so most of the work was done by the others. The nice thing is that it will be published only using my nick, not my real name :)

  Tags: Events, Security, Deepsec, OWASP, 25C3, CGNSec, Beuel, Stadtsoldaten

CGISecurity.com: Your Web Site and Application Security Resource

• 

  My Trip To Microsoft's Bluehat Conference

  Posted: October 21st, 2008, 1:19am CDT by Robert

  Tags:  Events   [edit]

  Last week I attended Microsoft's Bluehat conference for the first time and found the experience to be pretty positive. Here are a few highlights New Tools Announced- Microsoft Threat Modeling tool v3.1 RC2 (Public release date: unknown)- CSSH is a CSS history theft tool combining a crawler to enumerate the links...

Curiouser and Curiouser

• 

  The Bailout Round II: Adult Version?

  Posted: September 30th, 2008, 11:40pm CDT

  Tags:  Current Events   [edit]

  Watching Dean Baker on CSPAN at the moment, visited his think tank's site, lots of interesting talking point memos.

  With much of this equity now eliminated by the collapse of the bubble, many families can no longer sustain their levels of consumption. The main reason that banks won't lend to these families is that they no longer have home equity to serve as collateral. It wouldn't matter how much money the banks had, they are not going to make mortgage loans to people who have no equity.

  And house prices are not going to come back. This is like Pets.com. We are not going to get the price of $200,000 homes in central California back up to $500,000.

  ...

  How do we go about getting the banks in order? Almost every economist I know rejects the Paulson approach and argues instead for directly injecting capital into the banks. The taxpayers give them the money and then we own some, or all, of the bank. (That's what Warren Buffet did with Goldman Sachs.)

  This isn't about begging for a sliver of equity as a concession for a $700 billion bailout, this is about constructing a bank rescue the way that business people would do it. We have an interest in a well-operating financial system. There is zero public interest in giving away taxpayer dollars to the Wall Street banks and their executives.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [3] - Reply - Recommend
• 

  Speaking at BlackHat 2008:

  Posted: May 16th, 2008, 8:13am CDT

  Tags:  Current Events   [edit]

  Circumventing Automated JavaScript Analysis Tools
  Billy Hoffman

  [snip]

  Next we explore multiple new techniques to circumvent the current generation of automated analysis tools by detecting their presence from inside malicious JavaScript. (JSPill? hmmmm) These methods include HTTP/browser fingerprinting, DOM testing and encrypting, Doman and Network testing, Execution environment testing, and cross plugin communication testing. We will demonstrate malicious JavaScript detecting analysis tools using these methods and refusing to give up its secrets until its running in the web browser of choice. We’ll demonstrate encrypting JavaScript to only run in particular browsers or environments. We’ll also demonstrate a couple other tricks, such as encoding malicious JavaScript as nothing but white space, and function clobbering for fun and profit.

  Time to kick CaffineMonkey in the ass. Sorry Ben, I owe you a beer.

  And, as is often the case, this technology has no legitimate use.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend

The Turkey Curse

• 

  re:publica, Bluehat and PH-Neutral

  Posted: March 26th, 2008, 5:50am CDT by fukami

  Tags:  Events Security republica08 Bluehat PHNeutral   [edit]

  The next couple of weeks I’m going to speak at some interesting and completely different events. Next week I will be at [re:publica][republica] in Berlin doing a tunneling workshop. Last year there was a screen at the entrance of re:publica showing the output of dnsniff. Some people got very pissed because of their passwords turning up in full HD quality. So Markus had the idea of this workshop and asked to do that in order to give the attendees a possibility to protect themself. The re:publica is going to be very big this year (800 attendees all together as far as I know) and a lot of old friends will show up I haven’t seen in a while.

  The next event I’m going to visit is [Bluehat v7][bluehat] in Seattle. I’ve never been to the States before, so I’m really excited going there - especially because Microsoft is the reason which I still find very weird. I’ll give a presentation together with [Manuel Caballero][manuel] about [Silverlight][silverlight] and how it compares to Adobe Flash security-wise. Only a few of the speakers of Bluehat are already known to me. Beside [Lieutenant Dan][dan] and [kuza55][kuza] I’m looking forward to got to know [Sowhat][sowhat]. We tried to invite him to one of the past [Chaos Communication Congresses][c3] but it was far more complicate than we thought because of problems with the visa. I’m also looking forward to got to know [Billy Rios][bk]. I guess he and [Nitesh][nitesh] will talk about [Phishing][interview].

  In May I’ll be at [PH-Neutral][phneutral] and give a presentation together with [BeF][bef] entitled “SWF and the Malware Tragedy”. The talk is about static analysis of SWF bytecode and we hopefully have some more time to look into less known SWF bytecode obfuscation techniques. BeF and me also wrote a [paper][paper] with the same title which is mainly about using Erlang programming language based [erlswf][erlswf] for SWF bytecode analysis.

  Tags: Events, Security, re-publica08, Bluehat, PH-Neutral, Flash, Silverlight, SektionEins, FlashSec

  [republica]: http://re-publica.de/08/
  [bluehat]: http://blogs.technet.com/bluehat/
  [manuel]: http://www.cracking.com.ar/
  [dan]: http://doxpara.com/
  [kuza]: http://kuza55.blogspot.com/
  [sowhat]: http://secway.org/
  [c3]: https://events.ccc.de/congress/
  [bk]: http://xs-sniper.com/blog/
  [interview]: http://www.net-security.org/article.php?id=1110
  [bef]: http://pentaphase.de/
  [paper]: https://www.flashsec.org/mediawiki/images/5/57/SWF_and_the_Malware_Tragedy.pdf
  [erlswf]: http://code.google.com/p/erlswf/
  [phneutral]: http://ph-neutral.darklab.org/
  [silverlight]: http://silverlight.net/
  [nitesh]: http://dhanjani.com/

Curiouser and Curiouser

• 

  Who needs security when you have a robot? | ajc.com

  Posted: February 22nd, 2008, 11:44am CST

  Tags:  Current Events   [edit]

  Late at night several times a week, Terrill powers up the 4-foot-tall, 300 pound device and reaches for a remote control packed with two joysticks and various knobs and switches. Standing on a nearby corner, he maneuvers the machine down the block, often to a daycare center where it accosts what Terrill says are drug dealers, vagrants and others who shouldn't be there.

  He flashes the robot's spotlight and grabs a walkie-talkie, which he uses to boom his disembodied voice over the robot's sound system.

  "I tell them they are trespassing, it's private property, and they have to leave," he said. "They throw bottles and cans at it. That's when I shoot the water cannon. They just scatter like roaches."

  OMG, I can't believe he actually built it, and I can't believe it actually works.

  You now have something more to look forward to at O'Terrill's besides the fish and chips!

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [3] - Reply - Recommend
• 

  Taxi to the Dark Side

  Posted: February 9th, 2008, 10:30pm CST

  Tags:  Current Events   [edit]

  Put people in a crazy situation and people do crazy things

  You have no right to a lawyer
  you have no right to witnesses
  You don't really know what the charges are
  And you certainly don't know what the secret evidence is against you

  Its not about left or right, its about right and wrong

  This is playing in Atlanta at The Landmark

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [3] - Reply - Recommend
• 

  Defense Minister: How can offensive-forbidden Japan stop UFO Attack

  Posted: January 22nd, 2008, 2:42pm CST

  Tags:  Current Events   [edit]

  Japan's Defense Minister Shigeru Ishiba is considering how his Self-Defense Forces could respond to an attack by space aliens while adhering to limits on military action under the country's war-renouncing Constitution.

  Ishiba said yesterday a Japanese military response, such as those in the Godzilla movie series, would require legal review and said he is studying ways Japan could deal with an attack. Ishiba said his comments represent a ``personal view,'' and not Defense Ministry policy, according to the transcript of the press conference published on the ministry's Web Site.

  ``There are no grounds for us to deny there are unidentified flying objects and some life-form that controls them,'' Ishiba said. ``Few discussions have been held on what the legal grounds are'' for a military response.

  A most interesting problem to have. I suggest building a giant robotic lizard and hiding him in a volcano until the aliens attack.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [5] - Reply - Recommend

BindShell.Net

• 

  PHP reverse shell

  Posted: January 9th, 2008, 12:14am CST

  Tags:  Events   [edit]

  Pentestmonkey has a great tool called php-reverse-shell. It is for elevation from web server (PHP) upload access to a reverse bindshell. The script will open an outbound TCP connection from the webserver to a host and port of your choice.

Curiouser and Curiouser

• 

  Down in it.

  Posted: December 19th, 2007, 4:53pm CST

  Tags:  Current Events   [edit]

  All the SPI folks are in our new office and all of SPI senior management that used to have offices now has cubes like the rest of us.

  I was up above it.
  I was up above it.
  Now I'm down in it
  I was up above it.
  I was up above it.
  Now I'm down in it
  -Nine Inch Nails, Down in it

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend
• 

  Toothbursh... or Sex Device?

  Posted: December 17th, 2007, 3:29pm CST

  Tags:  Current Events   [edit]

  Lawyers representing Procter & Gamble send a 66-page cease-and-desist letter to British sex-toy company Love Honey, demanding that it stop using images of its Oral B electric toothbrushes to promote a product called the Brush Bunny - a rabbit-shaped piece of plastic that slips over the top of an Oral B to turn it into a vibrator.

  
  
  --
  Link (Direct) - Link (Reputation Tracking) - Discuss [1] - Reply - Recommend