A couple of people had asked me what are some things that you can do prior to attending hacker cons such as Blackhat and Defcon. Kurt Cobain said it best "Just because you're paranoid, doesn't mean they're not after you'. Here's a short list (albeit not complete as I don't plan to...
The Web Application Security Consortium (in which I am a co founder) is throwing a party at RSA this year in San Francisco. Here's the formal announcement. "Take a Break @ RSA and Meet-up with Your Peers at the WASC Meet UP Join your Web application security peers for lunch at Jillian's@Metreon....
I recently attended RSA and had a chance to see the cryptography panel. Towards the end of the panel an amusing amount of bickering began between the former NSA technical director (Brian snow) and folks such as Whit Diffie (inventor of diffie hellman key exchange), and Adi Shamir (co founder of RSA...
The Web Application Security Consortium (WASC) is having an official meetup in San Francisco during the RSA conference.If you like to get free food/drinks, shoot pool, and chat appsec with many of the leading researchers in the appsec world this is your chance. WASC RSA 2010 Meet-up Wednesday, March 3, 2010 Lunch...
I'll be heading out to AppSecDC to present Transparent Proxy Abuse on Thursday, so if you're attending and want to chat about appsec I'll be available after my talk. Here's a teaser of my presentation I'll be presenting a video demonstrating this abuse case against Squid and Mac OS X Parental Control...
"OWASP Announces International Application Security Conference for 2009 Speaker Agenda Released and Registration Open for 2009's Largest Web Application Security Event Washington DC August 20th, 2009 -- Following in the footsteps of the Open Web Application Security Project's (OWASP, http://www.owasp.org ) immensely successful and popular conferences earlier this year in Australia, Poland,...
I'm heading out later today for my yearly Blackhat/Defcon trip and looking to attend the following blackhat talks as of now. Day 1 Veiled - A Browser Based Darknet Practical Windows XP/2003 Heap Exploitation Fighting Russian Cybercrime Mobsters More Tricks for Defeating SSL Enterprise Java Rootkits The Language of Trust State of...
"A talk demonstrating security weaknesses in a widely used automatic teller machine has been pulled from next month's Black Hat conference after the machine vendor placed pressure on the speaker's employer. Juniper Networks, a provider of network devices and security services, said it delayed the talk by its employee Barnaby Jack at...
"Yesterday, at the Blackhat DC security conference, I spoke about the dangers of persistent web browser storage. Part of the talk focused on how emerging web browser storage solutions such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5 specification, could be attacked on sites...
If you like talking about website and application security and will be in San Francisco in April I highly recommend attending the Web Application Security Consortium's RSA Meet-up. We've been doing this for the past 3-4 years and always get a great crowd. He's the formal announcement. Take a Break @ RSA...
UPDATE: I've added a link to the presentation slides and some other sites providing coverage of this. The following paper was published today at the CCC conference by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. "We have identified a vulnerability in the...
Last week I attended Microsoft's Bluehat conference for the first time and found the experience to be pretty positive. Here are a few highlights New Tools Announced - Microsoft Threat Modeling tool v3.1 RC2 (Public release date: unknown) - CSSH is a CSS history theft tool combining a crawler to enumerate the...
Matthew Chalmers submitted the following news. "With the theme "Setting the AppSec Agenda for 2009" the OWASP Summit will be a worldwide gathering of OWASP leaders and key industry players to present and discuss the latest OWASP tools, documentation projects, and web application security trends. Join us in Portugal in just a...
WASC and OWASP are throwing a party this year during blackhat at the shadow bar which is being sponsored by Breach. This will be the 3rd party at the shadow bar, and 2nd joint WASC/OWASP conference. If you want to chat appsec this is where everyone in appsec will be.
My week at RSA has been fairly interesting. One of the highlights was getting to see an enigma at the NSA booth. Here is a short video I made of the NSA Museum employee explaining how it works.
Announcement Link: http://jeremiahgrossman.blogspot.com/2008/03/wasc-rsa-meet-up-2008.html
The WASC/OWASP event went very well as over 250 showed up. Below are some pictures of the event by a few of the sttendee's including Anurag a WASC officer. I will add some more pictures as they become available including news stories covering the event. Anurag Picture Link: http://myappsecurity.blogspot.com/2007/11/appsec-2007-pictures-of-breach-party.html Wayne Picture Link:...
WASC is having a meetup in Silicon Valley in Cupertino California. If you're interested in attending visit the meetup link below and RSVP. These meetings are a good way to find out what WASC (The Web Application Security Consortium) is all about, chat with fellow security people, and drink beer. Meetup Link:...
"OWASP and WASC have joined forces for this year's AppSec 2007 conference being held at eBay in San Jose, CA on Nov 12-15. A huge concentration of industry leading experts will be in attendance presenting high quality web application security content. AppSec 2007 offers a unique opportunity for security professionals, software developers,...
Vegas was interesting this year to say the least. For starters I finally got to attend NOT as a vendor which I gotta say was pretty nice. Here are the talks I attended. Intranet Invasion With Anti-DNS Pinning It's All About The Timing Tactical Exploitation (Part 1) Dangling Pointer IsGameOver(), anyone? The...
"Mozilla has been using an open-source application security testing tool, known as a fuzzer, for JavaScript to detect and fix dozens of security bugs in Firefox, Mozilla director of ecosystem development Window Snyder said Thursday at the Black Hat USA 2007 conference in Las Vegas. The JavaScript fuzzer found 280 bugs in...
UPDATE: Her myspace page was linked off of defconpics.org and shortly after has been removed from myspace. No word on how it was removed at this time. An NBC reporter (Michelle Madigan Associate Producer of NBC Dateline) was found to be trying to find hackers for hire and recording them with a...
"In their presentation, titled "Don't Tell Joanna, The Virtualized Rootkit Is Dead," the researchers detailed how to use counters that are external to a system to detect a virtualized rootkit's pull on CPU resources or other telltale footprints. It's got to be an external counter, given that a virtualized rootkit sits at...
I'll be leaving for blackhat shortly and site updates will slow down a bit as well as moderation of the web security mailing list. If you're in vegas and want to chat appsec, be sure to RSVP to the huge OWASP/WASC party, I'll be there with just about every other application security...
"I've been denied entry to the US essentially for carrying my trainings material. Wow. It appears I can't attend Blackhat this year. I was denied entry to the US for carrying trainings materials for the Blackhat trainings, and intending to hold these trainings as a private citizen instead of as a company....
This year OWASP and WASC have decided to have a joint party at Blackhat vegas. I'll be there with many of the other appsec industry people. RSVP if you want to attend!
"2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart! This is where "Hackers on a Plane" comes in: The...
WASC is organizing a Meet-Up during the JavaOne Conference (May 8-11 @ San Francisco Moscone Center). As usual this will be an informal gathering. No agenda, slide-ware, or sponsors. We're expecting maybe 10-20 like minded webappsec people to share some food, drinks, and stimulating conversation. Everyone is welcome and it should be...
I really enjoyed going to the RSA conference this year and meeting up with some old friends and seeing some good talks. I only got to attend for two days one of which was for 'The Web Application Security Consortium' (I'm a co founder) get together (pictures available at the links below)....
This years RSA Conference is being held at the San Francisco Moscone Center [2] (February 5 � 9) and every year, for the past couple years, we�ve coordinated an informal WASC Meet-Up. Usually about 20 or so people in the web application security community show up to have some fun sharing drinks,...
I will be giving a talk at Blackhat this year entitled "Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems". I'll also be available at the 'Web Application Security Consortium' Meet-up for those who want to chat. This presentation will discuss the use of RSS and Atom feeds as...
Jeremiah Grossman sent this out to the web security mailing list today. "Normally we hold WASC Meet-Ups during large conferences (RSA/ BlackHat) where a lot of web application security people are at same place at the same time. Around the S.F. Bay Area there's enough webappsec people that we we no longer...
