Wednesday, September 1st, DC401 is back after a one month hiatus with information fresh from Blackhat 2010 in Las Vegas!

Dan King of SecureWorks will be presenting the research he presented at Blackhat this year, regarding some security flaws he discovered in the very products we all use to protect our networks. Here's the description of his research from the Blackhat program:

Daniel King discovered McAfee Network Security Manager (the web-based management appliance for McAfee IPS sensors) was vulnerable to authentication bypass / session hijacking (CVE-2009-3565) and cross-site scripting (CVE-2009-3566) vulnerabilities. We'll demonstrate a proof-of-concept attack scenario that blends these vulnerabilities to gain unauthorized access to the NSM web management interface through cookie stealing and hijacking an administrator's session.

Date/Time: 1730 - September 1, 2010
Location: AS220 Performance Space - 115 Empire St, Providence

We have a whopper of a presentation for the July meeting by two local RI researchers from Brownhole Research Labs:

Date/Time: 1730 - July 7th, 2010
Location: AS220 Performance Space - 115 Empire St, Providence
Title: The Economics of Personal Privacy and the Scam of Web2.0

"In this presentation we will present and elaborate on the economics of
personal privacy. How much is your information worth and how is that
information treated once given up? We'll explore the scam artists that
are populate the Web2.0 industry. We'll also explore and expose the lies
they tell in order to get you to give up their information, take a look
at the security and privacy culture of Web2.0/social web and how it's
actually implemented.

"We'll take a close look at privacy incidents and mishandling of
personal information in the consumer market highlighting the AT&T iPad
information leak which one of the presenters has been quoted and
interviewed about in the Washington Post and New York Times. We'll also be
discussing privacy issues surrounding Android, the iPhone, and other
mobile platforms.

"If you're a Web2.0 or social networking company and you're based in RI,
you'll probably want to attend.

"Companies we'll be looking at (exposing their lies) include:
Facebook, MySpace, and other social networking sites.
Swipely, Blippy, Mint.com and other finance/social networking sites
And whatever else we feel like exposing between now and when we give
this talk."

This is going to be a great presentation, surely one to stir up some lively discussion. I hope everyone gets a chance to come!

Jimmie P Rodgers is going to be in town for the whole month of June doing an Artist in Residence gig at AS220. We figured while he was in town, we'd grab him to give an overview talk on circuit bending. Unfortunately, we don't have the time for whole workshop, but you'll get enough info so you can head home and try it out on your own.

Date/Time: 1730 - June 2nd, 2010
Location: AS220 Performance Space - 115 Empire St, Providence

As we all know, I'm a complete slacker when it comes to getting the results of folks talks posted here. Without further ado, here are the slides and audio for Gadsden's talk Hacking the Crisis.

Slides - Gadsden-Hacking-the-Crisis.pdf
Audio - Gadsden-Hacking-the-Crisis.mp3

What do you do when you're running a conference and your head of security/one of your speakers comes down with the flu and is vomiting his guts out all weekend? You make do the best you can on the security front and reschedule his talk for the next DC401 meeting.

As displayed over and over throughout history disasters can and do happen. Three trends tend to be consistent:
* The disasters can and do happen when least expected.
* People and and government are never prepared to handle the situation.
* Government is usually ineffective in preventing the crisis or providing a solution.

The goal of this talk is to briefly discuss situations where a crisis can cause a dangerous situation, steps one can do to prepare, and some simple hacks to increase your odds of survival in the first couple weeks after the crisis arises.

Gadsden is an Information Security Engineer by day. By night he's a DC401 member, firearms advocate, home brewer and once a year he packs up and goes to Vegas to be a Goon for DefCon. He's also our head Security Goon for QuahogCon.

Date/Time: 5 May 2010 - 1730-1900
Location: AS220, 115 Empire St, Providence. Directions