Wednesday, September 1st, DC401 is back after a one month hiatus with information fresh from Blackhat 2010 in Las Vegas!
Dan King of SecureWorks will be presenting the research he presented at Blackhat this year, regarding some security flaws he discovered in the very products we all use to protect our networks. Here's the description of his research from the Blackhat program:
Daniel King discovered McAfee Network Security Manager (the web-based management appliance for McAfee IPS sensors) was vulnerable to authentication bypass / session hijacking (CVE-2009-3565) and cross-site scripting (CVE-2009-3566) vulnerabilities. We'll demonstrate a proof-of-concept attack scenario that blends these vulnerabilities to gain unauthorized access to the NSM web management interface through cookie stealing and hijacking an administrator's session.
Date/Time: 1730 - September 1, 2010
Location: AS220 Performance Space - 115 Empire St, Providence
For January, we're going to do a combined DC401/AS220 Labs Make and Break night. We'll have five each of the Adafruit SIM readers, Minty Boost and TV-B-Gone kits. Cost for the kits with be $20 each. Assistance with soldering and general advise is free, as always.
Email ducksauz [at] dc401 [dot] org to reserve a kit. Or take your chances and come on the night of and see what's available. Also, if you've got a small kit sitting around that you've been meaning to build, bring it down and we'll help you through it.
Date/Time: 6 Jan 2010 - 1700-1900 (Early start!)
Location: AS220, 115 Empire St, Providence. Directions
For December's meeting we have a talk from one of our members who you might not recognize at first glance these days. Joe Pepin has transitioned to Joan Pepin and will be speaking on the technical details of being transgendered. This will be a very interesting and enlightening talk.
Gender (as opposed to physical sex) is a social construct and is therefore susceptible to manipulation and what hackers may call 'social engineering'. Speaking from personal experience, I will discuss various techniques that some members of the transgender community use to alter the perception of their gender. This talk will not focus on the "why", but rather the "how", and may have applications relevant to the broader hacker/social-engineering community.
Date/Time: 2 Dec 2009 - 1730-1900
Location: AS220, 115 Empire St, Providence. Directions
Prolific DC401 speaker Dennis Brown returns hot on the heels of his abbreviated presentation at ToorCon. They only gave him 20 minutes. We'll give him a whole hour and see if he can get all the way to the end.
Selling currency and services for massively multiplayer games are often viewed as a cottage industry, but it is in fact a half-billion dollar industry that profits off of malware distribution and sweatshop labor. Its also a conflict between the companies behind these games who want to keep a fair playing field, and the people trying to profit from them using techniques such as social engineering, keyloggers and spamming, amongst others. This presentation discusses the recent history of these synthetic economies, how they remain undetected and in operation, and the ways they can affect both virtual and real-world economies.
Date/Time:Wednesday, 4 Nov 2009 - 1730-1900
Location: AS220, 115 Empire St, Providence. Directions
We've got a real treat for the October Meeting. Andy Pavlo, a CS graduate student at Brown will come by to talk about his research project called Graffiti Networks, which apparently landed him and his collaborators into a little hot water last spring. Should be a very interesting talk with a good 'lessons learned' section.
"In response to the lack of user anonymity and long-term data persistence in existing P2P systems, we developed the Graffiti Network distributed file sharing protocol that uses multiple third-party storage sites as a data replication and transfer medium between clients. Our approach is to use publically available web sites to store multiple copies of shared content. We use the term graffiti for our work since we are storing data in a way that non-network participants may regard as unsightly or unwanted vandalism."
Date/Time:Monday, 12 Oct 2009 - 1730-1900
Location: AS220, 115 Empire St, Providence. Directions
Note the special night! AS220 once again has Action Speaks! on Wednesday nights this month, so we got bumped to the second Monday.