Tuesday, December 12, 2006

NoVA Sec Meeting 1900 Wed 13 Dec 06 at Cisco

The Wednesday NoVA Sec meeting will be held at Cisco in Herndon, VA:

13600 Dulles Technology Drive
Herndon, VA



Yahoo Map

The meeting will be in the Sapporo 1972 room. You will have to sign in. No RSVP is needed. Thank you.

Saturday, December 02, 2006

Next NoVA Sec Meeting In Jeopardy

Nigel Houghton will no longer be able to speak at our next meeting, due to the "quiet period" caused by Sourcefire's IPO. Is anyone available to speak that night? If not, I can brief a section of my TCP/IP Weapons School class. That should motivate someone to volunteer to speak!

Sunday, November 26, 2006

Next NoVA Sec Meeting 1900 Wed 13 Dec 06

Our next meeting is 1900 Wednesday 13 December 2006. Our guest speaker will be Nigel Houghton from Sourcefire VRT. I expect he will say something cool about Snort.

I am working on securing a location now. When I have one arranged I will post it here. This will be our last meeting for 2006. I'd like to schedule some guest speakers for 2007. If you have any suggestions, please post them here or to our mailing list. Thank you.

Tuesday, November 07, 2006

NoVA Sec Mailing List Created

Thanks to Wesley Shields for establishing the NoVA Sec Mailing List. This will help us have extended discussions that can't be handled well by NoVA Sec blog comments. Only registered mailing list members can post (to frustrate spammers), so sign up today.

Friday, November 03, 2006

NoVA Sec Meeting Follow-up

We had a great meeting last night. Thanks especially to Steven Murdoch for a creative and highly technical briefing. The slides we saw are online (.pdf), and the paper is here (.pdf).

Steven mentioned the Sybil attack, and I found the original paper here. Wikipedia's entry on information theory might be useful, assuming some joker hasn't corrupted it. Low-bandwidth covert channels are great ways to transmit AES keys. Steven's talk reminded me that calculus-like or -based methods, or basically thinking about measuring changes over time, is a powerful analytical method. Finally, Steven mentioned he wrote some of his tests in Lua, which has a FreeBSD port and a new Wrox book arriving next spring.

We've got several initiatives in mind. I'm going to need some help with these if we want them to go anywhere. If no one cares, that's cool too.


  1. Can anyone recommend future speakers? If you have an idea, please email me: taosecurity [at] gmail [dot] com. We're looking for anyone who would like to speak on a technical topic.

  2. Paul mentioned interest in setting up a distributed attack-and-defend network (AADN). You would provide one or more systems from which you would attack other people on this network, and which could be attacked by others. I believe establishing some sort of VPN among all participating nodes would be the best way to hide this activity from ISPs, and also guarantee that whomever is part of the VPN has really agreed to participate in this activity. If anyone is interested in this idea, please post a comment.

  3. Beyond an individually owned-and-operated AADN, there is some interest in collecting old gear for NoVA Sec learning and experimentation. For example, it would be nice to assemble a collection of Cisco equipment for those who want to gain some hands-on experience without potentially corrupting their production gear at work. I have a friend at Cisco who might be able to contribute old gear. We would also need a central location to house it and an equipment custodian.



On the communications side, our ability to communicate effectively is going to outgrow blog comments. A few ideas follow:

  1. Would anyone want to set up and maintain an IRC channel?

  2. Would anyone want to set up and maintain a mailing list?

  3. Is there a need for a Web site other than this blog?


Thank you.

Wednesday, November 01, 2006

Reminder: Next NoVA Sec Meeting 1900 Thu 2 Nov 06

As a reminder, our next meeting is 1900 Thu 2 Nov 06 at Getronics Red Siren. I will be driving guest speaker Steven J. Murdoch from Alexandria to Reston during rush hour, so please don't worry if I'm not there by 1900. I plan to ask Steven to start his talk at 1930.

Saturday, September 30, 2006

Next NoVA Sec Meeting 1900 Thu 2 Nov 06

Thanks to everyone who attended the second NoVA Sec meeting. I talked about FreeBSD, then we discussed ZERT, bump keys, and other security issues from the last month. We had about 15 attendees. Thanks to Getronics for hosting!

We will hold our next meeting at the same location as the second meeting, at 1900 Thu 2 Nov 06. We will have our first guest speaker -- Steven J. Murdoch. Steven will present his paper Hot or Not: Revealing Hidden Services by their Clock Skew. He's flying all the way from Cambridge University just to be with us. Ok, not really -- he's presenting that paper at the Workshop on Privacy in the Electronic Society the same week.

I should note that the speaking portion of the meeting will start around 1930, as was the case this week. I have to drive Steven from Alexandria to Reston after Steven's conference day ends. That might delay arriving at Getronics by 1900.

At the end of the last meeting I also spoke with Aaron, who volunteered to be our first local guest speaker. He will discuss virtual machine forensics at our fourth meeting. I haven't proposed a date for that yet.

Wednesday, September 27, 2006

Confirmed: Next NoVA Sec Meeting 1900 Thu 28 Sep 06

As posted here, the second NoVA Sec meeting will be held at 1900 on Thursday 28 September 2006, at Getronics Red Siren.

If you'd like to try FreeBSD on your hardware, bring the appropriate CD installation media (disc 1 is usually sufficient) to make our lives easier. I'll have i386 media with me.

Wednesday, September 06, 2006

Next NoVA Sec Meeting 1900 Thu 28 Sep 06

The second NoVA Sec meeting will be held at 1900 on Thursday 28 September 2006, tentatively at Getronics Red Siren:

10790 Parkridge Boulevard
Suite 300
Reston, VA 20191
Phone: 703.788.9800



Richard Bejtlich will speak for about 45 minutes on FreeBSD. Following the talk we can help people install FreeBSD on systems they bring to the meeting, if they like.

Wednesday, August 30, 2006

OWASP NoVA

I forgot to mention that there's a Open Web Application Security Project (OWASP) chapter for NoVA. It looks like they meet monthly on the second Thursday of the month.

Monday, August 28, 2006

NoVA Sec First Meeting Pictures

Paul Zedeck was kind enough to send the following pictures from the first NoVA Sec meeting last week. In the first picture, I'm caught demonstrating the proper posture one should assume while holding a Thinkpad laptop. As you can see, we were not allowed to hold our meeting inside the Panera Bread. Not really, just kidding. Here you can get a sense of the number of people that attended the meeting. We probably had 25 people. It was a really nice night to sit outside. I believe we will hold the next meeting at a managed security services provider in the NoVA area. I'd like to know if anyone inside wondered what 25 people were doing outside their restaurant.

Friday, August 25, 2006

Thanks for Great First NoVA Sec

Thanks to everyone who participated in the first NoVA Sec meeting last night. I figure we had about 25 people show up. I'll work on selecting a date for the next meeting. I'll also work on a presentation about FreeBSD for the next meeting.

Paul promised to email the pictures he took. When I get them I'll post a few here.

Ken asked about learning penetration testing. The main public resource I know is Open Source Security Testing Methodology Manual.

For those of you who didn't participate, the "formal" meeting lasted about an hour (7 to 8 pm) and the informal part another hour. We talked about future possibilities, group interests, and security issues in our area. Wireless, Minix, and analyst training were other issues. We raffled four books I brought, and I would request that those of you who won a book please review it at Amazon.com. This will make the publishers glad to send us books (assuming the books are any good).

Thank you!

Thursday, August 03, 2006

First NoVA Sec Meeting 1900 Thu 24 Aug 06

Let's hold the first NoVA Sec meeting at 1900 on Thursday, 24 August 2006 at the Panera Bread at:

Fairfax Towne Center
12120 Fairfax Towne Center
Fairfax, VA 22033
Tel: (703) 246-0056



This place has free wireless.

The price of admission is a laptop running something other than Microsoft Windows. Whoever brings the most exotic OS on their laptop will get a free book from my stash of books that publishers send me to review. The winner will be decided by an attendee vote. See you there!

Friday, July 21, 2006

NoVA Sec Founded

Inspired by Matasano's ChiSec, I decided to start NoVA Sec. Here's the deal. We find a place to meet, we pick a time, and we talk security tech.

I do not want to hear the terms CISSP, FISMA, DITSCAP, C&A, or any related subjects. If you are a security type in the northern Virginia area -- and you perform operational security work -- we want to meet you. If you read, write, audit, or enforce regulations, you won't like this group.

I am working on finding a location. I would like to hold our first meeting in August. If you have any suggestions, please post them as comments below. Thank you.