Sunday, November 26, 2006

Next NoVA Sec Meeting 1900 Wed 13 Dec 06

Our next meeting is 1900 Wednesday 13 December 2006. Our guest speaker will be Nigel Houghton from Sourcefire VRT. I expect he will say something cool about Snort.

I am working on securing a location now. When I have one arranged I will post it here. This will be our last meeting for 2006. I'd like to schedule some guest speakers for 2007. If you have any suggestions, please post them here or to our mailing list. Thank you.

Tuesday, November 07, 2006

NoVA Sec Mailing List Created

Thanks to Wesley Shields for establishing the NoVA Sec Mailing List. This will help us have extended discussions that can't be handled well by NoVA Sec blog comments. Only registered mailing list members can post (to frustrate spammers), so sign up today.

Friday, November 03, 2006

NoVA Sec Meeting Follow-up

We had a great meeting last night. Thanks especially to Steven Murdoch for a creative and highly technical briefing. The slides we saw are online (.pdf), and the paper is here (.pdf).

Steven mentioned the Sybil attack, and I found the original paper here. Wikipedia's entry on information theory might be useful, assuming some joker hasn't corrupted it. Low-bandwidth covert channels are great ways to transmit AES keys. Steven's talk reminded me that calculus-like or -based methods, or basically thinking about measuring changes over time, is a powerful analytical method. Finally, Steven mentioned he wrote some of his tests in Lua, which has a FreeBSD port and a new Wrox book arriving next spring.

We've got several initiatives in mind. I'm going to need some help with these if we want them to go anywhere. If no one cares, that's cool too.


  1. Can anyone recommend future speakers? If you have an idea, please email me: taosecurity [at] gmail [dot] com. We're looking for anyone who would like to speak on a technical topic.

  2. Paul mentioned interest in setting up a distributed attack-and-defend network (AADN). You would provide one or more systems from which you would attack other people on this network, and which could be attacked by others. I believe establishing some sort of VPN among all participating nodes would be the best way to hide this activity from ISPs, and also guarantee that whomever is part of the VPN has really agreed to participate in this activity. If anyone is interested in this idea, please post a comment.

  3. Beyond an individually owned-and-operated AADN, there is some interest in collecting old gear for NoVA Sec learning and experimentation. For example, it would be nice to assemble a collection of Cisco equipment for those who want to gain some hands-on experience without potentially corrupting their production gear at work. I have a friend at Cisco who might be able to contribute old gear. We would also need a central location to house it and an equipment custodian.



On the communications side, our ability to communicate effectively is going to outgrow blog comments. A few ideas follow:

  1. Would anyone want to set up and maintain an IRC channel?

  2. Would anyone want to set up and maintain a mailing list?

  3. Is there a need for a Web site other than this blog?


Thank you.

Wednesday, November 01, 2006

Reminder: Next NoVA Sec Meeting 1900 Thu 2 Nov 06

As a reminder, our next meeting is 1900 Thu 2 Nov 06 at Getronics Red Siren. I will be driving guest speaker Steven J. Murdoch from Alexandria to Reston during rush hour, so please don't worry if I'm not there by 1900. I plan to ask Steven to start his talk at 1930.