tag:blogger.com,1999:blog-314782602024-03-07T14:13:29.657-05:00NoVA SecPure technical gatherings for security professionals in the northern Virginia area. Check your certifications at the door.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger34125tag:blogger.com,1999:blog-31478260.post-35698234036208410712008-08-21T20:50:00.002-04:002008-12-11T08:42:59.113-05:00NoVA Sec Meeting 1930 Thu 28 Aug 08<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNuhAAiGieKX3TAdmZiIjNbPepvrXApqDT-JDGtlbRKG6vDSquMeWV9xDrLxRcic3g06830wPEYYuKF3-wqAzE0jAFLCeAVpMr8suuMcq97nan6QKEsOJN6dmq7_2JDiy67I24qQ/s1600-h/command_info_map.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNuhAAiGieKX3TAdmZiIjNbPepvrXApqDT-JDGtlbRKG6vDSquMeWV9xDrLxRcic3g06830wPEYYuKF3-wqAzE0jAFLCeAVpMr8suuMcq97nan6QKEsOJN6dmq7_2JDiy67I24qQ/s320/command_info_map.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5171120989869488914" /></a>The next NoVA Sec meeting will take place 1930 Thursday 28 August 2008 at Command Information Labs:<br /><br />13655 Dulles Technology Dr.<br />Suite 100<br />Herndon, VA 20171<br /><br />The Labs are located at the north-west side of the building.<br /><br />Here is a <a href="http://maps.google.com/maps/mm?client=firefox-a&hl=en&ie=UTF8&ll=38.956962,-77.415043&spn=0.001281,0.002312&t=h&z=19">link</a> to a map of the address.<br /><br />One of more members of the <a href="http://intrepidusgroup.com/">Intrepidus Group</a> (definitely Aaron Higbee, possibly Olympic hax0r <a href="http://strydehax.blogspot.com/">Stryde Hax</a>) will discuss multiple cool security issues.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-3043234993739513812008-07-13T16:38:00.002-04:002008-12-11T08:42:59.124-05:00NoVA Sec Meeting 1930 Thu 24 Jul 08<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNuhAAiGieKX3TAdmZiIjNbPepvrXApqDT-JDGtlbRKG6vDSquMeWV9xDrLxRcic3g06830wPEYYuKF3-wqAzE0jAFLCeAVpMr8suuMcq97nan6QKEsOJN6dmq7_2JDiy67I24qQ/s1600-h/command_info_map.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNuhAAiGieKX3TAdmZiIjNbPepvrXApqDT-JDGtlbRKG6vDSquMeWV9xDrLxRcic3g06830wPEYYuKF3-wqAzE0jAFLCeAVpMr8suuMcq97nan6QKEsOJN6dmq7_2JDiy67I24qQ/s320/command_info_map.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5171120989869488914" /></a>Thanks to NoVA Sec member initiative, the next NoVA Sec meeting will take place 1930 Thursday 24 July 2008 at Command Information Labs:<br /><br />13655 Dulles Technology Dr.<br />Suite 100<br />Herndon, VA 20171<br /><br />The Labs are located at the north-west side of the building.<br /><br />Here is a <a href="http://maps.google.com/maps/mm?client=firefox-a&hl=en&ie=UTF8&ll=38.956962,-77.415043&spn=0.001281,0.002312&t=h&z=19">link</a> to a map of the address.<br /><br />Ryan Trost will discuss Geospatial Intrusion Detection. Thanks to Ryan for volunteering to speak and Joe for hosting! I will unfortunately miss this meeting as I will be on a plane at this time.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-24270860056462903732008-06-08T01:24:00.001-04:002008-06-08T01:25:36.509-04:00Notes from 24 Apr 08 Meeting on TaoSecurity BlogEveryone, I posted my <a href="http://taosecurity.blogspot.com/2008/06/nova-sec-meeting-memory-analysis-notes.html">NoVA Sec Meeting Memorial Analysis Notes</a> on TaoSecurity Blog, if anyone is interested.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-23339403676555928452008-06-05T21:14:00.003-04:002008-12-11T08:42:59.279-05:00NoVA Sec Meeting 1930 Thu 12 Jun 08<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjefj7ZPTwiHzRSG8AJ-2si9-MPFNQ5LbrOp5004UaEVbUI6BVko6-vG700BaWs6zGaL3Gtxwv9SXn3pFmUHCxcMyKbe2JplcMNXoafFzLp7FC3ZskBzdMncuWbr3BifS9lOYpDNw/s1600-h/saic_springfield.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjefj7ZPTwiHzRSG8AJ-2si9-MPFNQ5LbrOp5004UaEVbUI6BVko6-vG700BaWs6zGaL3Gtxwv9SXn3pFmUHCxcMyKbe2JplcMNXoafFzLp7FC3ZskBzdMncuWbr3BifS9lOYpDNw/s320/saic_springfield.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5208572576788525282" /></a>The next NoVA Sec meeting will take place 1930 (7:30 pm) Thursday 12 June 2008 at <a href="http://maps.google.com/maps?f=q&hl=en&geocode=&q=6350+Walker+Lane,+Alexandria+VA&sll=37.0625,-95.677068&sspn=40.409448,171.914063&ie=UTF8&ll=38.772889,-77.158399&spn=0.009736,0.041971&z=15&iwloc=addr">this SAIC office</a>:<br /><br />6350 Walker Ln<br />Alexandria, VA 22310<br /><br />Chris Gates from <a href="http://www.learnsecurityonline.com/">LearnSecurityOnline.com</a> will present "New School Information Gathering."Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-51567392658143836782008-05-19T21:00:00.002-04:002008-12-11T08:42:59.521-05:00NoVA Sec Meeting 1930 Thu 22 MayThe next NoVA Sec meeting will take place 1930 (7:30 pm) Thursday 22 May 2008 at <a href="http://www.fishnetsecurity.com/Company/Company+Locations/default.aspx">Fishnet Security</a>:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQwT0OdeMCqcljeGTZR2y6UiJcT4GjVc6wRypyKOpS4h6LX1Gud0MPzVLbGvigtvhGLl43-Yz8ax3UvKmxOkLxg40pG_zbNfkZs44r3MfcnemE7ckCDUMoVKbBnMKppupZD090Ew/s1600-h/fishnetsecurity.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQwT0OdeMCqcljeGTZR2y6UiJcT4GjVc6wRypyKOpS4h6LX1Gud0MPzVLbGvigtvhGLl43-Yz8ax3UvKmxOkLxg40pG_zbNfkZs44r3MfcnemE7ckCDUMoVKbBnMKppupZD090Ew/s400/fishnetsecurity.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5192529658821504370" /></a>13454 Sunrise Valley Dr. Suite 230<br />Herndon, VA 20171<br />703.793.1440<br /><br />Joe Klein from <a href="http://www.commandinformation.com/">Command Information</a> will discuss IPv6 security. <br /><br />Thank you to Fishnet and Joe for their help.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-45109614469133113632008-04-23T15:43:00.002-04:002008-12-11T08:42:59.532-05:00NoVA Sec Meeting 1930 Thursday 24 April 2008The next NoVA Sec meeting will take place 1930 (7:30 pm) Thursday 24 April 2008 at <a href="http://www.fishnetsecurity.com/Company/Company+Locations/default.aspx">Fishnet Security</a>:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQwT0OdeMCqcljeGTZR2y6UiJcT4GjVc6wRypyKOpS4h6LX1Gud0MPzVLbGvigtvhGLl43-Yz8ax3UvKmxOkLxg40pG_zbNfkZs44r3MfcnemE7ckCDUMoVKbBnMKppupZD090Ew/s1600-h/fishnetsecurity.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQwT0OdeMCqcljeGTZR2y6UiJcT4GjVc6wRypyKOpS4h6LX1Gud0MPzVLbGvigtvhGLl43-Yz8ax3UvKmxOkLxg40pG_zbNfkZs44r3MfcnemE7ckCDUMoVKbBnMKppupZD090Ew/s400/fishnetsecurity.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5192529658821504370" /></a>13454 Sunrise Valley Dr. Suite 230<br />Herndon, VA 20171<br />703.793.1440<br /><br />Aaron Walters from <a href="https://www.volatilesystems.com/">Volatile Systems</a> will discuss memory forensics. <br /><br />Thank you to Fishnet and Aaron for their last-minute cooperation! I'm cross-posting this notice to get as many people notified as possible in the day before the meeting.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-27776590587671424452008-03-14T07:23:00.000-04:002008-12-11T08:42:59.809-05:00NoVA Sec Meeting 1730 Thu 27 Mar 08<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFiR4FjJgKB6-895MXkhrA5XhW_xHktCnIiSvExY_6EhmDeMOFYhCY_ha35cssj95nI7boLkaVISwgcqvR66HnBTSU8SuXAwlmO4BfDui9g6C6LrffUTroVlXNI5v72kNCrNo2zw/s1600-h/birdseye.jpg"><img style="float:right; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFiR4FjJgKB6-895MXkhrA5XhW_xHktCnIiSvExY_6EhmDeMOFYhCY_ha35cssj95nI7boLkaVISwgcqvR66HnBTSU8SuXAwlmO4BfDui9g6C6LrffUTroVlXNI5v72kNCrNo2zw/s200/birdseye.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5177666460185593746" /></a>Thanks to Wes Shield's initiative, the next NoVA Sec meeting will take place 1730 Thursday 27 March 2008 at <a href="http://www.infolocktech.com/">infoLock Technologies</a>:<br /><br />infoLock Technologies<br />1901 North Fort Myer Drive<br />Suite 1016<br />Arlington, VA 22209<br /><br />Thank you to Sean Steele and infoLock for hosting. Free parking is available after 5 pm at the lot shown in the map above. infoLock is 3/4 block from the Rosslyn Metro stop (Orange/Blue lines).<br /><br />Our speaker will be Wes Shields, talking about ZFS:<br /><br />ZFS, developed by Sun Microsystems, is a big shift in filesystem concepts and design. Without going into the underlying code we will discuss ZFS concepts, features, and abilities. If you plan on deploying a file server then this talk is for you, since ZFS very well may change your plans.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com2tag:blogger.com,1999:blog-31478260.post-29552469235194772612008-02-25T22:07:00.002-05:002008-12-11T08:42:59.817-05:00NoVA Sec Meeting 1930 Thu 28 Feb 08<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNuhAAiGieKX3TAdmZiIjNbPepvrXApqDT-JDGtlbRKG6vDSquMeWV9xDrLxRcic3g06830wPEYYuKF3-wqAzE0jAFLCeAVpMr8suuMcq97nan6QKEsOJN6dmq7_2JDiy67I24qQ/s1600-h/command_info_map.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNuhAAiGieKX3TAdmZiIjNbPepvrXApqDT-JDGtlbRKG6vDSquMeWV9xDrLxRcic3g06830wPEYYuKF3-wqAzE0jAFLCeAVpMr8suuMcq97nan6QKEsOJN6dmq7_2JDiy67I24qQ/s320/command_info_map.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5171120989869488914" /></a>The next NoVA Sec meeting will take place 1930 Thursday 28 February 2008 at Command Information: Labs<br /><br />13655 Dulles Technology Dr.<br />Suite 100<br />Herndon, VA 20171<br /><br />The Labs are located at the North West side of the building.<br /><br />Here is a <a href="http://maps.google.com/maps/mm?client=firefox-a&hl=en&ie=UTF8&ll=38.956962,-77.415043&spn=0.001281,0.002312&t=h&z=19">link </a> to the address.<br /><br />Trevor Hawthorn and Nate Miller from <a href="http://www.stratumsec.net/">Stratum Security</a> will talk about the trials and tribulations of starting a security consultancy. I may not be able to make this presentation (I want to!), so if I am not there Joe Klein (our host) will start the discussion. Thank you.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-16844826015367405142008-02-02T21:14:00.000-05:002008-12-11T08:42:59.954-05:00Great NoVA Sec Meeting<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvVxFgDJXXBuqBtk_sUlLscWWbJ-oYFYR0Ciq1Ap3qCFOZmbokdO6UeGE-5FLdrRL0TtlQ3-lIqGueHpbewm_bP5Nr5NH_qLdJkk0WvRpXX_OkN_jCDbe2XKmHD3OsnlHszG4_kQ/s1600-h/novasec31jan08.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvVxFgDJXXBuqBtk_sUlLscWWbJ-oYFYR0Ciq1Ap3qCFOZmbokdO6UeGE-5FLdrRL0TtlQ3-lIqGueHpbewm_bP5Nr5NH_qLdJkk0WvRpXX_OkN_jCDbe2XKmHD3OsnlHszG4_kQ/s400/novasec31jan08.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5162572008387311554" /></a> Thanks to Devin Paden for a great NoVA Sec talk on OLPC. Thanks to Joe Klein for taking the photo of relative sizes of computing gear in the room. Thanks also to Dowless and Associates for hosting us in their conference room. I'll post details on our next meeting shortly.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-68266884975941681282008-01-28T19:42:00.000-05:002008-12-11T08:43:00.248-05:00NoVA Sec Meeting 1930 Thu 31 Jan 08<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgODggqynbjU5g2otKSDmwXKRFIJDPJsb_C5vEIXucX4D-6V5e7KX55sq57k-ABfmEyWgZBsUrraMtHMRDKGl-SDplxG_m1oWyyQKGStJ1D2wGtpkKNokKnvYS4tQJ-wvlTxkVTYQ/s1600-h/dowless.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgODggqynbjU5g2otKSDmwXKRFIJDPJsb_C5vEIXucX4D-6V5e7KX55sq57k-ABfmEyWgZBsUrraMtHMRDKGl-SDplxG_m1oWyyQKGStJ1D2wGtpkKNokKnvYS4tQJ-wvlTxkVTYQ/s400/dowless.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5160692702497273714" /></a>I was determined to start 2008 right by having a <a href="http://www.novasec.org/">NoVA Sec</a> meeting in January. Thursday night is our last chance, but thanks to last-minute coordination with <a href="http://www.dowless.com/">Dowless and Associates</a> we have a meeting location.<br /><br />The next NoVA Sec meeting will take place 1930 Thursday 31 January 2008 at Dowless and Associates:<br /><br />13873 Park Center Rd.<br />Suite 450<br />Herndon, VA 20171<br /><br />Devin will speak and demo his <a href="http://laptop.org/">One Laptop Per Child</a> (OLPC) box.<br /><br />Our host is requesting a list of names of attendees, so <b>please RSVP via email (taosecurity at gmail dot com)</b> by end of day Wednesday 30 January 2008. Thank you.<br /><br />Remember, there are no dues and no requirements for membership. We do leave certifications, FISMA, the certification and accreditation (C&A) process, and related items in the parking lot.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-35636499522687200112008-01-04T15:00:00.000-05:002008-01-07T13:45:49.967-05:002008 Meeting ScheduleI'd like to regularly schedule NoVA Sec meetings in 2008 as the fourth Thursday of every month. That puts the meetings after the <a href="http://www.owasp.org/index.php/Virginia_%28Northern_Virginia%29">OWASP Washington VA</a> meetings on the second Thursday and the <a href="http://www.issa-nova.org/">ISSA-NoVA</a> meetings on the third Thursday.<br /><br />With that in mind, here is the proposed schedule for 2008.<br /><ul><br /><li>24 Jan</li><br /><li>28 Feb</li><br /><li>27 Mar</li><br /><li>24 Apr</li><br /><li>22 May</li><br /><li>No Jun meeting: <a href="http://www.first.org/conference/2008/">FIRST conference</a></li><br /><li>24 Jul</li><br /><li>28 Aug</li><br /><li>25 Sep</li><br /><li>23 Oct</li><br /><li>No Nov meeting: Thanksgiving</li><br /><li>No Dec meeting: Christmas</li><br /></ul><br />I am working on securing speakers for the other meetings now. If you have a speaker in mind (including yourself) please let me know via email to taosecurity at gmail dot com. I am also looking for generous corporate souls to host the meetings. Thank you.<br /><br /><b>Update:</b> There are monthly Thursday conflicts with <a href="http://capsec.blogspot.com/">CapSec</a>. Please see our mailing list for ongoing discussion.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com3tag:blogger.com,1999:blog-31478260.post-71951079948613704502007-07-28T22:25:00.001-04:002007-07-28T22:25:56.674-04:00NoVA Sec XSS Slides PostedThanks again to Andre Ludwig for his <a href="http://www.taosecurity.com/XSSGoneWildv2.pdf">XSS Gone Wilde</a> (.pdf) presentation.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-64274245658943855912007-07-21T10:38:00.000-04:002007-07-21T10:41:50.276-04:00Happy Birthday NoVA SecWe're one year old today, because I created NoVA Sec on <a href="http://novasec.blogspot.com/2006/07/nova-sec-founded.html">21 July 2006</a>. Our speaker for the <a href="http://novasec.blogspot.com/2007/07/nova-sec-meeting-1900-thursday-26-july.html">26 July meeting</a> will be Andre Ludwig on "XSS Gone Wild." Next month Michael Smith will discuss life as a NOC ant at his MSSP. No date or location for that meeting has been set yet.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com2tag:blogger.com,1999:blog-31478260.post-53012743784370962932007-07-18T21:21:00.000-04:002007-07-18T21:27:21.474-04:00NoVA Sec Meeting 1900 Thursday 26 July 07The next NoVA Sec meeting will take place 1900 (7 pm) Thursday 26 July 2007 at <a href="http://www.fishnetsecurity.com/Company/Company+Locations/default.aspx">Fishnet Security</a>:<br /><br />13454 Sunrise Valley Dr. Suite 230<br />Herndon, VA 20171<br />703.793.1440<br /><br /><img src="http://www.taosecurity.com/images/fishnetsecurity.jpg"><br /><br />If we don't get a volunteer speaker before then I will present either Open Source Network Forensics or Traditional IDS Should Be Dead. I really just want to get us meeting again so NoVA Sec can rise from our summer slumber. Thanks to Fishnet for hosting!Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com2tag:blogger.com,1999:blog-31478260.post-22644441809825066892007-04-09T12:18:00.000-04:002007-04-09T12:22:03.955-04:00April Meeting DoubtfulI don't think we will have an April meeting. I am not available Thursday 26 April (or anytime that week). The previous Thursday is ISSA NoVA night. This Thursday is short notice and I'm busy too.<br /><br />If someone would like to organize a meeting and find a date, speaker and location, please do. Otherwise we can try again in MayRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-18919195742513641922007-03-19T09:29:00.000-04:002007-03-19T09:41:04.824-04:00NoVA Sec Meeting Friday 1230 23 March 2007The next <a href="http://www.novasec.org/">NoVA Sec</a> meeting will take place 1230 Friday 23 March 2007 at the <a href="http://cwp.marriott.com/wasdt/shmoocon2007/">Marriott Wardman Park Hotel</a> in Washington, DC, the site for <a href="http://www.shmoocon.org/">ShmooCon 2007</a>. Registration <a href="http://www.shmoocon.org/schedule.html">opens</a> at 1300 Friday, with the conference starting at 1530. Our guest speaker will be <a href="http://r82h147.res.gatech.edu/">Chris Lee</a>, who has numerous cool <a href="http://r82h147.res.gatech.edu/pages/research/projects.html">projects</a> and is a key member of the <a href="http://project.honeynet.org/">Honeynet Project</a>.<br /><br />We will probably not be meeting in a specific room and we very probably will not have a projector. I'd like this to be a meet-for-lunch meeting, possibly using the tables next to the <a href="http://marriott.com/hotels/hotel-information/restaurant/wasdt-marriott-wardman-park-hotel/">deli</a> for our meeting location. I suggest bringing a laptop in the event Chris has any slides he wants us to ponder on our laptops. Thank you to Chris for driving up from Georgia for ShmooCon and speaking to us.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-1283541858573778672007-02-12T12:43:00.000-05:002007-02-12T12:20:16.156-05:00Honeynet Alliance Membership<img src="http://project.honeynet.org/images/page_title_res_alliance.jpg" align=left>At our last meeting I raised the possibility of NoVA Sec operating a honeynet using the Getronics Red Siren IP and hardware range. After speaking with members of the <a href="http://project.honeynet.org/">Honeynet Project</a>, they suggested we volunteer NoVA Sec as a member of the <a href="http://project.honeynet.org/alliance/index.html">Honeynet Research Alliance</a>. Please read the <a href="http://www.honeynet.org/alliance/charter.txt">Honeynet Research Alliance Charter</a> for information on the requirements. I'd like to put this to a vote at our next meeting, or at least solicit your inputs here and on our mailing list. Please let me know if you'd like NoVA Sec to become a Honeynet Research Alliance member. Basically, they trade trust and support in exchange for our help. I think it's a good idea. Thank you.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-3033904048532646582007-02-12T12:01:00.000-05:002007-02-05T21:40:35.829-05:00NoVA Sec Meeting 1900 Thursday 22 Feb 07The next NoVA Sec meeting will take place 1900 (7 pm) Thursday 22 February 2007 at <a href="http://www.fishnetsecurity.com/Company/Company+Locations/default.aspx">Fishnet Security</a>:<br /><br />13454 Sunrise Valley Dr. Suite 230<br />Herndon, VA 20171<br />703.793.1440<br /><br /><img src="http://www.taosecurity.com/images/fishnetsecurity.jpg"><br /><br />Scott Musman from <A href="http://www.aug-sys.com/">Augmented Systems</a> will be our guest speaker. He will discuss using autonomic systems for improved intrusion detection.<br /><br />In the event that I (Richard) cannot make the meeting due to consulting out of town, Keith McCammon has agreed to be Scott's host Thursday evening. Thanks Keith!Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-21974365088116276732007-02-04T19:44:00.000-05:002007-02-04T19:46:28.342-05:00Thoughts on March Meeting at ShmooCon<a href="http://www.shmoocon.org/">ShmooCon</a> starts Friday 23 March at 3 pm at the Wardman Park Marriott Hotel near the Woodley Park/Zoo Metro stop. That first day of talks ends at 7 pm. I have recruited a special guest speaker, <a href="http://r82h147.res.gatech.edu/">Chris Lee</a>, from the <a href="http://project.honeynet.org/">Honeynet Project</a>, as a guest speaker "near" ShmooCon.<br /><br />I suggest we hold our March NoVA Sec meeting at ShmooCon at 1:30 pm Friday 23 March. We can find a suitable open space, grab it, and chat. Chris can chat without slides.<br /><br />What do you think?Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-3961184309857294372007-01-22T19:53:00.000-05:002007-01-22T19:56:35.249-05:00NoVA Sec Meeting 1900 Mon 29 Jan 07 at GetronicsThe next <a href="http://www.novasec.org/">NoVA Sec</a> meeting will take place 1900 (7 pm) Monday 29 January 2007 at <a href="http://novasec.blogspot.com/2006/09/next-nova-sec-meeting-1900-thu-28-sep.html">Getronics Red Siren</a>. Wesley Shields will discuss FreeBSD <a href="http://www.freebsd.org/cgi/man.cgi?query=jail&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html">jails</a>.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-1165961493295630102006-12-12T17:04:00.000-05:002006-12-12T17:11:33.306-05:00NoVA Sec Meeting 1900 Wed 13 Dec 06 at CiscoThe Wednesday NoVA Sec meeting will be held at Cisco in Herndon, VA:<br /><br />13600 Dulles Technology Drive<br />Herndon, VA<br /><br /><IMG src="http://www.taosecurity.com/images/cisco_herndon.jpg"><br /><br /><a href="http://maps.yahoo.com/maps_result?newFL=Use+Address+Below&addr=13600+dulles+technology+dr&csz=herndon%2C+va&.intl=us&name=&lat=&lon=&srchtype=a&qty=&new=1&trf=0&getmap=Get+Map">Yahoo Map</a><br /><br />The meeting will be in the Sapporo 1972 room. You will have to sign in. No RSVP is needed. Thank you.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com2tag:blogger.com,1999:blog-31478260.post-1165108035274115812006-12-02T19:57:00.000-05:002006-12-02T20:07:15.286-05:00Next NoVA Sec Meeting In JeopardyNigel Houghton will no longer be able to speak at our next meeting, due to the "quiet period" caused by Sourcefire's IPO. Is anyone available to speak that night? If not, I can brief a section of my TCP/IP Weapons School class. That should motivate someone to volunteer to speak!Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com5tag:blogger.com,1999:blog-31478260.post-1164589816888660032006-11-26T20:01:00.000-05:002006-11-26T20:10:16.900-05:00Next NoVA Sec Meeting 1900 Wed 13 Dec 06Our next meeting is 1900 Wednesday 13 December 2006. Our guest speaker will be Nigel Houghton from <a href="http://www.sourcefire.com/">Sourcefire</a> VRT. I expect he will say something cool about <a href="http://www.snort.org/">Snort</a>.<br /><br />I am working on securing a location now. When I have one arranged I will post it here. This will be our last meeting for 2006. I'd like to schedule some guest speakers for 2007. If you have any suggestions, please post them here or to our <a href="http://lists.atarininja.org/mailman/listinfo/novasec">mailing list</a>. Thank you.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com1tag:blogger.com,1999:blog-31478260.post-1162933226491705452006-11-07T15:58:00.000-05:002006-11-07T16:00:26.506-05:00NoVA Sec Mailing List CreatedThanks to <a href="http://www.atarininja.org/">Wesley Shields</a> for establishing the <a href="http://lists.atarininja.org/mailman/listinfo/novasec">NoVA Sec Mailing List</a>. This will help us have extended discussions that can't be handled well by NoVA Sec blog comments. Only registered mailing list members can post (to frustrate spammers), so sign up today.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com0tag:blogger.com,1999:blog-31478260.post-1162572038187852482006-11-03T09:46:00.000-05:002006-11-03T12:00:23.233-05:00NoVA Sec Meeting Follow-upWe had a great meeting last night. Thanks especially to Steven Murdoch for a creative and highly technical briefing. The slides we saw are <a href="http://www.cl.cam.ac.uk/~sjm217/talks/ccs06hotornot.pdf">online</a> (.pdf), and the paper is <a href="http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf">here</a> (.pdf).<br /><br />Steven mentioned the Sybil attack, and I found the original paper <a href="http://www.cs.rice.edu/Conferences/IPTPS02/101.pdf">here</a>. Wikipedia's entry on <a href="http://en.wikipedia.org/wiki/Information_theory">information theory</a> might be useful, assuming some joker hasn't <a href="http://www.wikiality.com/">corrupted it</a>. Low-bandwidth covert channels are great ways to transmit AES keys. Steven's talk reminded me that calculus-like or -based methods, or basically thinking about measuring changes over time, is a powerful analytical method. Finally, Steven mentioned he wrote some of his tests in <a href="http://www.lua.org/">Lua</a>, which has a <a href="http://www.freshports.org/lang/lua">FreeBSD port</a> and a new <a href="http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470069171.html">Wrox book</a> arriving next spring.<br /><br />We've got several initiatives in mind. I'm going to need some help with these if we want them to go anywhere. If no one cares, that's cool too.<br /><br /><ol><br /><li>Can anyone recommend future speakers? If you have an idea, please email me: taosecurity [at] gmail [dot] com. We're looking for anyone who would like to speak on a technical topic.</li><br /><li>Paul mentioned interest in setting up a distributed attack-and-defend network (AADN). You would provide one or more systems from which you would attack other people on this network, and which could be attacked by others. I believe establishing some sort of VPN among all participating nodes would be the best way to hide this activity from ISPs, and also guarantee that whomever is part of the VPN has really agreed to participate in this activity. If anyone is interested in this idea, please post a comment.</li><br /><li>Beyond an individually owned-and-operated AADN, there is some interest in collecting old gear for NoVA Sec learning and experimentation. For example, it would be nice to assemble a collection of Cisco equipment for those who want to gain some hands-on experience without potentially corrupting their production gear at work. I have a friend at Cisco who might be able to contribute old gear. We would also need a central location to house it and an equipment custodian.</li><br /></ol><br /><br />On the communications side, our ability to communicate effectively is going to outgrow blog comments. A few ideas follow:<br /><ol><br /><li>Would anyone want to set up and maintain an IRC channel?</li><br /><li>Would anyone want to set up and maintain a mailing list?</li><br /><li>Is there a need for a Web site other than this blog?</li><br /></ol><br />Thank you.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.com2