Summercon is our chance to get together, talk to each other face-to-face, and swap information about innovations, trends, practices, and rumors in the field of computer security. We welcome all walks of life and all sides of the debate to Summercon: hackers, crackers, script kiddies, w4r3z dud3z, feds, narcs, cops, concerned parents, hangers-on, strippers, media whores, Geraldo Rivera, and Kevin Mitnick.

We've been doing this for some time, and are among the few people who understand how much technology influences our lives. Unlike most people, we try to take back some sort of control whenever possible.

Oh, and also, we drink a lot.

Summercon 2008 Call for Papers

Thu, 04/10/2008 - 18:37 — redpantz

Papers and presentations for Summercon 2008 are now being accepted. Contributed papers for Summercon 2008 should be submitted in the form of extended abstracts of one to four pages by Monday, May 5, 2008. In this abstract, include what you will speak about, what the audience will learn, and what prerequisite knowledge is required for your session. While not expressly required, a brief biography is recommended. The program committee will review submissions, and notification of acceptance will be given no later than Monday, May 12, 2008.

apt-get Your Way To PCI Compliance!: ModSecurity Web App Firewalls

Wed, 05/07/2008 - 07:38 — redpantz

Ben Feinstein
Many of us working in the security industry regularly deal with issues
related to PCI DSS compliance. In February the PCI Security Standards
Council issued a clarification around its DSS v1.1 requirement to protect
"all web-facing applications ... against known attacks." The Council is
now on the record as stating that this requirement can be met in two very
different ways: through performing application code reviews or by
deploying web application firewalls (WAFs).
This talk will explore the ModSecurity Apache module and how it can be
used as a WAF to cheaply and effectively meet the PCI webapp protection
requirement. Common deployment scenarios will be discussed, including
both in-the-cloud and client premise deployments. The ModSecurity rules
language will be covered and several ModSecurity Core Rules that are
representative of its capabilities will be dissected in depth.
Finally, some interesting uses of ModSecurity's content injection
capabilities will be discussed. Anyone up for hacking the hacker via
scripting injected into your webapp's response to an attempted attack?
This talk will show you how!

Ben Feinstein

Wed, 05/07/2008 - 04:35 — redpantz

apt-get Your Way To PCI Compliance!: ModSecurity Web App Firewalls
Ben Feinstein is a researcher on the Counter Threat Unit (CTU) at
SecureWorks, working behind the scenes to support Agent Jack Bauer and
the GWOT. He first became involved with information security in 2000
while working on a DARPA / USAF contract instead of going to his college
classes. Since then, Ben has worked designing and implementing
security-related software and appliances at a series of since acquired
or failed start-ups. In his spare time Ben authored RFC 4765 and RFC
4767. His experience is in the areas of IDS/IPS, digital forensics,
next-gen firewall systems, log analysis and viz, secure messaging,
security appliances, small caliber arms and right-wing rhetoric. Ben has
presented at Black Hat USA, DEFCON, ACSAC and others.

David Maynor

Wed, 05/07/2008 - 04:11 — redpantz

The journey of hacking cellular networks begins with a single app…
David Maynor has always had a special place in his heart for Summercon. David Maynor is the CTO of Errata Security

The journey of hacking cellular networks begins with a single app…

Wed, 05/07/2008 - 04:10 — redpantz

David Maynor
Cellular networks have always been a bit of a mystery. Shrouded in secrecy, defended by government regulations and fear of lawsuits has kept cellular spelunkers at bay. The key to open the Pandora’s box can be found in smartphones. Information and diagnostic utilities are sprinkled around devices that run Windows Mobile or phones of a more fruity variety. This talk will show how these tools can be subverted, duplicated and enhanced.

12345next ›last »
Syndicate content