BALUG NEWS: 2010-05-18: Sam Bowne: Attacking Web users and servers with SSLstrip; & other BALUG news

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Apr 29 20:31:13 PDT 2010


BALUG NEWS: 2010-05-18: Sam Bowne: Attacking Web users and servers  
with SSLstrip and Slowloris; & other BALUG news

In this issue (details further below):
2010-05-18: Sam Bowne: Attacking Web users and servers with SSLstrip  
and Slowloris
"Working in the Business" (Linux, IT, etc.), panel discussion
"slides" from BALUG 2010-04-20[1]: Sameer Verma on: One Laptop per  
Child (OLPC) Project: Plan, Updates, Direction, Participation

------------------------------

Bay Area Linux User Group (BALUG)
Tuesday 6:30 P.M. 2010-05-18
Sam Bowne: Attacking Web users and servers with SSLstrip and Slowloris[1]

Please RSVP if you're planning to come (see further below).

For our 2010-05-18 BALUG meeting, we're excited to present:

Sam Bowne Instructor, City College San Francisco (CCSF)[2],
Computer Networking and Information Technology Department[3]

Many Websites mix secure and insecure content on the same page, like
Facebook[4].  This makes it possible to steal all the data entered on
such a page easily, using Moxie Marlinspike[5]'s SSLstrip tool.
Sam Bowne will explain and demonstrate this attack.

Slowloris is a very new layer 7[6] denial-of-service attack[7] created
by RSnake[8] that stops Apache web servers completely with very low
bandwidth--one packet every 2 seconds.  The Apache developers were
notified of this vulnerability and decided it was unimportant and not
worth patching.  Sam will explain and demonstrate this attack, and
discuss various ways to protect your Apache servers.

Sam will provide complete instructions so that anyone can easily set up
both these attacks on their own machines.

Sam Bowne has been teaching computer networking and security classes at
CCSF since 2000.  He has given talks at DEFCON[9] and Toorcon[10] on
Ethical Hacking, and taught classes and seminars at many other schools
and teaching conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania[11]
and a Ph.D. in Physics from University of Illinois, Urbana-Champaign[12].
His Industry Certifications are: Certified Ethical Hacker,
Microsoft: MCP[13], MCDST[14], MCTS[15]: Vista; Network+, Security+,
Certified Fiber Optic Technician.

  1. http://samsclass.info/defcon.html
  2. http://www.ccsf.edu/
  3.  
http://www.ccsf.edu/Departments/Computer_Networking_and_Information_Technology/
  4. http://www.facebook.com/
  5. http://thoughtcrime.org/about.html
  6. http://en.wikipedia.org/wiki/Osi_7_layer_model#Layer_7:_Application_Layer
  7. http://en.wikipedia.org/wiki/Denial-of-service_attack
  8. http://ha.ckers.org/
  9. http://www.defcon.org/
10. http://www.toorcon.org/
11. http://www.edinboro.edu/
12. http://illinois.edu/
13. http://en.wikipedia.org/wiki/Microsoft_Certified_Professional
14. http://www.microsoft.com/learning/en/us/certification/mcdst.aspx
15. http://www.microsoft.com/learning/en/us/certification/mcts.aspx

So, if you'd like to join us please RSVP to:

                  rsvp at balug.org

**Why RSVP??**

Well, don't worry we won't turn you away, but the RSVPs really help the
Four Seas Restaurant plan the meal and they help ensure that we'll be
able to eat upstairs in the private banquet room.

Meeting Details...

                  6:30pm
                  Tuesday, May 18th, 2010 2010-05-18

                  Four Seas Restaurant http://www.fourseasr.com/
                  731 Grant Ave.
                  San Francisco, CA 94108
                  Easy PARKING:
                    Portsmouth Square Garage at 733 Kearny:
                    http://www.sfpsg.com/

Cost: The meetings are always free, but for dinner, for your gift of $13
        cash, we give you a gift of dinner ticket to join us for a yummy
        family-style Chinese dinner - tax and tip included (your gift also
        helps in our patronizing the restaurant venue and helping to
        defray BALUG costs such treating our speakers to dinner).

------------------------------

"Working in the Business" (Linux, IT, etc.), panel discussion

BALUG is working to assemble panel (and moderator) for
"Working in the Business" (Linux, IT, etc.), panel discussion

Should make for very interesting, lively, informative and useful
discussion/presentation/"talk/debate".

For more information, and also
if you know someone you'd like as panelist or moderator (or are yourself
interested), and/or if you have specific topics/questions you'd like to
see covered by the panel,
PLEASE HAVE A LOOK AT:
http://www.balug.org/#panel
At the present time we're ACTIVELY GATHERING INFORMATION ON POTENTIAL
PANELISTS, MODERATORS, available dates, etc., to plan and coordinate
this event.  Please also do feel free to pass this information along to
any contacts you feel appropriate that may be interested.

------------------------------

"slides" from BALUG 2010-04-20[1]: Sameer Verma on: One Laptop per Child
(OLPC) Project: Plan, Updates, Direction, Participation

Missed our 2010-04-20 meeting, or want to get a better look at or grab
some information from those slides?

slides available:
http://www.slideshare.net/sverma/olpc-project-plan-update-direction-participation
(copy also archived at:
http://www.archive.balug.org/2010/2010-04-20/balug-olpc-100426233751-phpapp01.odp
)

1.  
http://lists.balug.org/pipermail/balug-announce-balug.org/2010-March/000149.html

------------------------------

Feedback on our publicity/announcements (e.g. contacts or lists where we
should get our information out that we're not presently reaching, or
things we should do differently): publicity-feedback at balug.org

------------------------------

http://www.balug.org/



More information about the bad mailing list