Several large websites and companies have been pwned and exploited recently. Those exploits can even give crackers access to your internal systems, as they did to Apple's, Google's, and Facebook's. How do you think your websites and systems would hold up against the likes of LulzSec or Anonymous?
For this meeting, we've assembled a crack team of security gurus to help you avoid common security pitfalls, to harden your servers against automated attacks, and to keep the bots out of your systems.
The Meeting Agenda
Socializing and Networking
5:45PM - 6:15PM
Drop in before the presentations to pick brains and rub elbows with other members. We'll also have the food set up so you can grab a bite before the main event begins. Please consider donating a few dollars to help cover the cost of food.
6:15PM ~ 6:20PM
Welcome, sponsor recognition, interesting upcoming events, miscellaneous babbling.
The Main Event
6:15PM ~ 7:45PM
Greg Folkert - 'Vaht eez dis *security* you spreche of?'
Greg Folkert has been the systems and network administrator at donor.com for more than five years - working via telecommute. He makes systems respond and perform well under varying amounts of load and traffic. Linux is his operating system of choice, and he uses it to build everything upon. He provides support to staff and customers alike, including the feedback on the "Just give me what I want" - aka "The Easy Button" solutions - everyone wants nowadays.
"Phone calls to support start rolling, you get an IM: <Customer> can't get to their website. What to do? How to figure out what is happening? What proactive tools should you have used and what should you be thinking about before the trouble that happens?" Greg will cover some higher level ideas and flow charts on how to auto-magically (re-actively) block probes/attacks and the kinds of tools you need to use to help keep things secure. He will also tell you why you need to think about security in the first place, not an after thought, especially in theses PCI-DSS, HIPPA and SAS70 days. If there is enough time, Greg will also talk about his chores dealing with the Chinese IP Addresses everyone is worried about and the numbers involved.
Tyler Paxton - "Dealing with spam"
Tyler Paxton is the founder and CEO of Are You a Human which uses simple and fun games as a replacement for CAPTCHAs. Are You a Human is based in Detroit and has grown to serve 20 Million games a month on over 3000 sites. Tyler previously founded and IT services and consulting company and attended graduate school at the University of Michigan where he founded Are You a Human. Tyler currently lives in the Detroit area and spends all of his free time with his wife and three kids
Spam is the invasive weed of the internet. Once popular sites have been destroyed by it. It kills the community and waste your time. Learn some of the many things you can do to fight back and reclaim your property. Weigh the benefits of the myriad choices available to you depending on the type of site you run and the type of spam you get.
Mark Stanislav - How Poor Web Programming is Ruining Information Security
Mark Stanislav is a Senior Consultant at NetWorks Group, focused on operational automation and information security. With a career spanning a decade, Mark has worked within small business, academia, start-up, and corporate environments primarily focused on Linux architecture, information security, and web application development. In his free time, Mark responsibly identifies and reports vulnerabilities in open-source software. Mark holds a Bachelor's degree in Networking & IT Administration and a Master's in Technology Studies focused on Information Assurance, both from Eastern Michigan University. Mark also holds his CISSP, Security+, Linux+, and CCSK certifications.
A review of recent web site attacks will be given to help understand what major vulnerabilities are common for web sites, how attacks are executed, and what a compromise can mean to a company, government, or other organization. Further attention will be given to: how an entity can prevent poor programming from ruining their security; how web programmers compare to other industries for qualifications required to interact with highly sensitive data; and a forward-thinking discussion on how the industry can be proactive when hiring programmers. The goal of this presentation is to make all parties involved in information security aware of just how serious one poorly created web site can be to the fabric of their information security architecture and practices.
Join other members for drinks and discussion at a local watering hole afterwards.