Where Security Meets Privacy, Gov't Surveillance, and Web Scraping!

We gather every month for engaging presentations, lively discussions and food/beer! This group gives security researchers in the Greater Boston community the chance to interact with each other more frequently. Each event features three speakers to talk about something a good hacker finds interesting along with discussions about security processes, techniques and much more!

We'll meet at the LogMeIn Offices at 333 Summer St in the Seaport District close to South Station.

http://photos3.meetupstatic.com/photos/event/1/2/2/b/600_446464651.jpeg

Cybersecurity Opener

by Akshat Pradhan

This will be a quick talk to introduce our speakers, sponsors, and agenda. We'll also discuss some topics related to security compliance, including a recent HIPAA violation where an API exposed records of unaffiliated patients to Hospital employees.

Privacy News of the Month: What's in your file?

by James O'Keefe

The Snowden revelations give us a decent idea of what the NSA knows about you. Add in increasing corporate surveillance to better target ads and you, and your privacy is increasingly moot. James O'Keefe will give a quick survey of what your permanent record looks like and why you should worry about it.

Tool of the Month

by Will Lefevers

Will Lefevers, Our Tool, does a lightning talk round about a security tool. A light demo is always sure to delight Red Teamers and Blue Teamers.

1. Digitization, Privacy and Government Surveillance (6:45-7:05)

By Alex Marthews | LinkedIn (https://www.linkedin.com/profile/view?id=7501376) | Twitter (https://twitter.com/rebelcinder)

Moving from an analog to a digital economy has created staggering opportunities for mass digital government surveillance, but mass surveillance is bedeviled by extraordinarily high volume, high false positive rates, graft, lack of oversight and, in common with any algorithmic system, contamination from the assumptions used to program the system. This talk will give an overview of US (and some Five Eyes) surveillance programs, the legal and constitutional questions they arouse, their effects on ordinary political activities, and strategies to circumvent and undermine them.

About Alex. Restore The Forth's (https://en.wikipedia.org/wiki/Restore_the_Fourth) National Chair, Alex Marthews is deep in the thick of battles on Capitol Hill to rein in the PATRIOT Act, and on Beacon Hill to increase police accountability. Alex previously ran nonprofits addressing poverty, housing, and girls' education in East Africa, and interned with EFF back when it was much smaller. He moved to Boston from San Jose in 2005, and gives regular talks on surveillance policy and activism. He is also the co-author of a well-known study (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2412564) on the effects of the Snowden revelations on internet search behavior.

2. Where Digital Security and Privacy Rights Intersect (7:10-7:30)

by Max Bauer | LinkedIn (https://www.linkedin.com/profile/view?id=12328479&trk=nav_responsive_tab_profile_pic) | Twitter (http://twitter.com/newsandhumor)

The framers designed a Constitution which prioritized freedom from "unreasonable" searches and from self-incrimination. These are bedrock principles and fundamental rights in a free society. But what makes a search "unreasonable" when it comes to digital metadata, GPS location tracking, and iPhones? And how do courts conceptualize encryption, which seems to be somewhere between incriminating testimony and a traditional lock? Clearly our founding fathers did not foresee the privacy concerns we have with twenty-first century technology. This talk will discuss how courts have determined (and struggled with) how to apply modern and quickly evolving technology to a legal framework established centuries earlier. From the U.S. Supreme Court's decisions on thermal imaging, GPS, and cell phone searches, to the Massachusetts Supreme Judicial Court's decisions on CSLI and decryption, this talk explains the current state of the law and lays a foundation for where it is headed.

About Max. An associate attorney with White & Associates, P.C. (http://vjwlaw.com/our-background/), Max Bauer addresses a wide range of substantive and procedural issues in the realm of criminal defense and privacy rights law. He recently presented for Massachusetts Continuing Legal Education (http://www.mcle.org/about) on the intersection between constitutional rights and modern technology at the program "When Cell Phones Become Evidence." Although he has a limited technical security background, he has hosted a cryptoparty on Tor, SSL, and PGP.

3. Separating the Bots from the Humans (7:35-7:55)

by Ryan Mitchell | LinkedIn (https://www.linkedin.com/in/remitchell) | Twitter (https://twitter.com/kludgist)

Web scrapers are often thought of as purely data collection tools; however, they can be used to probe large collections of websites for vulnerabilities and exploit found weaknesses, and they are often unfazed by traditional “solutions” like robots.txt files, AJAX loading, and even CAPTCHAs. This presentation will provide an overview of what separates the bots from the humans and give examples of how scrapers/bots can be used alongside more traditional tools to both attack and defend websites.

About Ryan. Ryan Mitchell is a software engineer at LinkeDrive in Boston, where she develops their API and data analysis tools. She is a graduate of Olin College of Engineering and is a master's degree student at Harvard University School of Extension Studies. Prior to joining LinkeDrive, she built web scrapers and bots as a software engineer at Abine, Inc. She continues to work as a freelancer building web scrapers for clients, primarily in financial and retail industries, and she volunteers weekly at the Boston Museum of Science in the Engineering Design Workshop.

Ryan is the author of two books: Instant Web Scraping with Java (Packt Publishing, 2013) and Web Scraping with Python (O’Reilly Media, 2015).

Schedule

6:00 - 6:30: Food & Beer

6:30 - 6:35: Cybersecurity Opener by Akshat

6:35 - 6:40: Privacy News by James

6:40 - 6:45: Tool of the month by Will

6:45 - 7:05: Separating the Bots from the Humans by Ryan Mitchell

7:10 - 7:30: Where Digital Security and Privacy Rights Intersect by Max Bauer

7:35 - 7:55: Digitization, Privacy and Government Surveillance by Alex Marthews

Network with other security enthusiasts!

Physical Security

We'd like to make things easy for Security. Everybody should update their meetup profile with their last name and a recent photograph. To do that, click My Profile > View Profile and you'll see the options.

Parking

Parking is available around the area. A few garages can be found by searching for Seaport Parking. You can also just get off at South Station and walk across the bridge. Channelside Parking Lot - 284 A St, Boston, MA 02210 for the GPS. $8.00 evening rate if you enter the lot after 3pm. Note on the parking for those not familiar with the area - Channelside Lot and Necco Garage are close by and fairly decent. Channelside is a few dollars cheaper though.

Not receiving emails?

Some members have said they're not receiving our emails. You might have unsubscribed to our special announcements. To fix it: Click Settings > Email Updates > Choose Boston Security Meetup under "Updates about your groups" and check off "Announcement about a specific Meetup" and "Announcement to members about the group".

Why are you charging $1?

The nominal $1 fee and checkout process serve to verify your attendance and provide a more accurate headcount — and ensure a much better networking experience! Your modest support does enable and encourage us to continue improving these events.

Looking for speakers!

We're always looking for good speakers and interesting topics for our presentation nights! If you're interested in giving a talk, or have a suggestion for a future event, please contact us.

Recruiters

Boston Security Meetup appreciate's your interest in our events, however, we've noticed a significant rise in the number of recruiters. After this event, we're asking you to reach out directly to us and sponsor before attending our events. Please PM for specific details and we appreciate your understanding!