Chicago Security Open Forum

This quarter's NCC Open Forum will be back at the Braintree offices (http://www.chicagotribune.com/bluesky/series/office-tours/chi-braintree-office-tour-bsi-photos-20150109-photogallery.html)! We'll have food and drinks to start things off as people roll in and then we'll head to the theater to get the presentations started.

Schedule:

6:00 - 6:30: Drinks and Food
6:30 - 7:15: FOIA and Privacy: A Double Edged Sword by Matt Chapman7:20 - 7:50: 2 Chainz: The Signal Protocol from the Ground Up by Alex Balducci7:55 - 8:25: A Bundle of Lies: Exploiting Insecure Gemfiles by Peter McLarnan

Presentations:

Title: FOIA and Privacy: A Double Edged Sword
Speaker: Matt Chapman

This talk is about my personal experiences and difficulties using the Illinois Freedom of Information Act (FOIA) for the collection of the Chicago mayor's communication records. Although specific to Illinois, the interpretation of FOIA is largely dependent on the FOIA officers and the department's lawyers' interpretation. As a result, the focus of this presentation will be on FOIA interpretation standards and how it leads to non-reciprocal privacy.

--

Title: 2 Chainz: The Signal Protocol from the Ground Up
Speaker: Alex Balducci

The Signal Protocol is not only the most popular encrypted messaging system today, but also one of the most advanced. But how does it work? We will be building the protocol from the ground up with the audience, moving from the Diffie-Hellman exchange at the protocol's base, through parent protocols OTR and SMC, and finally to the Signal Protocol itself. Attendees will leave with an in-depth understanding of the construction, history, and trade-offs of the Signal Protocol.

--

Title: A Bundle of Lies: Exploiting Insecure Gemfiles by Peter McLarnan
Speaker: Peter McLarnan

Ruby's bundler allows easy installation and management of dependencies. As with any system that downloads executables, insecure configuration allows a network man-in- the-middle to deliver malicious code and compromise the user. We explore common Gemfile issues, investigate their exploitability, and demonstrate a novel bypass of one typical mitigation. Served with a side dish of git internals.