Send Dailydave mailing list submissions to
dailydave@lists.immunitysec.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.immunitysec.com/mailman/listinfo/dailydave
or, via email, send a message with subject or body 'help' to
dailydave-requ...@lists.immunitysec.com
You can reach the person managing the list at
dailydave-ow...@lists.immunitysec.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Dailydave digest..."
Today's Topics:
1. Re: More offensive security metrics and you (d...@geer.org)
2. 2nd Call for Posters and Industrial Presentations |
ComputationWorld 2009 / Athens-Greece, November 15-20, 2009
(Jaime Lloret Mauri)
3. KIWICON ]|[ - 2009 Call For Papers (Kiwicon <3)
4. Ekoparty Reverse & Go Challenge (Nicolas Waisman)
5. SOURCE Barcelona 2009 Schedule (Christien Rioux)
6. CONFidence 2009, November, Poland, CfP (Andrzej Targosz)
7. STONESOUP (dave)
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Aug 2009 23:25:36 -0400
From: d...@geer.org
Subject: Re: [Dailydave] More offensive security metrics and you
To: dave <d...@immunityinc.com>
Cc: dailyd...@lists.immunityinc.com
Message-ID: <20090818032536.a3aba33...@absinthe.tinho.net>
dave writes:
-+----------
| <snip>
|
| I know there's a long list of these sorts of things, and when you have
| 80% of them, you can't get kicked out. Essentially, you'll have found
| strategic operational flaws that transcend any point-fixes the company
| may be able to put into place.
|
Actually, it is a worthwhile goal to describe the
tipping point of a penetration, the moment when,
as you say, the penetrator can no longer be kicked
out.
I'm sure you'd like the catalog of what that takes,
and you've begun it. Keep at the effort, please.
I'm more interested in the rate constant -- how long
does it take to reach the tipping point, is that
time rising or falling, and is self-optimising
automation feasible? I'm (more than) happy to
measure "time" in something synthetic like clock
cycles, function calls, number of training rounds,
etc. I just want to know the first and second
derivatives. Nothing much...
--dan
------------------------------
Message: 2
Date: Thu, 20 Aug 2009 03:55:48 +0200
From: Jaime Lloret Mauri<jllo...@dcom.upv.es>
Subject: [Dailydave] 2nd Call for Posters and Industrial Presentations
| ComputationWorld 2009 / Athens-Greece, November 15-20, 2009
To: dailydave@lists.immunitysec.com
Message-ID: <200908200155.n7k1tmi1006...@smtp.upv.es>
Content-Type: text/plain; charset=us-ascii
INVITATION
Please consider to contribute and encourage your team members and fellow
scientists to contribute to the following federated events.
Thanks for forwarding the information on this Call for Posters and Industrial
presentations to those potentially interested to submit.
===== Call for Posters and Industrial Presentations =======
ComputationWorld 2009, November 15-20, 2009 - Athens, Greece
see: http://www.iaria.org/conferences2009/ComputationWorld09.html
ComputationWorld 2009 is a federated event focusing on advanced topics
concerning the areas of computation. The target topics cover future computing
techniques (strategies, mechanisms, technologies), service computation
(ubiquitous, web services, societal), cognitive support (AI, agents, learning,
autonomy), adaptiveness (component/systems, self-features, metrics), creative
content technologies, and patterns.
Submission (Poster, Industrial presentations) deadline: October 1st, 2009.
Acceptance notification: October 15, 2009
Submission form: 12-14 slide deck, free format; they will be posted,
post-conference, at www.iaria.org.
Submissions must be electronically done using the “Submit a Paper” button on
the entry page of each conference listed below.
See a 'very preliminary program'.
http://www.iaria.org/conferences2009/FUTURECOMPUTING09.html
http://www.iaria.org/conferences2009/ProgramFUTURECOMPUTING09.html
The events will feature well known Keynote Speakers:
The Tempestuous Future of Computing - Every Cloud Engenders not a Storm
by Paul J. Geraci, Director, TSG/DoD, USA
Infrastructures and Technologies for Future Computing - Convergence of
Bandwidth, Clouds, and Smart Devices
by Wolfgang Gentzsch, EU Project DEISA & Board fo Directors OGF
Services-- The Next Major Frontier for Research & Innovation
by Krishna Singh, President, Service Research & Innovation Institute (SRII) /
Strategic Programs Director, Service Science Research, IBM Almaden Research
Center
EXPERT PANEL:
Services Computing: Challenge or Opportunity
Moderators:
Krishna Singh, IBM / SRII
Petre Dini, IARIA / Concordia University
A few access free tutorials will be provided for all participants.
Scientific papers will be presented in more than 30 regular sessions.
Special forum meetings on challenging topics will be organized, late, in the
afternoons.
We aim at some instructive Poster and Special Industrial presentations to
complete the spectrum of topics covered by the events.
The events are:
>> FUTURE COMPUTING 2009, The First International Conference on Future
>> Computational Technologies and Applications
http://www.iaria.org/conferences2009/FUTURECOMPUTING09.html
>> SERVICE COMPUTATION 2009, The First International Conferences on Advanced
>> Service Computing
http://www.iaria.org/conferences2009/SERVICECOMPUTATION09.html
>> COGNITIVE 2009, The First International Conference on Advanced Cognitive
>> Technologies and Applications
http://www.iaria.org/conferences2009/COGNITIVE09.html
>> ADAPTIVE 2009, The First International Conference on Adaptive and
>> Self-adaptive Systems and Applications
http://www.iaria.org/conferences2009/ADAPTIVE09.html
>> CONTENT 2009, The First International Conference on Creative Content
>> Technologies
http://www.iaria.org/conferences2009/CONTENT09.html
>> PATTERNS 2009, The First International Conferences on Pervasive Patterns and
>> Applications
http://www.iaria.org/conferences2009/PATTERNS09.html
>> SELFTRUST 2009, The First Workshop on Computational Trust for Self-Adaptive
>> Systems
http://www.iaria.org/conferences2009/SELFTRUST.html
--------------------------------
IARIA Publicity Board
ComputationWorld Advisory Committees
-------------------------------
------------------------------
Message: 3
Date: Fri, 21 Aug 2009 08:27:24 +1200
From: "Kiwicon <3" <kiwi...@kiwicon.org>
Subject: [Dailydave] KIWICON ]|[ - 2009 Call For Papers
To: dailydave@lists.immunitysec.com
Message-ID: <20090820202724.ga6...@kiwicon.org>
Content-Type: text/plain; charset=us-ascii
A wise deadite captain once yelled "Cry Havoc and let loose the Dogs of War!".
Quite frankly, we couldn't have said it better ourselves:
~~ ~~
|| ||
@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@\___
@@@@@@@@@@@@@@@@@@ \
@@@@@@@@@@@@@@@@@ X___/
\/
KIWICON ]|[
28TH & 29TH NOVEMBER 2009
With a current record of three arrests, seven conceptions and one committal
Kiwicon is back for 2k9. The time has come to fake up an abstract and submit it
to the Kiwicon Crue for judgement. In the coming months, we predict you will
spend more time dreaming of kudos and UID 0 than actually working on your
slides, since you'll be doing them the night before anyway.
It's not New Zealand's only security conference, but it is the one where you're
more likely to get a standing ovation for scanning an entire country than
pointed questions regarding whether you were, perhaps, a little reckless in
accessing systems without authorisation.
_
_-(")-
`%%%%% `KIWICON`
// \\
The Crue holds a special place in their bowels for those who are aggravated
that Kiwicon is held on a weekend so they don't get time off work.
It is a gathering for those who are passionate about security. It has been
hacked together by the .nz security scene for the .nz security community.
Following in the tradition of previous cons, the atmosphere is extremely laid
back; even the feds don't wear suits.
Kiwicon is about sharing information. It's about intersections and
cross-pollination and dissemination and other nouns disturbing reminiscent of a
pre-AIDs key party. Sure, you could bring your RFID readers, your lockpicks or
even your back track DVD but mostly you just need to bring yourself and the
willingness to learn.
For a little con down under we don't do too bad. Previously, Kiwicon has
featured: the Crackstation, iKat (last seen at a airport near you), layer two
telco shenanigans, a video montage of boardrooms across Japan, old school
phreaking on new school kit, exposure of RIM's failure to hide their snooping
capabilities, fun with the SCADA systems, making Microsoft look like turkeys,
nuking various heap protections from space, and of course fucking up the
certificate chain of your new passport.
_
_-(")-
`%%%%%
// \\ `THE VENUE`
The Crue is aware that location is everything, so once again we will be
invading the Pipitea Campus which is surrounded by prestigious Wellington
buildings such as Parliament house, the (partly renovated and badly secured)
High Court, Ministry of Defence and various telecommunication hubs. All
services are handy to the venue as well (train station, taxi rank, burger
caravan, police cells / court etc).
Caffeination will be provided by the lovely folks at Sweet Fanny-Anne's.
_
_-(")-
`%%%%%
// \\ `THE PRICE`
A recession-proof fifty bucks for the employed. Students and those otherwise
supported by our precious taxpayer dollars (this does not include Members of
Parliament) will pay $30. GST receipts will be available on request.
The Crue will endeavour to leverage its synergies to architect a compelling ROI
solution.
_
_-(")-
`%%%%%
// \\ `THE TOPICS`
Social networking/automated stalking, Cellular Networks (GSM,2degrees,
openbts), State-sponsored surveillance, Malware (Viruses, Botnets), The Scam of
EAL Certification, Industrial Espionage, Reverse Engineering, The Failwhale
Rider, Virtualisation, Flash mobs, WebApps, 0hday
The schedule will be made up as we go, so fifteen minutes or thirty minutes
worth of material should be submitted as fifteen or thirty minutes worth of
talk. We do place an upper limit of an hour (including questions), as anything
longer than that can continue at the pub.
_
_-(")-
`%%%%%
// \\ `SUBMISSIONS`
These need to be in by the Witching Hour of the 31st October (NZST). Expats and
wanna-be Kiwis will want to get their submissions in by 10th October, when
we're going to be announcing the first round of Interesting Stuff.
To submit a presentation to Kiwicon2k9, send an email to c...@kiwicon.org with
the following information:
* Name or Handle:
* Country of Residence:
* Employer (if applicable):
* Presentation Title:
* Presentation Length:
* Presentation Synopsis:
* Brief Bio:
If you do not provide a bio, one will be provided for you.
_
_-(")-
`%%%%%
// \\ `BOTTOM LINE`
The Crue want you to submit your talk to Kiwicon or the cute little header
sheep gets it.
_
-(")-
`%%%%%
// \\ `CONTACT`
Email us: kiwi...@kiwicon.org
Check the site: https://www.kiwicon.org/
Drop by silc: silc.kiwicon.org:2706/kiwicon
Join the list: hackers-subscr...@kiwicon.org
CFP online at https://kiwicon.org/cfp2k9.txt
------------------------------
Message: 4
Date: Fri, 21 Aug 2009 10:25:50 -0300
From: Nicolas Waisman <nico...@immunitysec.com>
Subject: [Dailydave] Ekoparty Reverse & Go Challenge
To: dailydave@lists.immunitysec.com
Message-ID: <4a8ea05e.10...@immunitysec.com>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A little help:
Same challenge, compiled with symbols:
http://www.immunityinc.com/downloads/immunity_symbols.zip
sha1: 5dfd5eb7d3e7ebb0d298d70a7178fbd8114ffd31
Cheers
Nico Waisman
Immunity, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkqOoF0ACgkQnx8KWzmcRsFL/ACfWqclqIfFyEWkHWb4+o4DIFvt
k/0AoIxGzM4y7uPhsz47JmIomtrqNkWK
=Di1w
-----END PGP SIGNATURE-----
------------------------------
Message: 5
Date: Sun, 23 Aug 2009 20:15:46 -0400
From: Christien Rioux <cri...@noctem.org>
Subject: [Dailydave] SOURCE Barcelona 2009 Schedule
To: Daily Dave <dailydave@lists.immunitysec.com>
Message-ID:
<5680af290908231715u1464011dl5a7dd38e7c09b...@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
SOURCE Barcelona
September 21th-22nd, 2009
10:00am - 6:30pm
Museu Nacional D?art de Catalunya
www.sourceconference.com
Only 100 Tickets Available ? Register Today!
// SOURCE Announces SOURCE Barcelona Speaker Line-Up //
Full Schedule Available on SOURCE Website - www.sourceconference.com
________________________________________
KEYNOTES
Adam Laurie Pete Herzog
________________________________________
SESSIONS
Nico Fischbach, - Telco 2.0:Security of Next-Generation Telecom Services
Matt Bartoldus, Gotham Digital Science - The Software Assurance Maturity
Model - Introduction and Application
Philippe Langlois, Telecom Security - Consumer B Gone - Shopping Cart
Antitheft System Gone Wrong
Peter Silberman, Mandiant and Ero Carrera - State Of Malware: Explosion of
the Axis of Evil
Jim Reavis, Cloud Security Alliance - Cloud Computing Threat Vector
Dov Yoran, MetroSITE Group - A Look at Security Projects and Spending in the
Current Recession
Bernardo Damele Assumpcao Guimaraes, Portcullis Computer Security & Guido
Landi- Expanding the Control over Operation System from the Database
Travis Goodspeed, Radiant Machines - Half Blind Attacks against
Microcontrollers
Erin Jacobs, UCB, Inc - Scare them into Compliance - How Fear and Fines
Motivate Organizations to Make Changes
Fermin Serna, Microsoft - Windows Secure Kernel Development
Julio Auto - Triaging Bugs with Dynamic Dataflow Analysis
Christian Ketterer and Sebastian Porst - REIL Using Platform-Independent
Automated Deobfuscation
Michael Baentsch, IBM - Transacting online: What Might be Good Enough and
What Isn?t
Vicente Diaz, S21Sec and David Barroso, S21Sec - TBA
Fyodor Yarochkin - What's New with XProbe
Brian Honan, BH Consulting - Knowing Me, Knowing You
Dr. Dieter Bartmann, Psylock - Keystroke Dynamics as the Basis for Secure
Authentication
Charles Henderson, Trustwave, The Future Application Security Landscape
SOURCE Conference is the first and only conference combining advanced
technology and security practices with the business of security. With
thoughtful attention to detail and an emphasis on high quality and
compelling content, SOURCE is committed to delivering valuable information
in a high energy and fun environment.
Questions or Comments? Email i...@sourceconference.com
www.sourceconference.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20090823/b8a7134c/attachment-0001.htm
------------------------------
Message: 6
Date: Mon, 24 Aug 2009 23:34:53 +0200
From: Andrzej Targosz <andrzej.targ...@proidea.org.pl>
Subject: [Dailydave] CONFidence 2009, November, Poland, CfP
To: dailydave@lists.immunitysec.com
Message-ID: <1493580927.20090824233...@proidea.org.pl>
Content-Type: text/plain; charset=utf-8
Calling all practitioners in the field of IT security! The 6th edition of
CONFIdence 2009 2.0, is taking place in Warsaw on November 19/20, 2009.
http://2009.confidence.org.pl
We invite all to send the proposed topic and abstracts of presentation till the
15th of September. Please, remember that CONFidence is an open, international
conference and all presentations should be given in English. If you want to
give your lecture in Polish, please send an e-mail to the address given below.
The answer to CfP should include:
# name, last name and e-mail address of the potential speaker
# speakers short bio, describing his experience and skills
# speakers place of residence
# presentation topic with short description of proposed lecture (no more than
500 words)
# non-standard technical requirements
Applications should be sent to andrzej.targo...@}proidea.org.pl till 15
September, 2009.
We are especially interested in presentation concerning:
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks, hardware,
software
# Virtualization and operating systems security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
# Web applications security and cryptographic
Caution!
We do not accept marketing, non-technical presentations aimed at presenting and
selling any products. If your lecture presents company or its product, please
do not send it!
CONFidence conference is a non-profit event and speakers are not being paid.
However, we always try to provide financial help and cover travel expenses and
accommodation if possible.
--
Andrzej Targosz
andrzej.targo...@}proidea.org.pl
CONFidence Team
http://2009.confidence.org.pl
------------------------------
Message: 7
Date: Tue, 25 Aug 2009 17:46:28 -0400
From: dave <d...@immunityinc.com>
Subject: [Dailydave] STONESOUP
To: dailyd...@lists.immunityinc.com
Message-ID: <4a945bb4.3090...@immunityinc.com>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
C.F.: http://www.iarpa.gov/solicitations_stonesoup.html
To summarize the link above:
"""
The goal of the STONESOUP program is to develop and demonstrate
technology to advance automated techniques for software analysis, to
combine them with methods for confining software execution so that known
weaknesses cannot be exploited, and to diversify software components so
that residual vulnerabilities will be more difficult for attackers to
discover or exploit. Tools that can operate on programs written in
common, type-safe languages such as Java or C#, in flexible but
harder-to-analyze languages such as C or C++, as well as programs only
available in binary format are all of interest to the program.
"""
Lately I've noticed a trend towards finding a way to force offensive
tools to become defensive tools. I think STONESOUP is one example of
this. Assuming it's not just a cover for "We want to find better bugs in
binaries" then STONESOUP is trying to take the unsolvable Google Native
Client problem and adding the very hard binary analysis problem.
But it is useful to learn how many teams there are with their own
amazing static analysis tools and fantastic containment systems. :>
Everyone go home! Problem solved! :>
- -dave
And now, a word from our sponsor that you should read and then respond
to! :>
_____________________________________________________________________
Immunity Inc. is offering the below special deal for the upcoming
Hacker Halted Conference in Miami, FL. To get the special discounted
rate you will need to email ad...@immunityinc.com for the promo code
to be used at time of registration online.
1. Special rate of just $999 (Normal is $1299)
2. Full Access to ALL open sessions of the conference from Sep 23 -
25, 2009
3. All lunches and coffee breaks provided for (Sep 23 - 25, 2009)
4. Attend a choice one of the 3 following one-day training on Sep 25,
2009, covering the following topics:
a) Identifying Threats and Deploying Countermeasures
b) Incident Response: Principles of Incident Handling
c) Virtualization Security: Threats Exposed
*These workshops are led by EC-Council Master Instructors and are
worth $599!
5. Free EC-Council Certification Training Courseware and Exam Voucher!
Choose one of the following:
a. EC-Council Certified Secure Programmer (ECSP) Read HERE
<http://www.eccouncil.org/ECSP.htm>
b. EC-Council Certified VoIP Professional (ECVP) Read HERE
<http://www.eccouncil.org/ECVP.htm>
c. EC-Council Disaster Recovery Professionals (EDRP) Read HERE
<http://www.eccouncil.org/edrp.htm>
*These official electronic courseware and Prometric Prime Vouchers are
worth a combined of $900! ($650 + $250)
*Redeemable from Nov 1, 2009.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkqUW7QACgkQtehAhL0gheqouQCeJCHg7BS4janTGhC/kfWg9DFm
1LEAmwTwBAz+LbZExm4SCTSui3TgEC5J
=15wB
-----END PGP SIGNATURE-----
------------------------------
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
End of Dailydave Digest, Vol 49, Issue 5
****************************************
