For our last meeting on Dec 4th at 7pm, ACM, SIG Sec, ACM-W, and UPE are all joining together to bring you a meeting full of fun, excitement, and free pizza.
We will turn the CS Building into a miniature golf course, and will have a Street Fighter 2 tournament on the ACM arcade cabinet.
Join ACM SIG Sec for our meeting on November 12th 7:00 in CS209A. Guest speaker Elonka Dunin will be talking about her work as a cryptographer.
Elonka Dunin, world’s #1 expert on Kryptos, the mysterious encrypted
sculpture at the center of CIA Headquarters, will give a multimedia talk
on the sculpture and the speculation on the messages it bears. Elonka
will also be showing the 11-minute PBS NOVAscienceNOW segment about the
sculpture, including interviews with the artist James Sanborn, and the
chairman of the CIA Cryptographic Center, Ed Scheidt.
Be sure to stick around, as SIG Sec will be going to eat at Kyoto, the Japanese Restaurant, afterwards.
The next ACM SigSecurity meeting is Wednesday 10/29/08 in CS209A at 7:00.
Mike Collins has recently joined the Risk Management team at Brown Smith Wallace LLC after 8 years at Deloitte & Touche. There he had national responsibility for the approval of security practitioners and testing tools that the firm utilizes for attack and penetration engagements. He has more than 12 years of experience in the field of information systems security, is an acknowledged national expert in attack and penetration testing, UNIX systems administration and security, firewall and network architecture, wireless networking and intrusion detection systems. He has performed a large number of security assessments for companies in the financial services, government, consumer business, energy and telecommunications industries. The security solutions provided include intrusion detection, firewall systems, authentication systems, and security architecture implementation assistance.
He has designed and implemented Virtual Private Network (VPN) and wireless solutions allowing clients to reduce costs considerably related to network connectivity and designed and implemented a wide range of firewall architectures, including Checkpoint Firewall–1, Gauntlet, Raptor, and PIX based firewalls and various intrusion detection technologies.
The next ACM SigSecurity meeting is Wednesday 10/15/08 in CS209A at 7:00.
We are having a Faculty guest speaker: Dr. Chellappan. His research interests are in the areas of Network Security, Wireless Networks and Distributed Systems and at our meeting will be talking about Network Authentication.
Securely authenticating a human user without assistance from any auxiliary device in the presence of powerful passive adversaries is an important and challenging problem. Passive adversaries are those that can passively monitor, intercept, and analyze every part of the authentication procedure, except for an initial secret shared between the user and the server.
In this talk, he will propose a new secure authentication scheme called Predicate-based Authentication
Service (PAS). In this scheme, for the first time, the concept of a predicate is introduced for authentication.
He will present some analysis on the proposed scheme and implementation results of its prototype system. One of the major features of the PAS scheme is its ability to simultaneously achieve a desired level of security and user friendliness.
The website for Dr. Chellappan’s PAS can be found here: http://drtcl4.cse.ohio-state.edu/B/
Get ready for our annual Wireless Security Audit.
This meeting we will use the cantennas you built at the last meeting (or on your own) to do a security audit of Rolla. We will meet in CS 209A at 7:00 to discuss rules and then each group will split up to go out. $5 from each team to cover the cost of the n-connectors is required. Afterward we will collect the logs from each group and later will announce the winners, there will be prizes.
The next Acm SigSec meeting is Wednesday, September 17 at 7:00 in CS209A.
We will teach you how to build a cantenna, a directional antenna build using of can, which you can use to better pick up wireless signals. This is the precursor to our annual Wireless Security Audit which will take place at the next meeting, two weeks from now.
Bring along a can (pringles, coffee, pirouette, or anything else bigger than a soda one), preferably clean and we will provide the hardware to build the antenna.
Update: For those of you still interested in building your own but had to jet early or just interested in cantennas in general, here are some fine resources available online for you to use.
The main things you need to know are that the placement of the n-connector should be (lambda g) / 4 away from the BACK of the can and the height of the wire from the n-connector should be (lambda o) / 4 tall. There are some nice calculators on the websites above that take the effort out of finding those values.
Our first meeting of the year is Wednesday, 9-3 at 7:00 in CS209A.
We will talk about the recent DNS exploit as well as other security news that has happened recently.
Come join us and find out what else we have planned for this semester.
Come out to the grassy area to the west of the CompSci building on Tuesday, May 6th at 7 pm for one of the coolest BBQs of the year. Not only will there be the typical food and fun, but everyone is invited to bring (or at least bring evidence of) your best project or hack to show off to the gentle members of SIG-Security. I guarantee this will be the best opportunity to increase your geek rank this semester.
Also, remember that officer elections will be at the final meeting. If you have any questions about positions or running, or if you’d like to submit a nomination, contact one of our current officers.
The students of Dr. T’s Cyber Security Security Research & Development class will be presenting their Open Source Security Analysis & Improvement Group Projects 7:00-8:00 PM in Civil 213 on April 23.
Group 1: Charles Tullock (team lead), Shaun Wagner, Jonathan Blount
Libpurple is an open source library that provides routines to access popular instant messaging services. It also provides basic options associated with instant messaging clients such as storing passwords and conversation logging. However passwords are stored in a human readable plain text format.
The primary purpose of this project is to create a multiplatform open source plugin that would use the user’s operating system’s security routines to provide secure password storage. Pidgin is our chosen demo application since it has a large user base and is the default messenger on many versions of Linux.
Our plugin provides an interface that each operating system can use to encrypt passwords. Currently we are using KDE and Windows to demonstrate how this plugin can be implemented in multiple operating systems.
Group 2: Derek Ditch (team lead), Dylan McDonald, Justin Miller
Today, users store all varieties of personal information on their computers in the form of address books, e-mail, chat logs, and calendars. When this information is stored in an SQL database, it can be subject to SQL injection attacks. We use Akonadi, the personal information manager for KDE4 and soon Gnome, to illustrate how this type of attack would work. We will then present our query sanitation library, which we call SQLSanitizer, that will help mitigate these types of attacks by ensuring common attack techniques are identified and removed.
Dylan McDonald will talk about the costs and security problems with current anonymity networks and how to properly use anonymizing networks April 8 at 7 PM in CS 209A