[Owasp-austin] leaving town, more on web crypto

travis+ml-owasp at subspacefield.org travis+ml-owasp at subspacefield.org
Fri Nov 13 17:09:03 EST 2009


So I'm leaving town soon to join Nate Lawson at Root Labs:

http://www.rootlabs.com/

If you're interested in the web crypto stuff I presented, the first
link is a Google Tech Talk about it that covers some things I didn't.

Another interesting talk is an OWASP talk from the pen tester's
perspective:

http://video.google.com/videoplay?docid=-5187022592682372937


This job opportunity came up in a serendipitous way:

First, I wrote my web 2.0 crypto talk and presented it to OWASP

Second, I posted it to the webappsec mailing list.

Thai Duong saw it, read up on it, and used the hash extension attack
against Flickr's API:

http://vnhacker.blogspot.com/2009/09/flickrs-api-signature-forgery.html

He got permission from me to use one of my slides; I didn't know what
for, but I told him it'd be okay.  I wasn't aware when the vuln report
came out.

Thomas Ptacek (Matasano) noticed me being cited there and brought it
to my attention.

He found out that I was looking to move back into security, and
introduced me to Nate Lawson.

So the moral of the story is, if you can come up with an interesting
presentation for OWASP, and do a little self-promotion, it can open
doors for you.  At one time during this process I was interviewing
with four computer security companies at once!
-- 
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20091113/f643d3ad/attachment.bin 


More information about the Owasp-austin mailing list