[Owasp-austin] leaving town, more on web crypto

Guy Hoozdis guy.hoozdis at gmail.com
Fri Nov 13 17:55:47 EST 2009


I'm not sure I've ever met you in person (unless you are the dude that did
that presentation at AHA on computers composing music), but I've enjoyed the
information you have shared on the list.  I'm probably mixing this and the
AHA list, but I always try and read through the stuff you send.  Very
technical.  Very comprehensive.  Very enjoyable.

Thanks and good luck in California.

On Fri, Nov 13, 2009 at 4:09 PM,
<travis+ml-owasp at subspacefield.org<travis%2Bml-owasp at subspacefield.org>
> wrote:

> So I'm leaving town soon to join Nate Lawson at Root Labs:
> http://www.rootlabs.com/
> If you're interested in the web crypto stuff I presented, the first
> link is a Google Tech Talk about it that covers some things I didn't.
> Another interesting talk is an OWASP talk from the pen tester's
> perspective:
> http://video.google.com/videoplay?docid=-5187022592682372937
> This job opportunity came up in a serendipitous way:
> First, I wrote my web 2.0 crypto talk and presented it to OWASP
> Second, I posted it to the webappsec mailing list.
> Thai Duong saw it, read up on it, and used the hash extension attack
> against Flickr's API:
> http://vnhacker.blogspot.com/2009/09/flickrs-api-signature-forgery.html
> He got permission from me to use one of my slides; I didn't know what
> for, but I told him it'd be okay.  I wasn't aware when the vuln report
> came out.
> Thomas Ptacek (Matasano) noticed me being cited there and brought it
> to my attention.
> He found out that I was looking to move back into security, and
> introduced me to Nate Lawson.
> So the moral of the story is, if you can come up with an interesting
> presentation for OWASP, and do a little self-promotion, it can open
> doors for you.  At one time during this process I was interviewing
> with four computer security companies at once!
> --
> Obama Nation | My emails do not have attachments; it's a digital signature
> that your mail program doesn't understand. |
> http://www.subspacefield.org/~travis/<http://www.subspacefield.org/%7Etravis/>
> If you are a spammer, please email john at subspacefield.org to get
> blacklisted.
> _______________________________________________
> Owasp-austin mailing list
> Owasp-austin at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-austin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20091113/d24e4cdf/attachment-0001.html 

More information about the Owasp-austin mailing list