[Owasp-austin] leaving town, more on web crypto

Josh Sokol josh.sokol at ni.com
Fri Nov 13 18:42:50 EST 2009


Travis,

I know you were looking for a new job so I'm glad you found something and 
it sounds like it's right up your alley.  We will definitely miss you 
around here and if you're ever back in Austin, be sure to look us up. 
We'll have to throw a super special OWASP Happy Hour just for the 
occasion.  Speaking of which, we need to schedule another one of those 
soon.  When do you officially leave?  Maybe there's time to have a going 
away party?  Anyway, the best of luck to you with your new gig.  Take 
care!

Sincerely,

Josh Sokol (CCNA, GWAS)
Web Systems Engineer
National Instruments



From:
travis+ml-owasp at subspacefield.org
To:
owasp-austin at lists.owasp.org
Date:
11/13/2009 04:09 PM
Subject:
[Owasp-austin] leaving town, more on web crypto
Sent by:
owasp-austin-bounces at lists.owasp.org



So I'm leaving town soon to join Nate Lawson at Root Labs:

http://www.rootlabs.com/

If you're interested in the web crypto stuff I presented, the first
link is a Google Tech Talk about it that covers some things I didn't.

Another interesting talk is an OWASP talk from the pen tester's
perspective:

http://video.google.com/videoplay?docid=-5187022592682372937


This job opportunity came up in a serendipitous way:

First, I wrote my web 2.0 crypto talk and presented it to OWASP

Second, I posted it to the webappsec mailing list.

Thai Duong saw it, read up on it, and used the hash extension attack
against Flickr's API:

http://vnhacker.blogspot.com/2009/09/flickrs-api-signature-forgery.html

He got permission from me to use one of my slides; I didn't know what
for, but I told him it'd be okay.  I wasn't aware when the vuln report
came out.

Thomas Ptacek (Matasano) noticed me being cited there and brought it
to my attention.

He found out that I was looking to move back into security, and
introduced me to Nate Lawson.

So the moral of the story is, if you can come up with an interesting
presentation for OWASP, and do a little self-promotion, it can open
doors for you.  At one time during this process I was interviewing
with four computer security companies at once!
-- 
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. | 
http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get 
blacklisted.
[attachment "att4hree.dat" deleted by Josh Sokol/AUS/NIC] 
_______________________________________________
Owasp-austin mailing list
Owasp-austin at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-austin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20091113/e1739d24/attachment.html 


More information about the Owasp-austin mailing list