[Owasp-austin] Owasp-austin Digest, Vol 52, Issue 2

Almanza, Rick RAlmanza at tmrs.com
Thu Dec 9 14:49:50 EST 2010


Josh,

I just finished attending the ISSA meeting for this month and I am a newbie to security, but have been in IT for the past 10 years or so.  I'm really interested in our Secure Password Project.  Do you mind sending me further information, if needed, and anything I would need to do to get involved in the project?  Thanks!

Rick Almanza
Computer Support Specialist
Texas Municipal Retirement System
512-225-3763


-----Original Message-----
From: owasp-austin-request at lists.owasp.org [mailto:owasp-austin-request at lists.owasp.org] 
Sent: Thursday, December 09, 2010 9:22 AM
To: owasp-austin at lists.owasp.org
Subject: Owasp-austin Digest, Vol 52, Issue 2

Send Owasp-austin mailing list submissions to
	owasp-austin at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.owasp.org/mailman/listinfo/owasp-austin
or, via email, send a message with subject or body 'help' to
	owasp-austin-request at lists.owasp.org

You can reach the person managing the list at
	owasp-austin-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp-austin digest..."


Today's Topics:

   1. LASCON 2011, OWASP Secure Password Project,	Job
      Opportunities, and More (Josh Sokol)
   2. Re: LASCON 2011, OWASP Secure Password Project, Job
      Opportunities, and More (Ernest Mueller)


----------------------------------------------------------------------

Message: 1
Date: Wed, 8 Dec 2010 14:29:49 -0600
From: Josh Sokol <josh.sokol at ni.com>
Subject: [Owasp-austin] LASCON 2011, OWASP Secure Password Project,
	Job Opportunities, and More
To: owasp-austin at lists.owasp.org
Message-ID:
	<OF98BD3104.C252AB71-ON862577F3.0059A98E-862577F3.007097EA at ni.com>
Content-Type: text/plain; charset="utf-8"

Austin OWASPers,

The 2010 Lonestar Application Security Conference (LASCON) held at the 
Norris Conference Center on Friday, October 29, 2010 was an astounding 
success.  Almost 200 security professionals from around the country came 
together to learn, share war stories, and have a good time.  Feedback from 
attendees, sponsors, and volunteers was overwhelmingly positive with 
almost everyone stating they would like to attend LASCON again next year. 
With things going as well as they did, we have decided to reserve the 
Norris Conference Center once again for Friday, October 28, 2011 for 
LASCON part deux.  If you are interested in sponsoring or volunteering for 
LASCON 2011, please let us know.  Mark your calendars today!

In 2011 the Austin OWASP chapter will be embarking on a group project 
titled the OWASP Secure Password Project.  This project will have a two 
pronged approach designed to put more nails in the single-factor method of 
authentication.  First, we will create an interactive portal where 
penetration testers are able to enter known information about the target. 
 This known information can then be broken down and converted to create a 
large downloadable dictionary list that has been customized to the target. 
 This list will be added to a comprehensive standard dictionary with the 
character conversions performed on that as well.  The result would be a 
large list of commonly used passwords, dictionary words, target specific 
passwords, and various derivitives of each which should cover the vast 
majority of passwords used today.  The second prong of our approach will 
be to capture the results of all data collected into a large database. 
 This data will be hashed with common hashing methods to create what will 
become the world's largest rainbow tables.  A user can provide us with a 
hash and we can do a lookup against these tables to search for matching 
entries.  The goal here is to put a stop to unsalted password hashes for 
authentication.  If you are interesting in participating in the project, 
please respond and let me know.  Everyone is welcome and we will begin our 
initial outline of the project in January 2011.

I am currently working on both the Austin OWASP Meeting topics and the 
Austin Security Professionals Happy Hour dates for the 2011 year.  If you 
are interested in presenting at our chapter meetings held on the last 
Tuesday of each month, please send me an abstract on what you would like 
to speak on as well as your bio.  We had some pretty awesome presentations 
last year and I'm looking to bring in some more people to Austin this year 
with our LASCON funds, but we definitely have room for presentations from 
chapter members as well.

Every once in a while people send me job postings and whatnot.  In order 
to minimize traffic to this group, I try and save them and send them along 
with my other correspondence.  Here is one such opportunity which I have 
more information on if you'd like it:

atsec is an international, independent, standards-based IT (information 
technology) security
consulting and evaluation services company that combines a 
business-oriented approach to
information security with in-depth technical knowledge and global 
experience.

We are looking for a security consultant whose primary role is to support 
our penetration
testing engagements. The ideal candidate has solid skills in both network 
and (web)
application testing, and would also be involved in atsec?s other security 
testing and
evaluation projects as appropriate.

Please send your resume and cover letter to us-jobs at atsec.com.

Sincerely,

Josh Sokol (CISSP, CCNA, GWAS)
Information Security Program Owner
National Instruments
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20101208/632ef8ee/attachment-0001.html 

------------------------------

Message: 2
Date: Thu, 9 Dec 2010 08:23:09 -0600
From: Ernest Mueller <ernest.mueller at ni.com>
Subject: Re: [Owasp-austin] LASCON 2011, OWASP Secure Password
	Project, Job Opportunities, and More
To: owasp-austin at lists.owasp.org
Message-ID:
	<OF7168C00A.B5F285CF-ON862577F4.004EF2E6-862577F4.004F062B at ni.com>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20101209/8da2b427/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20101209/8da2b427/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20101209/8da2b427/attachment-0001.gif 

------------------------------

_______________________________________________
Owasp-austin mailing list
Owasp-austin at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-austin


End of Owasp-austin Digest, Vol 52, Issue 2
*******************************************

###################################################################
CONFIDENTIALITY NOTICE: This communication, including attachments,
is intended only for the use of the individual or entity to which
it is addressed and may contain information that is privileged,
confidential, and exempt from disclosure under applicable law.
If you are not the intended recipient, you are notified that any
use, dissemination, forwarding, distribution, or copying of the
communication is strictly prohibited. Please notify the sender
immediately by e-mail if you have received this communication by
mistake and delete all copies of the original message and
attachments from your system.
################################################################### 


More information about the Owasp-austin mailing list