No subject
Wed Nov 1 13:32:02 EST 2006
Waltham. Follow signs for Rt. 117 (left at the second light). When you get
to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the second
left, at a blinking yellow light, on Rt. 117 going west about 0.1 miles from
Rt. 128 (I95). The office building is at the bottom of Jones Rd.
The room is MPR C.
More information at http://www.owasp.org/local/boston.html
<http://www.owasp.org/local/boston.html>
********************************
O'Reilly Books Group Discount
Don't forget we can get a 30% discount on
O'Reilly, No Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf,
SitePoint, and Syngress books. Just use code DSUG.
Jim Weiler
Staples North American Delivery
Application Security Architect
508 2533884
------_=_NextPart_001_01C6235B.30BBF0B7
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>*******************************<BR>Next meeting is
6:30 pm on Wed. <SPAN class=474083315-27012006>Feb.
1</SPAN> </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial
size=2>***********************************</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>This is our 1st
anniversary, Happy Birthday to us.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial
size=2>*********************************</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial
size=2>6:30</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>Security
Podcasts</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>I guess I'm geeky
enough that I'd rather listen to security presentations than the radio during my
commute (at least now that the Brady and Belichick call in sessions are gone).
I've found a bunch of security Podcasts, which seem to be just MP3 files that
you could play on any MP3 device. Some are one offs, some are free
subscriptions. I'll let you know what I found.</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>Windows Metafile
Vulnerability</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>This is a really
sneaky and pervasive one, exploit code has been put into the Metasploit toolkit
so anybody can make an attack. There seem to be many ways a Windows metafile can
be executed, some without your knowledge it seems. We'll discuss
this.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=474083315-27012006>Announcements,
general Q+A.</SPAN></FONT></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial
size=2>******************************************</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>7
pm</FONT></SPAN></DIV>
<DIV>Presenter - Ron Ben Natan; Guardium CTO</DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Topic: Database Security: Protecting Identity
Information at the Source</FONT></DIV>
<DIV>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic">Databases
contain security logging and auditing functions, but they may seldom be used due
to limited knowledge or lack of efficacy. Simultaneously, security is a vital IT
topic, and organizations are overwhelmed by regulations like Sarbanes-Oxley
(SOX) that increase database privacy and auditing requirements, taxing the
database and DBA.<SPAN style="mso-spacerun: yes"> </SPAN><?xml:namespace
prefix = o ns = "urn:schemas-microsoft-com:office:office"
/><o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic"><o:p> </o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic">This
presentation covers the complexities of security and auditing projects (e.g., in
a SOX or PCI initiative), as well as vulnerabilities and attacks that exist or
have been used within various database environments. While both SOX and PCI
require auditing and encryption level data protection, these can be achieved
without turning on additional database functionality like logging or encryption,
and without changing the applications that use the database. By watching queries
as they enter the database, alerts and blocking actions can be initiated based
on behavior rules instead of signatures. This also reduces the need for upstream
application level defenses which have to recognize obfuscated malicious queries
(e.g. UNICODE or UTF encoded SQL) because at this point the SQL must be ready to
be interpreted by the database<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><A name=OLE_LINK1><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic"><o:p> </o:p></SPAN></A></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="mso-bookmark: OLE_LINK1"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic">By the
conclusion, you should better understand the ways in which you can protect your
databases from malicious or accidental misuse, ensure secure database
deployments, and support compliance requirements.</SPAN></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="mso-bookmark: OLE_LINK1"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic"><o:p></o:p></SPAN></SPAN> </P></DIV>
<DIV><FONT face=Arial size=2>Pizza will be provided by Guardium</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Location:<BR>Microsoft offices at the Waltham
Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Directions:<BR>From Rt. 128 North take exit 26
toward Waltham, East up the hill on Rt. 20. From Rt 128 South take exit 26 but
go around the rotary to get to 20 East to Waltham. Follow signs for Rt. 117
(left at the second light). When you get to 117 turn left (West). You will cross
back over Rt. 128.<BR>Jones Rd. (look for the Waltham Weston Corporate Center
sign) is the second left, at a blinking yellow light, on Rt. 117 going west
about 0.1 miles from Rt. 128 (I95). The office building is at the bottom of
Jones Rd.<BR>The room is MPR C. </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>More information at <A
href="http://www.owasp.org/local/boston.html">http://www.owasp.org/local/boston.html</A><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>********************************<BR>O'Reilly Books
Group Discount<BR>Don't forget we can get a 30% discount on <BR>O'Reilly, No
Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, <BR>SitePoint, and
Syngress books. Just use code DSUG.<BR></FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Staples North American
Delivery</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Application Security
Architect</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>508 2533884</FONT></DIV>
<DIV> </DIV></BODY></HTML>
------_=_NextPart_001_01C6235B.30BBF0B7--
More information about the Owasp-boston
mailing list