No subject


Wed Nov 1 13:32:02 EST 2006


Waltham. Follow signs for Rt. 117 (left at the second light). When you get
to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the second
left, at a blinking yellow light, on Rt. 117 going west about 0.1 miles from
Rt. 128 (I95). The office building is at the bottom of Jones Rd.
The room is MPR C. 
 
More information at http://www.owasp.org/local/boston.html
<http://www.owasp.org/local/boston.html> 

********************************
O'Reilly Books Group Discount
Don't forget we can get a 30% discount on 
O'Reilly, No Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, 
SitePoint, and Syngress books. Just use code DSUG.

Jim Weiler
Staples North American Delivery
Application Security Architect
508 2533884
 

------_=_NextPart_001_01C6235B.30BBF0B7
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>*******************************<BR>Next meeting is 
6:30 pm on Wed.&nbsp;<SPAN class=474083315-27012006>Feb. 
1</SPAN>&nbsp;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial 
size=2>***********************************</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>This is our 1st 
anniversary, Happy Birthday to us.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial 
size=2>*********************************</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial 
size=2>6:30</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>Security 
Podcasts</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>I guess I'm geeky 
enough that I'd rather listen to security presentations than the radio during my 
commute (at least now that the Brady and Belichick call in sessions are gone). 
I've found a bunch of security Podcasts, which seem to be just MP3 files that 
you could play on any MP3 device. Some are one offs, some are free 
subscriptions. I'll let you know what I found.</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>Windows Metafile 
Vulnerability</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>This is a really 
sneaky and pervasive one, exploit code has been put into the Metasploit toolkit 
so anybody can make an attack. There seem to be many ways a Windows metafile can 
be executed, some without your knowledge it seems. We'll discuss 
this.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=474083315-27012006>Announcements, 
general Q+A.</SPAN></FONT></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial 
size=2>******************************************</FONT></SPAN></DIV>
<DIV><SPAN class=474083315-27012006><FONT face=Arial size=2>7 
pm</FONT></SPAN></DIV>
<DIV>Presenter - Ron Ben Natan; Guardium CTO</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Topic: Database Security: Protecting Identity 
Information at the Source</FONT></DIV>
<DIV>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN 
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic">Databases 
contain security logging and auditing functions, but they may seldom be used due 
to limited knowledge or lack of efficacy. Simultaneously, security is a vital IT 
topic, and organizations are overwhelmed by regulations like Sarbanes-Oxley 
(SOX) that increase database privacy and auditing requirements, taxing the 
database and DBA.<SPAN style="mso-spacerun: yes">&nbsp; </SPAN><?xml:namespace 
prefix = o ns = "urn:schemas-microsoft-com:office:office" 
/><o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN 
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic"><o:p>&nbsp;</o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN 
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic">This 
presentation covers the complexities of security and auditing projects (e.g., in 
a SOX or PCI initiative), as well as vulnerabilities and attacks that exist or 
have been used within various database environments. While both SOX and PCI 
require auditing and encryption level data protection, these can be achieved 
without turning on additional database functionality like logging or encryption, 
and without changing the applications that use the database. By watching queries 
as they enter the database, alerts and blocking actions can be initiated based 
on behavior rules instead of signatures. This also reduces the need for upstream 
application level defenses which have to recognize obfuscated malicious queries 
(e.g. UNICODE or UTF encoded SQL) because at this point the SQL must be ready to 
be interpreted by the database<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><A name=OLE_LINK1><SPAN 
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic"><o:p>&nbsp;</o:p></SPAN></A></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN 
style="mso-bookmark: OLE_LINK1"><SPAN 
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic">By the 
conclusion, you should better understand the ways in which you can protect your 
databases from malicious or accidental misuse, ensure secure database 
deployments, and support compliance requirements.</SPAN></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN 
style="mso-bookmark: OLE_LINK1"><SPAN 
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-bidi-font-style: italic"><o:p></o:p></SPAN></SPAN>&nbsp;</P></DIV>
<DIV><FONT face=Arial size=2>Pizza will be provided by Guardium</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Location:<BR>Microsoft offices at the Waltham 
Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Directions:<BR>From Rt. 128 North take exit 26 
toward Waltham, East up the hill on Rt. 20. From Rt 128 South take exit 26 but 
go around the rotary to get to 20 East to Waltham. Follow signs for Rt. 117 
(left at the second light). When you get to 117 turn left (West). You will cross 
back over Rt. 128.<BR>Jones Rd. (look for the Waltham Weston Corporate Center 
sign) is the second left, at a blinking yellow light, on Rt. 117 going west 
about 0.1 miles from Rt. 128 (I95). The office building is at the bottom of 
Jones Rd.<BR>The room is MPR C. </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>More information at <A 
href="http://www.owasp.org/local/boston.html">http://www.owasp.org/local/boston.html</A><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>********************************<BR>O'Reilly Books 
Group Discount<BR>Don't forget we can get a 30% discount on <BR>O'Reilly, No 
Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, <BR>SitePoint, and 
Syngress books. Just use code DSUG.<BR></FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Staples North American 
Delivery</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Application Security 
Architect</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>508 2533884</FONT></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------_=_NextPart_001_01C6235B.30BBF0B7--




More information about the Owasp-boston mailing list