[Owasp-sanjose] OWASP Meeting 12/13 -- Web-Based Malware, Browser Security & More

Brian Bertacini brian at appsecconsulting.com
Mon Dec 3 12:32:16 EST 2007


Greetings IT Professionals,

 

OWASP Bay Area will host its next meeting at the Stanford University Alumni
Association Center on Thursday, December 13.  As usual attendance is free
and food and beverages will be provided.  This will be an awesome event and
a great opportunity to network with industry peers.  The event is open to
the public; please forward this invite to your colleagues and friends who
are interested in computer and application security.  

 

Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)
6:30pm - 7:15pm ... Ghosts in the Browser - Niels Provos, Google
7:15pm - 8:00pm ... Ph.D. Student Presentations - Adam Barth & Collin
Jackson, Stanford University
8:00pm - 8:30pm ... Networking Session 

Venue:
Stanford Alumni Association Center
Stanford University
326 Galvez Street
Stanford, CA  94305
 <http://www.ariba.com/company/hq_map.cfm> Map and Directions 


Ghosts in the Browser
Presented by: Niels Provos, Ph.D., Google, Inc. 

Abstract:  As more users are connected to the Internet and conduct their
daily activities electronically, computer users have become the target of an
underground economy that infects hosts with malware or adware for financial
gain. Unfortunately, even a single visit to an infected web site enables the
attacker to detect vulnerabilities in the user's applications and force the
download a multitude of malware binaries. Frequently, this malware allows
the adversary to gain full control of the compromised systems leading to the
ex-filtration of sensitive information or installation of utilities that
facilitate remote control of the host. We believe that such behavior is
similar to our traditional understanding of botnets. However, the main
difference is that web-based malware infections are pull-based and that the
resulting command feedback loop is looser. To characterize the nature of
this rising thread, we identify the four prevalent mechanisms used to inject
malicious content on popular web sites: web server security, user
contributed content, advertising and third-party widgets.  For each of these
areas, we present examples of abuse found on the Internet. Our aim is to
present the state of malware on the Web and emphasize the importance of this
rising threat.

Bio: Based out of Mt.View, Niels Provos is a Senior Staff Engineer at
Google, Inc.  His interests include research in Web-Based Malware,
Distributed Denial of Service, Steganography, Cryptography and Computer and
Network Security.  Niels studied Physics and Mathematics at University of
Hamburg, Germany, and attended the University of Michigan as a graduate
student where he earned both is Masters in Computer Science and his Ph.D. in
Computer Science.  He has published countless research papers and recently
authored the book Virtual Honeypots: From Tracking Botnets to Intrusion
Detection.  

Ph.D. Student Presentations
Presented by: Adam Barth & Collin Jackson, Stanford University

Preview of OWASP Bay Area, Mandeep Khera
Mandeep will provide an outline of the goals and objectives for local OWASP
affiliates in 2008.   

Please RSVP by responding to this email or visit
http://owaspdec2007.eventbrite.com <http://owaspdec2007.eventbrite.com/> 

Special thanks to  <http://www.ariba.com/> Stanford University Alumni
Association for hosting this event and to Cenzic  <http://www.cenzic.com/>
and AppSec Consulting <http://www.appsecconsulting.com/>  for sponsoring. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-sanjose/attachments/20071203/5a0d156c/attachment.html 


More information about the Owasp-sanjose mailing list