<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="country-region"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PostalCode"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="address"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="City"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:CMTI9;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.1in 1.0in 1.1in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Greetings IT Professionals,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>OWASP Bay Area will host its next meeting at the <st1:place
w:st="on"><st1:PlaceName w:st="on">Stanford</st1:PlaceName> <st1:PlaceType
 w:st="on">University</st1:PlaceType> <st1:PlaceName w:st="on">Alumni</st1:PlaceName>
 <st1:PlaceName w:st="on">Association</st1:PlaceName> <st1:PlaceType w:st="on">Center</st1:PlaceType></st1:place>
on Thursday, December 13.&nbsp; As usual attendance is free and food and
beverages will be provided.&nbsp; This will be an awesome event and a great
opportunity to network with industry peers. &nbsp;The event is open to the
public; please forward this invite to your colleagues and friends who are
interested in computer and application security. &nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p><strong><b><i><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial;font-style:italic'>Agenda and Presentations:</span></font></i></b></strong><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><br>
6:00pm - 6:30pm ... Check-in and Holiday Reception (food &amp; beverages)<br>
6:30pm - 7:15pm ... Ghosts in the Browser &#8211; Niels <st1:place w:st="on"><st1:City
 w:st="on">Provos</st1:City></st1:place>, Google<br>
7:15pm - 8:00pm ... Ph.D. Student Presentations &#8211; Adam Barth &amp; Collin
Jackson, <st1:place w:st="on"><st1:PlaceName w:st="on">Stanford</st1:PlaceName>
 <st1:PlaceType w:st="on">University</st1:PlaceType></st1:place><br>
8:00pm - 8:30pm ... Networking Session <o:p></o:p></span></font></p>

<p><strong><b><i><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial;font-style:italic'>Venue:</span></font></i></b></strong><b><i><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial;font-weight:
bold;font-style:italic'><br>
</span></font></i></b><st1:place w:st="on"><st1:PlaceName w:st="on"><font
  size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Stanford</span></font></st1:PlaceName><font
 size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> <st1:PlaceName
 w:st="on">Alumni</st1:PlaceName> <st1:PlaceName w:st="on">Association</st1:PlaceName>
 <st1:PlaceType w:st="on">Center</st1:PlaceType></span></font></st1:place><br>
<st1:place w:st="on"><st1:PlaceName w:st="on"><font size=2 face=Arial><span
  style='font-size:10.0pt;font-family:Arial'>Stanford</span></font></st1:PlaceName><font
 size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> <st1:PlaceType
 w:st="on">University</st1:PlaceType></span></font></st1:place><br>
<st1:Street w:st="on"><st1:address w:st="on"><font size=2 face=Arial><span
  style='font-size:10.0pt;font-family:Arial'>326 Galvez Street</span></font></st1:address></st1:Street><br>
<st1:place w:st="on"><st1:City w:st="on"><font size=2 face=Arial><span
  style='font-size:10.0pt;font-family:Arial'>Stanford</span></font></st1:City><font
 size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>, <st1:State
 w:st="on">CA</st1:State>&nbsp; <st1:PostalCode w:st="on">94305</st1:PostalCode></span></font></st1:place><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><a
href="http://www.ariba.com/company/hq_map.cfm"
title="blocked::http://www.ariba.com/company/hq_map.cfm&#10;http://www.ariba.com/company/hq_map.cfm"><font
color=black title="blocked::http://www.ariba.com/company/hq_map.cfm"><span
title="blocked::http://www.ariba.com/company/hq_map.cfm"><span
title="blocked::http://www.ariba.com/company/hq_map.cfm"><span
style='color:windowtext;text-decoration:none'>Map and Directions</span></span></span></font></a>
<o:p></o:p></span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><br>
<strong><b><i><font face=Arial><span style='font-family:Arial;font-style:italic'>Ghosts
in the Browser</span></font></i></b></strong><br>
<strong><b><i><font face=Arial><span style='font-family:Arial;font-style:italic'>Presented
by:</span></font></i></b></strong><strong><b><font face=Arial><span
style='font-family:Arial;font-weight:normal'> <i><span style='font-style:italic'>Niels
<st1:place w:st="on"><st1:City w:st="on">Provos</st1:City></st1:place>, Ph.D.,
Google, Inc.</span></i></span></font></b></strong><i><span style='font-style:
italic'> </span></i><o:p></o:p></span></font></p>

<p class=MsoNormal><strong><b><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>Abstract: </span></font></b></strong><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'>&nbsp;As more users
are connected to the Internet and conduct their daily activities
electronically, computer users have become the target of an underground economy
that infects hosts with malware or adware for financial gain. Unfortunately,
even a single visit to an infected web site enables the attacker to detect
vulnerabilities in the user&#8217;s applications and force the download a
multitude of malware binaries. Frequently, this malware allows the adversary to
gain full control of the compromised systems leading to the ex-filtration of
sensitive information or installation of utilities that facilitate remote
control of the host. We believe that such behavior is similar to our
traditional understanding of botnets. However, the main difference is that
web-based malware infections are pull-based and that the resulting command
feedback loop is looser. To characterize the nature of this rising thread, we
identify the four prevalent mechanisms used to inject malicious content on
popular web sites: web server security, user contributed content, advertising
and third-party widgets. &nbsp;For each of these areas, we present examples of
abuse found on the Internet. Our aim is to present the state of malware on the
Web and emphasize the importance of this rising threat.</span></font><font
size=1 face=CMTI9><span style='font-size:9.0pt;font-family:CMTI9'><o:p></o:p></span></font></p>

<p><strong><b><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>Bio:</span></font></b></strong><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> Based out of Mt.View, Niels Provos
is a Senior Staff Engineer at Google, Inc.&nbsp; His interests include research
in Web-Based Malware, Distributed Denial of Service, Steganography,
Cryptography and Computer and Network Security.&nbsp; Niels studied Physics and
Mathematics at <st1:City w:st="on">University of Hamburg</st1:City>, <st1:country-region
w:st="on">Germany</st1:country-region>, and attended the <st1:place w:st="on"><st1:PlaceType
 w:st="on">University</st1:PlaceType> of <st1:PlaceName w:st="on">Michigan</st1:PlaceName></st1:place>
as a graduate student where he earned both is Masters in Computer Science and
his Ph.D. in Computer Science. &nbsp;He has published countless research papers
and recently authored the book Virtual Honeypots: From Tracking Botnets to
Intrusion Detection. &nbsp;<br>
<br>
<strong><b><i><font face=Arial><span style='font-family:Arial;font-style:italic'>Ph.D.
Student Presentations</span></font></i></b></strong><b><i><span
style='font-weight:bold;font-style:italic'><br>
<strong><b><font face=Arial><span style='font-family:Arial'>Presented by: </span></font></b></strong></span></i></b><i><span
style='font-style:italic'>Adam Barth &amp; Col<font color=navy><span
style='color:navy'>l</span></font>in Jackson, <st1:place w:st="on"><st1:PlaceName
 w:st="on">Stanford</st1:PlaceName> <st1:PlaceType w:st="on">University</st1:PlaceType></st1:place><br>
</span></i><br>
<b><i><span style='font-weight:bold;font-style:italic'>Preview of <st1:place
w:st="on"><st1:PlaceName w:st="on">OWASP</st1:PlaceName> <st1:PlaceType w:st="on">Bay</st1:PlaceType></st1:place>
Area, Mandeep Khera</span></i><br>
</b>Mandeep will provide an outline of the goals and objectives for local OWASP
affiliates in 2008.&nbsp; <b><span style='font-weight:bold'>&nbsp;</span></b><br>
<br>
Please RSVP by responding to this email or visit <a
href="http://owaspdec2007.eventbrite.com/"
title="blocked::http://owaspdec2007.eventbrite.com/">http://owaspdec2007.eventbrite.com</a><o:p></o:p></span></font></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Special
thanks to <a href="http://www.ariba.com/"
title="blocked::http://www.ariba.com/&#10;http://www.ariba.com"><font
color=black title="blocked::http://www.ariba.com/"><span
title="blocked::http://www.ariba.com/"><span
title="blocked::http://www.ariba.com/"><span style='color:windowtext;
text-decoration:none'>Stanford</span></span></span></font></a> University Alumni
Association for hosting this event and to <a href="http://www.cenzic.com/"
title="blocked::http://www.cenzic.com/">Cenzic </a>and <a
href="http://www.appsecconsulting.com/"
title="blocked::http://www.appsecconsulting.com/">AppSec Consulting</a> for sponsoring.
<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>