Dear RVAs3c CTF participants,
First, apologies that it took me a month to get this out.
Thank you SO much for coming to the conference, and competing in our Capture the Flag contest this year! We hope you had as much fun playing as we did building it!
There were 37 accounts in total, with 25 of them scoring points (some of the teams that scored nothing were made in error, were duplicates, or were admin accounts) and our perspective was that about half of the attendees were using individual accounts, with the other half using a shared team account for submissions.
6 out of 6 Tier 1 challenges were solved. 4 out of 5 Tier 2 challenges were solved, and 1 out of 4 Tier 3 challenges were solved.
We saw a very even progression of points from 25th all the way up to 1st place, which leads us to infer that we presented a very broad spectrum of challenges that catered to every experience level. Hopefully that was the case for you!
Below is a link to a short survey we’ve crafted, and we would greatly appreciate your feedback about the event, to include how the registration process was, whether we had enough space, the quality of the challenges, and what you’d like to see next year.
The link to the Merchandise page is back! Â For now we’d like to sell our stock of t-shirts from Shmoocon. Â After those are all gone we are going to work on getting some other kinds of schwag, stuff that you guys will love!
If you’d like to attend Thotcon but don’t have a ticket, we have one to give away! Â Keep in mind that Thotcon is on April 23rd in Chicago.
Starting now and running until 6PM Eastern on Friday, April 16th anyone who leaves us feedback via iTunes, comments on a blog post will be entered into a drawing. Â The names will be put onto a spreadsheet in no particular order, and then sorted in reverse. Â Each name will then have a number in front of it, and we will use random.org in order to randomly select the winner.
You must use the iTunes client to leave feedback in iTunes. Â If you leave a comment on a blog posting it must not be spam, and it must make some sort of sense, submissions that just go “Hi” or “asdfjkl;” will be disregarded.
We live in a world where everything and anything is just a click or web search away. Instant access to information is the new norm and seemingly taken for granted. Â When questions need answering, most â€œJust Google it.â€; with that ease and convenience of using The GOOG though, comes a priceâ€¦Your privacy.
On Tuesday, Moxie Marlinspike released a small lightweight Firefox extension that is aimed to prevent the collection of users search/behavioral data by Google. GoogleSharing works by serving all of your queries through a custom proxy that contains a collection of what Moxie calls â€œGoogleSharing Identitiesâ€. Â When enabled, if the Firefox plug-in detects a request sent out to any of Googleâ€™s services, it routes you through the proxy, removes any identification information and then replaces that data with one of the random, pooled Google Sharing Identities. Â Pretty slick! Â Obviously, if you are already logged into any of Googleâ€™s many services (Gmail, iGoogle, Groups etc) GoogleSharing wonâ€™t help one bit.
While anonymous proxies are nothing new, GoogleSharing introduces a different method of anonymity for a pretty specific threat. With its lean and quick Firefox extension, GoogleSharing is a step in the right direction of trying to regain some sort of privacy back on the net.
SoÂ begins another New Year and with it brings another year of conferences.Â One of the largerÂ eventsÂ to bring in the New Year is alwaysÂ ShmooCon which takes place this February 5th-7th in Washington DC. With the thirdÂ and final round of tickets being sold outÂ again in record time,Â those of you lucky enough to snag a barcode this timeÂ aroundÂ look to be in for yet another amazing conference.
Speaking of that final round of ticket salesâ€¦ Those of you thatÂ attempted toÂ reserve a ticketÂ during the last roundÂ mightÂ haveÂ noticed yet another â€˜challengeâ€™Â to get that golden ticket to this yearâ€™sÂ event. Round three brought in a server withÂ muchÂ more availabilityÂ than the previous two roundsÂ andÂ aÂ webpage that was responsive the entire time.Â So what actually happenedÂ then?
TheÂ round threeÂ â€˜challengeâ€™Â had to doÂ with the link that brought you to the first step of the registration process. Clicking on the link brought you to a page greeting you with aÂ â€˜403 Forbiddenâ€™Â error stating â€˜You donâ€™t have access to /cart/ on this serverâ€™.Â However, ifÂ you looked a bit closer at the URLÂ while dusting off your web application hackingÂ skills;Â you might have noticed thatÂ it wasnâ€™t totally complete. The missing link was to manually enter in â€˜reserve.cgiâ€™ to the end of the URL.Â Once the URL wasÂ manually madeÂ valid you were then able to go through the rest of the registrationÂ steps, enter in your Captcha and complete the process.Â The issue was caught and corrected by the site admins, but since the remaining tickets sold out in 15 minutes or so, it still left some in the dark.Â Better luck next year!!
If you wereÂ however,Â one of theÂ few that were able toÂ snag a ticket to ShmooCon 2010, this yearâ€™s speaker panel packs a solid line up and will not disappoint. With presentations covering everything from examining the risks of social networking toÂ how to build your very own Predator UAV spy drone, ShmooCon bringsÂ inthe bestÂ minds from the security,Â hackerÂ andÂ makerÂ communities together for a three day event not to be missed.Â This yearâ€™s event is broken up into various â€˜tracksâ€™ across the long weekend, with a single track of speed talksÂ (One Track Mind)Â kicking offÂ on Friday the 5th. The next two days consist of various presentations falling into the other three aptly named tracks:Â Break It!, Build It! and Bring It On!Â ThecompleteÂ list of all of the speakers and presentations for this yearâ€™s eventÂ can be foundÂ here.Â ShmooCon also would not be complete without the various events and contests like â€˜Hacker Arcadeâ€™ and â€˜Hack-Or-Haloâ€™ which return this year yet again along with the â€˜Team Fortress 2 LAN Partyâ€™.
SoÂ bring your ShmooBalls and launchersÂ for what looks to be another great conferenceÂ to kick off 2010. If you still donâ€™t have a ticket to ShmooCon, do what you can to get there!Â Â A few tickets have been popping up on E-Bay and Pauldotcom.com has a threadÂ goingÂ in the forumsÂ about a ticket exchange.Â Check them out!Â They may cost you, but the experience of ShmooCon should not be missed given the opportunity to make it!
Also, be sure to check out the next episode of the SecuraBit podcastÂ streaming live on Wednesday, January 13th where we will be having the man himself, Bruce Potter on the show to discuss the upcoming conference and all things Shmoo!
Blog post by:Â SeanÂ Hausauer
So this coming Friday, December 11 – 14, I will have theÂ privilegeÂ of attending Â SANS CDI 2009. Â It’s the largest SANS event that takes place every year in the heart of our nation’s capital. Â Besides the horrendous traffic and the bitter cold I’m eager to learn from one of the best in our field, Lenny Zeltser. Â Lenny’s been teaching the SANS 610 course for a few years now and has built up a reputation as being a true expert at reversing malware. Â I currently hold the GCIA, GCIH, and the GSEC certifications from GIAC and the GREM will be a true test of skills as it’s said to be one of the most difficult to obtain. Â I’ll post my experience with the course next week as I’m sure it won’t be a disappointing one. Â In the meantime if you’d like more information regarding the SANS 610 course be sure to check it out here.
Be sure to check out the trailer below:
SANS Reverse Engineering Malware
If you’re attending the conference and want to meet up or just say hey, be sure to connect with me via Twitter!
We are looking for one or two energetic, articulate individuals to post entries to our blog on a daily or semi-weekly basis. Â Those interested should have an interest in Information Security (and well, IT in general) and be able to come up with good content. Â We aren’t asking for a 5 page article each time, it can be short and precise, and deliver information that our listeners will appreciate.
Please send an email to feedback -at- securabit dot com or use our contact form!
We can’t promise much in the way of payment, but we can eventually get you a T-Shirt and stickers, and work towards more!
SecuraBit will be at it again tonight broadcasting live with special guest Billy Hoffman whoâ€™s began his own venture after his tenure with the HP WebSec team.Â We look forward to having him on once again and hope that you all can join us live at 8pm.Â If not, be sure to download EP46 later in the week!
As SecuraBit continues to grow and bring you the very best content in the security world, we figured it only made sense to join forces with The Academy Pro who accomplishes the very same from a different perspective.Â The Academy Pro has an excellent repository of resources available at your fingertips from whitepapers, instructional videos, and forums where users can come together and share ideas.Â We hope to broaden our listener base and bring fresh new content to both sites.Â This isnâ€™t a complete merger meaning our show will remain the same however with more visibility.Â With that being said and the merger being in its infancy, our hopes are to continue to grow and refine our show to the likings of our listener base.Â We want to thank all of you who have stuck with us since episode 1 as weâ€™ve made massive improvements since.Â Our backend team has put in countless hours to get us were we are today solely because we believe in giving back to those who gave to us when we were up and coming n00bz.Â If you have any questions regarding the merger or just want to leave us a note, feel free to reach out to us at feedback[at]securabit.com.
Be sure to visit:Â www.TheAcademyPro.com
Use the codeâ€œgeek seatâ€ to get $20 off registration for the Louisville Metro InfoSec Conference.
The conference lineup features some great members of the Security community such as John Strand, Paul Asadoorian, Lee Kushner, Scott Moulton, Adrian â€œIronGeekâ€ Crenshaw.
Check out Securabit Episode 38 where we talk to Conference Chair, Brian Blankenship and tune in live Wednesday, September 23 with special guest Scott Moulton.
Securabit will be recording live with special guest Paul Asadoorian from Pauldotcom Security Weekly and Tenable Network Security on Wednesday, September 16th.Â Paul will be discussing Nessus and some of the new features/updates contained within Nessus 4.0.2 which launched today.Â The stream should be live around 7:30 pm EDT and the show will start recording at 8:00pm EDT.Â Tune in!