[Full-disclosure] [Call for Presenters] Security BSides Las Vegas

[BSidesLV Info]

Security BSides Las Vegas, Inc. is pleased to announce that our Round 1 CFP
opens on 5Mar and will remain open until 15May. Our second and final round
will open on 1Jun and close on 30Jun.

http://goo.gl/5S4Mdq

You can also access the CFP from the Welcome page of our website at
bsideslv(dot)org

BSidesLV consists of the following tracks:

Breaking Ground - Ground Breaking Information Security research and
conversations on the "Next Big Thing". Interactively discussing your
research with our participants and getting feedback, input and opinion. No
preaching from the podium at passive attendees.

Common Ground - Other topics of interest to the security community. e.g.,
Lock-picking, hardware hacking, mental health, Burnout, Law, Privacy,
Regulations, Risk, Crypto, Activism, etc. Be prepared to engage your
audience - and have them engage you.

Proving Ground - Speaker Development Program. 30-minute presentations from
up-and-coming first-time national speakers, teamed with one of our
experienced volunteer mentors.

Underground - OTR talks on subjects best discussed AFK. No press, no
recording, no streaming, no names. Just you and your peers, behind closed
doors. Think about it.

Training Ground - Workshops and classes to give your students hands-on
experience learning the latest and greatest. We accept proposals for 1/2
day, full-day and 2-day workshops.



BSidesLV is committed to selecting our speakers based on merit of current
research and the abstract submitted. To ensure this, we have instituted a
double-blind CFP vetting process. Names and Bios will be stripped from the
abstract before it is submitted to our 7 member CFP team and no member of
the team (with the exception of the Chair) will see another member's vote
or comments. This should assist in maintaining a fair and equal vetting
process for all that submit.


For clarification purposes, please understand that BSides' events,
including Las Vegas, are free labors of love and education, for the
community, by the community, and all events - including workshops - are
free to attend for all participants. No remuneration of any kind is offered
to presenters*. We do provide breakfast and lunch both days of the
conference, a t-shirt, a badge for you and a +1 for a friend, and a Speaker
Thank You reception. If you are looking for a conference that can reimburse
or off-set your travel and lodging, and offer you a stipend, please
consider one of the bigger, paid admission conferences.

*We are offering a travel & lodging scholarship pilot program for accepted
Proving Ground speakers that qualify. Directions to apply are in the CFP.

BSides Las Vegas will be held at the Tuscany Suites and Casino, Las Vegas,
Nevada, on August 5th and 6th, 2014.

Thank you for your interest and we hope to see you in Vegas!

Security BSides Las Vegas, Inc.
A Federal 501(c)(3) Non-Profit Educational and Charitable Corporation
http://bsideslv.org 
i...@bsideslv.org 
https://twitter.com/bsideslv
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Call for Papers] (And Call for Mentors) Proving Ground Speaker Development Program

[BSidesLV Info]

BSides Las Vegas is happy to announce that the CFP and CFM for our Proving
Ground track is now open.

Proving Ground is a Speaker Development Program, which teams new speakers
up with proven veteran speakers, as mentors.

If you would like to apply to our Proving Ground program as a new speaker,
the CFP form is here:

https://docs.google.com/forms/d/1ps__cok-9hTJs_GuY-z9cZswSBrM17FcqZ7VItSFhE4/viewform

Please note that while this is the CFP for all tracks, only Proving Ground
is currently open. Any and all applications to tracks other than Proving
Ground will be rejected and deleted without warning or notice. Thank You.

If you would like to apply as a Mentor and help a new voice be heard, that
information and instructions are available here:

https://drive.google.com/file/d/0B6yDKxsKYPWkVTBLMnl6MTdXc1U/edit?usp=sharing

BSides Las Vegas will be held at the Tuscany Suites and Casino, Las Vegas,
Nevada, on August 5th and 6th, 2014.

Thank you for your interest

Security BSides Las Vegas, Inc.
A Federal 501(c)(3) Non-Profit Educational and Charitable Corporation
http://bsideslv.org 
i...@bsideslv.org 
https://twitter.com/bsideslv
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Security BSides Las Vegas 31Jul -01Aug Call For Presenters / Call For Mentors

[Info]

Security BSides Las Vegas 2013 - Call for Presenters

BSidesLV 2013 will consist of four speaking tracks and one workshop track

Track 1 - Breaking Ground: Bleeding edge discussions and hot button
topics on up and coming issues and the "Next Big Thing". Be prepared
to engage your audience and have them engage you. Presentations should
be prepared with a “give and take” conversational approach, not a
“tell us how it is” speech mentality. Bring your "A" game!:

Track 2 - Common Ground: BSidesLV is a community conference. Common
Ground is here for topics of interest to the community. Got something
the community wants or needs to hear? This is the track for you.
Doesn’t matter if it’s about food, physical locks, health (mental or
physical), harm reduction, crafting/making. This is the anything goes
track.

Track 3 - Proving Ground: An arena for speakers new to the scene to
find their voice in a public setting. Speakers applying for this track
are required to participate in the BSidesLV Mentorship Program. Please
do not apply for this track if you have presented at a major
conference before. NOTE: CFP for Proving Ground closes one month
earlier than the other tracks, to give presenters enough time to work
with their mentors.***Limited Scholarships are available for this
track***

Track 4 - Underground: Totally OTR, speakers and titles will only be
announced at the conference or with prior permission of the speakers
themselves. Pseudonymity is encouraged and talks will not be recorded
or streamed online. No press will be allowed entry and photography
will not be tolerated. NDAs will be provided for the speakers who wish
to request them from their audiences.

Track 5 - Training Ground: Half-day to two-day workshops or classes
with a limit of 18 people per workshop. If you would like to offer a
workshop for our participants, please submit your lesson plan for
review, along with a synopsis.

**If you are submitting to BlackHat 2013 or DEF CON XXI, we'd prefer
any submissions to BSidesLV be on a different subject. If your
BSidesLV talk builds off of your BH2013 materials, (ie: content that
BH couldn’t/wouldn’t allow you to present due to (x) reasons) we will
need you to prove that the content of both talks is significantly
different before considering you for acceptance. Talks that are
accepted and fall into this category will be given priority for
Thursday slotting, so as not to create schedule conflicts with BH2013
**

Additional notes: Talks previously presented elsewhere will not be
accepted unless it can be demonstrated that the material has been
significantly updated from the previous presentation. (This includes
smaller, regional BSides.) When in doubt, the CFP committee will give
priority to material never presented anywhere. Special consideration
will be given to teh lulz.  BSidesLV is an Information / Security
conference. We are open to talks on subjects that matter to the
community, ”B-Side” topics, that the bigger cons can’t or won’t touch.
We love considering talks that break the mold, make us think outside
the box and get the conversation going beyond our typical comfort
zones. Before submitting, know that BSidesLV is not in a position to
offer compensation or stipends of any kind (***See Proving Ground***).
Please do not submit to BSidesLV if you cannot afford to travel to Las
Vegas to attend the conference, or weren't already planning on being
in town for BH/DC. If you submit a talk that makes it past our CFP
committee, you will be guaranteed entry to BSidesLV2013 (as a
participant) even if we don't have room to accommodate your talk.
Please don't rush to submit your abstract. You have three months to
work on it, take your time. We'd rather you submit your "Next Big
Thing" the day of the deadline, than give us something four months
old.


Vendor/sales pitches will be summarily rejected. No exceptions.


Submissions are to be emailed to cfp.bsideslv()gmail com and must include:

The track name you are submitting to (in the SUBJECT LINE)

Title of your presentation (In the BODY)

An abstract of your talk or workshop (suitable for print)

How much time do you need for your presentation?

Do you have any special equipment requirements? (you must provide your
own laptop)

Have you presented before? Where/when? (cite references/links, if applicable)

Has this material been presented elsewhere? If so, where and when?
(Please explain how this presentation is substantively different)

Has this paper been submitted to/rejected by Black Hat 2013 or DEF CON XXI?

Will you have co-presenters?

Your full, legal name (not optional - will not be shared w/o your permission)

Twitter handle (if applicable)

Other Handle (optional)

Please tell us how you prefer to be addressed at the conference and in
announcements

A brief bio about yourself/co-presenters (100 words or less, each.
Suitable for print)

A contact number for days of show (Cell/GV #)

Will your talk include a live demo, exploit or tool release?

Why do y

Re: [Full-disclosure] posting xss notifications in sites vs software packages

[Info]

Wellin Germany...our law regarding security in general is very, very
vague.

It basically says that you have to go to prison if you produce or
publish any information
and/or tools (for so-called "hacking-purposes") in preparation for a
criminal offense.
And: if you get unauthorized access to data which is specially secured
by evading the
security mechanisms.

But The European Expert Group for IT Security says that especially the
first part does not apply if you're dealing with information and tools
in a good-natured way using e.g. a detailed reporting or documentation.
So i think it's hard to say if looking for a custom website
vulnerability (and finally not using it for bad purposes) is
illegal...at least it depends on how the judge defines "criminal
offense" and interprets your behavior.

@Valdis:
Therefor: agree :)

Regards
Julien.


On 02/09/2012 03:23 AM, valdis.kletni...@vt.edu wrote:
> On Wed, 08 Feb 2012 17:30:18 +0100, Info said:
>> A general question: is it legal to search for XSS vulnerabilities on
>> custom websites ?
> Yes. No. Maybe. Depends where you live, where the web server is physically
> located, and where the corporate headquarters are.  In the US, the law you
> need to worry about most is 18 USC 1030:
>
> http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_1030000-.html
>
> "... having knowingly accessed a computer without authorization or exceeding
> authorized access, and by means of such conduct having obtained 
> information..."
>
> It's going to come down to whether the jury believes the prosecutor's version
> or your version of what "exceeding authorized access" means - which is why
> professional pen testers make sure they get a "Get Out Of Jail Free" card, and
> negotiate rules of engagement (what's allowed, what's not) as part of the
> contract.  You amature pen testers are on your own. ;)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] posting xss notifications in sites vs software packages

[Info]

A general question: is it legal to search for XSS vulnerabilities on
custom websites ?

Julien



On 02/08/2012 04:37 PM, Packet Storm wrote:
> On Tue, Feb 07, 2012 at 06:18:24PM -0500, b wrote:
>> What is the point of posting notifications of XSS vulnerabilities in
>> specific web sites instead of alerts of xss vulns in specific software
>> packages?
>>
>> This question was prompted by all the postings by that vulnerability lab
>> stuff.
> In some cases, a cross site scripting vulnerability in a given site can 
> affect a large user base and the code is custom to the business.  As an 
> example, a cross site scripting issue in gmail is probably more catastrophic 
> than a cross site scripting vuln in some half-rate CMS.  Not to mention 
> there's the other situation where small website design shops repackage other 
> open source code, brand it as part of their offering, and never provide 
> updates to their customers.  The Internet is a mess.  $0.02
>
> -Todd
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Hack.lu 2010 CfP

[info]

Call for Papers Hack.lu 2010

The purpose  of the  hack.lu convention  is to give  an open  and free
playground   where  people   can  discuss   the  implication   of  new
technologies in  society.  hack.lu is a balanced  mix convention where
technical  and non-technical  people can  meet each  others  and share
freely all  kind of information.  The  convention will be  held in the
Grand-Duchy of  Luxembourg in  October 2010 (27-29.10.2010).  The most
significant  new  discoveries   about  computer  network  attacks  and
defenses,  commercial  security solutions,  and  pragmatic real  world
security  experience will  be  presented  in a  three  days series  of
informative tutorials.   We would like to announce  the opportunity to
submit papers,  and/or lightning talk  proposals for selection  by the
hack.lu  technical  review  committee.  This  year we  will  be  doing
workshops on the first  day and talks of 1 hour or 30 minutes in the
main track the two following days.



Scope ==

Topics of interest include, but are not limited to :

  * Software Engineering and Security
  * Honeypots/Honeynets
  * Spyware, Phishing and Botnets (Distributed attacks)
  * Newly discovered vulnerabilities in software and hardware
  * Electronic/Digital Privacy
  * Wireless Network and Security
  * Attacks on Information Systems and/or Digital Information Storage
  * Electronic Voting
  * Free Software and Security
  * Assessment of Computer, Electronic Devices and Information Systems
  * Standards for Information Security
  * Legal and Social Aspect of Information Security
  * Software Engineering and Security
  * Security in Information Retrieval
  * Network Security
  * Forensics and Anti-Forensics
  * Mobile Communications Security and Vulnerabilities



Deadlines =

The following  dates are important if  you want to  participate in the
CfP

Abstract submission : no later than 1st June 2010

Full paper submission : no later than 15th July 2010

Notification date : mid of August


Submission guideline 

Authors should  submit a paper in  English up to 5.000  words, using a
non-proprietary  and open  electronic format.   The  program committee
will review all  papers and the author of each  paper will be notified
of  the  result,   by  electronic  means.   Abstract  is   up  to  400
words. Submissions must be sent to http://2010.hack.lu/cfp/

Submissions should also include the following:


 1. Presenter, and geographical location (country of origin/passport)
and contact info.
 2. Employer and/or affiliations.
 3. Brief biography, list of publications or papers.
 4. Any significant presentation and/or educational
experience/background.
 5. Reason why this material is innovative or significant
or an important tutorial.
 6. Optionally, any samples of prepared material or outlines ready.
 7. Information about if yes or no the submission has already
been presented and where.

Presentations/topics that haven't been presented before
will be rewarded.


The information will be used only  for the sole purpose of the hack.lu
convention including  the information on  the public website.   If you
want to remain anonymous, you have the right to use a nickname.

If the paper  is not accepted in the main track,  it could be accepted
in  short or lightning  talk session  but in  this case  the speakers'
privileges are not applicable.

Speakers' Privileges 

* Accommodation will be provided (3 nights)
* Travel expenses will be covered up to a max amount
* Conference speakers night

Publication and rights ==

Authors keep the  full rights on their publication/papers  but give an
unrestricted  right  to  redistribute  their papers  for  the  hack.lu
convention and its related electronic/paper publication.

Sponsoring ==

If  you  want  to  support  the  initiative  and  gain  visibility  by
sponsoring, please contact us by writing an e-mail to info(AT)hack.lu

Web site and wiki =

http://www.hack.lu/

CfP website : http://2010.hack.lu/cfp/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Call for Papers Hack.lu 2009

[hack.lu 2009 info]

Call for Papers Hack.lu 2009


The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new technologies
in society. hack.lu is a balanced mix convention where technical and
non-technical people can meet each other and share freely all kind of
information. The convention will be held in the Grand-Duchy of
Luxembourg in October 2009 (28-30.10.2009). The conference is three days
of active discussions, presentations and workshops for sharing
experience around new attacks, defensive techniques and information
security (including funky experiments). We would like to announce the
opportunity to submit papers, and/or lightning talk proposals for
selection by the hack.lu technical review committee. This year we will
be doing one hour talks, and some shorter talk sessions.


Scope:
--

Topics of interest include, but are not limited to:
- Software Engineering and Security
- Honeypots/Honeynets
- Spyware, Phishing and Botnets (Distributed attacks)
- Newly discovered vulnerabilities in software and hardware
- Electronic/Digital Privacy
- Wireless Network and Security
- Attacks on Information Systems and/or Digital Information Storage
- Electronic Voting
- Free Software and Security
- Assessment of Computer, Electronic Devices and Information Systems
- Standards for Information Security
- Legal and Social Aspect of Information Security
- Software Engineering and Security
- Security in Information Retrieval
- Network security
- Forensics and Anti-Forensics
- Mobile communications security and vulnerabilities


Deadlines:
--

The following dates are important if you want to participate in the CfP

Abstract submission: no later than 15 June 2009
Full paper submission: no later than 1st August 2009
Notification date: mid/end of August


Submission guideline:
-

Authors should submit a paper in English up to 5.000 words, using a
non-proprietary and open electronic format. The program committee will
review all papers and the author of each paper will be notified of the
result, by electronic means. Abstract is up to 400 words. Submissions
must be sent using the following interface: http://2009.hack.lu/papers/

Submissions should also include the following:
1. Presenter, and geographical location (country of origin/passport)and
contact info.
2. Employer and/or affiliations.
3. Brief biography, list of publications or papers.
4. Any significant presentation and/or educational experience/background.
5. Reason why this material is innovative or significant or an important
tutorial.
6. Optionally, any samples of prepared material or outlines ready.
7. Information about if yes or no the submission has already been
presented and where.

The information will be used only for the sole purpose of the hack.lu
convention including the information on the public website. If you want
to remain anonymous, you have the right to use a nickname.


Speakers' Privileges:
-

- Accommodation will be provided (3 nights).
- Travel expenses will be covered up to a max amount.
- Conference speakers night.


Publication and rights:
---

Authors keep the full rights on their publication/papers but give an
unrestricted right to redistribute their papers for the hack.lu
convention and its related electronic/paper publication.


Sponsoring:
---

If you want to support the initiative and gain visibility by sponsoring,
please contact us by writing an e-mail to info(AT)hack.lu


Web site and wiki:
--

http://2009.hack.lu/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Call for Papers Hack.lu 2009

[hack.lu 2009 info]

Call for Papers Hack.lu 2009


The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new technologies
in society. hack.lu is a balanced mix convention where technical and
non-technical people can meet each other and share freely all kind of
information. The convention will be held in the Grand-Duchy of
Luxembourg in October 2009 (28-30.10.2008). The conference is three days
of active discussions, presentations and workshops for sharing
experience around new attacks, defensive techniques and information
security (including funky experiments). We would like to announce the
opportunity to submit papers, and/or lightning talk proposals for
selection by the hack.lu technical review committee. This year we will
be doing one hour talks, and some shorter talk sessions.


Scope:
--

Topics of interest include, but are not limited to:
- Software Engineering and Security
- Honeypots/Honeynets
- Spyware, Phishing and Botnets (Distributed attacks)
- Newly discovered vulnerabilities in software and hardware
- Electronic/Digital Privacy
- Wireless Network and Security
- Attacks on Information Systems and/or Digital Information Storage
- Electronic Voting
- Free Software and Security
- Assessment of Computer, Electronic Devices and Information Systems
- Standards for Information Security
- Legal and Social Aspect of Information Security
- Software Engineering and Security
- Security in Information Retrieval
- Network security
- Forensics and Anti-Forensics
- Mobile communications security and vulnerabilities


Deadlines:
--

The following dates are important if you want to participate in the CfP

Abstract submission: no later than 15 June 2009
Full paper submission: no later than 1st August 2009
Notification date: mid/end of August


Submission guideline:
-

Authors should submit a paper in English up to 5.000 words, using a
non-proprietary and open electronic format. The program committee will
review all papers and the author of each paper will be notified of the
result, by electronic means. Abstract is up to 400 words. Submissions
must be sent using the following interface: http://2009.hack.lu/papers/

Submissions should also include the following:
1. Presenter, and geographical location (country of origin/passport)and
contact info.
2. Employer and/or affiliations.
3. Brief biography, list of publications or papers.
4. Any significant presentation and/or educational experience/background.
5. Reason why this material is innovative or significant or an important
tutorial.
6. Optionally, any samples of prepared material or outlines ready.
7. Information about if yes or no the submission has already been
presented and where.

The information will be used only for the sole purpose of the hack.lu
convention including the information on the public website. If you want
to remain anonymous, you have the right to use a nickname.


Speakers' Privileges:
-

- Accommodation will be provided (3 nights).
- Travel expenses will be covered up to a max amount.
- Conference speakers night.


Publication and rights:
---

Authors keep the full rights on their publication/papers but give an
unrestricted right to redistribute their papers for the hack.lu
convention and its related electronic/paper publication.


Sponsoring:
---

If you want to support the initiative and gain visibility by sponsoring,
please contact us by writing an e-mail to info(AT)hack.lu


Web site and wiki:
--

http://2009.hack.lu/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Reality Behind LSNN/Fake Reports/Lamer Buster] Who Actually this person is ?

[Meta Info]

Hi all

It has been noticed for the excessive criticism of security
professionals over the
lists have really shattered the things. I am having a contacts with
the security lists
person who are undertaking the functioning. With the use of these fake
ids it has been
noticed some person is try to disrupt the functioning by discrediting
other. some what
for his satisfaction. The mails clearly reflect the frustration of
this poor professional.

The lists are having an eye over this person for long time since he
had started this. Now
its time to look into reality. We were waiting that this person should
stop this but some
what the person is ruled out of his professional ethics.

Due to this many professionals are leaving FD lists. We have even
contacted with the
server owner where his website is served. Changing id's dont hide this person
identity. I have received many mails clarifying the act of this person.

It has been this person is from some what a group called Metaeye and the owner
is warl0ck somewhat name like Pranay Kanwar. We have full records of
this because
we are scrutinizing this person for long.

This person chnages Id's and views with a response from list and try
to pick the
news from other lists like Bugtraq and Websecutity where he cant do the things
because of moderation.

Serious actions will be undertaken if he is not going to stop. Web
owner of his website
will be contacted very soon. This action has been undertaken after so many
complaints from number of professionals.

A warning has been issued to this  person  right now for not creating
chaos on lists.
Your complaints are getting high day by day.

Rest just be easy on lists. It is as good as it is. Some time issues occur.

Keep an eye.

Regards
John
Information_Sec

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] hack.lu 2007 18-20 October, Luxembourg

[info]

Dear Information Security Freaks,

This is to announce that the line-up of the speakers and their subjects
is finally up in a draft version on hack.lu 2007 (http://www.hack.lu/).

Have a look and register as space is limited and prices go up progressively.

We managed again to have speakers from all over the world
coming to Luxembourg, the small country in Europe. There is a large
diversity of interesting topics covered during the three days of this
intimate security conference.

This year we will also have a Capture The Flag contest organized by the
Kenshoto group running from the beginning of the conference.  If you
want to test your skills, it's now or never.

There is also a Hack/Barcamp on the first day where we can have
a participatory workshop-event in an open atmosphere with no
limits or boundaries on the information security aspects.

We really hope to see you there.

Your hack.lu team

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Urgent] JWIG Material is Removed or Refrain From Websites

[Meta Info]

Hi

As I have been watching some talk regarding JWIG issue.
So try to look at the JWIG stuff. But I have found the material
has been removed from the servers.

Is there any body else facing such a problem  not getting the
JWIG material. Forbidden Errors are being shown on servers.


http://www.jwig.org/
http://www.brics.dk/JWIG/intro.html
http://www.brics.dk/JWIG/demo.html

I really want to look at it. Can anybody provide me that. I will be
highly grateful.

Is that the effect of the released advisory or the heated discussion.

Thanks.

John
Information_Sec
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Hack.lu 2006

[info]

Hello all,

It's time again - the second edition of Hack.lu is approaching fast,
with a very promising speakers' lineup, and lots of fun in perspective.

This year's event will be held during 3 days, with the first day
dedicated to several deep knowledge sessions.

Thanks to our generous sponsors, there is now a fixed fee for the 3 days
entrance, no more early bird, no nothing - as the number of seats is
limited, be sure to register early nevertheless. And the catering for
lunches is included in the entrance fee.

Hack.lu 06

Hack.lu is an open convention /conference where people can discuss about
computer security, privacy, information technology and its
cultural/technical implication on society.
The aim of the convention is to make a bridge of the various actors in
the computer security world.
The convention will be held in the Grand-Duchy of Luxembourg in October
2006 (19-21.10.2006).

Scope

Topics of interest include, but are not limited to:
. Software Engineering
. Honeypots/Honeynets
. Electronic/Digital Privacy
. Wireless Network and Security
. Attacks on Information Systems and/or Digital Information Storage
. Electronic Voting
. Free Software and Security
. Assessment of Computer, Electronic Devices and Information Systems
. Standards for Information Security
. Legal and Social Aspect of Information Security
. Software Engineering and Security
. Malware and malicious software
. New security vulnerabilities in Computer Science
. Network security!

Draft Agenda

Thursday  19.10.2006

This day will be filled with so called deep knowledge/hands-on talks.
These talks will cover 2-4 hours and often attendees are requested to
bring their own laptop to be able to follow the course.

The deep knowledge/hands-on talks will be splitted in three tracks (3
rooms with capacity of approx. 150 persons). There will be no
pre-registration for the rooms but the principle of first come, first
serve will be applied.

Here a draft list of the talks we already have:
. Tactical VoIP: VoIPhreaking Intensive by The Gruqq
. Writing Metasploit plugins - from vulnerability to exploit by
Saumil Shah
. 802.11 security Tips and Tricks by Phillippe Teuwen and Cedric
  Blancher
. Using Computer Forensics at the police by FCCU (Federal Computer
Crime Unit of Belgium)
. OpenBGP by Henning Brauer


   More to come please check regularly
   http://www.hack.lu/index.php/Workshops

Friday and Saturday 20/21.10.2006

These two days will be the lecture days with lecture slots of 45 mins.
Please find hereafter a draft Agenda of these two days.

|Friday 20.10.2006|Saturday 21.10.21006 |
|9:00 |Opening Speech |9:00 |Software Engineering   |
| |Renaud Deraison:   | |Security   |
| |   | |Wietse Venema  |
|9:50 |Towards an Invisible   |9:50 |Security in Grid Computing |
| |Honeypot Monitoring System | |Lisa Thalheim  |
| |Nguyen Anh Quynh   | |   |
|10:40|Refreshment Break  |10:40|Refreshment Break  |
|11:00|An empirical analysis of   |11:00|Secure networking  |
| |malware| |Hannes Mehnert, Andreas|
| |Oliver Schmid  | |Bogk   |
|11:50|Sensible defence   |11:50|WiFi Advanced Stealth  |
| |Koen Maris | |Laurent Butti & Franck |
| |   | |Veysset|
|12:40|Lunch Break|12:40|Lunch Break|
|14:00|Bluetooth Hacking revisited|14:00|Exploiting hidden services |
| |   | |to setup anonymous |
| |Thierry Zoller & Kevin | |communication  |
| |Finistere  | |infrastructure |
| |   | |Fabio Pietrosanti  |
|14:50|Triple Play; Triple|14:50|Data Broadcasting by Misuse|
| |threats ? - IPTV Security  | |of Satellite ISPs  |
| |Yen-Ming Chen  | |Andre Adelsbach|
|15:40|Refreshment Break  |15:40|Refreshment Break  |
|16:00|IPv6 Security and  |16:00|How to find anything   |
| |insecurity | |underneath the commercial  |
| |Van Hauser | |web: Powersearching without|
| |   | |google |
| |   | |Fravia |
|16:50|Smashing Heap by Free  |16:50|Not announced yet  |
| |Simulation | |   |
| |Sandip Chaudhari   | |   |
|17:40|Closing of the first   |17:40|Closing of the conference  |
| |lecture day.   | |with Annou

Re: [Full-disclosure] n3td3v bashers on FD

[Rob Connon (Info)]

Who is this n3td3v? Only posts i find from him is just words like "we
the rulez group" "we are the best" "you all are stupid" "internet is
ours" or similar.

 

If this has been posted before please do forgive me, i found this while 
looking around for amusing background info

to pass my slowly moving friday afternoon..


www.n3td3v.com

This should provide some background for people interesting in this 
internet phenomena.


/rjc


smime.p7s
Description: S/MIME Cryptographic Signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] hack.lu 2006

[info]

As several potential speakers for the hack.lu 2006 conference have asked
for more time to submit their paper, the conference committee has
decided to extend the deadline to the 15th of June.

As a bonus, the registration is now open, be sure to register early to
benefit from the early bird rates !

The details for the Call for Papers are as follows:

 Call for Papers hack.lu 2006

The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new technologies
in society. hack.lu is a balanced mix convention where technical and
non-technical people can meet each others and share freely all kind of
information.

The convention will be held in the Grand-Duchy of Luxembourg in October
2006 (19-21.10.2006).

Scope

Topics of interest include, but are not limited to :

* Software Engineering
* Honeypots/Honeynets
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Electronic Voting
* Free Software and Security
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Malware and malicious software
* New security vulnerabilities in Computer Science
* Network security!


Deadlines

As requested by some people, we extended the date for abstract
submission to the 1st July and full paper to the 1st August in order to
be equitable with all the people taking part in the CfP.


Abstract submission : 1 May 2006 (extended to 15th June)

Full paper submission : 15 June 2006 (extended to 15th July)

Notification date : around end of July beginning of August

Submission guideline

Authors should submit a paper in English up to 5.000 words, using a
non-proprietary and open electronic format. The program committee will
review all papers and the author of each paper will be notified of the
result, by electronic means. Abstract is up to 400 words. Submissions
must be sent to : hack2006-paper(AT)hack.lu

Submissions should also include the following:

   1. Presenter, and geographical location (country of
origin/passport)and contact info.
   2. Employer and/or affiliations.
   3. Brief biography, list of publications or papers.
   4. Any significant presentation and/or educational experience/background.
   5. Reason why this material is innovative or significant or an
important tutorial.
   6. Optionally, any samples of prepared material or outlines ready.

The information will be used only for the sole purpose of the hack.lu
convention including the information on the public website. If you want
to remain anonymous, you have the right to use a nickname.

Program Committee

http://2006.hack.lu/index.php/ProgramCommittee

Publication and rights

Authors keep the full rights on their publication/papers but give an
unrestricted right to redistribute their papers for the hack.lu
convention and its related electronic/paper publication.

Sponsoring

If you want to support the initiative and gain visibility by sponsoring,
please contact us by writing an e-mail to supportus(AT)hack.lu

Web site and wiki

http://www.hack.lu/ - Edition 2005 : http://2005.hack.lu/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] A large list of sites vulnerable to cross site scripting bugs.

[Info]

Here are some of the companies/agencies in our new 
list of sites affected by cross site scripting bugs. 
 
Federal Reserve Bank of New York, CompUSA, SBC, 
EPA, ABC News, BlockBuster, BizRate, CNET, Geico Insurance, Oracle, Cingular, 
Kmart, nVidia, Chaintech, TigerDirect, US Dept. of Treasury
 
Our list of companies/agencies with XSS 
bugs is located at http://pointblanksecurity.com/xss/xss2.php with 
more details. 
Clicking on the company/agency links will 
demonstrate the XSS bug.
 
 
Our older cross site scripting black list from 
March 2002 is located here http://pointblanksecurity.com/xss/.
 
 
Enjoy,
People @ pointblanksecurity
 
 
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/