Next Page >>
tracks
Once everything is ready to go, please email your submission to cfp
[at] layerone [dot] info no later than March 15, 2008. You will
receive notice no later than April 1, 2008 to let you know if your
talk has been accepted.
As we have a single presentation track, please bear in mind that
speaking slots are limited to one hour. While presenters typically
divide the hour into separate presentation and Q&A sessions, you may
structure your time however you see fit. If you think your
presentation will run longer, or have any special requirements, please
include this information in your submission and we will do our best to
8. *Technical Description / Proof of Concept Code*
VLC media player has support for the XML-based XSPF playlist format [1].
Every track in an XSPF playlist has a number of attributes, such as
'identifier, location, title and duration'. The 'identifier' attribute
is a numeric value that indicates the position of the track in the
tracklist. Here's a sample playlist in XSPF format:
/-----------
nullcon Goa 2010 is our First effort towards organizing an
International Hack Fest
and is totally a community driven effort by the members of null community.
TRACKS
_______
The conference will run on the following two serial tracks:
1) Gurukul Track – 1 hr sessions
2) Turbo Track – 10/15/20 min sessions
We are most interested in new presentations, but updates on existing work are also welcome. We also are interested in presentations from new faces, therefore, we invite any individual who has not spoken at a conference before to submit a talk and attempt to make ShmooCon their inaugural event.
--== CONFERENCE FORMAT ==--
ShmooCon has four tracks to accommodate a variety of speaking styles and topics.
ONE TRACK MIND - Technical tales in twenty minutes or less
BREAK IT - Technology exploitation
BUILD IT - Creating inventive software and hardware
BRING IT ON - Open discussion of technology and security topics
Speaker: Jayson Street, CISSP (Stratagem One)
Keynote: "Dispelling the myths and discussing the facts of global
cyber-warfare"
Language: English
Track: Information warfare
Speaker: Stephen Ridley (Matasano)
Speech: "Intro to Windows Kernel Security Development"
Language: English
=========================
Conference Format
=========================
ShmooCon VI has 4 tracks to accommodate a variety of speaking styles
and topics.
One Track Mind - Technical Tales in Twenty Minutes or Less
Break It! - Technology Exploitation
About QuahogCon
QuahogCon is a new regional conference for the hacker culture in all forms. Hardware, Software, Security, Social, Eco Hacking, Zero Impact Living. Like most hacker cons, it will run Friday to Sunday. We'll have two tracks: one for InfoSec topics and the other track will be a mix of all the other topics with a bit of an emphasis on hardware hacking and DIY electronics. Besides our perennial InfoSec favorites, we want to hear from some new voices on a wider range of topics. If it's a good hack, we want to hear what you're doing.
QuahogCon will be held April 23rd-25th, 2010 at Hotel Providence in Providence, RI
Call for Papers Opens today!
Come one, come all! Screw up your courage and get up to talk in front of a room full of folks at QuahogCon! We're a new conference in Providence, RI, looking to give you a place in the Northeast to present your ideas on Information Security and Maker Culture. We're here to encourage the hacker ethic in all its forms.
++++++++++++++++++++++++++++++++++++++++
+ Conference Format
++++++++++++++++++++++++++++++++++++++++
ShmooCon 2009 has 4 tracks to accommodate a variety of speaking styles
and topics.
• One Track Mind - Technical Tales in Twenty Minutes or Less
• Break It! - Technology Exploitation
• Build It! - Inventive Software & Hardware Solutions
• Bring It On! - Open Discussion of Technology & Security Topics
The event will be combined with tutorial sessions and workshops.
Tutorials will precede the main program, aiming at the dissemination of
mature knowledge and technology advances in the field. Two or more
Workshops will immediately follow the main conference, offering the
opportunity for a more focused exchange of ideas and presentation of on-
going research relevant to following tracks (More information and the
full call-for-papers can be found on the conference web):
Track 1 : Mobility & Wireless networks
---------------------------------------
- Beyond 3G, 4G, LTE, and WiMAX Networks
The event will be combined with tutorial sessions and workshops.
Tutorials will precede the main program, aiming at the dissemination of
mature knowledge and technology advances in the field. Two or more
Workshops will immediately follow the main conference, offering the
opportunity for a more focused exchange of ideas and presentation of on-
going research relevant to following tracks (More information and the
full call-for-papers can be found on the conference web):
Track 1 : Mobility & Wireless networks
---------------------------------------
- Beyond 3G, 4G, LTE, and WiMAX Networks
===================
Conference Format
===================
ShmooCon 2008 has 4 options for speaker submission.
+One Track Mind - Technical Tales in Twenty Minutes or Less Break It!
- Technology Exploitation
+Build It! - Inventive Software & Hardware Solutions
+Bring It On! - Open Discussion of Technology & Security Topics
Topics for One Track Mind may include, but are not limited to:
Tom Wingfield and/or Mike Schmitt - Manual of International Law Applicable for Cyber Conflict
Major General Jonathan Shaw, UK MoD - Cyber Force From a Nation State Perspective
Charl van der Walt, Sensepost - TBD
Amit Yoran, NetWitness - The Failure of Cyber Forces
ICCC is divided into two tracks:
The Concepts, Strategy and Law track addresses the human component of Cyber Forces. This includes talks and discussion on how to best identify, recruit, train and retain the right people, and how to best organize their contribution to national security. The track will address both traditional state-centric concepts, such as specialized units in the active duty military, and more volunteer-based approaches, such as the Estonian Cyber Defence League and cyber security expertise in the reserve forces.
The Technical Challenges & Solutions track includes a significant number of world-renowned experts. Presentations will cover topics ranging from “next-generation” intrusion detection to covert channels, Advanced Persistent Threats, and a tutorial on VoIP exploitation. The cutting-edge nature of these talks will help security professionals to understand not only the current dangers in cyberspace, but also many cyber security challenges of the future.
Technical Track attendees will ideally have a solid computer science or information security background, in order to facilitate both an understanding of the material presented and to take part in subsequent discussion.
It's the time of the year when we welcome research done by the
community as paper submissions for nullcon.
So, sip your coffee, dust your debuggers, fire your tools, challenge
your grey cells and shoot us an email.
Tracks:
---------------
- Bakkar: 1 Hr Talks
- Tez: 5-30 min Talks
- Karyashala: 2-4 Hrs Workshop
- Desi Jugaad (Local Hack): 1 Hr
It's the time of the year when we welcome research done by the
community as paper submissions for nullcon.
So, sip your coffee, dust your debuggers, fire your tools, challenge
your grey cells and shoot us an email.
Tracks:
---------------
- Bakkar: 1 Hr Talks
- Tez: 5-30 min Talks
- Karyashala: 2-4 Hrs Workshop
- Desi Jugaad (Local Hack): 1 Hr
"Troopers 08 - get skilled or get owned" is a new two-day conference that brings together some of the brightest minds of the international infosec community. The event will be held on 23rd and 24th april 2008 in Munich/Germany. Keynotes will be given by Dan Bernstein and Christofer Hoff.
There will be two tracks, a kind-of-classical one that we call the "Attack Track" (covering cutting-edge hacktechniques and security discussions) and another one we call the "Defend Track" which mainly addresses ISOs from large organizations and their specific needs and concerns. Additionally a series of (20-30 minute) "Late Night" talks will be held in the evening of april 22nd for those who arrive early and can't wait to get technical input.
This call for papers addresses security researchers interested in sharing their knowledge with other researchers and a high level audience. We would like to invite everyone with special knowledge in breaking security in whatever area or practical experience in securing complex information systems to present their skills.
Speaker Privileges
==================
We will cover the flight costs (limited to EUR 500 for speakers from Europe and US$ 1500 for speakers from other continents) and two nights of accomodation. For sole "late night speakers" no expenses will be covered (but speaker experience will be gained ;-).
Information
--------------------
Name : XSS vulnerability in Tracks
Software : Tracks 1.7.2.
Vendor Hompeage : http://getontracks.org/
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-003
exceptions: IE7 and IE8 in Windows Vista when Protected Mode is ON. In
spite of that MSRC does not include IE8 in list of affected components
because it is still a beta product.
. 2009-01-08:
Core asks MSRC if it is still on track to release patches on February
10th, 2009.
. 2009-01-09:
MSRC responds that the out-of-band fix released in December [6] took a
lot of the resources that were assigned to February's release schedule
First round of CFP submission is July 30th, 2009.
Send your interest and submissions to cfp@securitybyte.org
For any Speaking query, please contact us at speakers@securitybyte.org
We are seeking submissions for both Two days Conference Track & Post conference two days Training workshops in the following areas:
Conference Tracks (17 – 18 Nov, 2009)
You can submit your response for any the following three conference tracks
* CT 1 - Application, Database & Web Security
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability
Version Affected: 3.2.4 (newest)
Info: The Google Analytics for WordPress plugin automatically tracks and
segments all outbound links from within posts, comment author links, links
within comments, blogroll links and downloads. It also allows you to track
AdSense clicks, add extra search engines, track image search queries and it
will even work together with Urchin.
Hi,
We would like to invite you to the European OWASP Application Security
Conference! After successful OWASP Conferences in the United States (San
Jose), Europe (Milan), Asia (Taiwan) and Australia (Queensland), we are back
in Belgium: 5 tutorials and 2 conference tracks in the historic center of
Ghent on May 19-22 2008!
More details and registration on http://www.owasp.org/index.php/AppSecEU08
The conference is stuffed with top notch presentations from industry
anyone who has a paper to present to submit for inclusion in the
conference.
Conference Format
InfoSec Southwest currently has two tracks slated for presentation. The
first track is intended for traditional, full-length presentations and
lectures. This is the track where lectures selected via the CFP process
will be presented. The second track is modeled after our local AHA!
(Austin Hackers Association) group's monthly meetings and is an open
forum for first-come, first-served lighting and turbo talks.
their renowned, recently DoD Directive 8570-accepted Certified Ethical
Hacker (CEH) version 7, the Certified Security Analyst (ECSA), as well
as the Computer Hacking Forensic Investigator (CHFI) program.
Following the pre-event training is a two-day conference featuring
three tracks -- "No Holds Barred," on day one (May 18), and two
parallel tracks, "Attack Zone" and "Defense Sector," on day two (May
19).
The "No Holds Barred" track will kick things off, and include:
solutions to the current situation.
CONTENT
> Research Track:
We are expecting submissions in english or french, english preferred.
The format will be 45 mn presentation + 10mn Q&A.
For the research track, preference will be given for offensive,
innovative and highly technical proposals covering (but not
students,
academics or otherwise passionate people from anywhere on the
internet are
therefore most welcome.
We will also have an anonymous side track so that people who wish to
present sensitive
subjects can do so in total freedom. As we believe the academic
system as setup a good
precedent with anonymous submissions, review and voting, we wish to
pursue this direction
Farmer John in North Dakota uses his machine once a week to read news, send family
email, nothing more. He installed Microsoft's Malicious Removal Tool. Farmer John's
machine becomes infected at some point and sends Microsoft information about the
compromise: "I'm Farmer John's machine coming from X_IP_Address".
A correlation is done with this information and then supposedly used to track where the
botnet's originating IP address is from. From the article: "Analysis by Microsoft's
software allowed investigators to identify which IP address was being used to operate the
botnet, Gaudreau said. And that cracked the case." This is not difficult, detect a DST
(destination) for malware sent from Farmer John's machine. Simple, good guys win,
everyone is happy.
This is a reminder that the Call for Papers for Asia's largest network
security event, HITBSecConf2010 - Malaysia is closing on the 9th of August!
This will be a QUAD TRACK conference featuring 2 dedicated tracks
focusing on cutting edge attack and defense techniques, a track with
dedicated hands-on lab sessions and a brand new lightning talk segment!
HITB CFP: http://cfp.hackinthebox.org/
===
exchange. The December release is likely to be move to the first week of
January 2008.
. *2007-10-29*: Core confirms that the December target was communicated
on October 19th, 2007.
. *2007-11-26*: Core requests an status update, asking if the vendor is
still on track to release fixes in December 2007 and on which specific date.
. *2007-11-26*: Vendor communicates that normally the release would be on
December 27th, 2007 but since that date is in the middle of most people's
holiday the release will be postponed to January. A specific date has not
been set.
. *2008-01-07*: Core requests and status update since there has been no
. 2009-08-31:
Microsoft replies agreeing that the reported bug is a variant of one
previously reported by Core that was fixed in June 2009. Microsof
indicates that all the solutions attempted so far did not prove
effective and that it currently does not have an update to track towards
a fix time. Asks if Core is still on track to disclose it in September
2009.
. 2009-09-03:
Core tells Microsoft that it moved the publication date to October 13
> machine becomes infected at some point and sends Microsoft information
> about the
> compromise: "I'm Farmer John's machine coming from X_IP_Address".
>
> A correlation is done with this information and then supposedly used to
> track where the
> botnet's originating IP address is from. From the article: "Analysis by
> Microsoft's
> software allowed investigators to identify which IP address was being
> used to operate the
> botnet, Gaudreau said. And that cracked the case." This is not
Application: Live for Speed
http://www.lfs.net
Versions: <= 0.5X10
Platforms: Windows
Bugs: A] nickname buffer-overflow
B] partial track buffer-overflow
C] NULL pointer access in internet/hidden S1/S2 servers
D] memcpy() NULL pointer in internet/hidden S1/S2 servers
Exploitation: remote, versus server
A] demo/S1/S2 in-game
B] demo/S1/S2 in-game
Next Page>>
|
