Friday, March 25, 2005

Now Watching Anime: Sadamitsu the Destroyer vol 1, Read or Die the TV Vol 2, Legend of Himiko Vol 1. They all pretty much kick ass. Himiko is older cell drawn anime from '99. None of that new digital shit ;) Good stuff, like 12 kingdoms story wise.

Now Watching Movies: Equilibrium, BoonDock Saints, King of the Hill s3vol1. I gotta say I'd been kinda wanting to see Equilibrium for a long time. Don't know why I waited so long now. That movie was pretty good. The Gun Kata, a fictious martial-art, was the sexiest thing I had seen in a long time. Volcano High has been released on domestic dvd now, so that means my Hong Kong bootleg just became worthless....

Events: Going to a 'con this year, if it effin' kills me!

http://www.freewebs.com/naka-kon/ Anime Con in Lawrence on the 17th of April. Free, all day Sunday. Anime, music, COSPLAY!!!! I am gathering my fellow Acolytes for the exodus now. Prepare your souls for the animated goodness!

http://www.mini-con.com/ Anime Con in Broken Arrow, OK. $10 at the door, $8 pre-reg. Artists Gallery and stuff. It is on the 9th of April. This one seems less likely for me to show up at, but I have an aunt that lives in Tulsa (I think) and a few other friends and relatives in the state, I will try to show up.

All above information via www.anime-cons.com


been screamin, cryin and moanin all week bout homework due tomorrow. Now I'm actually almost done. Go figure. Need to work on them stress management skillz. ;o It's wierd, but I think I'm starting to get the hang of takin care of myself. My normal mode is that of most computer nerds....Work or study, with 30 seconds or less delegated to care and feeding of the meat puppet.

Speaking of Computer nerds, went to a seminar yesterday. Told my job it was a "school function" and it WAS, dammit. ;) It got moved from the posted room, so I ended up waiting till 15 minutes before it was to start in the wrong place. Got back downstairs and nobody there. Wandered around for 5 minutes, wandered back in, and all of a sudden it was standing room only. Dean of my progam, a coupla instructors, and one classmate from the 2 year program I transferred out of were all the people I knew there. The rest of the room was filled with coders. UBERgeeks. ;) Man, I felt so overwhelmed by the knowledge in that room! Most of the stuff talked about during the presentation I only had a general knowledge of, all these guys and gals (yes, SEVERAL female geeks!) knew the stuff intimately. They were all also averaging 10+ years older than me, except for a coupla guys in the back. That made me feel slightly better. I tell you though, God is paying me back for not paying attention in my programming classes back in the 90's. Now that I need it, I don't have it. Screw it, I'm a hardware/management guy ;)

Anyhow, the presentation itself was very interesting. The hacking demonstration wasn't separate, but more along the lines of a powerpoint footnote. The speaker was interesting too, and the guy flew in on his own dime, which impressed me. He explained how current day hacking is less and less at the network level (getting harder and harder to do) and is now done at the web applications and software level...or a combination of software and hardware. Alot harder for "security professionals" to catch, cause this method bypasses common security procedures. I think I pissed him off cause I started having to work hard not to nod off near the end of his presentation. My excuse was I brought neither sugar nor caffeine to the presentation (was SUPPOSED to be provided) and so my eyes were starting to shut as he finished. Whatever you thought of me sir, it WAS a GREAT presentation. I learned alot. I learned that I have more to catch up on programming wise than I thought too. Some of the exploits he talked about were so simple and so commonplace it was scary. I also relearned that cookies are not your friend. Didn't win any of the free swag, which was disappointing, but I am gonna try to show up for these things more often....Here is the email I got about it, from my local AITP chapter:

http://www.wichitadevelopers.net/


March Meeting
Topic: Live Hacking Demo: Top Web App Attack Methods and How to Combat ThemSpeaker: Dennis Hurst, Senior Consulting Engineer, SPI DynamicsDate: March 24, 2005 3:00-5:00pm.

Web applications by nature are not static. Content is continually being altered and new features are added, in some instances on a very frequent basis. Each time the Web application is , a risk is imposed that the application will not be secure. Even the simplest of changes could produce a vulnerability that may pose a major threat to the assets of the company or, just as important, information about a company's customers.By taking advantage of the public access to a company through port 80 and 443 and using it to subvert your applications, hackers can gain easy access into your company's sensitive back-end data. Firewalls and IDS will not stop such attacks because hackers using the Web application layer are not seen as intruders.Watch and learn as top security experts from SPI Dynamics show you how to defend against attacks at the Web application layer with examples covering recent hacking methods such as SQL injection, cross-site scripting, parameter manipulation, session hijacking and LDAP injection.
Dennis Hurst is a senior security engineer for SPI Dynamics, the expert in web application security testing and assessment. In this role he is responsible for working with developers to educate them on the need for web application security and practical ways to protect web applications from hacking attacks.
With more than 15 years experience in the Information Systems/Application Development industry, he is an expert in system design, implementation and maintenance of complex multi-vendor, multi-platform computer applications and networks. He has extensive experience in planning developing and enhancing Internet systems as well as integrating Internet systems with legacy systems. For the past four years he has focused on developing tools to test and secure the HTTP protocol. He was the lead developer of SPI Dynamics’ flagship web application vulnerability assessment product, WebInspect™, during the initial years of the product’s development, and now works with other development organizations evangelizing the need to integrate security into the Software Development Lifecycle (SDLC).
Dennis is a Microsoft Certified Solution Developer (MSCD) and a Certified Novell Engineer (CNE) for version 3.x and 4.x. Furthermore, he has published articles and developed classes on the secure application development process. Dennis has spoken on the topic of secure coding practices at Software Development West 2004, Better Software 2004, WebSec 2003 and various user group chapter meetings. He has been published in asp.net PRO and on 15 Seconds http://www.15seconds.com/Issue/000612.htm.
Useful Links
MSDN Developers Centers
http://msdn.microsoft.com/developercenters
MSDN Webcasts
http://msdn.microsoft.com/training/webcasts
.Net Rocks!
http://www.franklins.net/dotnetrocks
SPI Dynamics
http://www.spidynamics.com
Location:
Friends UniversityBusiness & Tech. Building2100 W. University St.Wichita, KS 67213Ph: 316-295-5579Fx: 316-295-5130
(View Map)
(Campus Map)Building closest to Maple, between Seneca and Meridian
Date/Time:
March 24, 2005
3:00pm - 5:00pm
Food/Drink:
Snacks and drinks will be provided.Vending Machines Avail.
Prizes and Giveaways:
Microsoft has provided our user group with several giveaways. You must be in attendance to win.Ex: Visual Studio.Net, Wireless Keyboard, XBOX games, etc.

BAck to homework....

No comments: