Information Security Conferences, Workshops, and Training Calendar
A Google Calendar tracking Information Security conferences, workshops, training, CFP deadlines, and related events. In subscribing to other similar calendars, I found many of them were local, regional, or were missing major conferences like BlackHat. In an effort to consolidate and fill in the gaps of these other calendars, I have created this one. Event suggestions welcome, please submit to dtrammell [at] dustintrammell [dot] com. There are also iCal and XML versions.
Contributions: Creation and ongoing maintenance.
Leetnet is a dynamic network of small networks connected securely via the Internet using the IPSEC protocol. Managed by a central web interface and database, all networks can establish secure IPSEC VPN connections despite such complications as dynamic IP addresses, different IPSEC implementations, large numbers of tunnels, multiple users, and overall complexity related to IPSEC VPN use. Leetnet also serves as a central registrar for private networks, guaranteeing network uniqueness and connectivity with other Leetnet networks.
Contributions: Assisted in initial design, feature selection, and alpha/beta testing.
OSVDB is an independent and open source database created by and for the information security community. Its goal is to provide accurate, detailed, current, and unbiased technical information.
Contributions: Vulnerability research in a “Data Mangler” role includes detailed analysis and documentation of vulnerabilities, using the OSVDB interface to provide the data in a format consistent with the existing database, and submitting vulnerability records for inclusion in the production database.
You may view my user profile and score here.
post-slack is a post-install system configuration and lock-down master script-set and supporting pre-packaged software designed to take a stock Slackware installation and customize, secure, and configure various aspects of the system in an automated fashion.
Security for Receptionists (A Question A Day)
365 or more comprehensive security related questsions appropriate for interviewing applicants for a receptionist position, or simply to keep your current receptionist staff sharp by asking them a question-a-day.
Sender Policy Framework
SPF (RFC-4408) fights email address forgery and makes it easier to identify spam, worms, and viruses. Domain owners first identify mail servers in DNS that are authorized to send messages from their domain. SMTP receivers of messages from a given domain then verify the envelope sender address against this information and can distinguish legitimate mail from forged mail before any message data (headers or email body) is accepted by the receiving mail server.
Contributions: Assisted in protocol version 1 syntax design, discussion in regards to barriers to implementation, technical caveats, security of the protocol, and other issues that arose on the discussion list.
spamhole is a “fake” open SMTP relay, intended to stop (some) spam by convincing spammers that it is delivering spam messages for them, when in fact it is not.