l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
October 7: Social gathering
Next Installfest:
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2010 Jun 04 08:29

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Fwd: SVLUG June 2nd meeting: Hijacking Web 2.0 Sites withSSLstrip and Slowloris]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Fwd: SVLUG June 2nd meeting: Hijacking Web 2.0 Sites withSSLstrip and Slowloris]

----- Forwarded message from Rick Moen <rick@linuxmafia.com> -----

Date: Wed, 2 Jun 2010 00:48:16 -0700
From: Rick Moen <rick@linuxmafia.com>
Subject: [svlug-announce] SVLUG June 2nd meeting: Hijacking Web 2.0 Sites
	with SSLstrip and	Slowloris
To: svlug-announce@lists.svlug.org

(This only feels like a Tuesday, on account of the holiday weekend.)


  Wednesday, June 2nd, 2010


    Hijacking Web 2.0 Sites with SSLstrip and Slowloris

    Sam Bowne 

    Many Web sites mix secure and insecure content on the same page,
    as does Facebook.  This makes it possible to steal all the data
    entered on such a page easily, using Moxie Marlinspike's SSLstrip
    tool.  Sam will explain and demonstrate this attack.

    Slowloris is a very new layer-7 denial-of-service attack created by
    RSnake that stops Apache Web servers completely, with very low
    bandwidth -- one packet every 2 seconds.  The Apache developers were
    notified of this vulnerability, and decided it was unimportant and
    not worth patching.  Sam will explain and demonstrate this attack,
    and discuss various ways to protect your Apache HTTPd servers.

    Complete instructions, so that anyone can easily set up both these
    attacks on their own machines, will be discussed.

    Sam Bowne has been teaching computer networking and security classes
    at City College of San Francisco since 2000.  He has given talks at
    DEFCON and Toorcon on ethical hacking, and taught classes and
    seminars at many other schools and teaching conferences.

    He has a B.S. in Physics from Edinboro University of Pennsylvania
    and a Ph.D. in Physics from University of Illinois,
    Urbana-Champaign.  His industry certifications are:  Certified
    Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, 
    Security+, Certified Fiber Optic Technician.


  VCAFE Facility
  350 Ellis Street (near E. Middlefield Road)
  Mountain View, CA 94043

  Directions on how to get there are listed at:


  We've tried our very best for these directions to be accurate.
  If you have any improvements to make, please let SVLUG's volunteers know!
  webmaster at svlug.org


  If you just can't get enough, a smaller group usually goes to a local
  restaurant/diner after the meeting.  We'll announce the restaurant
  selection at the meeting.

We look forward to seeing you there!

svlug-announce mailing list

----- End forwarded message -----

Sent from my computer
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.