iSEC Open Security Forum

Yesterday was iSEC’s Open Security Forum. It is an informal and open venue to present and discuss security related research and tools. The last meeting was in October of 2007, and I believe they are aiming for quarterly meetings. There were four presentations, and here are my notes from them.

Rich Cannings – Cross Site Scripting and Common ActionScript Coding Practices

Seth David Schoen – Comcast P2P Traffic Analysis

Nate Lawson – Recent Attacks on SSL/TLS

Fred Bret-Mounet – ASP.NET Application Firewall

  • Homebrewed application firewall using ASP.NET’s pipeline model
  • 10-15% overhead

I really liked the variety of topics that were discussed. Between the four talks, I felt like there was something for everyone. iSEC did a great job hosting the event. The next meetup might have to be at a different venue though, as the meeting room was packed. But that’s a good thing right? Also, thanks to Peter Kim for providing his feedback and notes on the event.

Update: I only took a few pictures at the event, but they can be found here.

Comcast Year-End Report Card: D

Here are some points on why Comcast is doing so poorly these days.

  • Due to an undefined bandwidth cap, many users have been banned for a year.
  • Use of throttling on P2P traffic.
  • Increased monthly costs, yet no increase in bandwidth speeds.
  • Tech support is rude and not helpful.
  • They banned me without proper notice! I documented my experience here, here and here.

Update: I just noticed that their stock was recently at a 52 week low. Who would have guessed?