Security

An Event Apart and Drupageddon

Business:

Leadership team officer elections are held twice a year (Dec. and Jun.). In December, Co-chair and Website Developer are up for election. Nominations are now open. You may nominate yourself or someone else (with their permission). See the charter (PDF)  for duties of the officers. Current officers—Co-chair , Mark Harmon, and Web Developer, Jonathan Santos—have not indicated if they will run again.

Report from An Event Apart in Orlando PLUS Drupalpocalypse

Mark Fischer will share his experience at An Event Apart in Orlando which he describes as a “design conference focused on the web” and “fan-bleeping-tastic!”
 
NOTE that the meeting is scheduled to run a little longer than usual to allow for time to share information and experience regarding the recent Drupal core vulnerability, a.k.a. Drupalpocalypse / Drupalgeddon.

UA NetID+

No announcements

Introduction of leadership team members: M. Hagdon, M. Harmon, J. Santos, L. LePere

Presentation – NetID+ from service provider point of view.
Gary Windham, systems architect at UITS.

NetID+ is 2 factor authentication: something you know and something you have. Currently optional. 700 people have subscribed so far. Will gain traction when app developers require it.

Tales from the Encryption: HIPS (11-Sept-2013)

Topic: Tales from the Encryption: HIPS (11-Sept-2013)

Date: Wednesday, Sept 11, 2013

Presenter: Donald Merson

Announcements:

Save the date and RSVP for the next Mobile Matters Symposium, October 21, 2013, in the SUMC Grand Ballroom.

Q & A

Q. With foreign keys - pointing to a row other than the actual row - how do you enforce referential integrity? If one of the rows gets deleted, the other one is just hanging out there . . .

Tales from the Encryption: HIPS

When an intruder goes looking for data, a field of obvious nonsense values is a big clue that that's the data to try to decrypt. Hide-In-Plain-Sight (HIPS) is a new method of encryption that encrypts data in a way that looks normal. Authorized users will know which fields to apply the decryption key to, and unauthorized users will not. When you use HIPS, an intruder will need to first determine what data has been encoded before they can start decoding the sensitive information.

PHP and Security

So we've heard about SQL injection, 'XSS' and the like. But how does one of these vulnerabilities work, and what exactly are we supposed to do about them? Join us for an overview of "PHP and Security" where we will walk through two of the most common types of vulnerabilities, along with code examples of how to mitigate the risk.

Pages