Leadership team officer elections are held twice a year (Dec. and Jun.). In December, Co-chair and Website Developer are up for election. Nominations are now open. You may nominate yourself or someone else (with their permission). See the charter (PDF) for duties of the officers. Current officers—Co-chair , Mark Harmon, and Web Developer, Jonathan Santos—have not indicated if they will run again.
Mark Fischer will share his experience at An Event Apart in Orlando which he describes as a “design conference focused on the web” and “fan-bleeping-tastic!”
NOTE that the meeting is scheduled to run a little longer than usual to allow for time to share information and experience regarding the recent Drupal core vulnerability, a.k.a. Drupalpocalypse / Drupalgeddon.
Introduction of leadership team members: M. Hagdon, M. Harmon, J. Santos, L. LePere
Presentation – NetID+ from service provider point of view.
Gary Windham, systems architect at UITS.
NetID+ is 2 factor authentication: something you know and something you have. Currently optional. 700 people have subscribed so far. Will gain traction when app developers require it.
Security and Spam Mitigation in Drupal-land - Margrit McIntosh
1. Let's start with spam.
You can't get spam if you don't allow anonymous users to create content or accounts on your site. However, in many cases, you DO want anon to make stuff:
Margrit McIntosh will present a few tidbits of information about security and spam in Drupal-land.
Please bring your experience, expertise, questions and despair, to add to the mix. Horrific, lurid hacked-website tales especially welcome. Feel free to anonymize in the mode of "mistakes were made."
Topic: Tales from the Encryption: HIPS (11-Sept-2013)
Date: Wednesday, Sept 11, 2013
Presenter: Donald Merson
Save the date and RSVP for the next Mobile Matters Symposium, October 21, 2013, in the SUMC Grand Ballroom.
Q & A
Q. With foreign keys - pointing to a row other than the actual row - how do you enforce referential integrity? If one of the rows gets deleted, the other one is just hanging out there . . .
When an intruder goes looking for data, a field of obvious nonsense values is a big clue that that's the data to try to decrypt. Hide-In-Plain-Sight (HIPS) is a new method of encryption that encrypts data in a way that looks normal. Authorized users will know which fields to apply the decryption key to, and unauthorized users will not. When you use HIPS, an intruder will need to first determine what data has been encoded before they can start decoding the sensitive information.
So we've heard about SQL injection, 'XSS' and the like. But how does one of these vulnerabilities work, and what exactly are we supposed to do about them? Join us for an overview of "PHP and Security" where we will walk through two of the most common types of vulnerabilities, along with code examples of how to mitigate the risk.