Calagator

Support Calagator on Patreon

Get Involved: Blog | Forum | Code
Something not right? File an issue

Change 26560

Time

Attribute with previous and current values

Change #26560

2014-03-13

19:42:21

create Calagator::Event 1250465836 OWASP Chapter Meeting Roll back

description	nil	→	<i>Kevin Dyer will be presenting: <br><b>High-Profile Password Database Breaches: A Tale of (Avoidable) Blunders</b></i> Over the last few years, password database breaches reported in mainstream press have increased in frequency and magnitude. There is a typical pattern and service providers, such as Adobe or Yahoo or Snapchat, fail on at least two fronts: first, network perimeters and databases are breached and then, improperly secured user data and passwords are exfiltrated and shared in cleartext. Even if the former can't be prevented, there are security best practices to mitigate the impact of the latter, which are (seemingly) ignored. In this talk, we'll discuss specific case studies and review the essential security best practices for storing sensitive user information. The goal is to show that in every case free, off-the-shelf tools are available, that would have mitigated the scope of the breach and (possibly) the onslaught of negative publicity. As one example, we'll build intuition for why using Scrypt (a memory-hard function) is superior to traditional cryptographic hash functions for storing passwords. <b>Kevin P. Dyer</b> is a PhD student at Portland State University. His research focuses on network security and building protocols resistant to traffic-analysis attacks and censorship. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science with Mathematics from Santa Clara University. <hr> The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland Meetings are free and open to the public.
end_time	nil	→	2014-04-02 19:30:00 -0700
id	nil	→	1250465836
start_time	nil	→	2014-04-02 18:00:00 -0700
title	nil	→	OWASP Chapter Meeting
url	nil	→	https://www.owasp.org/index.php/Portland
venue_details	nil	→	If you have trouble finding the room, call 503.389.3192 for assistance.
venue_id	nil	→	202391809

calagator.org 1.1.0