A couple of us that work at NCSU and are into computer security have started a club for anyone else interested in that. The next meeting is Thursday, 9/13/07 in EB2 rm 1212 at 5:30p-6:30p. We're still changing the meeting format, but want to meet with others interested in computer security and discuss recent security incidents, have a presentation on some security topic and demo some security utilities. Here is the agenda for Thursday's meeting:

Current Events:
Sudden Decrease in Storm virus activity
Chinese hackers blamed for breach of Pentagon, German, US and French government networks
Data theft from monster.com
Hacking of web site using PHP file include vulnerability
and a few more

Topic: Analysis of Apache-PHP web server hack using PHP file include vulnerability
logs showing timeline of attack
details of file include vulnerability
files added and scripts run
c99shell PHP backdoor installed
spam email sent
corrective action taken


Security Tool Demos:
1) Dynamic Port Scanner
2) Using Cain to crack MySQL passwords
3) Using Cain to capture FTP dictionary attack

Computer Security Q & A
Bring your questions, incidents, packet captures, etc.


We will be analyzing real events that have occurred on the NCSU network and demonstrating a couple security utilities. We'd like to have meetings twice a month. Once on Thursdays and some other day tbd. Eventually, we will put a website at http://securityclub.ncsu.edu

All are welcome

9/12/2007 4:23:25 PM

[Edited on September 12, 2007 at 4:55 PM. Reason : thats a slick site]

9/12/2007 4:38:21 PM

awesome! too bad this wasn't around when me or whbeers were there

9/12/2007 4:46:15 PM

nice website. i like the minimalist design, very streamlined.

9/12/2007 4:51:49 PM

^ass

9/12/2007 4:53:53 PM

you 2 need to come back and visit anyway.

9/12/2007 4:55:31 PM

I might be interested in this.

9/12/2007 5:22:49 PM

most secure website ever

9/12/2007 5:51:21 PM

I thought it was a trick at first, like you had to hack you way in to the site...

9/12/2007 6:44:23 PM

tsgurgan knows his shit, take my word. Damn don't I wish this had existed when I was at state.

Hell- Are alumni allowed to become involved?

9/12/2007 8:19:31 PM

when you get ur site up, you should post this thread as the official forum

9/12/2007 9:30:37 PM

Yeah this is awesome. My favorite course by far at NCSU was Computer Security.

9/12/2007 9:57:32 PM

aka how to hack shit club

9/12/2007 10:51:07 PM

hah. my damn email is about to explode from all the forwards I get from Carter for CSC 405.

9/12/2007 11:02:51 PM

^See I had the goddess of CSC, Julie Starr. She was an awesome teacher and extremely nerd cute.

9/12/2007 11:22:09 PM

i had starr too. i really didn't get much out of that class though -shrug-

then again, i didn't get much out of nc state

9/12/2007 11:47:44 PM

Quote :

"then again, i didn't get much out of nc state"

+1

9/13/2007 1:02:33 AM

you know what this is just going to turn into don't you?

Key-Signing parties for unbathed geeks wearing berets.

9/13/2007 1:17:02 AM

my adviser wouldn't let me manually add 405

i'm going to come to the security club meeting tonight and ask dr. carter about a possible independent study for next semester. i work in computer security, but do not know nearly as much as i probably should.

9/13/2007 12:20:33 PM

Quote :

"^See I had the goddess of CSC, Julie Starr. She was an awesome teacher and extremely nerd cute."

i had her for 405 as well - a good friend of mine married one of her exes that used to live with her this past weekend - and damn the stories about her are funny as hell - she was an interesting character to say the least

9/13/2007 12:27:03 PM

^^ inorite. you can never know enough

9/13/2007 12:42:49 PM

Quote :

"dr carter"

wtf?!? sammie got a phd?

9/13/2007 5:46:34 PM

probably not, i just dont know how to address my superiors.

9/13/2007 7:28:24 PM

big turn out
me, tsgurgan, 2 guys that work for itecs, and 2 I didnt recognize.. could definitely use more 2 weeks from now

9/13/2007 7:41:27 PM

If I didn't leave work at 4:30 I'd probably come downstairs.

9/13/2007 7:52:13 PM

if sammie got a phd then i quit life - i'm fairly certain he never passed a single 333 test when i was in it with him - balik passed him somehow and i still have no earthly idea how that happened

i forget the TAs name but it was adam something - he used his laptop in class and used to broadcast his imap password and some other kid that wasn't me in the class grabbed it and logged in to see the grades of everyone - to this day i'm still amazed he passed the class

9/13/2007 8:18:14 PM

I would have been there but I had other stuff to take care of. I was there the past couple times though.

Damn 326.

9/13/2007 8:49:06 PM

^^ haha

9/13/2007 9:24:20 PM

I'll try to head out to the next one. It's a cool class, but I'm incompetent in my major so the majority of it is over my head

On a quasi-related side note, if they need $$$ they can apply for start-up funding from Student Government:
http://students.ncsu.edu/treasury/appropriations/

9/13/2007 9:55:50 PM

^^ true story i was there

9/13/2007 10:06:09 PM

The next meeting will be this week. The topic will be VoIP security. You can see the agenda on the website.

To answer the question about alumni involvement. I welcome it. We need input on real world computer security. Too many classes I've taken were totally conceptual computer security. One goal for the club is to discuss practical computer security problems and solutions. So alumni are welcome as well as non-computer science students.

9/24/2007 5:41:38 PM

check out the section "voip security"
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

9/24/2007 7:12:13 PM

Quote :

"some other kid that wasn't me"

mmm hmmm.

now, is that right?







hey, wait a minute...

your "COMPUTER SECURITY" TA was regularly broadcasting his IMAP password in plaintext?



holy shit




[Edited on September 24, 2007 at 7:16 PM. Reason : wait a minute!]

9/24/2007 7:13:58 PM

i might come downstairs, sit in, and see if i can learn anything

i won't have anything to contribute though

9/24/2007 7:28:15 PM