Capital Area BSD Users Group

This month, we’re not having a meeting. We’re just going to meet at Nottingham’s in Columbia for Beer and BSD (stolen from PhxBUG) at 6:30 PM EDT (22:30 UTC).

Nottingham’s Address:
8850 Stanford Blvd, Suite 1100
Columbia, MD 21045

See you there!

Filed under: Events, News | No Comments »

Our May CapBUG meeting will be May 29 at 6:30 PM (22:30 UTC).

This month, we’ll have Marcus Ranum give his talk on dumb ideas in computer security. From his website:

“Let me introduce you to the six dumbest ideas in computer security. What are they? They’re the anti-good ideas. They’re the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying ‘trying to ignore reality.’ Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don’t fully understand the situation, but other times it’s just a bunch of savvy entrepreneurs with a well-marketed piece of junk they’re selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.”

This meeting will also be broadcast as part of MetaBUG.

We will again hold this month’s meeting at Raba in Columbia, MD.

Filed under: Events, News | No Comments »

Fresh off his interview with Will Backman on bsdtalk, Jason will be giving a talk and demonstration on PF, CARP and pfsync. The demonstration will include using two Soekris embedded devices with OpenBSD configured as a redundant carp pair. Though highly dramatic, I doubt Jason will use the infamous “axe” technique to show failover. I guess it depends on how much caffeine he had that day.

Due to the availability of equipment, we will hold this month’s meeting at Raba in Columbia, MD at 6:30 PM EDT. We will again broadcast this talk as part of MetaBUG.

As always, we’ll get together for food and drinks afterwards.

Filed under: Events, News | 1 Comment »

John Ferrell wrote in to say:

For the past several years Tux.org, an umbrella organization supporting the efforts of users groups and developers, has had a booth at FOSE (Federal Office Systems Expo). Tux.org’s goal at FOSE is to help promote the use of Linux and other open source software in government. This year CapBUG was invited to help out at the TUX.org booth and I was able to represent CapBUG.

In addition to all the Linux related materials on display at the booth we had two BSD related posters on display: an OpenBSD poster and an OpenSSH poster. For swag we had the current issue of Linux Journal and CDs including Fedora Core 6, Ubuntu and FreeSBIE, the live CD based on FreeBSD 6.2. Unfortunately I did not make enough of the FreeSBIE CDs; we ran out of them on Wednesday. I think the BSD posters caught other BSD folk’s attention. Several people came up to the booth to say they were BSD users. There was at least one company at FOSE that was using FreeBSD in the products. They had built a rugged wireless access point to be used with satellite communications using a Soekris single board computer and FreeBSD. It was good to hear that people are using BSD.

Hopefully CapBUG will be invited to help out again next year. If so, we can start planning early on how best to represent CapBUG and the BSDs at FOSE. There is definitely an interest in open source software, and I think we could do a lot to help promote the use of BSD.

Filed under: News | No Comments »

This month’s meeting was at SPARTA’s office in Columbia and had 13 attendees.

Matt Fisher presented his talk entitled “Mistakes to Lure Hackers: Vulnerability 2.0″. Matt introduced the audience to modern web application vulnerabilities including cross-site scripting, SQL injection and even “blind” SQL injection.

Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we’ll examine some of the factors going into the “new web” that makes them so vulnerable to script attacks.

Jason’s comment: “I personally saw this talk in NYC and am very grateful Matt was able to present it again for our group. This was the first MetaBUG video recording/streaming, and the quality suffers a bit. We have learned quite a bit from just our first session and expect that future presentations will be much improved in both video and audio quality.”

As part of MetaBUG, Matt’s talk is available an an MP4 download (95 MB) or via Google Video.

Thank you to Matt for donating his time to share his presentation with our BUG. Thank you to Jason for providing the live video and archive video for the meeting. We’ll be planning next month’s meeting soon, so stay tuned.

Filed under: Meetings | No Comments »

After starting the Capital Area BSD Users Group, founders Jason Dixon and I realized that other BUGs could benefit from the pooled resource and information sharing of user groups world-wide. They discussed their ideas with Darren Spruell and Darrin Chandler of the Phoenix BUG, and the MetaBUG began to take shape.
Read more »

Filed under: News | No Comments »

Matt Fisher will be presenting his talk entitled Mistakes to Lure Hackers: Vulnerability 2.0 at this month’s CapBUG meeting. Matt is a Senior Security Engineer at SPI Dynamics and shares leadership of the Washington DC OWASP chapter.

Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we’ll examine some of the factors going into the “new web” that makes them so vulnerable to script attacks.

I was in NYC for his talk at LinuxWorld Open Solutions Summit. Although the talk is not BSD-specific, it is very informative and should be of particular interest to BSD Systems Administrators who pride themselves on high security. Matt is a very engaging speaker and highly experienced with his subject matter. This will be the first presentation to be streamed live via the MetaBUG, but if you’re in the DC area, you’ll still want to come out and see it live! The meeting location is at SPARTA in Columbia, MD.

Directions to SPARTA

Filed under: Events, News | No Comments »

This month’s meeting was at SPARTA’s office in Columbia. There were 16 attendees this time so Columbia may be a more popular meeting place for us. For this meeting, we had Jason Dixon giving the main presentation on Secure Mail Servers with BSD. Afterwards, Patrick Thomasson gave a short talk about Pure-FTPd.

Jason opened the meeting by announcing the creation of MetaBUG: a Global BSD User Groups organization founded to promote local BSD user groups by helping to share ideas and experiences with other BUG organizations, in addition to possible collaboration and “virtual attendance” from anywhere in the world.

His presentation, Secure Mail Servers with BSD, covered mail delivery using Postfix, a drop-in sendmail replacement, configured for virtual mailboxes and domains, greylisting using OpenBSD’s spamd, and content filtering with amavisd-new (ClamAV, SpamAssassin and Vipul’s Razor). Mail retrieval duties focused on the Courier-IMAP service and RoundCube webmail. Presentation slides: HTML, PDF and zipped Keynote.
Read more »

Filed under: Meetings | No Comments »

Our monthly CapBUG meeting takes place next week, February 27, 6:30pm at SPARTA in Columbia, MD. Jason Dixon will be doing a presentation on recommended technologies in a modern *BSD-based mailserver. The proposed setup includes Postfix, Cyrus-SASL, SSL/TLS, virtual user accounts, PostfixAdmin, OpenBSD spamd, Amavisd-new, SpamAssassin, Razor2, Courier-IMAP, and Courier authdaemond. Other technologies such as FuzzyOcrPlugin, RoundCube Webmail and server-side filtering with Courier maildrop will be touched on as well.

We’re asking for volunteers to do a short demo of their favorite *BSD-related hardware or software product. Nothing formal is required, just a basic understanding of the item(s) and a willingness to be embarrassed in front of your peers. If it’s really good, I might even buy the winner a free Guinness afterwards.

Directions to SPARTA

Filed under: Events, News | No Comments »

We changed our name from Maryland BSD Users Group to Capital Area BSD Users Group. To inaugurate our new identity, we’ve come up with a new site design. Please vote on the new design in our Poll.

Filed under: News | 1 Comment »