Security 2.0 in Cincinnati
Original post provide by Chris ShiflettI’ll be visiting Cincinnati briefly tomorrow (Thu, 21 Aug 2008) to give my talk entitled Security 2.0 at the local PHP user group, OINK-PUG. Elizabeth Naramore is kindly hosting me, so I’ll be able to fraternize after the meeting, which is always the best part of any user group.
This talk is one of the least PHP-specific talks I give, so if you’re in the area and interested in learning a bit more about evolving trends in web application security, I hope you’ll join us. In case it helps convince you, here’s the talk description:
Web 2.0 has been described as many things. It’s the Web as a platform, a network of networks, the architecture of participation. However you choose to define it, the way we build applications online has changed. Web sites do more by empowering users, but this has opened a Pandora’s box. Cross-site scripting (XSS), cross-site request forgeries (CSRF), and Ajax are being combined in creative new ways to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms.
This talk examines this new threat, dubbed Security 2.0, by demonstrating some hypothetical and real exploits as well as discussing methods of safeguard and prevention.
The meeting takes place at Bridge Worldwide, who happen to have a nice map on their site. As far as I can tell, their office is located on the word Cincinnati (on Google Maps), so it must be smack in the middle of the city.
I might bring an extra copy or two of Essential PHP Security to give away, and you will receive a copy of the slides of my tutorial of the same name as a token of appreciation for sharing your time with us. I have also heard unconfirmed reports that there will be pole dancing.
I hope to see you there. 
Posted Wed, 20 Aug 2008 21:15:06 GMT in Chris Shiflett’s Blog 
A Mozilla Plugin To Help Overcome IE Rendering Flaw
The current WIP focuses on rendering using HTML5 standards, but the plans seem to be more ambitious than just fixing this one small piece of IE. The article covers some of the plans, hurdles, and potential benefits. It also spills the beans on the code name for the project: Screaming Monkey."Read more of this story at Slashdot.
AJAX-enabled ProcessMaker Certified Through Intel
Colosa, a developer of business process management (BPM) software that enables small and medium enterprises (SMEs) to simplify workflow through the automation of paper-based processes, has announced that its flagship solution, ProcessMaker, is one of the first applications to achieve certification through the Intel Certified Solutions Program and will be available on the Intel Business Exchange.
MacsDesign Releases Version 9, AJAX-enabled Web Help Desk
MacsDesign Studio LLC, developers of the cross-platform help desk software solution, Web Help Desk, announced the availability of Version 9, a major update to its flagship service management solution. Web Help Desk Software Version 9 adds rules-based voting and approval process for change requests, an extensible plug-in architecture for popular 3rd party asset management tools, and an AJAX enhanced user interface.
How Do I Prevent Lan Party Theft?
Do I hire security guards? Do I need security cameras? I don't know the people who will attend, and I don't know if they're trustworthy enough to not steal other people's equipment. What do I do?"Read more of this story at Slashdot.
Cloud Computing Expo - IBM To Offer Cloud Cover
IBM’s going to peel off another $300 million and sink the money into building 13 clouds scattered in 10 countries around the world where business and government can tuck their data and applications against disaster and destruction. read more
More Articles:
ILOG To Exhibit At SYS-CON's AJAX World RIA Conference & Expo
Over 2,000 global corporations and more than 400 leading software vendors rely on ILOG's visualization, business rule management system and optimization software components to achieve dramatic returns on investment, and create market-defining products and services. Visit us to learn about ILOG JViews, our customizable Java and AJAX display components for building diagrams, dashboards, maps, schedules and charts.
Neotys Named "Bronze Sponsor" Of SYS-CON's AJAX World RIA Conference & Expo
Since 2005, Neotys has been helping its clients in more than 40 countries to ensure their applications' reliability, performance and quality. NeoLoad, load testing solution for RIAs, ensures better efficiency to perform your tests faster, while providing pertinent analyses and full support for all new technologies.
Six Questions To Ask Before Telecommuting
So before leaping, some questions you should ask as a manager if you're considering telework include: How will you define and measure performance? Will creativity suffer? What about employees stuck in the office?"Read more of this story at Slashdot.
PAX
Package: PAX Summary: Interpret XML command scripts with PHP classes Groups: Emulators, PHP 5, XML Author: Marius Zadara Description: This package can be used to interpret scripts defined as XML documents. It can parse XML documents and execute commands by calling functions of implementation classes.
Valve RCON
Package: Valve RCON Summary: Manage remote game servers via RCON protocol Groups: Games, Networking, PHP 5 Author: Shannon Wynter Description: This class can be used to manage game servers using a remote console via TCP and UDP. It can establish a TCP or UDP connection to a game server that supports the Source RCON protocol and authenticate as an authorized user.