Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s SSLstrip tool. I will explain and demonstrate this attack.

Slowloris is a very new layer 7 denial-of-service attack created by RSnake that stops Apache web servers completely with very low bandwidth—one packet every 2 seconds. The Apache developers were notified of this vulnerability and decided it was unimportant and not worth patching. I will explain and demonstrate this attack, and discuss various ways to protect your Apache servers.

I will hand out complete instructions so that anyone can easily set up both these attacks on their own machines.

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON and Toorcon on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Certified Fiber Optic Technician.

When your Linux system has problems, there are a number of ways to track down and solve them. In this talk I will discuss my overall philosophy for troubleshooting and then follow up with more specific examples of how to diagnose common problems on Linux systems. This talk will be more server-focused but most things should apply to desktops as well.

Everyone likes pretty pictures. Visualizing your data is one of the best ways to see the “Big Picture”™ and a great tool to do that is RRDtool. In this talk, Aaron will discuss the basics of how to use RRDtool, how to write RRDTool scripts in bash and python, including some discussion on cricket and munin. Aaron also will give a few demo examples of some interesting graphs and generic scripts he created for the talk.

It seems like just about everyone is coming out with a PC that you can connect to your TV and play videos from. Of course, we all know just how many of those are running Linux under the hood. Why buy one of those when you can build your own? In this talk Kyle Rankin and Allan Cecil are going to discuss two fully-featured programs you can install on a regular Linux system to turn it into a media PC: Xbox Media Center (XBMC) and Boxee.

From the LTIB website: The LTIB (Linux Target Image Builder) project is a simple tool that can be used to develop and deploy BSPs (Board Support Packages) for various target platforms. Using this tool a user will be able to develop a GNU/Linux image for their target platform.

This talk with demonstrate the configuration and use of LTIB for assembling the components of an embedded Linux system. Topics will include uboot, Linux kernel, and root file system options.

Roger House will be speaking at this month’s talk and will answer these questions:

• What are mathematical graphs? What are they good for? What is generic programming?
• What is it good for? What is Boost? What is the Boost Graph Library (BGL)?
• What are they good for?

So how exactly do people use Linux in the workplace these days? In this talk an NBLUG panel of systems administrators will talk about how they use Linux at their work.

Google’s Native Client project seeks to provide high-performance, cross-platform, browser-based applications yet allow them to be “untrusted”. Performance is in the form of x86 binary code while Security comes from a dual layer sandbox. In this talk I’ll overview the goals of the project, how it works, why you might care plus give a demo of a few Native Client applications.

Last month we discussed some cool command line tools. This month Kyle will go to the opposite end of the spectrum and talk about desktop eye candy. Kyle will specifically discuss Compiz Fusion and Gnome Do and go into some of the more advanced configuration options available for Compiz.

A panel of NBLUG members will discuss cool shell tools. We will delve into tools like screen, mutt, vim, and others.

While you might not be able to tell at a cursory glance, a lot has changed behind the scenes on a modern Ubuntu system from what you might be used to if you have used Linux for years. For example, did you know Ubuntu is phasing out System V init? That you can’t loopback-mount the initrd? In this talk I would discuss the current changes Ubuntu is making to what we might consider the traditional Linux system. There’s a little something for everyone on the talk: For Linux newbies who are curious about what’s under the hood I will cover the traditional and modern boot process including how init works and follow up with a guide to where important files are in Ubuntu. For the experienced Linux user I’ll show you how (and why) things have changed and where you can look now when you want to, for instance, change the default runlevel on an Ubuntu system.