This Thursday I'm presenting on Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.
It's at the beautiful Fuller Theological Seminary in Pasadena, California, and there's a video conference for those who can't attend in person. The meeting is from 6-8pm Pacific Time and we'll launch into the security talk after some quick intros and raffle prizes.
It's been about a year since I last gave a talk on internet security and the recent Heartbleed, Shellshock and POODLE (and now the "Drupalgeddon" vulnerabilities that hit the mainstream news in Forbes, the BBC and The Register), have prompted me to dust off my slides and update them for some of the internet security threats we face today.
This particular presentation goes into some detail about the "Drupalgeddon" vulnerability, officially known as SA-CORE-2014-005. It allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control. Scary stuff.
I hope you can join me. If you haven't heard of Drupal or aren't interested in general web application security, you can skip this one (unless, of course, you just like the sound of my voice). If, however, you make websites for either fun or profit, this is a great chance to get up to speed on some security best practices, including common attack vectors, what to do if your site gets hacked, and the the differences between security and privacy.