BSides Tampa is sponsored by the Tampa Bay chapter of (ISC)², which is clever and mathematically-correct shorthand for “International Information System Security Certification Consortium”. (ISC)² is a non-profit specializing in training and certifying information security professionals.
BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content. In 2009, when the Black Hat conference in Las Vegas received way more presentation submissions than they could take on, the rejected presenters (who still had very could presentations; there just wasn’t enough capacity for them) banded together and made their own “b-side” conference that ran in parallel with Black Hat. From that event came BSides.
BSides conferences are community events, and unlike a lot of tech conferences, they’re inexpensive. BSides Tampa 2023 costs $45 to attend, and its supplementary workshops are $5 each.
I plan on attending, and if you’re interested in diving deeper into security, you should too!
The event: CyberX Tampa, an evening conference with some pretty interesting speakers and topics, and a chance to catch up with some local techies and security nerds.
What you’ll get out of it: Well, that depends on what you put into it. But trust me, there are opportunities and a lot of potential there, and I can tell you that half of winning is just showing up.
CyberX Tampa 2022 takes place next Tuesday, October 25, from 5:30 p.m. to 8:00 p.m. at TheIncLab in Ybor City, and I’ll be there! It’ll be an evening of all things cybersecurity-related with some of Tampa Bay’s largest companies, CISOs, and tech leaders!
Are you free next Tuesday, October 18th from 9:00 a.m. to noon, for an event you can attend either in person or online? If so, perhaps you might want to catch my talk at the upcoming InfraGard Tampa Bay Members Alliance meeting. It’s titled The Secret History of Login!
Here’s the description:
If you’re reading this, the chances are very good that you’ve logged into a system or resumed a session where you logged in earlier. It’s a common enough occurrence that most of us don’t think about it unless we’re in a hurry or if we can’t remember our username/password combination.
Logging in is new enough that there are still many people alive who knew the world before usernames and passwords, yet old enough that it’s developed some problems that will take time and effort to solve. This talk will tell the strange story of how login grew from a last-minute hack to become part of our daily experience. Along the way, you’ll get an overview of some of the ways it’s been implemented, the popular software movement it inspired, how it inspired both a software movement and a whole new category of crime, and some best guesses about its future.
What is InfraGard Tampa Bay Members Alliance?
First of all, they’re affiliated with the FBI! As their About page states:
Our mission is to mitigate criminal and terrorist threats, risks and losses for the purpose of protecting our region’s critical infrastructure and the American people. Founded in 2004, the Tampa Bay chapter has established itself as a leader nationwide, setting the highest standards for programs, training and education. For the last decade, we have proudly contributed to the safety and security of Tampa Bay via an all-threats, all-hazards approach. At the national level, the InfraGard National Members Alliance was founded in 1996 and now comprises over 80 regional chapters, each linked to an FBI Field Office.
InfraGard’s success can be attributed to the unprecedented communication, collaboration and coordination it has forged at the epicenter of America’s most critical resources. Our membership is comprised of individuals that represent private businesses; local, state and federal law enforcement agencies; academic institutions; first responders and more.
All members are vetted by the FBI and pass comprehensive background checks prior to being accepted to InfraGard. The trust inherent in those who have successfully passed these checks is unmatched in any other public-private partnership in the country, making InfraGard a unique and highly successful solution to engaging the private sector in the protection of our nation’s critical infrastructure.
What’s happening at this meeting?
There’s a lot going on at this meeting — in fact, I’m not the only speaker at this one! Here’s the agenda:
Time
Item
9:00 a.m.
Welcome and speaker/topic introductions by Ebony Vaz
9:05 a.m.
Opening remarks by Michael Ritchie, President
9:15 a.m.
Speaker 1: Kate Whitaker, Director of Cyber Outreach, Cyber Florida
10:00 a.m.
Break
10:15 a.m.
Speaker 2: Joey deVilla, Senior Developer Advocate, Okta — The Secret History of Login
11:00 a.m.
Break
11:15 a.m.
Speaker 3: Billy Sasser, Supervisory Protective Security Advisor (SPSA) CISA Region 4 — CISA’s Physical and Cyber Security Resources
12:00 p.m.
Closing remarks by Michael Ritchie, President
You can attend in person or online!
They’re streaming this event, so you have the option of attending online if you can’t make it to the in-person event. Here are the registration details:
The folks at Computer Coach Training Center (for whom I just finished teaching a Python course) helped put this event together, and it’s your chance to meet people from Cyber Florida as well as other local people in cybersecurity (hint: I work for the Auth0 arm of Okta, which just so happens to be in that industry).
Do you write apps in React Native? Do you want to add authentication — that is, login and logout — to those apps? If so, these articles are for you!
If you’re writing an Android app in React Native and you need users to log in and log out, don’t roll your own authentication! Use Auth0 instead. You’ll get full-featured authentication and have more time to concentrate on your app’s full functionality.
There’s also an iOS-specific version of this article: Get Started with Auth0 Authentication in React Native iOS Apps. Just like the Android version, this article walks you through the process of making an iOS app that lets users log in with an app-specific username/password combination or a Google account.
As the Russian invasion of Ukraine continues, you’re increasingly likely to hear the name “Bellingcat”. It’s the name of an independent group of researchers, investigators, and citizen journalists who practice open source intelligence (OSINT). Here’s a quick primer about Bellingcat and open source intelligence, plus a whole lot of videos about Bellingcat’s work and their reporting on aggression by Russia’s government and armed forces.
Bellingcat’s origins
Bellingcat get their name from Aesop’s fable, Belling the Cat. In the fable, the youngest of a group of mice who were terrorized by a cat suggests that they put a bell on the cat, which would act as an early warning system. While the suggestion was warmly received, one of the elder mice brought up a serious challenge to the plan: “Who will bell the cat?”
Eliot Higgins founded Bellingcat in 2012 after being laid off from an administrative job. He started doing independent research on the civil war in Syria by collecting and analyzing publicly available photos and footage, and cross-referencing them with reports. Since then, he’s grown the organization, who’ve gone on to apply their open source intelligence skills to stories including:
Open source intelligence, often referred to as OSINT, is a term meaning any information that can be gathered from freely-available, publicly-available sources. It’s most often used to referred to information gathered online — the kind that anyone with an internet connection would be able to access. This information could be available free of charge, or it could be acquired for a fee (e.g. a subscription to a news organization, data source, or API).
It also applies to non-online/non-digital information from books, newspapers, magazines, academic journals and papers, FOIA requests and their equivalents, and so on.
It could be in text form, but it also applies to video, photographs, sound recordings, data files, and databases.
Giancarlo Fiorella, a senior Bellingcat investigator based in Toronto, makes it clear that OSINT is not “hacking” (as in accessing computer systems or information illegally), stealing, or spying. It’s about gathering data and doing the research.
Bellingcat contribute to the Russia-Ukraine monitor map
Click the image to visit the map page.
You may have read about the Russia-Ukraine Monitor Map on my personal blog, but if you haven’t, it’s a a public resource for mapping, documenting, and verifying significant incidents that happen in the Russian invasion of Ukraine. Bellingcat are a primary contributor of information to this resource.
Videos about Bellingcat
Here’s a collection of YouTube videos on Bellingcat for those of you who’d like to know more about them or about OSINT.
Insights from Bellingcat on Russia’s Ukraine Ambitions (March 2, 2022 – Reuters Institute)
This is a Zoom interview with Christo Grozev, Bellingcat’s lead Russia investigator.
Fact-checkers on the front line of Russian propaganda machine (February 25, 2022 – CBC)
Inept Info-Wars: Bellingcat’s Eliot Higgins on Putin’s Problems with Reality (February 24, 2022 – Foreign Press Association USA)
Open-source Intelligence (OSINT) by Giancarlo Fiorella, Investigator and Trainer at Bellingcat (December 2021 – Asian College of Journalism)
This features a presentation by senior Bellingcat investigator Giancarlo Fiorella about Bellingcat, open source investigations and how they’re conducted. He goes into detail about investigating the Mahbere Dego massacres and the ethical issues and challenges in open source research.
We Are Bellingcat: An Intelligence Agency for the People (May 2021 – Talks at Google)
