you can download the videos straight to your ipod or iphone now by subscribing to the following podcast
http://sourceboston2008.blip.tv/rss/itunes
As you may have noticed SourceBoston is releasing video of the talks to the public free. We could use some help with various aspects of dissemination however.
1. We could really use transcripts for the various talks so we can post them on the main board. If someone sets up a wiki this could even be done in stages by various people. Our choice of Creative Commons licensing means you don’t have to fear us acting like the RIAA and suing you for doing us this kindness.
2. In particular Youtube is a bit behind the times and won’t allow video which is more then 10 minutes long. Transcoding the video is fairly time consuming and we are currently offering two sizes (web video at 320×240 and dvd size at 720×480) which means we spend a lot of time in front of Handbrake. It would be great if someone could slice up the talks into 10 minute segments and cross post. (alternatively one could takeover Youtube and institute a new policy that allowed for realistic video lengths…). Again, our licensing choice means you don’t have to worry about us suing you for posting this material.
3. We really enjoy having the talks from SourceBoston out there and when you blog about one of the talks or speakers feel free to embed the video itself. Blip.tv has a nifty drop down menu on the video page which generates the code to embed video.
Lastly, I’m forced to decide what videos come out when and I’ve been choosing rather arbitrarily at this point. If you would like to voice your opinion on which videos get released publicly sooner please leave a comment with your preference. We’ll post a time table soon with the schedule. If the video you want to see is going to take longer then you would like it is always an option to buy the video 
EDIT: This is not an April Fools post. I really could use the help!
Careers in information security are often difficult to navigate, with the industry changing more and more radically every year. This is even more true in an economy that isn’t necessarily thriving. We’re going to talk about the important skills, traits and knowledge that a security pro needs to build a long-term and successful career – not just the usual stuff (like “get certified”), but the real-world knowledge that teaches you how to have the job that keeps you challenged, growing and well-compensated.
Thank you to everyone for making our first year of SOURCE Boston a success. We have already begun to plan for 2009 and we are looking forward to Year 2!
The advisory board will be having a regroup meeting the second week of April and we will be discussing our vision for 2009. We already know that we want to incorporate CPE trainings, have longer session, have lightening sessions, and a few other items.
We are pleased in announce that Jennifer Leggio, of blog and Twitter fame, will be coming on as our official media coordinator. She did a great job blogging SOURCE 2008 and we’re excited to have her on board.
We are looking into a potential change of venue but that will depend on a number of factors.
We will be revamping the vendor/sponsorship kit. First and foremost, discussing how to maximize the vendor experience. Due to a miscommunication, the vendors were not placed in a location that was advantageous to them or to the attendees. This was unfortunate but we strive to improve this in 2009.
More changes, thoughts, and consideration will emerge as we wrap-up SOURCE 2008. If you have any thoughts or suggestions, please complete our feedback questionnaire .
Thanks!
Stacy Thayer
EDIT: s/then/them/;
Talk by Raffael Marty:
With the ever-growing amount of data collected in IT environments, we need new methods and tools to deal with them. Event and Log Analysis is becoming one of the main tools for analysts to investigate and comprehend the state of their networks, hosts, applications, and business processes. Recent developments, such as regulatory compliance and an increased focus on insider threat have increased the demand for analytical tools to help in the process. Visualization is offering a new, more effective, and simpler approach to data analysis. To date, security visualization, has mostly failed to deliver effective tools and methods. This presentation will show what the New York Times has to teach us about effective visualizations. Visualization for the masses and not visualization for the experts. Insider Threat, Governance, Risk, and Compliance (GRC), and Perimeter Threat all require effective visualization methods and they are right in front of us - in the newspaper.
L0pht Heavy Industries, the reknowned Boston-area hacker think-tank, reunited for a panel discussion on March 14 to discuss the last decade of the security industry and how it has evolved.Discussion included insights on new security technologies and their predictions on the future of the industry. Panel members included:
Dr. Dan Geer is currently Vice-President and Chief Scientist at Verdasys, a software solutions company designed to protect and manage the flow of data essential to the operation of businesses on a global basis. Geer is considered to be an expert in computer security and has testified before Congress on multiple occasions and has served in formal advisory roles for the Federal Trade Commission, the National Science Foundation, the Treasury Department, the National Research Council, the Commonwealth of Massachusetts, the Department of Defense, the National Institute of Justice and the Institute for Information Infrastructure Protection.The full text of this talk is available here
As you may have heard by now SourceBoston is releasing the video of all the speaker talks free to the public. We have opted for the Creative Commons BY-SA-NC license which means you are free to do whatever you like with the video with the exception of commercial uses. We are busily encoding the videos right now for optimized web distribution and they will be available in full DVD quality formats via Blip.TV. If you don’t have a spiffy way to read video RSS feeds we’ve even teamed up with Miro (a free and open source Internet TV client) to provide you a cobranded player which is automatically tuned to receive all the videos just as fast as this author’s jankity PowerBook G4 can churn them out. If you would like them faster please consider donating a spiffy new laptop
We will initially release the videos that everyone is clamoring for (the keynotes, the l0pht panel, and the Tor talk) followed by a release every week. Let’s go over that one more time. Every week for the next 36 weeks we here at SourceBoston will release a new talk for you. You are free to do just about anything you like with these videos. Copy them, post them to Youtube, post them to TPB, whatevs. Your only constraints are as follows:
As for number three we do not consider deriving ad revenue from posting the clip to your blog profiting. So feel free to do that too. In fact the whole idea is that we encourage you to post the videos and talk about it. These are some amazing speakers and should be shared. For those who require the instant gratification of web video we’ve even setup a channel for you here:
http://sourceboston2008.blip.tv/
Here are the links to our cobranded players. This will automatically download the high quality DVD rips in Divx format.
So, we’ve had some recent activity in the hacker-sphere regarding a break-in at Hannaford grocery stores. I’d like to state for the record that when I was asked at the L0pht panel what I feared most, I said ‘embedded systems’. Like, say, a point-of-sale terminal for processing credit cards.
In this case, the problem wasn’t the embedded system itself, but the fact that the supposed ‘in-transit encryption’ specified by the PCI standard was not truly ‘end to end’, more like ‘cloud to cloud’, which opens up the possibility of the unencrypted data being monitored or stolen. Perhaps if the embedded system was smart enough to only emit encrypted data, or could participate in an SSL session directly from the device, the risk could have been mitigated.
First, fix the network. Then fix your devices and your applications. Then fix the people. It’s the only way, folks. Industry standards won’t save you if you do it all wrong.
Posted by Christien Rioux
The L0pht panel at SOURCE Boston is live now — packed and standing room only. Weld Pond, John Tan, Mudge, Space Rogue, Silicosis and Dilldog are being interviewed by journalist Michael Fitzgerald on their histories, names, lessons learned and memories of L0pht, current gigs, whether or not security vendors are selling snake oil, and even the impact of trying to balance a hacking life and a personal life. For a play-by-play of Q&A visit @innismir on Twitter.
Weld Pond, John Tan, Mudge, Michael Fitzgerald (moderator), Space Rogue, Silicosis and Dilldog:
To reach members of L0pht visit http://lopht.com/.
Photo by Leigh Hollowell
Posted by Jennifer Leggio
Twitter