November 2014

Drupalgeddon followup and Security Presentation on November 20th in Pasadena, CA

Drupalgeddon - image courtesy of TNG As you may have heard, Drupal has recently had a significant security announcement nicknamed "Drupalgeddon". You may not have heard, though, that here in Los Angeles, California, we're dedicating a portion of several upcoming meetups to web security and helping provide our group members with any resources they need.

If you can make it, please join us this week for a special presentation, Better Sleep Through Web Security. It's this Thursday, November 20th, at 6pm in Pasadena, California.

If you haven't heard of Drupalgeddon or don't know if your Drupal sites have been updated since the announcement, please stop reading and see the SA-CORE-2014-005 FAQ immediately. You need to take action and contact a service provider about protecting your Drupal site and hosting environment.

   Date and time: November 20, 2014 at 6pm Pacific Time
   Location: Fuller Theological Seminary, at 135 N Oakland Ave
Pasadena, CA 91101 (Building "Glasser 110")
   Video conference: https://glad.zoom.us/j/129319220
   Phone: +1 415-762-9988 or +1 646-568-7788
   Meeting ID: 129 319 220

This meetup will have a video conference for those who can attend only by video conference or phone. The video conference is with Zoom, one of our many great sponsors, and you can join with iPhone, Android, PC and Mac at https://glad.zoom.us/j/129319220

Better Sleep Through Web Security

Greater Los Angeles DrupalChristefano Reyes presents Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

The "Drupalgeddon" vulnerability has been covered in mainstream news including Forbes, the BBC and The Register, and has brought web security, frequently an overlooked part of web development, back to the center stage.

This particular vulnerability, officially known as SA-CORE-2014-005, allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control.

Topics that will be covered in this presentation include:

  • Security vs. Privacy
  • Common Attack Vectors
  • Drupal's security record and the Drupal Security Team
  • SA-CORE-2014-005 (also known as "Drupalgeddon")
  • I've Been Hacked! Now What?
  • Best Practices for Helping Others and Yourself
  • Resources
  • Questions / Answers

Christefano is one of the founders of Exaltation of Larks, a Drupal design and engineering firm with a worldwide team of Drupal experts; and Droplabs, an open source-friendly coworking space and business incubator near Downtown Los Angeles. As an advocate of open source software and self-declared meetup junky, he helps organize meetups and conferences all over the Greater Los Angeles Area, including the Los Angeles Chess meetup and LA Geek Dinners.

We hope to see you at Thursday's meetup!