Untitled Document

Minutes Salsa-CSI2 Conference Call
September 13, 2007

**Attending**

Chris Misra, University of Massachusetts (Chair)
Brian Smith-Sweeney, NYU
Dan Adinolfi, Cornell
Doug Pearson, Indiana U/Ren-ISAC
Joe St. Sauver, Internet2/University of Oregon
Phil Denault, WPI
Paul Asadoorian, OSHEAN
Steve Olshansky, Internet2
Dean Woodbeck, Internet2 (scribe)

**Action Items**

[AI] Chris will make contact with a potential new member.

[AI] Doug will talk with David Ripley and provide an update on the next call.

[AI] Chris will place the “security tools” item back on the agenda.

**Upcoming Meetings**

There is no CSI2/security session planned for the upcoming Educause meeting. There will be a security update session at the Internet2 Member Meeting, but no working group meeting for CSI2.

October 10, 2007, 8:45 AM - 10:00 AM
http://events.internet2.edu/2007/fall-mm/sessionDetails.cfm?session=3448&event=273

**Data Hashing**

Chris’ intern has completed his work; progress report to come.

**New Members**

No progress on this front; [AI] Chris intends to make contact.

**RENOIR**

Nothing new to report.

**Shared Darknet**

The working group briefly discussed Shared Darknet; Phil emailed David Ripley a note of interest but hasn’t heard back. Doug will talk with David and determine the status.

**CU Spider**

No update at this point. The intent is still to move this to Internet2.

**Distributed Malware Detection**

Brian reported on a presentation from Black Hat (a link was provided by email) on a concept similar to Shared Darknet. The presenter reports having this up and running in Italy.

**Google Hacking**

This led to a discussion about the Google Hack conversation from last call and whether CSI2 should take on some sort of related initiative – perhaps development of a tool set, but as a tool that would remove inappropriate data/information. Chris will place the “security tools” item back on the agenda.

There was also discussion about a Google hacking and procedures document, managing data spills, and how to go about getting spilled information out of Google’s archives. Paul mentioned he is gathering more information about the Google API and will post it to the list. This area may make for a good presentation for the Security CAMP in the spring.

There was also discussion of about the prevalence of spam in blogs; according to some reports, upwards of 80 percent of the comments posted to blogs are spam. This may also be an area of interest for CSI2. Joe mentioned a related effort at Microsoft – a double funnel – and provided this link for information: Spam Double-Funnel: Connecting Web Spammers with Advertisers
ftp://ftp.research.microsoft.com/pub/tr/TR-2007-27.pdf

In a related area, Chris is on the program committee for a Middleware meeting in Tempe, AZ, in February. The purpose is to find the gaps between security and identity management. Chris would appreciate any ideas/input on topics to discuss.

**Other Items**

Chris mentioned the SANS edu approach to training; he will send a link to the list.

Paul discussed a weekly podcast developed for OSHEAN members. Information and links are available at pauldotcom.com.

**Next call: Thursday, September 27, 2007, 2:30 p.m. (EDT)**