mlhess
diff --git a/‎Tales.html‎
Lines changed: 2 additions & 2 deletions b/‎Tales.html‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎tales/best.html‎
Lines changed: 5 additions & 6 deletions b/‎tales/best.html‎
Lines changed: 5 additions & 6 deletions
diff --git a/‎tales/tale1.html‎
Lines changed: 2 additions & 2 deletions b/‎tales/tale1.html‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎tales/tale2.html‎
Lines changed: 5 additions & 6 deletions b/‎tales/tale2.html‎
Lines changed: 5 additions & 6 deletions
diff --git a/‎tales/tale3.html‎
Lines changed: 6 additions & 6 deletions b/‎tales/tale3.html‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎tales/tale4.html‎
Lines changed: 2 additions & 2 deletions b/‎tales/tale4.html‎
Lines changed: 2 additions & 2 deletions
@@ -61,7 +61,7 @@ <h2>Michael Hess</h2>
             </p>
 
             <p>
-                Solutions architect lead at the University of Michigan.
+                Senior technologist at the University of Michigan.
             </p>
 
             <p>
@@ -85,7 +85,7 @@ <h2>Agenda</h2>
 
             <p>The tale of the unexplained hack </p>
 
-            <p>The tale of the we have heard many times</p>
+            <p>The tale of  we have heard many times</p>
 
             <p>Overview of Drupal security and the Drupal security team</p>
 
 
@@ -17,8 +17,8 @@ <h4>Brushing your teeth is a best practice.</h4>
     <h2> Follow the Drupal Security Team</h2>
     <ul>
         <li>On Twitter (twitter.com/drupalsecurity)</li>
-        <li>Via email (on your drupal.org user edit page under newsletters</li>
-        <li>Via Web (drupal.org/security and drupal.org/security/contrib</li>
+        <li>Via email (on your drupal.org user edit page under newsletters)</li>
+        <li>Via Web (drupal.org/security and drupal.org/security/contrib)</li>
     </ul>
 </section>
 <section>
@@ -30,6 +30,7 @@ <h2>Site builders and module authors </h2>
     <p> Writing secure code: https://www.drupal.org/writing-secure-code</p>
     <p>How to secure your site: https://www.drupal.org/security/secure-configuration</p>
 </section>
+<!--
 <section>
     <h2>Security Process</h2>
     <ol>
@@ -43,6 +44,7 @@ <h2>Security Process</h2>
     </ol>
     <h3>Subscribe to the Security Team newsletter via "my newsletter" under edit on www.drupal.org/user.</h3>
 </section>
+-->
 <section cite="https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013">
     <h3>Common Web Vulnerabilities</h3>
     <h4>From Open Web Application Security Project</h4>
@@ -59,10 +61,7 @@ <h4>From Open Web Application Security Project</h4>
         <li>Unvalidated Redirects and Forwards.</li>
     </ol>
 </section>
-<section>
-    <h2>Using Components with Known Vulnerabilities</h2>
-    <p>Do you use third-party libraries?</p>
-</section>
+
 
 <section>
     <h2> Common Drupal Vulnerabilities from 2014</h2>
 
@@ -1,7 +1,7 @@
 <section>
     <h2>The tale of Fitzgerald's shoe store</h2>
 
-    <p> Our first tale is that of a store where you can order shoes. The site takes orders and redirects you to a 3rd
+    <p> Our first tale about a store where you can order shoes. The site takes orders and redirects you to a 3rd
         party for payment. This keeps the site PCI compliant. </p>
     <img src="tales/images/shoe.jpg" width="30%">
 </section>
@@ -19,7 +19,7 @@ <h2>Background</h2>
 <section>
     <h2>On a cold dark Monday</h2>
 
-    <p class='fragment'> Myrtle Wilson, book keeper noticed that they were not getting money in their account.</p>
+    <p class='fragment'> Myrtle Wilson, the bookkeeper noticed that they were not getting money in their account.</p>
 
     <p class='fragment'> Their order volume did not change</p>
 
 
@@ -12,24 +12,24 @@ <h2>Background</h2>
 
     <p> The site had all up to date modules installed and an up to date core</p>
 
-    <p> The site as going to be a brochure type site with only one admin account. Think a basic corporate site.</p>
+    <p> The site was being designed to be a brochure type site with only one admin account. Think a basic corporate site.</p>
     <p> This was setup on a new development server, dedicated to dev sites for Harpers's LLC</p>
 </section>
 <section>
     <h2>On the 3rd day of development</h2>
 
-    <p class="fragment">Jeremy, the  content manager, was going to setup content types and notice the site had porn all over the front page</p>
+    <p class="fragment">Jeremy, the  content manager, was going to setup content types and noticed the site had porn all over the front page</p>
 
     <p class="fragment"> Jeremy was not happy</p>
     <img class="fragment" src="tales/images/madcat.jpg" cite="http://pixabay.com/"/>
 </section>
 <section>
     <h2>What?</h2>
 
-    <p>Jeremy the in  house IT person, Jean , who started looking at logs to see how an up to date Drupal site got
+    <p>Jeremy called the in  house IT person, Jean , who started looking at logs to see how an up to date Drupal site got
         compromised. </p>
 
-    <p>Jean pulled the access logs for the server and found only known trusted  IP's accessed the site. </p>
+    <p>Jean pulled the access logs for the site and found only known trusted  IP's accessed the site. </p>
 
     <p> Jean had no idea how it happened so she restored a backup</p>
 </section>
@@ -69,15 +69,14 @@ <h2>Apache single user</h2>
     <p> By default apache on most OS's will run as a single user </p>
 
     <p> That user has access to READ all the files for all sites on the system</p>
-    <p> In some cases that user has access to write to all files on the system. (This is bad) </p>
 
 </section>
 <section>
     <h2>What happened</h2>
     <p> Someone had compromised another site on the server.</p>
     <p> Using that site, they were able to read settings.php and connect to the new Drupal site's database</p>
     <p> They were able to inject spam by updating the table directly</p>
-    <p>The script used search the entire file system for settings.php and then ran commands to update the database on any site it found. </p>
+    <p>The attacker search the entire file system for settings.php and then ran commands to update the database on any site they found. </p>
 </section>
 <section>
     <h2>Lessons Learned </h2>
 
@@ -9,7 +9,7 @@ <h2>The Non-profit horror story</h2>
 
 <section>
     <h2>The Non-profit horror story</h2>
-    <p>Like all Drupal sites, this Drupal site had many modules</p>
+    <p>Like most Drupal sites, this Drupal site had many modules</p>
 </section>
 
 
@@ -18,17 +18,17 @@ <h2>The Non-profit horror story</h2>
     <h2> The site got compromised, and a PHP shell script was uploaded</h2>
     <p class="fragment">All modules were up to date.</p>
     <p class="fragment"> There were no known vulnerabilities in any of the modules used, that would have allowed for a PHP shell to be uploaded. </p>
-    <p class="fragment"> Jack Merridew, the head of their webteam was able to see the php script was used to copy down the users tables.  </p>
+    <p class="fragment"> Jack Merridew, the head of their webteam was able to see the php script was used to copy down the users table.  </p>
 
 </section>
 <section>
     <h2>hacked</h2>
     <p class="fragment"> It may have been able to download  more parts of the database, but the attacker only left a copy of the users table behind.  </p>
-    <p class="fragment"> The PHP script that was uploaded allowed the attacker to have file system access (download any file including files from Drupal's private file system.  </p>
+    <p class="fragment"> The PHP script that was uploaded allowed the attacker to have file system access (download any file including files from Drupal's private file system).  </p>
     <p class="fragment"> It also allowed the attacker to run and display the results of SQL queries.   </p>
 </section>
 <section>
-    <h2>Quick Break Module updates</h2>
+    <h2>Quick Break: Module updates</h2>
     <p>Please text: 734-821-5212</p>
 
     <table class="answertable sticky-enabled">
@@ -48,15 +48,15 @@ <h2> Module updates</h2>
 
 <section>
     <h2> A module used a 3rd party library</h2>
-    <p>The library was updated, however, unless you deleted the old version before installing the new version, you were still vulnerable</p>
+    <p>The library was updated. Unless you deleted the old version before installing the new version, you are still vulnerable.</p>
 </section>
 <section>
     <img src="tales/images/hacked.png">
 </section>
 
 <section>
     <h2>Lessons learned</h2>
-    <p>Remove the library/module/theme before updating, this ensures that all old files are removed</p>
+    <p>Remove the library/module/theme before updating. This ensures that all old files are removed</p>
     <p>Configure PHP so it will not execute code from directories it should not (sites/*/files) </p>
     <p>Prevent the webserver from writing to directories that are not (sites/*/files) </p>
     <p> The security_review module can help with this.</p>
 
@@ -15,7 +15,7 @@ <h2> SQL Injection is Easy to Exploit</h2>
 
     <p>Other vulnerabilities may require different actors to engage in actions timed correctly.</p>
 
-    <p> SQL injection can be exploited most of the time, by just an attacker.</p>
+    <p> SQL injection can be exploited most of the time, by just an attacker, without an admin's interfactions.</p>
 </section>
 <section>
     <h2> So?</h2>
@@ -66,6 +66,6 @@ <h2>The patch</h2>
 <section>
     <h2>Some Perspective</h2>
     <p> This was a major vulnerability, but let's keep in mind that the last major issue was over 7 years ago. </p>
-    <p> This code has been in Drupal since Drupal 7 Beta's. </p>
+    <p> This code has been in Drupal since Drupal 7 Beta. </p>
     <p>Nothing is 100% sure, and nothing ever will be.  We mitigate risk by using best practices.</p>
 </section>