[ISN] Black Hat Windows Security Keynotes announced

From: InfoSec News (isnat_private)
Date: Fri Feb 01 2002 - 02:46:02 PST

  • Next message: InfoSec News: "[ISN] Out of the box, Linux is 'dreadfully insecure'"

    Forwarded from: B.K. DeLong <bkdelongat_private>
    For Immediate Release
    B.K. DeLong
    NSA System and Network Attack Center (SNAC) Chief Tony Sager & Clinical 
    Director of Stanford Law School's Center for Internet and Society, Jennifer 
    http://www.blackhat.com/ -- Black Hat Inc. today announced the keynote 
    speakers for February's Black Hat Windows Security Briefings and Training 
    2002, the annual conference and workshop designed to help computer 
    professionals better understand the security risks to their Microsoft 
    Windows systems and information infrastructures by potential threats. 
    Speaker presentations will cover Protocol Attacks, Voice-over-IP, Oracle 
    vulnerabilities, Windows Group Policy, and NTLMv2 Authentication as well as 
    General Windows Exploits, Data Recovery, Incident Investigation & Response, 
    and Better Protection Practices. There is also a special focus on Microsoft 
    SQL vulnerabilities and how to both exploit and fix them. Black Hat Windows 
    will be held at the Radisson Hotel in the heart of New Orleans, 5 through 8 
    February, 2002.
    Top-notch speakers will deliver to the conference's core audience of IT & 
    network security experts, consultants and administrators the newest 
    developments on the security problems and vital issues facing organizations 
    using Windows-centric networks.
    "The intense sessions of Black Hat Briefings bring to light the Windows 
    security and misconfiguration problems confronting organizations and their 
    network administrators. It is a common problem that security gets put off 
    in lieu of constant network growth and upgrades," says Jeff Moss, founder 
    of Black Hat Inc. "Our speakers discuss the strategies involved in 
    correcting existing problems and inform attendees on upcoming issues, 
    preparing them for the future."
    The keynote speakers for this year's Black Hat Windows Security Briefings 
              -- Tony Sager, NSA System and Network Attack Center (SNAC/C4) 
    Chief, part of the Information Assurance Directorate of the National 
    Security Agency (NSA). During his 24 years with NSA, he has served in a 
    variety of technical and management positions, spanning computer security, 
    cryptography, software analysis, and network security. His Center produces 
    the NSA Security Recommendation Guides to Windows 2000, the first of 
    several security products they have released to the public. Tony is also 
    actively involved with a number of community-wide public activities in 
    network security. He has degrees in Mathematics and Computer Science, and 
    dabbles as a PC hobbyist, struggling to protect his home LAN from bad guys 
    and three adventurous adolescent users.
              -- Jennifer Stisa Granick is a Lecturer in Law and Director of 
    the Litigation Clinic at Stanford Law School's Center for Internet and 
    Society. Ms. Granick's work focuses on the interaction of free speech, 
    privacy, computer security, law and technology. She is on the Board of 
    Directors of the Honeynet Project, a computer security research group, and 
    has spoken at the National Security Agency, to law enforcement officials 
    and to computer security professionals from the public and private sectors 
    in the United States and abroad. Before joining Stanford Law School, Ms. 
    Granick practiced criminal defense of unauthorized access, trade secret 
    theft and email interception cases nationally. She has published articles 
    on wiretap laws, workplace privacy and trademark law.
    Other Black Hat Windows Security 2002 speakers include:
             -- Thomas W Shinder, M.D. trainer, writer and consultant. Shinder 
    is a 10-year computing industry veteran who's worked for Fortune 500 
    companies and has written or contributed to over 20 Windows 2000 related 
    books. He was a Series Editor of the Syngress/Osborne Series of Windows 
    2000 Certification Study Guides. He is also the author of the best selling 
    book "Configuring ISA Server 2000: Building Firewalls with Windows 2000". 
    Shinder will be giving a presentation with Microsoft's Jim Harrison on 
    "Deploying and Securing Microsoft Internet Security and Acceleration 
    Server" and will be signing some of his books after the talk.
             -- Laura Robinson, Independent Consultant and Trainer. Robison is 
    a Microsoft Certified Trainer and Systems Engineer on both NT and Windows 
    2000; a Certified Lotus Professional Systems Administrator, Application 
    Developer and Instructor; and an instructor for Real World Security's 
    @ctive Defense education series. She will be speaking on "The Devil Inside: 
    Planning Security in Active Directory Design".
             -- Timothy Mullen, CIO and Chief Software architect, AnchorIS.Com. 
    AnchorIS.com is a developer of secure enterprise-based accounting 
    solutions.  Mullen is also a columnist for Security Focus' Microsoft Focus 
    section, and a regular contributor of InFocus technical articles. He will 
    be giving a presentation about "Web Vulnerability and SQL Injection 
    Countermeasures: Securing Your Servers From the Most Insidious of Attacks"
             -- David Litchfield, Managing Director & Co-Founder, Next 
    Generation Security Software. Known as the UK's NT Guru by ZDNet, David is 
    a world-renowned security expert specializing in Windows NT and Internet 
    security. His discovery and remediation of over 100 major vulnerabilities 
    in products such as Microsoft's Internet Information Server and Oracle's 
    Application Server have lead to the tightening of sites around the world. 
    Litchfield will be looking into "Oracle Vulnerabilities".
             -- Halvar Flake, Reverse Engineer, Black Hat Consulting. 
    Originating in the fields of copy protection and digital rights management, 
    Flake gravitated more and more towards network security. Over time he 
    realized that constructive copy protection is more or less fighting 
    windmills. After writing his first few exploits he was hooked and realized 
    that reverse engineering experience is a very handy asset when dealing with 
    COTS software. With extensive experience in reverse engineering, network 
    security, penetration testing and exploit development he recently joined 
    BlackHat as their primary reverse engineer. Flake will be exposing "Third 
    Generation Exploits on NT/Win2k Platforms".
             -- JD Glaser, Security Consultant for Foundstone. Glaser 
    specializes in Windows NT system software development and COM/DCOM 
    application development. His most recent achievement was the successful 
    formation of NT OBJECTives, Inc., a software company exclusively centered 
    on building NT security tools. He will be speaking about "One-Way SQL 
    Hacking: Futility of Firewalls in Web Hacking".
              -- FX, leader of the German Phenoelit group and a Security 
    Solution Consultant at n.runs GmbH. He will be covering "Routing and 
    Tunneling Protocol Attacks".
             -- Eric Schultze, Senior Technologist, Microsoft Security 
    Strategies Group. Schultze has memorized every security hotfix ever 
    released by Microsoft in a security bulletin. In his spare time, he 
    maintains the Microsoft hotfix XML database and designs new features for 
    HFNetChk. Eric is a former Founder of Foundstone, co-creator of the 
    Extreme/Ultimate Hacking training classes, and technical editor for the 
    Hacking Exposed: Windows 2000 book. Schultze will tell attendees "How to 
    keep up with all those frickin security patches".
    New tools being released at BlackHat include:
             -- White Hat Arsenal, the next generation of professional Web 
    security audit software from Jeremiah Grossman of WhiteHat Security, Inc.
             -- SQLPing 2.0, a tool from Chip Andrews and sqlsecurity.com that 
    reveals detailed server information and sends discovery packets to entire 
    networks for mass interrogation.
    Black Hat Inc. will also conduct computer security training for several 
    different topics the two days prior to the briefings - 5 through 6 February.
    Subjects include:
             -- Advanced Scanning with ICMP
             -- Auditing Binaries: Reverse Engineering Windows 2000
             -- Complete Windows 2000 Security
             -- NT Network and Web Intrusion Detection Workshop
             -- Secure Development of Data-Driven Web Applications
             -- NSA InfoSec Assessment Methodology Course
             -- Foundstone's Ultimate Hacking: Black Hat Edition
    The instructors for the training segment of this year's Black Hat are some 
    of the top experts in their field and are fully active in the computer 
    security community. You won't find most of these speakers anywhere else and 
    these handpicked security gurus will train participants in understanding 
    the real threats to any network and how to keep them from being exploited.
    Other special features of this year's Black Hat Windows Security conference 
    include that the dates are just after the Super Bowl XXXVI being held at 
    the nearby Louisiana Superdome two days before the show, and in the days 
    following the conference, attendees can experience New Orleans' Mardi Gras 
    -- where the main parade goes right past the hotel.
    Attendees will also have access to a wireless network during the show.
    To register for BlackHat Briefings, visit the Web site at 
    http://www.blackhat.com or register at the conference. Direct any 
    conference-related questions to infoat_private
    For press registration, contact B.K. DeLong at +1.617.877.3271 or
    via email at pressat_private
    About Black Hat Inc.
    Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the need 
    for computer security professionals to better understand the security risks 
    and potential threats to their information infrastructures and computer 
    systems. Black Hat accomplishes this by assembling a group of 
    vendor-neutral security professionals and having them speak candidly about 
    the problems businesses face and their solutions to those problems. Black 
    Hat Inc. produces 5 briefing & training events a year on 3 different 
    continents. Speakers and attendees travel from all over the world to meet 
    and share in the latest advances in computer security. For more 
    information, visit their Web site at
    B.K. DeLong
    Press Coordinator
    Black Hat Briefings
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 06:05:36 PST