[ISN] Final Speakers Announced for HiverCon 2002

From: InfoSec News (isnat_private)
Date: Wed Sep 11 2002 - 23:07:01 PDT

  • Next message: InfoSec News: "RE: [ISN] Administration Pares Cyber-Security Plan"

    Forwarded from: Mark Anderson <markat_private>
    http://www.hivercon.com/ -- The submission deadline for this year's
    HiverCon security conference passed last Friday at midnight PST. Many
    long nights were spent by the organisers reading and rereading the
    submissions trying to find the right mix of speakers for the November
    event. In total ten speakers have been announced as confirmed to speak
    at HiverCon 2002. The industry recognized names will be presenting
    papers on a myriad of information security topics, introducing new
    tools and research, as well as discussing newly highlighted security
    problems and solutions.
    Before getting into the talk details it should be noted that Earlybird
    registration for the conference closes on October 1st and tickets are
    limited so order now and save 200 Euro. The venue for the conference,
    the Burlington Hotel, still has some reduced rate rooms available but
    that offer is also only open until October 1st.
    Richard Thieme (thiemeworks.com) will open the conference on November
    26th with his keynote speech entitled 'Defending the Information Web'.
    Business consult, writer, professional speaker and security
    philosopher, Thieme's work has been published by the Business Times of
    Singapore, Convergence (Toronto), and South Africa Computer Magazine
    (Capetown). His talk will cast a wide net as he illuminates the
    on-going battle that is information security and our role in it.
    Dan Kaminsky (Doxpara Research) is the author of The Paketto Keiretsu,
    a suite of userspace tools to demonstrate new and highly useful
    functionality that lies dormant within existent, even stagnant
    networks. He will discuss his work on previously unrealised subtleties
    of the TCP/IP standard and some newly available cryptographic
    primitives will also be discussed and analysed for potential uses. Dan
    worked for two years, at Cisco Systems, designing security
    infrastructures for large-scale network monitoring systems. He
    recently wrote the spoofing and tunneling chapters for "Hack Proofing
    Your Network: Second Edition", and has delivered presentations at
    several major industry conferences.
    David Houlton (Dachb0den Labs) will present a technical overview of
    all of the current leading edge methods of attacking 802.11b wireless
    networks. It will cover specifics behind WEP cracking using both the
    21-bit passphrase and brute force attacks, the Fluhrer, Mantin, and
    Shamir attack, and other injection based WEP attacks. It will also
    cover specifics behind protocol capture and injection attacks
    including disassociating nodes from an access point, re-associating
    them with another access point, basic man-in-the-middle scenarios, as
    well as some new 802.11b hardware/firmware and software based
    vulnerabilities. David is the main developer of the bsd-airtools
    project, a complete 802.11b penetration testing and auditing toolset.
    FX is the leader of the German Phenoelit research group. His and the
    groups interest is in less known or commonly ignored protocols,
    devices and techniques. As such his talk 'Attacking networked embedded
    systems' will show how to exploit design failures and software
    vulnerabilities in embedded systems such as printers and routers. The
    attacks range from simple design issue exploitation to code execution
    on the target for the purpose of compromise or use as attack platforms
    Advances in storage technology, networks, file system software,
    operating system advances and increasing mobility of data have all
    conspired to make getting rid of data very difficult. Kurt Seifried
    will discuss the software options for data deletion and encryption
    that are available and thier flaws.
    The polish research group LSD will be focusing on the development of
    assembly components within the Windows 2K/XP environment. They will
    show that security vulnerabilities, allowing for unauthorized
    execution of few dozen assembler instructions, have in practice the
    same high risk in Windows as on Unix platforms. During the
    presentation the details of developing assembly components along with
    proof of concept code will be presented.
    The Open Source Security Testing Methods came about as a need for an
    open, free security testing methodology in response to the numerous
    security testing companies who claimed to have a secret, internal and
    corporate confidential methodology for testing open source software.
    Pete Herzog will introduce the audience to the OSSTM and walk it
    through the effect it had on groups like the FAA, the US Government,
    Spanish government and Australian government helping to define their
    anti-terrorist initiatives.
    As previously announced Ofir Arkin, Rain Forest and Simple Nomad will
    also be presenting papers entitled 'Security Issues with VoIP', 'Web
    server Profiling' and 'Packetting Satan's Network' respectively.
    Mark Anderson            
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 01:35:37 PDT