Forwarded from: Mark Anderson <markat_private> FINAL ROUND OF HIVERCON 2002 SPEAKERS ANNOUNCED http://www.hivercon.com/ -- The submission deadline for this year's HiverCon security conference passed last Friday at midnight PST. Many long nights were spent by the organisers reading and rereading the submissions trying to find the right mix of speakers for the November event. In total ten speakers have been announced as confirmed to speak at HiverCon 2002. The industry recognized names will be presenting papers on a myriad of information security topics, introducing new tools and research, as well as discussing newly highlighted security problems and solutions. Before getting into the talk details it should be noted that Earlybird registration for the conference closes on October 1st and tickets are limited so order now and save 200 Euro. The venue for the conference, the Burlington Hotel, still has some reduced rate rooms available but that offer is also only open until October 1st. Richard Thieme (thiemeworks.com) will open the conference on November 26th with his keynote speech entitled 'Defending the Information Web'. Business consult, writer, professional speaker and security philosopher, Thieme's work has been published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine (Capetown). His talk will cast a wide net as he illuminates the on-going battle that is information security and our role in it. Dan Kaminsky (Doxpara Research) is the author of The Paketto Keiretsu, a suite of userspace tools to demonstrate new and highly useful functionality that lies dormant within existent, even stagnant networks. He will discuss his work on previously unrealised subtleties of the TCP/IP standard and some newly available cryptographic primitives will also be discussed and analysed for potential uses. Dan worked for two years, at Cisco Systems, designing security infrastructures for large-scale network monitoring systems. He recently wrote the spoofing and tunneling chapters for "Hack Proofing Your Network: Second Edition", and has delivered presentations at several major industry conferences. David Houlton (Dachb0den Labs) will present a technical overview of all of the current leading edge methods of attacking 802.11b wireless networks. It will cover specifics behind WEP cracking using both the 21-bit passphrase and brute force attacks, the Fluhrer, Mantin, and Shamir attack, and other injection based WEP attacks. It will also cover specifics behind protocol capture and injection attacks including disassociating nodes from an access point, re-associating them with another access point, basic man-in-the-middle scenarios, as well as some new 802.11b hardware/firmware and software based vulnerabilities. David is the main developer of the bsd-airtools project, a complete 802.11b penetration testing and auditing toolset. FX is the leader of the German Phenoelit research group. His and the groups interest is in less known or commonly ignored protocols, devices and techniques. As such his talk 'Attacking networked embedded systems' will show how to exploit design failures and software vulnerabilities in embedded systems such as printers and routers. The attacks range from simple design issue exploitation to code execution on the target for the purpose of compromise or use as attack platforms . Advances in storage technology, networks, file system software, operating system advances and increasing mobility of data have all conspired to make getting rid of data very difficult. Kurt Seifried will discuss the software options for data deletion and encryption that are available and thier flaws. The polish research group LSD will be focusing on the development of assembly components within the Windows 2K/XP environment. They will show that security vulnerabilities, allowing for unauthorized execution of few dozen assembler instructions, have in practice the same high risk in Windows as on Unix platforms. During the presentation the details of developing assembly components along with proof of concept code will be presented. The Open Source Security Testing Methods came about as a need for an open, free security testing methodology in response to the numerous security testing companies who claimed to have a secret, internal and corporate confidential methodology for testing open source software. Pete Herzog will introduce the audience to the OSSTM and walk it through the effect it had on groups like the FAA, the US Government, Spanish government and Australian government helping to define their anti-terrorist initiatives. As previously announced Ofir Arkin, Rain Forest and Simple Nomad will also be presenting papers entitled 'Security Issues with VoIP', 'Web server Profiling' and 'Packetting Satan's Network' respectively. Contact: Mark Anderson markat_private http://www.hivercon.com/ ### - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 01:35:37 PDT