CALL FOR PAPERS
The DEFCON 16 Call for Papers is currently open! It's time again to submit your hacktastic discoveries to be considered as a DEFCON 16 talk! New and interesting research is always welcomed in the realm of security, hardware hacking, social engineering, lockpicking, and anything else you can modify, bypass or reverse engineer. Out of the box thinking is what we're after... Go to the CFP Form and submit! Call for Papers ends May 15, 2008.
RESERVE A ROOM
Reserve your room early. The Riviera has special room rates available for DEFCON attendees: $98 per night double occupancy, with an additional $20 for the 3rd and/or 4th occupants. You can reserve online for the DEFCON Price by clicking here. For more on the Riviera, visit the Venue page.
GET INVOLVED
To get involved with DEFCON 16, go to:
DEFCON Forums
DEFCON Groups Page
Start a DEFCON Blog
To stay up on the most current news, check out the RSS Feed.
Speakers will be posted as they are selected.
Call for Papers is currently open, and ends May 15th. If you would like to speak at DEFCON 16, check out the CFP Form and submit!
Speaker List
Alphabetical by speaker
Robert Hansen
Tom Stracener
Xploiting Google Gadgets: Gmalware and Beyond
Tom "strace" Stracener
Senior Security AnalystRobert "Rsnake" Hansen
CEO SecTheoryGoogle Gadgets are symptomatic of the Way 2.0 Way of things: from lame gadgets that rotate through pictures of puppies to calendars, and inline
email on your iGoogle homepage. This talk will analyze the security history of Google Gadgets and demonstrate ways to exploit Gadgets for nefarious purposes. We will also show ways to create Gadgets that allow you to port scan internal systems and do various JavaScript hacks via malicious (or useful) gadgets, depending on your point of view. We've already ported various JavaScript attack utilities to Google Gadgets (like PDP's JavaScript port scanner) among other things. We will also disclose a zero day vulnerability in Google Gadgets that makes Gmalware (Gmodules based malware) a significant threat.
Tom "strace" Stracener is Cenzic's Sr. Security Analyst reporting to the office of the CTO. Mr. Stracener was one of the founding members of nCircle Network Security. While at nCircle he served as the head of vulnerability research from 1999 to 2001, developing one of the industry's first quantitative vulnerability scoring systems, and co-inventing several patented technologies. Mr. Stracener is an experienced security consultant, penetration tester, and vulnerability researcher. One of his patents, 'Interoperability of vulnerability and intrusion detection systems,' was granted by the USPTO in October 2005. Tom is the Senior Security Analyst for Cenzic's CIA Labs. Tom has spoken at various conferences including New York Security Conference, ISSA, OWASP, Defcon, and others.
Robert "RSnake" Hansen (CISSP) is the Chief Executive Officer of SecTheory. SecTheory is a web application and network security consulting firm. Robert has been working with web application security since the mid 90's, beginning his career in banner click fraud detection at ValueClick. Robert has worked for Cable & Wireless heading up managed security services, and at eBay as Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-cross-site scripting, and anti-virus strategies. Robert also sits on the technical advisory board of ClickForensics and contributes to the security strategy of several startup companies. Robert is best known for founding the web application security lab at ha.ckers.org and co-authoring XSS Exploits and Defense. Robert is a member of WASC, IACSP, and ISSA, and contributed to the OWASP 2.0 guide.
Top of page