 |
|
 |
|
|
|
Defcon 10 Speakers, Topics, and Bios
|
Ofir Arkin
Founder, The
Sys-Security Group |
XProbe, The Year After
Xprobe, written and maintained by Fyodor Yarochkin & Ofir Arkin, is an active operating system fingerprinting tool based on Ofir Arkin's "ICMP Usage in Scanning" research project (http://www.sys-security.com). Last year at the Blackhat briefings, July 2001, the first generation of Xprobe was released.
The tool's first generation (Xprobe v0.0.1) relies on a hard coded static-based logic tree. Although it has a lot of advantages (1-4 packets only, accurate, fast, efficient, etc.) the tool suffers from a major drawback - its logic is static.
At Defcon 10 we will be releasing Xprobe2, a complete re-written active operating system fingerprinting tool with a different approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.
As with the previous year - Don't miss the demonstration!
Ofir Arkin is the Founder of the Sys-Security Group (http://www.sys-security.com), a free computer security research body. Ofir has published several papers as well as articles and advisories. Most known are the "ICMP Usage in Scanning", and "Trace-Back" research papers. Some of his research was mentioned in professional computer security magazines. He is an active member with the Honeynet project and participated in writing the Honeynet's team book, "Know Your Enemy" published by Addison-Wesley.
|
Mick Bauer
Upstream Solutions, Inc.
mick.wiremonkeys.org |
Stealthful Sniffing, Logging, and Intrusion Detection:
Useful and Fun Things You Can do Without an IP Address
Centralized event-logging and automated intrusion detection are required tools for good network security. But what can you do to prevent your loggers and IDS probes from falling victim to the same attacks they're supposed to warn you about? As it happens, one cool thing you can do is run such systems without IP addresses. In my presentation I'll describe the benefits and drawbacks of this technique, and demonstrate how it can be used in conjunction with Snort, syslog-ng, and other standard *nix tools to build stealthful loggers and IDSes.
Mick Bauer is a Technology Counselor (information Systems security consultant and engineer) for Upstream Solutions, based in Minneapolis. His areas of expertise include firewall architecture and integration, security policy, network application security, and Unix and NT system security. Mick is the author of Linux Journal's popular "Paranoid Penguin" security columns, and of the upcoming book "Building Secure Servers With Linux" (O'Reilly and Associates, October 2002).
|
Scott S. Blake, CISSP
Vice President, Information Security
BindView Corporation
razor.bindview.com
|
The Politics of Vulnerabilities
The vulnerability reporting process is rife with competing interests. Research is conducted by software vendors themselves, paid consultants, government agencies, professional and academic researchers, as well as people who make their living in other ways. Each of these groups have particular interests in the process. The vendor of the targeted software has their concerns. The public at large has an interest in the process (and its results), but it is unclear what the public should be concerned with. This talk explores vulnerability reporting from all angles, including that of the public good. Atendees will learn a rudimentary cognitive framework for understanding the powers in play in vulnerability reporting and apply that to understand the present and the future of security.
As BindView's Vice President of Information Security and an internationally recognized security expert, Mr. Blake is responsible for providing security expertise to BindView's corporate strategy and operations. Before taking this role, he was the leader of BindView's RAZOR security research team. Prior to joining BindView, Mr. Blake designed perimeter security, network security architectures, and developed security policies for several large companies including leaders in financial services and telecommunications, as well as several large hospitals and universities. He has spoken at many security conferences, authored numerous articles on security topics and is frequently sought by the press for commentary. He holds a BA in Social Sciences (International Relations) from Simon's Rock College, an MA in Sociology (Political Theory) from Brandeis University, and is a Certified Information Systems Security Professional.
|
Saqib A. Khan, M.S.
SecurityV, Inc |
Stealth Data Dispersal: ICMP Moon-Bounce
This research is targeted at demonstrating that small amounts of data can be dispersed over IP based networks, utilizing the data payloads of existing protocols. Such data is expected to be kept alive on the ether until one chooses to retrieve it. The crux of the scheme is the fact that this type of data dispersal is expected to be extremely difficult to detect. Such a scheme also raises some very interesting aspects regarding using Internet traffic itself as virtual mass storage system, etc.
As an example, a specific technique created by the author, the "ICMP Moon-Bounce", will be presented that accomplishes our data dispersal goal.
Khan is the Founder and CEO of SecurityV, Inc. a cutting edge Network Security Auditing startup. Previous to SecurityV, Khan founded and ran Secure Networks Corporation, a succesful network security integration firm w/ offices in Harvard Square, Cambridge, MA. Prior to Secure Networks, Khan performed brief consulting stints at MIT, Sun, Checkpoint, and Lucent(INS) on multiple security and programming projects.
Khan's primary interests lie in Network Protocol Vulnerabilities, Artificial Intelligence, and Cosmology.
Nowadays, Khan resides in Miami Beach and spends equal time on partying and Network Security research. Khan has previously presented 5 techincal papers in various professional conferences. Khan has a Masters in Computer Engineering and a Bachelors in Electrical Engineering from Auburn University, AL.
|
GOBBLES Security |
Wolves Among Us
GOBBLES Security members will be giving a presentation called "Wolves Among Us", which will discuss the evil motivations of certain members and organizations of the security industry, the big companies that are underqualified for security and yet reap such incredible revenue for their services, the way the media is uninformed and further intentionally writes incorrect information concerning hackers, and more. Concrete examples will be cited, and then discussion on the greater ramifications of those examples will be held.
GOBBLES Security -- currently the largest active nonprofit security group in existance (that favors full disclosure). GOBBLES Security consists of 17+ members, ranging from the age of 15 to 28. Unlike some groups that make this claim, GOBBLES actually publishes advisories for the sake of security, and not as an opportunity to get some political vendeta aired -- and also publish advisories at a rate greater than one every three years.
|
Philippe Biondi
Cartel Sécurité |
Security at Kernel Level
Security is a problem of trust. Having a system that offers services to Internet and that can be trusted is very hard to achieve. Classical security models focus on the physical limit of the machine. We will see that it can be interesting to move the trust limit between user space and kernel space and that it is still possible to enforce a security policy from this trusted place. We will also see some practical aspects with a review of some implementations that exist for Linux kernels.
Philippe Biondi is a security consultant at Cartel Sécurité. He is involved in the developpement of LIDS. He does about everything that is related to computer security.
|
Ian Peters |
Rubicon - An Extensible Gateway IDS
IDSs have traditionally been seen as purely information resources, requiring human intervention in order to act on alerts. Recently, support for modifying firewall rules and killing active connections have begun to appear in IDSs, but these suffer from shortcomings. A desire has been recently expressed by many people for an active, 'Gateway' IDS (GIDS), allowing filtering and routing of traffic to be performed by a gateway computer using both traditional firewall-style rules, and also NIDS-style analysis. Rubicon was developed to supply this functionality, and more, in an extensible manner. This talk will discuss some shortcomings of current NIDS products, and hence the need for GIDS, the design and development of Rubicon, and the future for GIDS in general and Rubicon in particular.
|
Ken Caruso
Co-Founder of Seattlewireless.net project |
Community Wireless Networks, Friend or Foe to the Telecom Industry
Ken will talk about different types/implementations of community wireless networks. He will also discuss why companies in the industry like, dislike and do know what to make of the community wireless movement. Most importantly he will tell you why this movement is important and what role it has promoting privacy, community owned infrastructure, and peer to peer communications
Ken Caruso is a co-founder of the Seattlewireless.net project. Seattlewireless is focused on enabling people to build public/open wireless MAN in the Seattle Area. He is a network engineer by trade and by night evangelizes Community Wireless Networks.
|
|
Web Application Brute Forcing 101 - "Enemy of the State (Mechanism)"
This presentation focuses on the ease with which many web application Session IDs can be brute-forced, allowing an attacker to hijack a legitimate web user's online session (e.g. Slashdot, Apache, Register.com, PHPNuke, etc.). While a somewhat narrow area of web application security, the simplicity of the attacks and the prevalence of these vulnerabilities on the Internet make this an important topic. Malicious users can easily try (usually automated) combinations of well-known usernames and passwords, or indeed attempt all possible combinations of the accepted Session ID character set. However, the scope of a brute force attack can be greatly reduced when Session IDs are predictable in nature. The presentation will include an overview of the issues involved in exploiting predictable or "reverse-engineerable" Session IDs in popular web applications, including a demonstration with several real-world exploitation examples. It will conclude with a description of techniques both users and web developers can use to protect against these types of attacks.
David Endler is the director of iDEFENSE's security research group, iDEFENSE Labs. iDEFENSE is a global security intelligence services company that provides advanced warning and analysis of cyberthreats - from technical vulnerabilities to hacker profiling to the global spread of malicious code. Prior to iDEFENSE, Endler served with Deloitte and Touche LLP in the e-business security and technology practice. In previous lives, Endler performed security research for Xerox Corporation, National Security Agency, and Massachusetts Institute of Technology. Mr. Endler holds a B.S. and M.S. in Computer Science, and is an active member of the Open Web Application Security Project (OWASP).
Michael Sutton is a Senior Security Engineer for iDEFENSE Labs. Prior to joining iDEFENSE, Sutton established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. The ISAAS practice is responsible for information systems auditing on both external financial audit engagements and internal audit outsourcing. Consulting engagements included SAS 70 audits, attack and penetration tests, architecture reviews, computer forensics and designing security policies. Sutton has also worked in the Ernst & Young ISAAS practice in New York. He is presently pursuing a Master of Science in Information Systems Technology degree at The George Washington University and has a Bachelor of Commerce degree from the University of Alberta.
|
Len Sassaman
The Shmoo Group
Homepage |
Anonymity Services and The Law:
How to Safely Provide Anonymous Technology on The Internet
Anonymity technologies can be an essential life-saving tool for whistle blowers, human rights workers, political dissidents of oppressive regimes, and can provide a safe mechanism for the free-sharing of controversial ideas while protecting an individual's "true name" reputation. Due to the possibility of abuse of these systems, however, anonymity services are often criticized by law enforcement agencies and ISPs.
This presentation will examine some of the challenges that anonymity service providers face when their systems are used for controversial purposes, and will explore ways to mitigate the risk of operating an anonymity service.
Len Sassaman is a communication security consultant specializing in Internet privacy and anonymity technologies. Len is an anonymous remailer operator, and is currently project manager for Mixmaster, the most advanced remailer software available. In addition, Len has contributed to the development of personal encryption software and standards.
|
Rich Murphey, PhD |
FreeBSD Exploits and Remedies
This talk continues the review of system hardening and security management presented in the BlackHat talk, "Locking Down Your FreeBSD Install". We walk though well-known exploits for the FreeBSD 4.5 release, showing the mechanisms and effects on the system. We then discuss the way in which the vulnerability is assessed and monitored, and the ways in which the system can be hardened or access controls can be refined to reduce the risk of exposure. For each of these, we show the key features of the bundled tools for monitoring and controlling access.
Rich Murphey was a founding core team member of FreeBSD and Xfree86. He received a PhD in Electrical and Computer Engineering from Rice University, was on the Faculty of the University of Texas Medical School in Galveston, and was Chief Scientist at PentaSafe Security Technologies before joining NetIQ recently. His main interests are development of Beowulf clusters and Intrusion Detection Systems.
|
Roelof Temmingh
Technical Director,
Founding Member
SensePost
and
Haroon Meer
Technical Security Specialist
SensePost
|
Setiri: Advances in Trojan Technology
The presentation will describe the inner workings of the Trojan "Setiri". Setiri leads a new wave of Trojan Horse technology that defeats most conventional security devices including personal firewalls, NAT, statefull inspection firewalls, IDS, proxy type firewalls and content level checking. The presentation will focus on the setting up of a bi-directional communication stream in non-conducive environments, rather than describing the features of the Trojan.
The presentation will include an online demonstration - a well-protected PC located inside a heavily protected environment will be Trojaned with Setiri. The computer will be taken over by a Controller that is situated outside of the network. At the same time network traffic will be manually inspected.
Roelof Temmingh is the technical director and a founding member of SensePost. After obtaining his degree in electronic engineering in 1995, he helped to establish SensePost along with some of South Africa's leading IT security minds. He is currently involved in the coding of proof of concept code, and the practical realization of complex security concepts. Roelof has been a speaker at the 2001 Summercon conference and the 2002 Black Hat Windows conference.
Haroon Meer joined SensePost as a Technical Security Specialist after over 7 years in the Networking/Security industry. He has a wide background in security & networking from writing code to administration of large Campus networks. He is currently heavily involved in the development of additional security tools and proof of concept code and has been a speaker at the recent Black Hat Windows Briefings in New Orleans.
|
Nate Rotschafer, MCP
University of Nebraska at Omaha
http://www.geniussystems.net |
N Stage Biometric Authentication
The topic will be about using biometric authentication as part of a multiple stage authentication mechanism. This discussion will explore various applications and flaws with the technology along with some of my ongoing research into a replay attack on the devices by capturing what "goes down the wire".
I am a sophomore at the University of Nebraska at Omaha working towards a degreee in computer science with a focus in information security along with a degree in computer engineering. I've done research on the topic of biometrics for local conferences and was recognized by the university as a Scott Scholar.
|
Vic Vandal
504/NOLAB |
Intelligence Gathering
This comprehensive talk covers the tools and techniques used in corporate espionage, information warfare, and private investigation. It also includes an overview of laws that one must be aware of before employing such tools and techniques.
Vic has been employed as an "InfoSec Samurai" by various government entities for the past 13 years. He was "drafted" (kicking and screaming) into the InfoSec discipline to develop proprietary security software for a specific government agency, and the rest is history. Some of the sensitive federal data he has helped protect has belonged to the CIA, DEA, Secret Service, Treasury Dept, Commerce Dept, and every other federal agency in existence. He has also done the same for the Department of Defense, Navy, Marines, and Army. He has worked extensively in every area of information security. Any more 411 and he'd have to kill you (heh).
|
Error
yak.net
lostinthenoise.net
ruckus.org |
Neuro-Linguistic Programming (NLP)
This talk is primarily about psychology and relates to typical programming in no way. Neuro-Linguistic Programming is best described as new age pseudo science by some and the future of psychology to others.
Through this talk on NLP you will learn about the ability to control and otherwise manipulate as well as teaching via "knowledge encoded linguistic algorithms." You should also gain the ability to do a "cold read." You will also learn about "NLP modeling." Some should walk away with a greater understanding of human psychological patterns.
About me: Happily spreading memes for years to come.
|
Tony 'Xam' Kapela
Bruce Potter
Adam Shand
|
Wireless Networking
Wireless networks have seen explosive growth in the last year. Wardriving a city last July resulted in only a handful of access points. Now there are hundreds if not thousands of access points in every city in the nation. And during the same time holes have been shot in all major wireless security protocols. People deploying wireless technologies are either unaware of the risk involved or have decided the productivity gain out weighs the risk. We feel it is more of the former than the later. This presentation will discuss contemporary issues in wireless network security. While we will discuss some of the basic foundations of wireless security such as WEP, the talk will be more focused on the state of the art. The speakers all have heavy backgrounds in community wireless networking using open standards and living in hostile environments. They will draw upon their knowledge to give the audience an idea of where they can expect wireless security to go in the next year.
Tony Kapela (aka: Xam) -- Asside from being a full-time student in Madison, Wisconsin, Tony choses to spend part of his free time thinking about wireless systems and mesh networking. His more recent projects include "MeshMadison" -- a network aimed at open community transport, supporting transparent roaming in downtown Madison. His other interests include ethernet adultry, HPNA acrobatics, and playing drums.
Bruce Potter -- Bruce is the founder of the Shmoo group of security professionals (www.shmoo.com). He is also the founder of the NoVAWireless community wireless network group in Northern Virginia. He has a soon-to-be published book on Wireless Network Security with O'Reilly.
Adam Shand -- Adam started PersonalTelco in November 2000 due to a happy series of coincidences. He believes that information wants to be free despite the fact that people want to be paid.
|
Gregory S. Miles Ph.D., CISSP, IAM AKA 'DOC'
CIO, Security Horizon, Inc |
Anatomy of Denial of Service Mitigation Testing
DOC has had the privilege of working on a project that was focused on looking at new product technologies relating to DOS and DDOS mitigation. Several commercial companies were formed who's entire focus was to find solutions to DOS and DDOS issues. Different types of detection were used in each product from pure rate analysis to statistical analysis and anomaly detection. This talk will focus on the testing methodology, testing results, lessons learned, and thoughts on the direction that this technology will be moving.
DOC has over 15 years of information technology and security experience in the USAF, Defense Information System Agency (DISA), commercial and manufacturing industries. DOC is CIO for Security Horizon, Inc, a security professional services firm with HQ is Colorado Springs. His focus there has been on Organizational focused activities to include security assessments, policy and procedure development, and project management. He is also an authorized instructor of the NSA INFOSEC Assessment Methodology. DOC has built and managed Computer Incident Response Teams (CIRT) and provided extensive technical and project management skills related to information security. He has served as Director, CyberCrime Response, responsible for CIRT, Computer Forensics, and Training responsibilities. He has served as an INFOSEC Program Manager, where he was responsible for establishing and supporting the worldwide security program for the U.S. Defense Information Systems Agency's Field Security Operations, to include Computer Emergency Response Teams (CERT) in 5 locations worldwide. Greg also served as a Senior INFOSEC Engineer, supporting NASA's efforts with the Earth Observing System. DOC served 6 years in the U.S. Air Force with a concentration in Information and Security. He has authored articles for security periodicals and websites, to include "The International CyberCrime Journal, DuckTank (now Security Horizon), and Small Business Marketing Ideas. DOC has been a previous technical speaker at the BlackHat Briefings and APCO conventions.
|
TechnoDragon |
Making a Non-portable Computer System Portable
This will cover a range of information from wearable systems to homebrew mp3 players for cars to even network intrusion devices. Things such as user input, displays, storage and data access, along with remote / wireless access will also be covered.
|
Jennifer Stisa Granick, Esq.
Litigation Director
Center for Internet and Society
Stanford Law School |
The USA PATRIOT Act and You
This presentation will update attendees on changes to the law under the USA PATRIOT Act, with special emphasis on how the changes may effect political activists and the investigation and prosecution of computer crimes.
Jennifer Stisa Granick is a Lecturer in Law and Director of the Litigation Clinic at Stanford Law School's Center for Internet and Society. Ms. Granick's work focuses on the interaction of free speech, privacy, computer security, law and technology. She is on the Board of Directors of the Honeynet Project, a computer security research group, and has spoken at the National Security Agency, to law enforcement officials and to computer security professionals from the public and private sectors in the United States and abroad. Before coming to Stanford Law School, Ms. Granick practiced criminal defense of unauthorized access, trade secret theft and e-mail interception cases nationally. She has published articles on wiretap laws, workplace privacy, and trademark law.
|
Jon Miller - Humperdink
Sr. Security Engineer
Covert Systems
23.org |
Securing your Windows Internet Server
I will show people how to secure different Windows servers using common sense and a variety of different tools. The fundamentals can be applied to any Windows server whether it is NT 4 / 2000 / .NET as well as IIS or Exchange. I will also walk people thru many good security tools that are a must have for any Windows server. I will actually secure a server at the talk that will later be placed on the CTF network. I will anounce a FTP location at my talk where all of the tools I will feature can be downloaded from.
|
Dan Kaminsky
DoxPara Research |
Black Ops of TCP/IP: Work NAT, Work. Good NAT. Woof
Communication under TCP/IP networks has become extraordinarily popular; still, there remains significant problems that as of yet have remained unsolved within its layered rules. So, lets break the rules, elegance (and possibly security) be damned. Signficant new techniques and code will be unveiled to answer the following questions:
A) Instant Portscan
Is it possible to discover instantaneously what network services have been made available, even on massive networks?
B) Guerrila Multicast
Is it possible to send a single packet to multiple recipients, using today.s multicast-free Internet?.
C) "NATless NAT"
Is it possible to share a globally addressable IP address without translating private IP ranges a la NAT?
Is it possible to allow incoming connections to an IP multiplexed in this manner?
D) NAT Deadlock Resolution
Is it possible to establish a TCP connection between two hosts, both behind NATs?
Various interesting uses of these new packet-level primitives should be discussed, and OpenSSH will trotted out as the method of bringing some degree of security unto the resulting chaos.
Dan Kaminsky, also known as Effugas, worked for two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems. He recently wrote the Spoofing and Tunneling chapters for "Hack Proofing Your Network: Second Edition", and has delivered presentations at several major industry conferences, including Linuxworld, DefCon, and past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he is the founder of the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University.
|
zSnark |
Building Secure Wireless Networks
Wireless has become quite popular in network scenarios from the basic home network to the corporate LAN to the point-to-point backbone tying together offices or job sites. Wireless security and security breaches have been getting lots of press as have various vendors' multitude of proposals for cute proprietary ways to solve some of the problems in currently available products (primarily 802.11) by retrofitting them with better encryption, better authentication, tightly integrated access control, etc. What is lacking is a well-defined practical approach for the administrator in deploying (or the auditor in testing) a wireless network with currently available technology. This talk will begin with an overview of my present threat model and the details of various attacks against typical wireless networks. Following this I will give a walk-through of building a secure 802.11 LAN as well as the monitoring and auditing necessary to keep it secure. Time permitting I will also bring up a guest or two to discuss several "theoretical" attacks and other things yet to be revealed.
zSnark specializes in wireless networking and general UNIX tomfoolery. He is a member of the GhettoHackers and supports his local 2600. Among other things his alter ego spends most of his days working on wireless networks and various projects including SeattleWireless. See openbs.org or ghettohackers.net for his infoz.
|
Steve Schear |
GNU Radio
Wireless communication devices have traditionally been exclusively hardware in nature. Software has augmented and is now replacing basic functional elements of radio systems. The conclusion of this process is a radio where almost all functions are performed by software. GNU Radio is a collection of software that when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software. What this means is that it turns the digital modulation schemes used in today's high performance wireless devices into software problems.
Steve Schear is the CEO of Lamarr Labs. He has led development of commercial spread spectrum radios and held engineering, business development and marketing positions at TRW, Citicorp, Cylink, Com21, Mojo Nation and Counterpane Internet Security. Steve is currently the project administrator of GNURadio.
|
Dr. Walter C. Daugherity
Texas A&M University |
Quantum Computing 101: How to Crack RSA
The brand-new technology of quantum computers offers the prospect of exponential speedup, making heretofore infeasible problems like cracking RSA conceiveable. The fundamentals of quantum computing are presented, and how a quantum computer could be used to crack RSA is described.
Dr. Walter C. Daugherity is a Senior Lecturer in Computer Science and Electrical Engineering at Texas A&M University. He received a bachelor's degree from Oklahoma Christian University, and master's and doctor's degrees from Harvard University. His research interests include fuzzy logic, object-oriented programming, and quantum computing. With David A. Church he created the first course in quantum computing at Texas A&M University, which will be offered for the third time in the fall semester this year.
|
Gingerbread Man |
Lock Picking: Techniques and Tools for High Security
The talk will cover current techniques used for picking locks such as mushroom pin tumblers, medeco, abloy, and tubular locks. The talk will also cover how to formulate attacks on new locks.
I am a self taught hobbyist. I have five years experience in amateur locksmithing. I am currently attending a Canadian University as a Computer Science major.
|
Agent OJ
Team2600 |
Applescript (in)Security in OS X
AgentOJ, a Macintosh programmer for Team2600, will be speaking on Applescript in the OS X environment, covering both attack and defense tools using Applescript. Topics covered will include: Applescript as an information gathering tool (system info, list of users, open services, etc). Applescript as an attack tool (applescript trojans, destructive scripts, exploiting scriptable applications, and a proof of concept applescript trojan). Applescript as a defense tool (log checking, locking down an OS X system, automating network security scripts, and a proof of concept applescript defense suite). General applescript security practices will also be covered.
|
John Q. Newman |
Post 9/11 Privacy
No bio or topic synopsis available at this time, however John is an exellent speaker and his lectures are always entertaining as well as informative
|
DJ Sweet Sensation |
SNMP Attacks/Security
No bio available
|
Michael I. Morgenstern
Global InterSec, Moderator
Richard Schaeffer
National Security Agency
Marcus H. Sachs
Office of Cyber space Security
O. Sami Saydjari
SRI International
Steve Lipner
Microsoft Corp
Tom Parker
Global InterSec
|
Disclosure: The Mother of All Vulnerabilities
Michael Morgenstern will be leading a panel comprised of several individuals from the 'other side' of Information Security. Panel highlights will include:
An overview on vulnerability disclosure in the past
Potential impacts of irresponsible disclosure
New threats (Does cyber terrorism exist?)
The vulnerability disclosure "food chain"
The issues involved in the handling of a new vulnerability, from the perspective of a commercial software vendor.
What "responsible disclosure" means.
The ideal disclosure metric, is it plausible?
Ways in which communities can work together to better the disclosure process.
There will be time for questions during and after the presentation
|
Robert 'V1ru5' Lupo |
Introduction to Computer Viruses:
Understanding the Fundamentals of How to Identify, Remove and Defend Against Hostile Code
This talk will cover:
How different computer viruses work "boot sector, file infector, multi-parti, VBS, Java, the different OS viruses, etc..."
How to remove different computer viruses with and without anti-virus software.
How to defend against computer viruses and hostile code.
Computer viruses and different operating systems.
The future of computer viruses and hostile code.
Robert Lupo "V1RU5" currently works for Expedia.com as there global network security engineer. He has several certifications in security including CCSA, CCSE, Internet Security Certified, and MCSE. Robert has lectured at Defcon in the past plus H2K, H2K2, University of Illinois, North Dakota State University and others nation wide.
|
Michael Rogers
Exceptional Software Stratagies, Inc |
Steganographic Trojans
As anti-virus manufacturers develop more efficient techniques for stopping an infection, potential attackers must become more cunning and resourceful in their deployment methodologies; they must create "invisible" code...but how? What are the possibilities of developing an invisible virus or Trojan?
The purpose of this talk is to explain the research we have collected, and to identify potential distribution methods, including JPEG, MPEG, and MP3, which may utilize steganographic hiding techniques to obfuscate the source code of various programs such as viruses and Trojans.
Michael has been working in the information security field for 4 years and is currently the Senior Security Engineer for Exceptional Software Strategies, Inc, located in Baltimore, Maryland.
|
hellNbak
NMRC
|
Selling Out For Fun and Profit
Recent events in the security industry have caused multiple groups to cry foul and claim that many so called hackers have sold out. A war of words has errupted between those crying foul and those who have apparently sold out. Most recently, Gweeds presented a talk at H2K2 that touched on many nerves when he pointed fingers at specific people in the security industry.
While the talk given by Gweeds was based mostly on made up stories and FUD he touched on some points that deserve a bit of attention. Additionally, the articles written in The Register by Thomas Greene points out that the media in general has a responsibility to verify facts -- somthing does not seem to be hapenning.
The talk presented by hellNbak will address these issues along with some of the dirty little secrets in the security industry. In general, Hackers hack for the quest of knowledge and the ability to be places that others cannot go. Based on this, Hacktivism, cyberterrorism, and selling out is a myth and until hackers are hacking for a real cause it always will be.
hellNbak has been around the IT Security industry for 11 years and a member of NMRC for three of those years. He has worked in a security related capacity for large companies such as IBM, BindView Development and Ernst & Young. Up until this year, hellNbak has found it necessary to hide behind his NMRC nym but after DefCon hellNbak, now a self employed Security Consultant, no longer needs the cover of a nym to protect himself from clueless managers and threatening venduhs.
|
Richard Thieme
Thiemeworks |
1992 ... 2002 ... 2012 ...
Hacking: The Next Ten Years
Ten years ago hacking was a frontier; ten years from now, hacking will be embedded in everything we do, defined by the context in which it emerges. Real hackers will be pushing the frontiers of information networks, perception management, the wetware/dryware interface, and the exploration of our galactic neighborhood. Mastery means not only having the tools in your hands but knowing that you have them ... and using them to build the Big Picture. Richard Thieme illuminates how to do that.
Richard Thieme is speaking for the seventh year at Def Con. He is a contributing editor for Information Security and has written for Wired, Forbes, Salon, and Secure Business Quarterly. He recently spoke for the FBI's Infragard Superconference, FS-ISAC and the Dept. of the Treasury as well as other hacker cons and numerous businesses and associations. His column Islands in the Clickstream is at www.thiemeworks.com.
|
Kevin Spett
SPIDynamics |
SQL Injection
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this talk is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general.
Kevin Spett is a web application security expert and researcher. His discovery new SQL injection attack techniques and frequent security mailing list postings have made him among the most respected web application security professionals in the world. Kevin's responsibilities include maintaining the SPI Dynamics SecureBase and researching web application security concepts and software. He has been a SPI Dynamics employee since its inception.
|
John L. Dodge
Steve S. Mautsatsos
Bernadette H. Schell
|
Should Organizations Employ Hackers?
Implications Drawn From the Book Hacking of America
This DefCon10 presentation, while drawing from the study, will discuss the implications of employing hackers in the work place. The book Hacking of America (Greenwood, 2002) reports on the Laurentian University study of the hacker community and in particular the conference participants of DefCon8 and H2K. The study data was collected though a 20 page self-report questionnaire completed by hackers at these conferences. It was also supplemented by selected in-depth interviews.
John Dodge is a Full Professor of E-Business at Laurentian University, Canada, Bernadette Schell is the Dean of Business Information Technology at the University Of Ontario Institute Of Technology (UOIT), Canada and Steve Moutsatsos is a partner with the law firm Weaver Simmons.
John L. Dodge Is the Director of the Electronic Business Science Program and is a professor within the School of Commerce of Commerce and the Department of Math and Computer Science at, Laurentian University, Sudbury, Ontario, Canada. As a partner in a management-consulting firm, he lectures and consults widely on e-business and organizational strategic issues. Prior to his academic appointment, he was President and CEO of a venture capital firm, and Vice-President Development for a mining and development company. He holds a Bachelor of Engineering from Dalhousie University, a Master of Business Administration from Ivey School of Business, University of Western Ontario and a Ph.D. from the University of Bradford in the U.K. He is a Certified Management Consultant (CMC) and a Professional Engineer (P. Eng.).
Steve S. Moutsatsos, LLB (Queen's University, Ontario), LLM (LSE), is a partner with the law firm of Weaver, Simmons, Sudbury, Ontario, Canada. He has practiced as a commercial lawyer in the information technology field for over twelve years, acting as counsel for both multinational technology companies as well as various small software developers and internet start-ups. Steve is a part-time lecturer at Laurentian University, where he also serves on the Board of Governors.
Bernadette H. Schell is Dean of Business Information Technology, Universi_ty of Ontario Institute of Technology (UOIT), Canada and President of an HR consulting firm in Sudbury, Ontario. She lectures widely on stress management, executive stress, and stalking protection measures. She is also author of a Self-Diagnosis Approach to Understanding Organizational and Personal Stressors (1997), Management in the Mirror (1999), and Stalking, Harassment, and Murder in the Workplace (2000), all published by Quorum Books. She is the recipient of the Laurentian University Research Excellence Award (2000).
|
FozZy
Hackadamy
Hackerz Voice Newspaper
DMPFrance |
Advanced Shellcodes
Shellcodes are tiny machine language programs designed to be injected inside a vulnerable process and executed with its priviledges. They traditionaly do simple actions, like exec-ing a shell or writing to a file. They can be easily defeated by host intrusion prevention and detection systems like filesystem ACL, kernel system calls ACL, non-privileged chrooted processes, etc. Is it possible to bypass these security measures, or at least take advantage of what they permit ? In this talk FozZy will present how to design small polymorphic shellcodes downloading encrypted modules or binaries and executing them directly in memory. (ever got a shell without running /bin/sh ? ;) Trough live demos with HIDS and NIDS on, we'll see the limits of current security systems on open-source OSes.
FozZy is the director of the french "Hackademy" and chief redactor of the newspaper "Hackerz Voice". Topics covered include computer and network security and intrusion, real social engineering attempts, french credit and phone cards hacking, and hardware hacking.
|
Mr. Michael Glasser CRL AKA Laz |
High Security Locks, and Access Control Products
The topic of the talk will be covering both high security locks, and access control products. The locks covered will be including, Medeco, Mul-T-Lock, Assa, Fichet, Concept, Miwa and others. The access control technology will cover, Proximity cards, Mag stripe cards, Biometrics, keypad technology, and others.
Questions will be answered on other topics, such as safes, standard locks, lock picking, CCTV, computer security, and other security issues.
Michael Glasser is an ALOA Certified CRL and a New York State Licenced Alarm Installer. He is a member of both ALOA, and the North Jersey Master Locksmith Association.
He currently is working as a manufacturers rep for access control and security electronics. The companies he reps are Bioscrypt, IEI, Recognition Source, Tatung, and others.
|
Roger Dingledine
The Free Haven Project |
The Mixminion Anonymous Remailer Protocol
Mixminion is a message-based anonymous remailer protocol intended to take the place of the old Mixmaster network. Mixminion provides secure single-use reply blocks (Mixmaster provides no support for replies, instead relying on the older and less secure Cypherpunk remailers), and introduces nymservers that allow users to maintain long-term pseudonyms using single-use reply blocks as a primitive. It also integrates directory servers that allow users to learn public keys and performance statistics of participating remailers. I'll cover a variety of serious anonymity issues with Mixmaster and other deployed networks and published designs, and also describe some of the many surprising anonymity risks that come from adding these new services.
As a cryptographer and network security expert, Roger Dingledine lives in that space between theory and practice. He prefers to tackle the really hard problems so one day we can build real solutions. Current interests include anonymous publishing and communication systems, censorship-resistance, attack-resistance for decentralized networks, and reputation.
|
Thomas J. Munn, CISSP
and
tgr2mfx
|
Using Filesystem Crypto and Other Approaches to Protect Your Data/Privacy on BSD and LINUX
This talk will cover using the LOOP-AES package to encyrpt data on a removable, USB hard disk in linux.
The presentation will focus on using encryption to protect your data, via using GNUPG, removable keychain, and a removable hard disk, to encrypt your home directory. It will focus on how to install the USB device, include a script for getting things going "automagically", and installing the LOOP-AES patch to both a stock and a custom kernel. The bsd portion of the talk will cover the use of tightvnc, ssh tunnels, 802.11 and vnconfig to keep personal data personal in a business environment.
Thomas Munn-- Thomas Munn started security in 1997, working for Kellogg's on a now defunct firewall. He has worked in the financial, health, and cereal industries. He has spoken at the last 3 defcons, on topics ranging from personal firewalls to automated intrusion detection ideas. His outstanding accomplishments are: setting up a SNORT IDS box, integrating windows and NT via ssh, and getting a loopback device to encrypt his homedirectory. His first computer was an Atari 800. He enjoys meeting hacker types and learning from them. He knows a little perl, and is a LINUX guru, with a smattering of OPENBSD. He despises Microsoft Windows.
tgr2mfx-- tgr2mfx has been #!'ing in an Installshield world since the days of BSD/386. He hails originally from Plessis, NY but streetraces in Denver now. Wills current projects are writing fibonacci sequencers in bourne shell, fidgiting with a bourne shell SQL equivalent for /etc, a p2p file sharing system (using multicast-ip6, ssh and nfs) and an automagic src and ports installer for OpenBSD.
|
Michael Schrenk |
Introduction to Writing Spiders and Web Agents
You can have a lot of fun with the Internet by ditching your browser in favor of writing special purpose programs that look for -- or do -- very specific things on the Internet. This session will equip you with techniques to extract and interact with data from web sites without a browser, parse and filter data, follow links, deal with encryption and passwords, and manage terabytes of information. You'll also learn why writing these programs is a useful activity, and walk away with ideas and abilities to write useful spiders or web agents of your own design.
Michael Schrenk is a freelance Internet developer, instructor and writer. Much of his consulting business revolves around the creation of spiders, which search the Internet for information of value to his clients. He has also developed web strategies and online applications for Disney, Adidas, Nike and many others.
|
Ian Vitek iXsecurity |
Citrix and Terminal Services
Citrix and Terminal Services are becoming very popular.
Ian Vitek will speak about:
Scanning and finding Terminal Services and Published Applications.
This will include statistics of open and vulnerable servers.
Connection to Published Applications. This can be harder than you
think. Most of the servers have Published Applications.
You can’t just see them.
Breaking out from the given environment and elevation of rights.
Demonstration.
The way administrators set up their Citrix servers every so often the
Citrix client can’t enumerate Published Applications or connect to
them from Internet. Tools for enumerating and connecting to Published
Applications will be released.
Ian Vitek has been working for iXsecurity in Sweden as a Penetration
Tester for seven years. He is more a networking guy then doing
assembly stuff. He is the writer of macof and briiis.
|
Nicolas Fischbach
and
Sébastien Lacoste-Seris
|
Layer 2, Routing Protocols, Router Security & Forensics
Our talk will cover the (in)security of layer 2
protocols (CDP, xTP, HSRP, VRRP, VLANs, etc) and its consequences. We
will also discuss routing protocols attacks and how to (try to) protect
your infrastructure. The architecture, security, secure management
and forensics of routers and switches will also be covered. This last
part of the talk will be complementary to the presentation from FX of
Phenoelit.
Nicolas Fischbach is managing the IP Engineering Department and Sébastien Lacoste-Séris is the Security Officer and managing the IP Research & Development Department at COLT Telecom AG, a leading provider of high bandwidth data, Internet and voice services in Europe.
Nicolas and his team are working on network, system and security architectures for the Swiss network. Previously he was dealing with the Internet Solution Centre deployment and security processes/auditing for major financial institutes, insurance companies and large hosting/housing projects. He worked for a french ISP and he's also teaching network and security courses in engineering schools and universities. He has an Engineer degree in Networking and Distributed Computing.
Sébastien Lacoste-Séris is leading the Research and Development department for COLT Telecom AG and is also in charge of the security for Switzerland. His team is mainly working on the evaluation, integration and development of new IP based technologies. He previously worked for several major European ISPs as a network and security architect, he also did consulting and software auditing (ITSEC) for a security company. Sébastien holds a Degree in Computer and Network Engineering.
Nicolas and Sébastien are co-founders of Sécurité.Org a french speaking portal on computer and network security, and are frequent speakers at technical and security conferences. You can reach them at webmaster@securite.org
|
Sean Lewis subterrain.net |
BSD Security Fundamentals
FreeBSD security fundamentals will cover some security basics as well as
advanced topics on FreeBSD host and network security. Emphasis will be
on hardening a FreeBSD machine from the inside-out, locking down ports,
services, filesystems, network activity, etc. Some of the material
presented in this talk will be BSD-agnostic, and some will apply to a
UNIX environment in general. Review of several recent UNIX security
vulnerabilities and valuable information on monitoring and safeguarding
your system as well as your network.
Sean Lewis has over six years of computer security experience, focusing
mainly on UNIX systems - hardening, penetration testing and kernel-level
lockdown of servers in various roles. Sean has
designed systems for various large organizations that assume critical
network roles and must be among the top host-based secured machines on
the network. Using open source technology, these
systems are not only some of the most secure machines you can find, they
are also some of the least expensive. Sean is a Checkpoint Certified
Security Administrator, and has in-depth knowledge of
firewall installation and maintenence as well as penetration testing and
evasion tactics with popular firewall products in use in Corporate
America. Sean has also designed networks of varying scales,
including a high-speed, high-availibility B2B e-business trading
infrastructure that attracts millions of hits per month. Sean also has
experience with Windows NT and 2000 security as well as a large
deal of work with networking devices such as switches and routers. He
also has published several documents regarding Windows NT and IIS
security, including 'quick checklists' for post-installs and
ongoing maintenence currently in use by several large organizations.
|
Lucky Green Cypherpunks.to |
Trusted Computing Platform Alliance: The mother(board) of All Big Brothers
The Trusted Computing Platform Alliance, which includes Intel, AMD, HP,
Microsoft, and 180 additional PC platform product vendors, has been
working in secrecy for 3 years to develop a chip which will begin
shipping mounted on new PC motherboards starting early next year.
This tamper-resistant Trusted Platform Module (TPM) will enable operating system and application vendors to ensure that the owner of the motherboard will never again be able to copy data which the media corporations or members of the TCPA don't wish to see copied, or to utilize the TCPA's software applications without pay.
Lucky Green will explain the history of the TCPA and the alliance's
efforts, identify the dominant players in the TCPA and their objectives,
discuss how the members of the TCPA will be able to limit and control a
user's activities by remote, show how TPM's might permit a software
vendor to exploit a bug in the GNU General Public License (GPL) to
defeat the GPL, and detail previously unthinkable software licensing
schemes which the TCPA enables.
Lucky will then analyze the bill currently pending in the U.S. Congress
(S. 2048 S.2048) that will
make it illegal to sell PC hardware in the future that does not comply
with the TCPA's specifications.
Lucky Green has been a long-time activist in the Cypherpunks
cryptography advocacy movement. He is best known for his role in
coordinating the reverse engineering and break of the GSM digital mobile
telephony authentication and voice privacy systems, showing that the
systems had been deliberately weakened in the interest of facilitating
national intelligence collection. Lucky also FedEx'ed, at his own
expense, crates of PGP source code books to Europe, becoming the first
person to legally export PGP from the United States. Faced with a
demonstration of its absurd position that it was legal to export books
from the U.S., but not electronic copies of the source code contained
within those books, the U.S. Government came under increasing pressure
from industry and was forced to relax governmental controls on strong
cryptography in January of 2000.
|
Ryan Lackey |
Anonymous, Secure, Open Electronic Cash
Electronic cash has been the lynchpin of cypherpunk software goals for
decades -- yet, there is no viable electronic cash system in the
marketplace. We will describe the theory, applications, past
attempts, politics, failures, and successes in the field. We present
a specification and implementation of a new
system which is secure, open, extensible, Free, and which will
hopefully avoid the technical and strategy mistakes which plagued
earlier systems. We will solicit developer involvement in creating
applications which use this infrastructure. We hope this
infrastructure is a first step toward limiting the power of
governments and other oppressors vs. individuals
and small groups throughout the world. It is also an example of how
to proivide a critical infrastructure application, in an open-source
form, in the post-dotcom world, and a generally-applicable
demonstration of how security hardware and software can be used in
applications to win user trust.
Ryan Lackey, founder and CTO of HavenCo, has been involved with
electronic cash and other cypherpunk applications for years. In
addition to HavenCo and living full-time on Sealand, he works on
several open-source software and hardware projects which are finally
ready for public launch. He has a great interest in seeing technology
deployed in the service of individuals fighting against the State.
|
William Reilly
and
Joe Burton
|
Dmitry Sklyarov and the DMCA: 12 Months Later
Joe Burton will discuss the events that lead to Dmitry's arrest last July in
Las Vegas for violating the DMCA. Joe will also discuss the legal issues
surrounding the case, the current status of the criminal proceedings in
California and some thoughts on the future of the DMCA. Joe has been one of
the nation's leading critics of the aggressive civil and criminal
application of the DMCA's anti-circumvention provisions. Bill Reilly will
discuss how non-US software developers and others can avoid falling into US
digital jurisdiction by analyzing how the Federal government brought charges
against Dmitry. Joe and Bill will also discuss how the DMCA, the USA Patriot
Act and other recent legal developments are increasing the liability for
network administrators and network security specialists.
Bill Reilly is a California-based attorney who specializes in Network
Security and Intellectual Property law. He is a GIAC-certified Advanced
Incident Handling Analyst and author of numerous articles on network
security law. He is also Managing Editor of the Journal of Internet Law and
writing a network security law handbook for system administrators and CIOs.
Joe Burton is a partner in the San Francisco office of Duane Morris LLP, a
national law firm with approximately 500 lawyers. Joe is the defense counsel
for ElcomSoft Co., Ltd., Dmitry Sklyarov's Russian employer. Joe also
represented Dmitry in his initial court appearances last summer in Las Vegas
and San Jose. Joe practices in the area of complex civil, criminal and
appellate litigation. His practice includes trade secret and patent
litigation with an emphasis in cybercrime and cybersecurity matters. Joe was
also former chief of the U.S. District Attorney's office in San Jose, where
he initiated and supervised all federal prosecutions in the San Jose venue,
reporting directly to the United States Attorney in San Francisco.
|
Adam Bresson adambresson.com |
DEF CON 10 Talk: Consumer Media Protections
Did you buy The Fast and the Furious Soundtrack only to find out you couldn'
t archive the songs to MP3s on your PC? Companies including Vivendi
Universal, AOL Time Warner and Sony employ different protection methods on
DVDs, video games and CDs. Many consumers argue that these protections
abrogate their legal rights. I'll be presenting a broad overview of these
Consumer Media Protections (CMPs) and will conduct demonstrations of how to
identify and bypass them. I will focus on bit-level video game, video signal
and audio CMPs. Whichever side of the legal argument you fall on learn the
law, learn your rights and speak-up.
Adam Bresson owns GreentreePC a Los Angeles-based on-site network consulting
service. At DEF CON 8 and 9, he spoke on Palm and PHP security,
respectively. He founded and continues to develop two exciting Internet
startups: Recommendo.com and GetAnyGame.com
|
Skrooyoo
LA2600
and
Grifter
SLC2600
|
Resurrecting the Scene Through Local 'Hacker' Meetings
Many people are interested in bringing their local underground community
closer together by organising meetings for those in the area. While this
is certainly a good idea, doing it successfully is not as simple as it
sounds.
Grifter (Salt Lake City 2600) and skroo (Los Angeles 2600) intend to cover
the more relevant points of starting local meetings. Topics discussed
will include identifying if your area needs a meeting, setting things up,
choosing a location, running the meeting, and keeping it going
successfully. This will be done in a Q&A session based on the speakers'
experiences both attending and running 2600 and other meetings. Questions
from the audience will be actively encouraged.
|
Rich Bodo
Managing Director, Open Source Telecom Corporation |
It is Now Safe to Compile your Phone System
The telephony industry was late to adopt open-source software and
commodity protocols. The open-source development community is rapidly
correcting that problem. Everyone from enthusiasts to Fortune 500
companies are now deploying open-source telephony software, from PBX's
to voice messaging systems to VoIP gateways. This lecture will focus
on the practical. We'll provide demos of the major open-source
telephony systems, a brief tutorial on rapid application development,
and a discussion of the effect these systems will have on the future
the industry. Special attention will be paid to Bayonne and other GNU
projects, and their relationship to the more ambitious GNUComm and GNU
Enterprise meta-projects.
Attendees should leave with an understanding of the general
capabilities of the major existing open-source telephony projects and
a working knowledge of basic application development with the GNU
telephony subsytem.
Rich is a regular contributor to the Bayonne project, and the coordinator of the GNUComm and Voxilla projects. He worked as a software engineer at several silicon valley telephony companies, and one Linux company, before founding Open Source Telecom Corporation (OST). OST has been deploying open-source telephony systems since 1999. He has most recently spoken at the O'reilly Open Source Convention and the Intel Communications Tech Summit. He organizes the bi-annual Free Telephony Summit as well as the Telephony BOFs and GNUComm booths at LinuxWorld conventions.
|
Ian Clarke FreeNet Project |
Freenet, Past, Present, and Future Direction
Freenet is a system designed to allow people to publish and
read information on the Internet with reasonable anonymity for both
producers and consumers of information. To achieve this, Freenet uses a
totally decentralized emergent architecture. This talk will describe the
interesting aspects of Freenet, the challenges we have faced, and what the
future holds for the project.
Ian Clarke is the architect and coordinator of The Freenet Project. Ian
holds a degree in Artificial Intelligence and Computer Science from
Edinburgh University, Scotland. He has worked as a consultant for a number
of companies including 3Com, and Logica UK's Space Division. He is
originally from County Meath, Ireland.
|
Jaeson Schultz
and
Lawrence Baldwin
|
Extreme IP Backtracing
A prudent System Administrator will review system logs. While
performing this log analysis, administrators may detect nefarious
activity of various types (port probes, exploit attempts, DOS/DDOS).
Of course, what you receive in the system logs doesn't contain the
offender's name and telephone number. Rather, most Firewalls and
Intrusion Detection Systems will log an IP address, or at best, a
reverse DNS lookup of the IP address. This presentation outlines
several "Road-Tested" techniques for tracing IP addresses back to a
responsible party. Included are many real-world examples from our
research; Step-by-step traces ranging from the trivial to the
impossible.
Jaeson Schultz is an independent security consultant specializing in
log analysis and intrusion detection. He has accumulated over 14 years
experience programming and troubleshooting networks for various
governmental and corporate organizations. Formerly employed by
Counterpane Internet Security, Jaeson spent the last two years
monitoring the security of Fortune 1000 companies and performing
Security and Software Engineering. While at Counterpane, Jaeson helped to identify the networks
responsible for the thousands of alerts received at the Counterpane
Secure Operations Center per day.
Lawrence Baldwin is an independent Network Performance Consultant and
author with over 15 years experience in deep protocol analysis and
troubleshooting mission-critical networks and applications for Fortune
500 companies. In 2000, Baldwin developed and deployed one of the
first Internet "neighborhood watch" systems known as myNetWatchman
(mNW). mNW is a distributed IDS (dIDS) that uses the collective
awareness of thousands of cooperating participants to identify
compromised hosts and notify compromised machine owners. In an average
day, mNW processes more than 1,000,000 events from a global sensor
network of more than 1,300 firewall and IDS systems in 40 countries.
mNW analyzes and back traces event activity from 50,000 unique hosts
per day, identifying compromised hosts and sending e-mail notifications
at a rate of approximately one per minute. The data collected by mNW
enables analysis of global attack trends, identification of DDoS bot
assimilation activities, and signature-independent detection of new
worm activity.
|
Huagang Xie IntruVert Networks |
Linux Kernel Security with LIDS
The talk will discuss the backgroup, current architecture and use
the LIDS. And also will talk about what kind of attacks LIDS can
detect and prevent and finally will get into details how to build
a secure linux system with LIDS.
Huagang Xie, the author of the open source (GPL) LIDS project, is
a kernel hacker and linux enthusiast. Gradudated from Tsinghua University
and Insititue of Computing Techology of Chinese Academy of Sciences,he has
extensive experience in linux kernel, kernel security and Host/Network
based IDS. He currently works as software engineer at IntruVert Networks.
|
FX and FtR
Phenoelit |
Attacking Networked Embedded Systems
Servers, workstations and PCs are the common targets of an average attacker,
but there is much more to find in todays networks.
Every device that has a processor, some memory and a network interface can become
a target. Using printers and other common devices as examples, we will show
how to exploit design failures and vulnerabilities and use the target as an
attack platform. We will also release some tools, methods and sample code to
entertain the audience and aid further vulnerability research in this area.
FX is the leader of the German Phenoelit Group. His
and the groups interest is in less known or commonly ignored protocols,
devices and techniques. FtR of Phenoelit is the resident Perl guru and algorithm guy of the group.
|
Matthew G. Marsh Chief Scientist NEbraskaCERT http://www.paksecured.com |
Replacing TripWire with SNMPv3
This talk demonstrates how to use SNMPv3 software (specifically illustrated
using Net-SNMP) both with minor custom configurations and also with
specialized MIBs and Agents to provide file data and file hashes on demand
over secure channels. I also discuss the use of the TCP Inform Trap as a
syslog style message transfer mechanism. I spend the majority of the time
showing how the authentication and privacy features of SNMPv3 provide
robust bi-directional security message transfers. Along the way I
demonstrate how to use the split between the authentication and privacy
features to provide double blind random file hashes of a managed system.
Use of trigger settings to capture file changes will be discussed. I
provide the example MIBs and related Agent code for general Unix platforms
running Net-SNMP and where possible discuss how to get the code working on
Microsoft or other platforms. Time permitting I will digress into ways to
integrate these techniques into common Network Management platforms.
Chief Scientist of the NEbraskaCERT, President & Founder of Paktronix
Systems LLC, Author of "Policy Routing Using Linux" (SAMS), Creator of
PakSecured Linux. Working in network management and architecture since 1983
specializing in routed IP/IPX/SNA networks. Worked extensively with various
SNMP platforms both as a user and as a vendor. On NEAR & BIT -Net in 1984
(PreHistoric Internet) and addicted ever since. As Chief Scientist of the
NEbraskaCERT researching IPv4/IPv6/IPSec Integrated Security Networks.
Developed the first (and currently still the only) SNMPv3 managable policy
routing firewall system for Linux available under GPL at
http://www.paksecured.com. Actively researching management and design of
Integrated Security Networks.
|
Wilco van Ginkel Ubizen |
The Other Side of Information Security
Until now, the focus of Information Security within organisations was mainly
technical. Organisations are becoming more and more aware of the fact that
this technical side - although very important - is just one part of the
total security solution. Currently, organisations are increasingly changing
their focus to the organisational side of Information Security. In order to
control the organisational issues of Information Security, an organisational
oriented approach is needed. Such an approach will be the subject of this
talk and will give the audience an overview, ideas, references, hints & tips
of this organisational side. Items to be discussed are:
Risk Management
Security Policies & Procedures
Security Standards
Security Awareness
Security Auditing & Monitoring
Where Organisational meets Technical
Wilco has University backgrounds in Business Economics, Business
Administration, Computer Science and Information Security. He has held
positions as assistant teacher at the Erasmus University Rotterdam (NL), as
Technical IT Auditor, as IT Security Architect, and as teacher Information
Security at different business schools and universities. Currently, he works
as Senior Security Consultant for Ubizen, where he is also a teacher for
Ubizen College. When he is not working, you can find him under water (Scuba
Diving), playing computer games, travelling or reading a book.
|
Aaron Higbee
Foundstone
and
Chris Davis
Senior Security Consultant
RedSiren
|
DC Phone Home
DC Phone Home (DreamCast Phone Home, a pun on the well-known film ET: The Extraterrestrial) is a project that challenges conventional enterprise security models by showing the ease by which an attack to an organization's network resources and infrastructure can be performed from an internal perspective. Simply put, once the DreamCast is deployed, it 'phones home' joining an organization's internal network with a remote network. We show that this type of attack can be performed easily with a variety of available hardware and software and in such a way that is not easily discovered by an organization's employees or security resources. Our presentation will include development descriptions and demonstrations of the attack tools that we have developed and are continuing to develop. The attack tools are comprised of a SEGA Dreamcast, a Compaq iPAQ handheld device, and a bootable x86 CD-ROM which can perform the attack using any available PC. Using open-source tools that we have ported to these platforms, we have created devices that 'phones home' over known protocols.
Aaron Higbee has been working in information security for the past 4 years, getting his start at Earthlink Network as a Network Abuse Administrator. In this position, Aaron became intimately acquainted with the tactics of spammers, hackers, and every kind of network abuse imaginable. Later, while working as RoadRunner's Senior Security Administrator, Aaron learned and responded to the network abuse problems that plague broadband connections. Working at two national service providers, Aaron was able to become an expert in the tactics of hackers and the mistakes that get them caught. This experience made his transition from incident response to penetration testing a natural one. Currently, Aaron works for Foundstone Inc. as a security consultant.
Chris Davis has been working in the field of information technology for 8 years, with a concentration on information security for the past 4 years. He has participated in secure systems development, information security consulting, penetration testing and vulnerability assessments, and information security R&D. He is a contributing author to Newrider's recent publication Building Linux Virtual Private Networks(VPN) and continues to write and publish various papers. He has developed and instructed a number of courses, the most recent of which was a 3-month course on software vulnerability discovery and exploit coding. Currently, Chris is a Senior Security Consultant for RedSiren.
|
Thomas Rude aka Farmerdude, CISSP
RedHat, Inc. |
Next Generation Data Forensics & Linux
The field of data forensics ('computer forensics' as commonly referred to) is rapidly changing. Historically data forensics was focused on the imaging, analysis, and reporting of a stand-alone personal computer (PC) hard drive perhaps 1 gigabyte (GB) in size using DOS-based tools. However, due to a number of changes and advances in technology an evolution has begun in the field of data forensics. So where do we stand today? Increasingly, forensic examiners are faced with analyzing 'non-traditional' PCs, corporate security professionals are doubling as in-house forensic examiners and incident first responders, and critical data is residing in volatile system memory. This is the 'Next Generation of Data Forensics.' What is the Next Generation Data Forensics platform of choice? Linux. Why Linux? There are a number of key functionalities within the Linux operating system environment that make it the best platform for data forensics. Among them:
everything, including hardware, is recognized as a file
support for numerous filesystem types
ability to mount a file via the 'loopback driver'
ability to analyze a live system in a safe and minimally invasive manner
ability to redirect standard output to input, or 'chaining'
ability to monitor and log processes and commands
ability to review source code for most utilities
ability to create bootable media, including floppies and compact discs
farmerdude is a Security Consultant for Red Hat, Inc. When not performing vulnerability assessments, penetration tests, or designing security technologies such as firewalls and VPNs, he can be found in the lab testing various security tools, applications, and operating systems for weaknesses and flaws. farmerdude has presented on topics ranging from steganography, data forensics, and social engineering, at various Cyber Crime and INFOSEC conferences. In addition to serving as the current Vice President for the Atlanta Chapter High Technology Crime Investigation Association (HTCIA), he is also a member of the Atlanta Metropolitan Crime Commission.
|
Dr. Cyrus Peikari, CTO, VirusMD
and
Seth Fogie, Director of Engineering, VirusMD
|
Hacking .NET Server
Windows .NET Server is Microsoft's new contender against Linux in the server market. Scheduled for release in 2003, .NET Server (which was originally released for beta testing under the codename "Whistler") is re-engineered from the Windows 2000 Server codebase. .NET Server's survival will probably depend on how users perceive its security. Bill Gates himself realized this when he released his "Trustworthy Computing" memo in Jan. 2002. His ultimatum echoed what hackers have been saying for years: get secure or fail.
This speech will focus on the new security features in .NET Server -- and how to break them. The purpose is to identify early weaknesses while the OS is still a release candidate so that developers and network administrators can make informed decisions before deployment. This talk is technical, using live examples and some source code, but there will also be enough general information to benefit anyone interested in .NET Server security. Coverage includes weaknesses and exploits in the following areas:
Windows Product Activation (WPA) on .NET Server
New Encrypting File System (EFS) changes
.NET Server Smart Card support
Kerberos implementation
Wireless standard implementation
Remote Desktop Security
Death of the Microsoft Security Partners Program (MSSP)
Microsoft security partners full disclosure "gag rule"
Dr. Cyrus Peikari is Chief Technology Officer of VirusMD Corporation. Seth Fogie is Director of Engineering at of VirusMD Corporation. Peikari and Fogie co-authored the first book ever written on .NET Server: "Windows .NET Server Security Handbook" from Prentice Hall PTR (ISBN 0130477265).
|
Simple Nomad NMRC |
Widdershins: The Hacker Nation
Post 9-11 knee-jerk legislation such as the U.S. Patriot Act. Calls for
new legislation requiring ISPs to retain 90 days worth of email. The
European Union collecting Internet communications. The continued fall of
the nation state, and continued rise of the transnationals. Echelon.
Carnivore.
Last year's Widdershins talk outlined a need for hackers to band together,
put aside petty differences, and start thinking about what we can do as
not just hacker but humans to help the war on privacy. It appears to many
that the war may be over, and we seem to have lost.
This year we have to face the fact that the playing field has shifted. We
can no longer stand on the sidelines. The time is now. The ability to
communicate privately and securely on the Internet is rapidly dwindling.
Therefore NMRC will be announcing and recommending some new software to
help answer the threat to our online privacy.
Simple Nomad is the founder of the Nomad Mobile Research Centre, an
international group of hackers that explore technology. By day he works as
a Senior Security Analyst for BindView Corporation. He has spent years
developing and testing various computer systems for security strengths. He
has authored numerous papers, developed a number of tools for testing the
security and insecurity of computer systems, a regular lecturer at popular
hacker and security conferences, and has been quoted in various media
outlets regarding computer security.
|
LittleW0lf Homepage |
Network Printers and Other Network Devices, Vulnerabilities and Fixes
Like computers on large heterogeneous environments, networked printers and
other peripherals have vulnerabilities that can lead to exposure of data,
denial of service, and as a gateway for attacks on other systems. Yet, while
many organizations seek to protect their computers, they ignore printers and
other peripherals. We will discuss general attacks against printers and other
peripherals, with specifics on known (and some newly discovered)
vulnerabilities in several brands of printers, and propose possible solutions
to keep both computers and networked peripherals from attack. The talk is
technical but not microcode technical, and the audience needs only to bring
their brains, though familiarity with the various printers and other
peripheral devices available on the market is a plus.
Ltlw0lf (aka Dennis W. Mattison)is a consultant for both military and civilian organizations,
primarily an instructor on information security and assurance classes for
Solaris and other UNIX environments, as well as a security and penetration
testing analyst, PKI engineer, policy designer, and systems administrator. As
a hobby, Ltlw0lf dabbles in vulnerability discovery, and has released several
vulnerability reports involving printers and other network devices. Ltlw0lf
was the sysop of "The Programmers Connection BBS" in San Diego for 8 years,
and has been involved with several Sysop and Systems Administrator
organizations in the past.
|
Chris Hurley SecurityTribe |
Hardening Solaris Installs
A step by step guide to hardening a Solaris installation. Focusing
primarily on Solaris 8 but with concepts that apply to all Solaris/Unix
installs, attendees will learn the steps that need to be taken to lock
down a Solaris installation. While recognizing the best practice of
pre-deployment hardening, the concepts presented also apply to already
live Solaris installations. Rather than focusing on known attacks and
reacting to them, this presentation will better equip system/security
administrators to proactively reduce the risk of a successful attack
against their systems.
Chris Hurley is a Senior Information Security Engineer working in the
Washington DC area. Primarily focusing his efforts on vulnerability
assessments, he also performs penetration testing, forensics and incident
response operations. He has spoken at the IATF Forums in Washington DC
and has written numerous whitepapers for both print publications and
online security sites. Many of his papers can be found
at his site SecurityTribe and also at Security Horizon.
He has worked as a DefCon Goon for the past three years which probably
explains both the bags under his eyes and the rubber truncheon in his
hand.
|
Christian Grothoff Department Of Computer Sciences Purdue University |
GNUNet
GNUNet is an anonymous peer-to-peer
networking infrastructure. GNUnet provides anonymity, confidentiality,
deniability and accountability, goals that were thought to be mutually
exclusive. In GNUnet, users can search for files without revealing the query
to anybody. Intermediaries can not decrypt the query or the reply, but they
can verify that the reply is a valid answer for the query. This allows GNUnet
to deploy a trust-based accounting scheme that does not require end-to-end
knowledge about transactions and that is used to limit the impact of flooding
attacks.
Anonymity in GNUnet is based on the idea that it a host is anonymous if the
perceived sender of the message looks sufficiently like a router. Based on
this realization, GNUnet nodes can individually trade-off anonymity for
efficiency without affecting the anonymity of other participants. GNUnet is
written in C and licensed under the GNU Public License. GNUnet is officially
part of the GNU project
Christian Grothoff is a Ph.D. Student in
Computer Sciences at Purdue University. He is
primarily working on OVM, a DARPA funded project to
build a customizable real-time Java Virtual Machine. Christian Grothoff
started the GNUnet project, a secure peer-to-peer file-sharing network to
protect privacy.
|
Jay Beale JJB Security Consulting & Training Bastille Linux Homepage |
Bastille Linux 2.0: Six Operating Systems and Still Going!
Bastille Linux is a security tightening program that has proven capable
of thwarting or containing many of the vulnerabilities discovered in
operating systems. Originally written for Red Hat Linux, Bastille has
now been ported to six operating systems, including HP-UX. This talk
will talk about what Bastille does, what we've done to it in the last
year, and what we're working on next. Most importantly, it will teach
you something about hardening systems and beating worms, even if you're
an old spacedog of a sysadmin.
Attacking and Securing FTP
The Unix FTP servers have been called 'the IIS of the Unix world' for
their frequent and potent vulnerabilities. Each has provided remote
exploits, usually at the root privilege level, on a consistent and
frequent basis. WU-FTPd is the most popular Unix FTP server by far,
shipping by default on most Linux distributions, and even on Solaris,
and being installed most commonly on the rest of the Unix platforms.
This talk will demonstrate working exploits on WU-FTPd, then show you
how to configure WU-FTPd to defeat them. While the talk will use WU-FTPd
as the primary example, we'll also discuss ProFTPd, the other major FTP
daemon for Unix.
Jay Beale is the president and founder of JJB Security Consulting and
Training, LLC. He is the Lead Developer of the Bastille Linux Project,
which creates a hardening program for Linux and HP-UX. Jay is the author
of a number of articles on computer security, along with the upcoming
book "Locking Down Linux the Bastille Way" to be published in the second
quarter of this year by Addison Wesley. You can learn more about his
articles, talks, courses and consulting via http://www.bastille-linux.org/jay.
|
Drew Hintz guh.nu |
Covert Channels in TCP and IP Headers
How would you communicate securely in a country where encryption is outlawed or where key escrow is mandatory? How can you prevent the Feds from forcing you to turn over your encryption keys? Simple. Don't let your adversaries know that you're transmitting encrypted information. Using covert channels you can completely hide the fact that you're transmitting encrypted information. During this presentation we'll give an introduction to covert channels in TCP and IP headers, release a few vulnerabilities in current TCP timestamp covert channels, and demonstrate and release software that enables covert communication via TCP and IP headers.
|
Brett Eldridge Netscreen http://pobox.com/~beldridg |
Mobile VPN Vulnerabilities & Solutions
A real life solution to the mobile VPN problem will be presented. It uses
OpenBSD on a laptop with a IPsec tunnel to a gateway. The real benefit to
the audience is that potential security vulnerabilities will be discussed
(e.g., sending IKE ID in the clear, allowing udp/500 to the gateway from
all IP addresses, the use of Aggressive vs. ID Prot mode in Phase 1). In
addition, potential solutions to those vulnerabilities will be presented.
Brett recently joined NetScreen as the Director of Professional Services.
Prior to NetScreen, he was a co-founder at OneSecure and before that a
senior technical security consultant at HP Consulting. Brett has written
numerous papers and presentations on security.
|
T3 - Fred Trotter, CISSP
Verisign threatguard.com |
Operating System Fingerprinting Library
This is a fingerprinting library designed to bring together the
fingerprinting capabilities of NMAP, QueSO and X (at least version 1). Using
this library you should be able to add operating system sensitive code to
your favorite Perl, Java, C or C++ code.
At the most basic level the goal of this library is to provide a mechanism
so that you can add code to your programs that reads
if(OS.Family == Windows Family)
{ 'do something'}
if((OS.Name == Linux) && (OS.Kernel > 2.2))
{ 'do somthing else'}
At the same time the library will give you control over the execution of
individual OS Fingerprint Tests. If you are interested in writing OS
sensitive code or researching OS fingerprinting then this talk. (and the
code) are for you. Everything will be released GPL.
In his first life Fred Trotter worked at the Air Force Information Warfare Center, and was a spook. But, while the Air Force let him work on cool stuff, which was good, it paid crappy, which was bad. So, Fred quit working as a spook and went to work for Rackspace. And there was much rejoicing. At Rackspace Fred Trotter tried to protect the largest installed base of RedHat servers in the world, and often succeeded. Then that contract ended abruptly and there was wailing and gnashing of teeth, for Fred had been paid well, and had gotten used to bank. Then, Lo, exault was hiring, and Fred Trotter applied and was hired, and there was much rejoicing, and the people did feast upon the lambs and sloths etc. Then after 40 days (more or less) exault was bought by VeriSign. Then 40 days (more or less) later the VeriSign stock price plummeted, and the beatings given it by Wall Street were not just, or holy. But, Verily, though his stock options were worthless, he still had a cool job with a cool company in a crappy economy; and there was much rejoicing.
|
Daniel Burroughs
Institute for Security Technology Studies
Dartmouth College
|
Correlation and Tracking of Distributed IDS
Standard approaches to intrusion detection and response attempt to detect and prevent individual attacks. However, it is not the attack but rather the attacker against which our networks must be defended To do this, the information that is being provided by intrusion detect systems (IDS) must be gathered and then divided into its component parts such that the activity of individual attackers is made clear. By applying techniques from radar tracking, information warfare, and multisensor data fusion to info gathered from distributed IDS, we hope to improve the capabilities for early detection of distributed/coordinated attacks against infrastructure and the detection of the preliminary phases of distributed denial of service attacks.
Daniel Burroughs is a research engineer and Ph.D. candidate at the Institute for Security Technology Studies at Dartmouth College. His areas of research have included mobile agents, distributed simulation, and distributed intrusion detection. He is also the head of engineering for SignalQuest, Inc., which specializes in the development of embedded sensors.
|
|
|
|
 |
|
All content (c) 1992-2007 Dark Tangent. Site designed and maintained by BlackBeetle.
|
|
| |
|