These noted security experts will discuss
current IT security issues and provide an insight into strategy
and security concepts during two conference days.
10 Ways to waste your money – Stefan Strobel
There are many ways to improve IT-security in your own organization. However, there are also many ways to spend money on security products or services where the possibility of achieving a reasonable cost/benefit ratio is virtually nil. This presentation deals with some of the poor investments most frequently encountered, and provides the background as to why they are nonetheless recommended, and why they, in reality, offer no relevant improvement.
A Quantum Leap for Cryptography - Gregoire Ribordy
Quantum cryptography is a new technology that puts quantum physics to work to secure optical networks. Information is sent on the form of single-photon pulses. Intercepting these pulses inevitably translates into perturbations, which reveal eavesdropping. The first quantum cryptography systems have been put on the market recently. They can be used to secure communications between sites in a metropolitan area network and the first commercial applications have been presented recently.
Changes in the security scanning industry, Renaud Deraison
In his talk, Renaud Deraison will cover the changes that occured in the security scanning industry over the last few years: distributed scanning, fingerprinting, passive scanning, etc... He will also cover how the users have changed over the years and how their expectations regarding the scanners have changed over the time. Finally, Renaud will also present the new features of the version 2.2 of the free Nessus Security Scanners.
Cyber Terrorism – What they can really do and what they really cannot do - Fred Cohen
This presentation will address the hyperbole surrounding cyber terrorism and take a realistic look at what terrorists can and have done involving information technology and what they likely can and cannot do given their capabilities and intents. Based on studies performed over periods of years looking at open source intelligence, cases of use and exploitation of information technology by terrorists, and reviews of many systems that comprise parts of critical infrastructures and enterprises, this talk will focus in on the realities of what to expect and what to do about it.
The Dynamics of Diversity in Computer Security – Marcus Ranum
Late in 2003, a group of security experts identified Microsoft's operating system dominance as a threat to the security of nations. If all systems are running a common platform, they reasoned, vast damage could be caused by common attacks - much in the same way that a crop or animal with no genetic diversity can be quickly wiped out by the arrival of a new predator or blight. The 'Microsoft Monoculture' whitepaper had a profound impact on IT practitioners, and spurred a great deal of debate within the community.
The question remains, however, 'if this is a problem, why has it failed to manifest itself yet?' Perhaps the truth is more complex than the simple 'Monoculture' analogy would lead us to believe! In this presentation, we will explore the problem from several sides, and will try to understand the sometimes contradictory pressures that govern massively complex mission-critical systems like the Internet. Are we really ripe for disaster? How can we find out?"
Future Directions in User Authentication - Dr. Burt Kaliski
The maturing of a number of information technologies --- mobile communications, biometrics, knowledge-based authentication and RFID --- offers an array of mechanisms for authenticating humans to computer systems over the coming decade. In this talk, we'll review some promising approaches, highlight the challenges in implementing them successfully, and explore how they might fit together in a day in the life of a prototypical future user.
Live Digital Forensic Analysis - Brian Carrier
When a system is suspected of being compromised, a response team performs basic analysis on it to verify an incident occurred. This analysis must balance the needs to place little trust in the system, to minimize the impact on the system, and to obtain accurate information from the system. In this talk, we will examine techniques that can be used to verify that a system has been compromised and we will examine the risks associated with analyzing a live system.
Stalking the Wily Hacker - Clifford Stoll
Someone breaks into your computer. What do you do? Slam the door? Call the police? Ignore the problem? For a year, a German computer programmer broke into my system, along with over forty other computers around the world. By silently tracking him back, I discovered that he was spy, selling software and military data to the Soviet KGB. A couple of years ago, he was convicted of espionage. What techniques did he use to crack into computers? Where are the holes in our systems? How do you trace someone across the worldwide computer networks? Who was willing to help -- and who wasn't? Come hear Stalking the Wily Hacker and find out. A fun time is guaranteed for all.
On Human Thinking, Particularly that of IT-Specialists, Prof. Dr. Gunter Dueck
Philosophic-satiric presentation about management and techies.
Frustration and aggravation are frequent occurrences at work. Controllers wrestle with the play instinct of programmers, process-driven managers with sales people who are hunting orders. Everyman against the other, all feel that they are misunderstood. We find good examples of these daily vicissitudes in the Dilbert cartoons by Scott Adams. In the presentation these difficulties will be treated thoroughly. Security will certainly be included. As philosophy has known from the beginning: "Only he who is sure of himself, is sure, that he is not sure".
The presentation will examine theses put forth by the author of "Wild Duck" – from his purpose of life trilogy "Omnisophie", "Supramanie", "Topothesie") whose critics fluctuate between "printed provocation" and "the lights have gone up"). GI members are familiar with his regular column, "Beta-Inside", from the industry journal, Informatik-Spektrum.
Windows Server 2003 Security - Dr. Eugene Schultz
Windows Server 2003 is Microsoft's newest operating system. Developed in accordance with Microsoft's Trusted Security Initiative (TCI), Microsoft announced that this operating system was the most secure one ever when it was first released. Skeptics have questioned Microsoft's claim, however, and have downplayed the TCI as little more than a publicity stunt. This presentation will address these issues with a special focus on the security features built into Windows Server 2003 and how they can be enabled or configured, as well as the nature and severity of security-related vulnerabilities that have been identified so far.