IPv6 Security Threats - A comparison to IPv4 – Darrin Miller
Much of the security discussion around IPv6 has focused on its inclusion of IP Security (IPSec). While the confidentiality, integrity, and authentication features of IPSec are clearly useful, IPSec deployment with IPv6 will feature many of the same deployment challenges currently seen in IPv4 (identity, key management, and configuration issues). This session present IPv6 security as contrasted with IPv4 from a threats perspective. Threats that are familiar in IPv4 are compared to how those threats may evolve in IPv6, and advice is offered on what new considerations or best practices are necessary to mitigate them. In addition, the session covers advanced IPv6 security topics like transition options and deploying IPv6 security mechanisms in a dual stack IPv6/IPv4 environment. This session requires a working knowledge of the IPv6 and IPSec protocols as well as IPv4 security best practice
Exploits for mechanical locks – Bary “The Key” Wels
Every mechanical lock, no matter how sophisticated, can be bypassed. If an attacker is determined he will be able to open your lock without damaging it. Hobbyists do it by picking the lock, professional locksmiths might use a pick gun or even make a new key using a technique called 'impressioning'. Special police teams and intelligence organizations use 'lock decoders' to get in. Burglars might just rip the lock out your door.
And all the aforementioned categories use a relatively new technique called 'bumping'. 'Bumping' opens almost any pin-tumbler lock. It's damage free and fast and can be performed with little training, using only inexpensive tools. All the above methods will be covered in this workshop. And more. If you're willing to sit down and concentrate then simply join one of the training sessions during the conference to have Barry teach you how to pick and bump locks yourself. You are invited to bring your own locks and find out if they are any good.
Challenges we face in today's cyber world - Eugene Kaspersky
The threat to business and personal information assets is radically changing. And with that change comes a growing risk to businesses of every size. The threat began with hooligans seeking notoriety or simply creating havoc wherever they could. But these threats are moving into a totally new realm. It has become a for-profit endeavor that ranges from personal identity theft to corporate espionage. The threat in its mildest forms results in disruption of day-to-day business, taking a significant toll on the profitability of companies of all sizes.
By 2002, email and digital transactions had become as common in businesses as the telephone. The Internet allowed for a whole new class of transactions to take place using e-mail and digital money. Digital financial transactions were not new to financial institutions. However, the increasing use of the "wide-open" Internet as the transport, coupled with the growing popularity of digital transactions with businesses and individuals, represented a major change.
Digital threats can originate from any point on the globe and come in seemingly infinite forms, many of which are not widely understood. While the Internet enabled a new era in online convenience and efficiency, it also increased the threat to the financial assets of both businesses and individuals.
Today, trade secrets are often stolen digitally. Databases can be hacked, or computer spyware can be used to siphon off information created or accessed by any employee. Physically destroying a building is one way to cripple a business; a denial of service (DoS) attack is a digital equivalent that can bring a business to its knees in short order. The operatives behind the threats are no longer just pranksters. Digital exploits have become a real business, run by real professionals, with potentially staggering payoffs.
How and why has the threat evolved? What can be done to ward off this increasingly dangerous threat? The presentation will describe the main trends in modern IT threats and potential ways of struggle against them.
Rootkit Hunting vs. Compromise Detection - Joanna Rutkowska
Recently we can observe increased interest in rootkit technology all over the world. Eventually many AV companies started working on commercial rootkit hunting tools for the Smith family... But is rootkit detection the same as compromise detection? What about backdoors, key stroke loggers and other malware which is “stealth by design” and do not require rootkit technology as a protection? How does the current anti-rootkit technology work here? The presentation will first focus on different types of system compromises and will explain how it is possible for the attacker to achieve full stealth without classic rootkit technology. Then it will discuss possible solutions for detecting these different types of compromises and compare them against “classic” rootkit detection approaches, introducing the need for explicit system verification. Finally, the problem of Implementation Specific Attacks (ISA) against rootkit detectors will be briefly discussed. Attempt will be made to answer the question if it is possible for Mr. & Mrs. Smith to win with custom rootkits (ala commercial hacker defender) using publicly available detector “for masses”.
The 19 Deadly Sins of Software Security - John Viega
In this presentation, attendees will learn about the “19 deadly programming sins” that result in the majority of the exposed flaws in software. More than 70% of all security attacks are directed against applications, with the vast majority succeeding due to flaws in poorly written software code. John Viega, co-author of 19 Deadly Sins of Software Security, will explain each of the Deadly Sins and the ramifications they have on organizations once software is deployed. He will also discuss how enterprises can find and correct common coding errors to make applications inherently more secure prior to deployment. Viega first researched and identified the 19 Deadly Sins for the Department of Homeland Security.
Next Generation Infrastructure Discovery – Ofir Arkin
An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network’s layout (topology), resources (availability and usage), elements residing on the network (devices, applications, their properties and the interdependencies among them) as well as the ability to maintain this knowledge up-to-date, are all of critical importance for managing and securing IT assets and resources.
The inability to “know” the network directly results with the inability to manage and secure the network in an appropriate manner. This is since it is impossible to manage or to defend something, or against something, its existence is unknown or that only partial information about it exists.
The first part of the talk examines the current available network discovery technologies, active network discovery and passive network discovery, and explains their strengths and weaknesses. The talk highlights technological barriers, which cannot be overcome, with open source and commercial applications using these technologies.
The second part of the talk presents a new technology for network discovery, which provides real-time infrastructure discovery, monitoring and auditing information of IT networks.
Secure VoIP and Secure email: A Public Policy Perspective – Philip Zimmermann
Phil Zimmermann will speak on the public policy issues of cryptography as it applied to the crypto revolution of the 1990s, and the post-9/11 world, and how PGP fits into that. He will review the history of PGP, including its legal history. He will also talk about his new secure VoIP project, and how it may fit into privacy and civil liberties debate.
The Next Five Years of IT Security: iPod, Xbox, and BMWs – Christof Paar
For a long time, the main concern of the IT security community was to secure traditional computer networks such as LANs, intranets and the Internet. The next generation of "computer" networks could look quite different: your clothes might talk to your car, your PDA could talk to the refrigerator, which in turn will communicate with the milk bottle. Moreover, digital rights management in portable devices such as the iPod or protection of intellectual property in game consoles have already become important application areas for IT security. Those and many other embedded applications will have security solutions which are different from, say, building firewalls for a corporate network.
In the last few years, embedded security as a discipline has become more mature. In contrast to classical IT security, providing security for embedded devices is heavily dependent on the target's hardware and firmware. For instance, performing a digital signature can be a major challenge for an RFID bar code label. The sometimes delicate interaction of security and engineering issues requires an interdisciplinary approach for robust embedded security solutions. In this talk we will give an overview about the different aspects of embedded security, provide examples of current and future embedded applications with security needs, and list challenges ahead.
The Snoopy Shop of Horrors
Snoopy erzählt ein paar über die Jahrzehnte gesammelte Horrorstories aus dem IT-Sicherheitsbereich und (der meist nutzlosen) Desaster-Recovery. Wie bereitet man sich auf das Unvorhersehbare vor? Snoopy erläutert einige geläufige und weniger geläufige Risiken und wie man sie vermeiden kann, wenn man Glück hat.
Trends und neue Technologien im IT-Sicherheitsbereich – Stefan Strobel
Stefan Strobel wird in seinem Vortrag auf neue Entwicklungen auf dem weltweiten IT-Sicherheitsmarkt eingehen. Er wird einen Überblick über neue, zukunftsträchtige Technologien und verfügbare Produkte geben und selbstverständlich die aktuellen Themen für 2006 detailliert vorstellen.
Computer Forensik - Live Analyse - Tobias Klein
Es gibt eine Reihe von modernen Angriffs- und Anti-Forensik-Techniken sowie Verschleierungsmöglichkeiten, welche sich allein mit Hilfe von klassischen forensischen Betrachtungen nicht nachvollziehen lassen. Dieser Vortrag beschäftigt sich mit Möglichkeiten der Live Analyse, welche einem Forensiker erlauben, einige dieser fortgeschrittenen Techniken nachvollziehen und analysieren zu können.
Weitere Informationen zu den Vorträgen erfolgen nach Freigabe durch die Referenten.