Ok, less than one day until the big event starts. Oh, ShmooCon starts too. And as usual I am waiting until the last minute … this time to put out the FireTalks speaking schedule. Also if you haven’t noticed already on the FireTalks master post, we’ve already listed the top three prizes. Well without further ado, here is the schedule.
|8:00||@Grecs||Welcome & Announcements||n/a|
|8:15||Ralph “@RalphBroom” Broom & Danny Gottovi||Protocol Security: You’re (Still) Doing It Wrong||Despite the wide availability and known advantages of encrypted communications across the Internet, use of these protocols is still not universal. We describe the current threat space impacted including the recent release of FireSheep, and present the findings of our research into secure protocol usage at security conferences DEFCON and ShmooCon, and on the Tor network, which we expect to be higher than the general population. We close with the implications of these numbers applied to the general population and summarize what service providers and end-users can do about it. This is original research.|
|8:30||Rick “Zero_Chaos” Farina||Radio Chaos: Why Retired Men Know More about Hacking than You Do||This presentation will revolve around radios that nearly all businesses use. Several misconceptions are constantly spread around the hacker community about radio communications such as encryption use and general security. Curious about what is going on around you? Wonder who the local police are pulling over? Will the local fire department save that cat from the tree? What are the goons doing right now…. Wonder no more! Learn things that your parents and their retired friends already know such as tone squelch, repeaters, trunking, and digital modes so you will never be left out of the loop again.|
|8:45||Lisa “@llorenzin” Lorenzin||What I Learned about Security at Burning Man||A brief photographic tour of critical security lessons I’ve learned over five years as a citizen of Black Rock City. (Warning: contains nudity)|
|9:00||Irongeek “@irongeek_adc“||Intro to I2P||Tor is great, but what about alternatives? This talk will cover installing the I2P darknet client, as well as hosting services. Make your mark on cipherspace.|
|9:15||Jimmy “@shah_jim” Shah||Mobile Botnets and Rootkits: An Overview||Geinimi-Android botnets? Zeus in the Mobile? Symbian botnets? iPhone Botnets? Millions of phones at risk? The press coverage on smartphone threats is at times somewhat accurate, distant and occasionally(if unintentionally) misleading. They tend to raise questions such as: – how close to PC levels(100K+ to millions of nodes) mobile botnets have reached? – have mobile rootkits reached the complexity of that on the PC? – are criminals targeting our bank accounts or our identities through our phones? The talk will be a quick overview the state of rootkits and botnets on smartphones from the perspective of anti-malware researchers, including: – demystification of the threat from mobile rootkits and mobile botnets – the differences, if any, between mobile rootkits and mobile botnets vs. their PC counterparts – up close look[*] at how samples seen in the wild and researcher PoCs function – coverage of recent mobile botnet and botnet pre-cursors. [*] Short of examining disassemblies or mentioning actual API calls|
|9:30||Jack “@jack_daniel” Daniel||Is it better to burn out than fade away?||Is it better to burn out than fade away? It had better be; based on what I’m hearing from others in the information security field we are nearing a crisis. Everyone experiences occasional feelings of frustration in their careers, but what can we do for ourselves and peers to minimize the suffering? Join the conversation as we looks at the questions involved, and maybe even a few answers.|
|8:00||Grecs||Updates & Announcements||n/a|
|8:15||Valerie “@hacktress09” Thomas||Gurlz Rule and Boys Drool: How a Hacktress Can Take Your Social Engineering to the Next Level||What if I told you that pieces to your social engineering puzzle are missing? Would you believe me? For centuries women have served their countries and causes as spies; often infiltrating the most impossible of environments. In this presentation we’ll explore the role of the hacktress, female based attack vectors, and put some new twists on old tricks.|
|8:30||DaveMarcus||Using Social Networks to Profile, Find and Own Your Victims||Social engineering through social networks is one of the most complex threats to deal with and protect against. The more you know about your victims likes, dislikes, hobbies and activities, the better chance you have of successfully social engineering them to do whatever you want. What if there existed a set of tools that told a scammer or cybercriminal everything they wanted to know about their intended targets? What if their intended targets were, in fact, freely sharing this information with the very attackers that sought to steal their data? This presentation will take the audience through the most powerful set of tools ever created for the wily social engineer and cybercriminal: Bing, Twitter, Facebook, TwitScoop, TinyURL and other social media sites. By focusing on how to cleverly mine these sites for key user words, trends and topics and combining these results with an URL shortening service like TinyURL, we will demonstrate how any user can be sent any amount of malware, phishing attacks or any other social engineering-based attack at the cybercriminals command with a lure that will work every time.|
|8:45||Schuyler “@Shoebox” Towne||We Need to Start Attacking Disc Detainer Locks||Disc Detainer locks have been around for 100+ years, but until recently few in the US were even aware of them. Over the last 5 years low-end disc detainers have flooded the bicycle and motorcycle lock market. Now you can even find cheap disc detainer padlocks at truck stops with “HIGH SECURITY” emblazoned on the packaging. There are high security disc detainer locks out there, but that’s not what we’re getting from these companies. This talk will cover the basics of how these locks operate, simple picking instructions and I’ll introduce the early stages of a brute force dialer I’m building.|
|9:00||Raphael “@armitagehacker” Mudge||Armitage: Cyber Attack Management for Metasploit||Armitage is a new interface for the Metasploit framework built around the attack process. It visualizes your sessions and targets, intelligently recommends exploits, manages post-exploitation, and makes it easy to attack using compromised hosts. The goal of the project is to make Metasploit’s advanced features available to you. This short talk will demonstrate Armitage’s coolest features and touch on future developments. After this talk, you should visit http://www.fastandeasyhacking.com to learn more.|
|9:15||Michael “@theprez98” Schearer||Net Neutrality, the FCC, and the End of the Internet as We Know It (in 15 Minutes or Less)||On December 21, 2010, the FCC adopted “net neutrality” rules by a closely-watched 3-2 vote. But whether or not you support the idea of net neutrality, other questions remain: First, what is broken about the current process that needs fixing? Second, and more importantly, why did the FCC act despite the warnings of Congress and despite the Comcast decision, both of which claimed that that FCC lacked such authority? Third, was the process transparent? Lastly, what are the future implications of the FCC’s actions? This lightning-fast discussion will cover the basics of net neutrality, the role of the FCC in regulating the Internet, and the future legal and policy implications of the FCC’s neutrality rules. Is the future of the Internet really at risk?|
|9:30||Gal “@shpantzer” Shpantzer||Security Outliers: Cultural Cues from High Risk Professions||What do security officers have in common with airline pilots, surgeons, and special operation teams? This presentation explores factors involved in successful risk management for security leadership, by drawing upon lessons from other high risk professions that have a cultural legacy of dealing with risk. We derive early warning indicators of communication disconnects and provide a list of training objectives to dramatically improve risk management outcomes. Focusing on Layer 8 wetware issues enables strategic change that doesn’t have to cost an arm and a leg (read, no forklift upgrades), because the focus is not on the hardware/software stack. This talk was successfully delivered at RSA/CSI/DojoCon in 2010 and is updated with new interviews and research on aviation, surgery, military special operations and other fields that infosec could learn from and adapt to our relatively new profession.|
Note to the Presenters: Please Contact Us if there are any errors or omissions and we’ll try to get it updated ASAP.
Finally, all these esteemed speakers have the opportunity to win one of the following prizes.
Grand Price: Apple iPad – 16G with Wi-Fi
Courtesy of Astaro
|1st Runner-Up Prize: Acer Aspire One AOD255-2509 10.1-Inch Netbook||Brought to you by Aplura, LLC|
2nd Runner-Up Prize: $100 Think Geek Gift Certificate
Courtesy of Aplura, LLC
Well I think that is about it… We look forward to seeing everyone tomorrow night. See ya!