After pushing the team to do some reviews over the last few days we have finally come up with the first round of speaker announcements for the ShmooCon 2012 Firetalks! It’s been a painful process trying to rate all of the awesome submissions but I think the team did a great job at finding a nice mix of talks up to this point.
Before continuing on I would like to let everyone know that there are still five additional slots available and the CFP is open through this Friday at 5:00 PM EST. So if you have a topic and are contemplating whether or not to submit … don’t hesitate much longer. To get started head on over to the EasyChair SC2012FT portal.
We are still looking for a few volunteers, specifically someone to create and hang some poster-sized signs so people can easily find where the sessions will be (usually in Track 3, which is typically held a bit off the beaten track). Also since the sessions are being recorded and streamed, we need someone to coordinate with the ShmooCon and hotel AV teams (audio/video … not anti-virus 🙂 ) so we can hopefully get direct audio feeds for better quality. There are also some other smaller roles (e.g., a timer) so please check out the master post for all the available volunteer positions. And if you have a cool idea to help make FireTalks better and are willing to volunteer to coordinate it, let us know… Also don’t worry about volunteering interfering with you dinner plans … we’ll be providing a free dinner for all those helping out thanks in part to our sponsors – Milton Security Group, Dirty Security, Lares Consulting, Leverage Consulting & Associates, Liquidmatrix Security Digest, and Bulb Security. Oh and by the way … could someone volunteer to coordinate the dinner thing. 😉
And don’t forget … for all the latest happenings, check back to the master Firetalks post periodically. It is the home for any and all information relating to the ShmooCon 2012 FireTalks. You can also subscribe to receive these updates through any of our “feeds” if you wish (@novainfosec on Twitter, our FaceBook Page, or RSS) to keep up with things. And as usual … I’ll be regularly updating my Twitter stream at @grecs with all the information using the #firetalks tag.
And without further ado … we are pleased to announce the first round speakers!!!
Bending SAP Over & Extracting What You Need!
by Chris John Riley
At the heart of any large enterprise, lies a platform misunderstood and feared by all but the bravest systems administrators. Home to a wealth of information, and key to infinite wisdom. This platform is SAP. For years this system has been amongst the many “red pen” items on penetration tests and audits alike… but no more! We will no longer accept the cries of “Business critical, out-of-scope”. The time for SAP has come, the cross-hairs of attackers are firmly focused on the soft underbelly that is ERM, and it’s our duty to follow suit. Join me as we take the first steps into exploring SAP, extracting information and popping shells. Leave your Nessus license at the door! It’s time to scrub this SAP system clean with SOAP!.
Five Ways We’re Killing Our Own Privacy
by Michael Schearer
At DEFCON, I talked about how our privacy rights are under attack. Our sea of liberty is drying up due to the ever-encroaching power of the government. A litany of abuses continue to chip away at the historical foundations of privacy: administrative searches as pretexts to avoid search warrants, national security letter, andsuffocating public surveillance just to name a few. Yet the government alone is not the only source of our ever-diminishing privacy. In this talk, I turn my attention…to you. Yes, believe it or not, you (and me) and the other 310 million of us in this country are also responsible for our diminished expectation of privacy. Why are we responsible? Who wants our information, and why is it so valuable? Is there anything we can do to stem the tide?
How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm Using Teensy
by David Zendzian
As everyone knows, the security of your equipment starts with securing it physically. To accomplish that many will lease cabinet or cage space within the a commercial colo. However, all colos require access to your equipment (in case of fire, or other emergency). Even withstanding the emergency access I have seen colo’s enter cages and cabinets to run cables or to shorten their walk around a row in the facility. Other than installing a commercial alarm or a motion sensor camera, both of which are expensive solutions, what can be done to monitor access into your cabinet or cage. This talk will show how we have used a Teensy board from PJRC to build a simple alarm system that can be easily integrated into whatever host / network monitoring system already configured for your network.
ROUTERPWN: A Mobile Router Exploitation Framework
by Pedro Joaquin
Security Is Like An Onion, That’s Why it Makes You Cry
by Michele Chubirka
Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It’s enough to make a security engineer cry. The one thing you can depend upon in an enterprise is that many of our users, even with training, will still make the wrong choices. They still click on links they shouldn’t, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet’s name as passwords, etc…. But what if this isn’t because users hate us or are too stupid? What if all our complaints about not being heard and our instructions regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind’s resistance to change?
Don’t forget … you still have time to submit your talk! The CFP closes this Friday at 5:00 PM EST. Today’s image is from 1CaseyColette.blogspot.com.