Black Hat Uplink USA
========================
Black Hat Uplink USA
http://links.covertchannel.blackhat.com/ctt?kn=11&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
========================
Attend the most the important security event of the year
– from your desktop!
Two Days Left to Register: Get 50% Off (Save $200).
Have you had a chance to experience Black Hat in person?
Are you curious to see what a “live” Black Hat event has
to offer?
This year thousands of security professionals from around
the world are making plans to be a part of Black Hat USA 2010.
But not all of those people will actually be in Las Vegas.
With Black Hat Uplink, you can experience essential content
that shapes the security industry for the coming year.
Register now for Black Hat Uplink with Promo Code BH80UL
to activate your discount (limited number of seats available).
See complete program schedule below.
Register >>
http://links.covertchannel.blackhat.com/ctt?kn=12&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
Black Hat USA 2010, the premier technical event for the security
industry to gather and address challenges to today’s senior-level
IT professional, will be held at Caesars Palace in Las Vegas, Nevada,
July 24-29, 2010.
Black Hat USA 2010 >>
http://links.covertchannel.blackhat.com/ctt?kn=4&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
Now for $195, you can get a taste of Black Hat USA from your
desk – this year’s live event will be streamed directly to the
comfort of your own machine with Black Hat Uplink:
* Access to two select tracks on each day of the Briefings
and the keynote – a total of 20+ possible sessions to view.
* Post-conference access to Uplink content; go back and review
the presentations that you missed or watch the presentations
that interested you the most as many times as you want.
* Interact with fellow con-goers, Uplink attendees, and the
security community at large via Twitter during the Briefings.
* Get show promotional pricing for the “Source of Knowledge”
DVDs should you wish to purchase recordings of ALL the recordings
from Black Hat USA and/or DEF CON 18.
————————
Presentation Schedule*
http://links.covertchannel.blackhat.com/ctt?kn=1&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
————————
WEDNESDAY, JULY 28
Keynote Intro: Jeff Moss
Keynote: Jane Holl Lute, Deputy Secretary, Department of Homeland Security
Uplink 1
* ExploitSpotting: Locating Vulnerabilities Out Of Vendor
Patches Automatically by Jeongwook Oh
– This talk will feature 2 undisclosed 1-day exploits.
* Bitblaze: Crash Analysis using BitBlaze by Charlie Miller
* Jackpotting Automated Teller Machines Redux by Barnaby Jack
– Live jackpotting of an ATM machine onstage.
* Blue Screen Of the Death is Dead by Matthieu Suiche
* Semiconductor Security by Christopher Tarnovsky
Uplink 2
* Base Jumping: Attacking GSM Base Station Systems and Mobile
Phone Base Bands by Grugq
* More Bugs in More Places: Secure Development on Mobile
Platforms by David Kane-Parry
* These Aren’t the Permissions You’re Looking For by Anthony Lineberry,
Timothy Wyatt, David Richardson
* Everybody Be Cool This is a Roppery! by Vincenzo Iozzo,
Ralf-Philipp Weinmann, Tim Kornau
* App Attack: Surviving the Mobile Application Explosion by
Kevin Mahaffey, John Hering
– Analysis of over 200,000 apps from Apple & Android marketplaces
————————
THURSDAY, JULY 29
Keynote Intro: Jeff Moss
Keynote: “Cyber War… Are We At War? And If We Are,
How Should We Fight It?” General (Ret.) Michael V. Hayden,
former Director, National Security Agency and Central
Intelligence Agency
Uplink 1
* Memory Corruption Attacks: The (almost) Complete History…
by Haroon Meer
* There’s a party at Ring0 (and you’re invited) by Julien Tinnes,
Tavis Ormandy
– One year of research uncovering close to 20 kernal vulnerabilities
* Return-Oriented Exploitation by Dino Dai Zovi
* Understanding the Low-Fragmentation Heap: From Allocation to
Exploitation by Chris Valasek
* Advanced AIX Heap Exploitation Methods by Tim Shelton
Uplink 2
* CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems
& Bringing Sexy Back to Information Centricity by Christofer Hoff
* Secure Use of Cloud Storage by Grant Bugher
* Virtually Pwned: Pentesting Virtualization by Claudio Criscione
* Virt-ICE: Next Generation Debugger for Malware Analysis by
Quynh Nguyen Anh
* dirtbox: a Highly Scalable x86/Windows Emulator by Georg Wicherski
*Schedule subject to change.
————————
Register now with Promo Code BH80UL to activate your discount
(limited number of seats available). Presentations will be
streamed live on July 28-29, but you will be able to view
Uplink presentations for up to 90 days after the event.
Registration Fee: $195.
Register today for a chance to win an iPad! Two Black Hat
Uplink registrants will win an iPad preloaded with the
entire recorded live-event content from Black Hat USA 2010.
Register >>
http://links.covertchannel.blackhat.com/ctt?kn=8&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
——————–
Black Hat Community:
——————–
http://links.covertchannel.blackhat.com/ctt?kn=6&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
http://links.covertchannel.blackhat.com/ctt?kn=9&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
http://links.covertchannel.blackhat.com/ctt?kn=5&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
* Mailing List
mailto:feedback@blackhat.com?Subject=Join Black Hat Mailing List
——————–
Black Hat Events:
——————–
*** Black Hat USA 2010 ***
http://links.covertchannel.blackhat.com/ctt?kn=3&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
July 24-29
Las Vegas, NV
Caesars Palace
*** Black Hat Abu Dhabi 2010 ***
http://links.covertchannel.blackhat.com/ctt?kn=2&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
November 8-11
Abu Dhabi, UAE
==========================================================
(C) UBM TechWeb 2010. All Rights Reserved. Black Hat
c/o TechWeb, 600 Harrison St., 6th Floor, San Francisco,
CA 94107. TechWeb, Black Hat, and associated design
marks and logos are trademarks owned or used under
license by United Business Media LLC, and may be
registered in the United States and other countries.
Other names mentioned may be the trademark or service
mark of their respective owners.
IT Security Certifications
IT Security Certifications are becoming more and more popular and necessary as the job economy becomes tougher. IT Security Professionals are trying to distant themselves from their competition while companies are looking for the best and brightest in the field. Below are some of the certifications I am researching for a bigger IT Security Certifications project.
CCSA — Certification in Control Self-Assessment
The CCSA demonstrates knowledge of internal control self-assessment procedures, primarily aimed at financial and records controls. This cert is of primary interest to those professionals who must evaluate IT infrastructures for possible threats to financial integrity, legal requirements for confidentiality and regulatory requirements for privacy.
Source: Institute of Internal Auditors
CFE — Certified Fraud Examiner
The CFE demonstrates ability to detect financial fraud and other white-collar crimes. This cert is of primary interest to full-time security professionals in law, law enforcement or those who work in organization with legal mandates to audit for possible fraudulent or illegal transactions and activities (such as banking, securities trading or classified operations).
Source: Association of Certified Fraud Examiners
CFSA — Certified Financial Services Auditor
The CFSA identifies professional auditors with thorough knowledge of auditing principles and practices in the banking, insurance and securities financial services industries. Candidates must have a four-year degree or a two-year degree with three years of experience in a financial services environment, submit a character reference and show proof of at least two years of appropriate auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors
CGAP — Certified Government Auditing Professional
The CGAP identifies public-sector internal auditors who focus on fund accounting, grants, legislative oversight and confidentiality rights, among other facets of internal auditing. Candidates must have an appropriate four-year degree or a two-year degree with five years of experience in a public-sector environment, submit a character reference and show proof of at least two years of direct government auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors
CIA — Certified Internal Auditor
The CIA cert demonstrates knowledge of professional financial auditing practices. The cert is of primary interest to financial professionals responsible for auditing IT practices and procedures, as well as standard accounting practices and procedures to insure the integrity and correctness of financial records, transaction logs and other records relevant to commercial activities.
Source: Institute of Internal Auditors
CISA — Certified Information Systems Auditor
The CISA demonstrates knowledge of IS auditing for control and security purposes. This cert is of primary interest to IT security professionals responsible for auditing IT systems, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization’s security policy.
Source: Information Systems Audit and Control Association
ECSP — EC-Council Certified Secure Programmer
The ECSP identifies programmers who can design and build relatively bug-free, stable Windows- and Web-based applications with the .NET/Java Framework, greatly reducing exploitation by hackers and the incorporation of malicious code. Candidates must attend a Writing Secure Code training course and pass a single exam.
Source: EC-Council
Security5
Security5 certification identifies non-IT office workers and home users who understand Internet security terminology, know how to use defense programs such as antivirus and antispyware applications, can implement basic operating system security and follow safe Web and e-mail practices. Candidates must attend a two-day course and pass one exam.
Source: EC-Council
Insider Threat Still a Big Issue to Network Security
Internal users continue to be the torn in system and security administrator’s side. This is the case for many reasons. One, they have knowledge of the networking recourses. Two, they have credentials to access various systems on the network and third, most security controls defend against external entities as compared to internal users. According to the Computer Security Institute (CSI), approximately 80 percent of network misuse incidents originate from inside the network.
Security Administrators should apply the “Defense in Depth” security model when it comes to protecting the network. This mean network firewalls, IDS, HIDS, host-based firewalls, patch management, security policies and vulnerability scanning.
The CSIS Commission on Cybersecurity for the 44th Presidency has been Released
The CSIS Commission on Cybersecurity for the 44th Presidency has released its final report, “Securing Cyberspace for the 44th Presidency.” The Commission’s three major findings are:
- Cybersecurity is now one of the major national security problems facing the United States;
- Decisions and actions must respect American values related to privacy and civil liberties; and
- Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation.
You can get a PDF copy of the report here or you can visit the CSIS website.
85% of All Crimes Leaves a Digital Fingerprint
It has been stated that 85% of all crime leaves a digital fingerprint in electronic devices. This may occur from an Internet intrusion, identity theft and traditional crime like murder. Computer forensics has aided in the investigation of these crimes. Computer Forensics is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel. The challenges facing many computer forensics examiners are an abundant of data that must be analyzed to produce a story or show correlation. Hard disk space is enormous and continues to grow. Hard disk space is inexpensive thus allow for more. In conjunction, RAID systems also provide additional challenges for the investigator. A simple case on a 200 GB hard drive can take weeks to review alone before any real assessment can occur. Issues such as terrorism and murder cases can prove to be fatal. By including Social network analysis (SNA), the time to locate correlation will be reduced. This will assist the examiner to focus his analysis on key area from the SNA results.
VMWare Fusion on Mac OS X: How to shutdown Windows when it is hung
I have been running VMWare Fusion with Windows XP as my guest OS for some time on my MacBook Pro. The other day, Windows XP while shutting, just hung as it seems to do from time to time on regular PC-based installed. I spent 2-days, waiting for it to complete. I even used the:
VMware Fusion menu bar > Virtual Machine > select Power Off
But it seem by using:
VMware Fusion menu bar > Virtual Machine > press the option key and select Power Off
It is the equivalent of pulling the plug out of the wall and it worked. Hope this will help someone out as it did me.
Kellep
