Black Hat Briefings - Call For Papers Announcement

[Jeff Moss <jmoss () blackhat com>]

Call For Papers Announcement

Papers and presentations are now being accepted for The Black Hat Briefings 
USA 2002 event in Las Vegas, July 29th - August 1st, 2002. Papers and 
requests to speak will be received and reviewed from March 1st until May 1st.

WHAT IS THE BLACK HAT BRIEFINGS?

The Black Hat Briefings was created to fill the need for computer security 
professionals to better understand the security risks and potential threats 
to their information infrastructures and computer systems. Black Hat 
accomplishes this by assembling a group of vendor-neutral security 
professionals and having them speak candidly about the problems businesses 
face and their solutions to those problems. No gimmicks -- just straight 
talk by people who make it their business to explore the ever-changing 
security space.

IF YOU WANT TO SUBMIT, PLEASE NOTE:

To meet the goals outlined above, Black Hat expects several things from 
selected speakers.

- We do not accept product pitches. If your talk is a thinly-veiled 
advertisement for a new product or service your company is offering, please 
do not apply.

- If you are going to announce or demonstrate a new tool as the primary 
focus of your talk, that tool must be made available for the conference CD 
ROM. We don't want a room full of people all excited about what you have 
demonstrated only to learn the tool is $12,000 and not available to the 
general public.

- If you are selected to speak, your completed materials MUST be submitted 
by July 1st, 2002 or you will be dropped as a speaker and an alternative 
will be put in your place. Materials for the CDROM, (which can include an 
updated presentation), must be submitted by July 7th.

- We expect speakers to be available during the lunches and reception in 
order to meet and mingle with the attendees.

- If your presentation discusses problems, also present suggested 
solutions. If no solutions exist please explain why they are not possible 
or practical and what you think the impact will be. If you present a 
solution to a new problem also explain what the weaknesses to the solution 
are,  as well as their impact on the problem.

- Assume that the attendees already understand the basic concepts regarding 
your topic. For example, if you are talking about cryptography, assume that 
everyone knows the difference between public key vs. symmetric algorithms. 
Black Hat strives to be known as a more technical security conference, and 
as such, expect more high-level details from their speakers.

- In your presentation please include a reference to all of the tools, 
laws, Web sites or publications you refer to at the end of your talk. This 
appendix will greatly help attendees who wish to learn more about your 
subject, but are not sure where to start.

- The content you provide for the conference CD ROM should include a copy 
of all the RFCs, White Papers, or tools referenced in your presentation.

- If you want to present a "101" level course on a new technology or to 
introduce the attendees to a new issue, please label your submission as 
such. For example, a person talking about an overview of anonymous 
networking technologies would call their talk something like "Anonymous 
Networking 101: An overview of technologies used to obfuscate your network 
behavior" or something along those lines.

- If you are doing a demonstration we expect you to provide all the 
necessary equipment. We will only provide the Net connection, power, and an 
LCD projector.

SPEAKING REQUIREMENTS

Please submit an outline on a self-selected topic covering either the 
problems and/or solutions surrounding the following broad categories. The 
examples given in the following topics is meant to give you ideas and 
direction and is not the final list of topics. Because of the unique nature 
of this conference, the combining of some of the best hackers with security 
professionals, there will be an emphasis on where the rubber meets the 
road. Attendees want to walk away knowing what works, what doesn't, and 
what to do about it.

- Wireless: 802.11x, CDPD, BlueTooth, WAP, C/TDMA, GSM, SMS, 3G and two way 
paging. Everything is going wireless - what are the tools used to attack, 
analyze or secure these technologies? Is using your phone's SMS messaging 
more secure that your Two Way pager? Tools, demonstrations and white papers 
welcome.

- Firewalls, Access Control, PKI and Single Sign-on: These talks should 
explore the latest technologies in defeating, auditing or implementing 
these technologies. Talks could cover a comparison of the technologies, new 
tools designed to audit a specific application, case studies in 
implementation, etc.

- Routing and Infrastructure: This track will focus on the technologies 
that are the bare bones of an Internet presence. Bandwidth, Routing, DNS, 
Auditing and securing routers, etc.

- Application Security: Auditing Web applications, reverse engineering 
binaries to break or fix something, an evaluation or overview of 
application level proxies, secure coding practices, and buffer overflow / 
stress testing tools would be appropriate for this track.

- Intrusion Detection, Incident Response and Computer Forensics: What are 
the latest technologies and techniques used in detecting and investigating 
a suspected computer break in? What specific steps should an administrator 
take in advance to make this process easier? What tools are the best to use 
in a post mortis? For example on the Computer Forensics topic, if you 
suspect an exploit is executing from memory only on your MegaServer, how 
would you approach that machine to perform a memory dump? What are the 
tools used when dealing with an un trusted machine?

- Privacy & Anonymity: In the ever increasing surveillance of the public 
Net, what are the issues privacy-conscious people and administrators should 
be aware of? Talks could cover legal topics such as "What can we legally do 
to increase our personal privacy?" or "As a network administrator what are 
your legal obligations?" etc. Technology talks could cover tools related to 
privacy such as defeating forensics tool kits, anonymous networking and 
proxies such as FreeNet or JAP or the future of anonymous re-mailers.

- Web, Mail and Other Related Servers: This track will deal with security 
issues surrounding "critical" services such as mail, Web, and network 
availability. What are the security issues with load balancing, distributed 
DNS or system clustering? How do you configure a server to work best under 
heavy load and in a hostile network? Internet commerce and web mail 
services are also appropriate topics.

- Deep Knowledge: Talks from the above tracks that require twice the normal 
time to explore may be selected and moved to this track.

Talks will be either an hour and fifteen minutes or an hour and a half. 
Please specify which you would prefer. It is expected the speaker will make 
time for audience participation and Q&A.

Submissions should be in Microsoft '97, 2k, XP formats, .PDF, .PS or plain 
text.

Include:

- What track you are submitting to.

- How much time you would like for your talk (1 1/4 or 1 1/2 hour)

- A brief BIO on why you are qualified to speak on your topic. This BIO 
will be used in both the Web site as well as in any printed materials that 
may be used for the conference.

- If you need more than two LCD wall projectors for a demonstration, etc., 
please advise how many you need.

- Whether you are speaking on behalf of your company or yourself. If you 
are speaking for a company, please specify which organization it is you 
work for.

- How many people will be presenting. NOTE: Only one hotel, airfare, and 
speaking fee may be provided. Please see below for more details.

DON'T WAIT!

Send submissions to cfp () blackhat com. Presentations are selected and 
evaluated in the order received. If you want to present on a topic, let me 
know early even if you turn your materials in right at the deadline. This 
helps us plan and select topics. Don't hold off until the last minute!


PRESENTATION RESOURCES

We can accommodate most any request if it enhances your presentation. 
Current tools made available to speakers include: LCD projectors, overhead 
projectors, slide projectors, and wireless network access.

This year there will be up to three LCD projectors in a session. If your 
talk requires any sort of demonstration we encourage you to set up a 
network (Machines can be provided) and have each machine projecting on one 
of the LCDs. Audience members will be able to follow along what is 
occurring on each node as the talks progress, or the speaker may provide 
different information on different screen, etc.

There will be wireless Internet connectivity in case you need network 
access to demonstrate any aspect of your presentation.

Please forward any additional resource questions to speakers () blackhat com

SELECTION CRITERIA

Talks will be reviewed in bulk at the submission deadline through a 
three-round system. Speakers will be contacted if there are any questions 
about their presentations. If your talk is accepted, you can continue to 
modify and evolve it up until July 15th, at which time it is frozen for the 
printed materials.

Talks that are more technical or reveal new vulnerabilities are of more 
interest than a review of material covered many times before. We are 
striving to create a high-end technical conference and any talk that helps 
reach this goal will be given extra attention.

Here are two elements that will give your presentation a high priority in 
getting selected:

- Original content or research that has been created specifically for Black 
Hat and has not been seen before gets priority.

- Demonstrations involving new material.

By speaking at The Black Hat Briefings you are granting Black Hat, Inc. 
permission to reproduce, distribute, advertise, and show your presentation 
on www.blackhat.com.

REMUNERATION

The remuneration policy has changed!

If you have never presented at Black Hat before, and you are selected to 
present, Black Hat Inc. will pay for one airfare and hotel room.

If you have spoken before you will receive one airfare, hotel room, and a 
speaking fee of $1,000.

There are two exceptions to these rules.
- If you have been specifically invited to speak you fall into the second 
category.
- If you work for a company that is also an official Black Hat sponsor you 
will not receive any remuneration.

ATTENDANCE FEES and REGISTRATION

Program fees are $1,095 before June 15th, $1,295 after. When registration 
is officially open, you will be able to sign up on-line. By registering 
early you help out Black Hat. We will be able to better guess total 
attendance when computing food, beverage, book and material orders.

MORE CONVENTION INFORMATION

Please visit http://www.blackhat.com/ for previous conference archives, 
information, and speeches. Updated announcements will be posted to news 
groups, security mailing lists, email, and this Web site when available.

HOTEL INFORMATION

The Black Hat Briefings USA 2002 will take place July 31st to August 1st at 
Caesar's Palace Casino and Resort (http://www.caesarspalace.com/) in Las 
Vegas, Nevada.


Thank you for your time!


Jeff Moss,
Organizer

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards