Final Speakers Announced for HiverCon 2002

[InfoSec News <isn () c4i org>]

Forwarded from: Mark Anderson <mark () hivercon com>

FINAL ROUND OF HIVERCON 2002 SPEAKERS ANNOUNCED

http://www.hivercon.com/ -- The submission deadline for this year's
HiverCon security conference passed last Friday at midnight PST. Many
long nights were spent by the organisers reading and rereading the
submissions trying to find the right mix of speakers for the November
event. In total ten speakers have been announced as confirmed to speak
at HiverCon 2002. The industry recognized names will be presenting
papers on a myriad of information security topics, introducing new
tools and research, as well as discussing newly highlighted security
problems and solutions.

Before getting into the talk details it should be noted that Earlybird
registration for the conference closes on October 1st and tickets are
limited so order now and save 200 Euro. The venue for the conference,
the Burlington Hotel, still has some reduced rate rooms available but
that offer is also only open until October 1st.

Richard Thieme (thiemeworks.com) will open the conference on November
26th with his keynote speech entitled 'Defending the Information Web'.
Business consult, writer, professional speaker and security
philosopher, Thieme's work has been published by the Business Times of
Singapore, Convergence (Toronto), and South Africa Computer Magazine
(Capetown). His talk will cast a wide net as he illuminates the
on-going battle that is information security and our role in it.

Dan Kaminsky (Doxpara Research) is the author of The Paketto Keiretsu,
a suite of userspace tools to demonstrate new and highly useful
functionality that lies dormant within existent, even stagnant
networks. He will discuss his work on previously unrealised subtleties
of the TCP/IP standard and some newly available cryptographic
primitives will also be discussed and analysed for potential uses. Dan
worked for two years, at Cisco Systems, designing security
infrastructures for large-scale network monitoring systems. He
recently wrote the spoofing and tunneling chapters for "Hack Proofing
Your Network: Second Edition", and has delivered presentations at
several major industry conferences.

David Houlton (Dachb0den Labs) will present a technical overview of
all of the current leading edge methods of attacking 802.11b wireless
networks. It will cover specifics behind WEP cracking using both the
21-bit passphrase and brute force attacks, the Fluhrer, Mantin, and
Shamir attack, and other injection based WEP attacks. It will also
cover specifics behind protocol capture and injection attacks
including disassociating nodes from an access point, re-associating
them with another access point, basic man-in-the-middle scenarios, as
well as some new 802.11b hardware/firmware and software based
vulnerabilities. David is the main developer of the bsd-airtools
project, a complete 802.11b penetration testing and auditing toolset.

FX is the leader of the German Phenoelit research group. His and the
groups interest is in less known or commonly ignored protocols,
devices and techniques. As such his talk 'Attacking networked embedded
systems' will show how to exploit design failures and software
vulnerabilities in embedded systems such as printers and routers. The
attacks range from simple design issue exploitation to code execution
on the target for the purpose of compromise or use as attack platforms
.

Advances in storage technology, networks, file system software,
operating system advances and increasing mobility of data have all
conspired to make getting rid of data very difficult. Kurt Seifried
will discuss the software options for data deletion and encryption
that are available and thier flaws.

The polish research group LSD will be focusing on the development of
assembly components within the Windows 2K/XP environment. They will
show that security vulnerabilities, allowing for unauthorized
execution of few dozen assembler instructions, have in practice the
same high risk in Windows as on Unix platforms. During the
presentation the details of developing assembly components along with
proof of concept code will be presented.

The Open Source Security Testing Methods came about as a need for an
open, free security testing methodology in response to the numerous
security testing companies who claimed to have a secret, internal and
corporate confidential methodology for testing open source software.
Pete Herzog will introduce the audience to the OSSTM and walk it
through the effect it had on groups like the FAA, the US Government,
Spanish government and Australian government helping to define their
anti-terrorist initiatives.

As previously announced Ofir Arkin, Rain Forest and Simple Nomad will
also be presenting papers entitled 'Security Issues with VoIP', 'Web
server Profiling' and 'Packetting Satan's Network' respectively.

Contact:

Mark Anderson            
mark () hivercon com
http://www.hivercon.com/ 

###



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.