Black Hat Windows Security Keynotes announced

["B.K. DeLong" <bkdelong () pobox com>]

Hi all -

I figure with the recent SPI Labs whitepaper on SQL injections, some of the 
talks and tools may be of interest to listmembers:
-----------------------------------------

For Immediate Release

Contacts

B.K. DeLong
press () blackhat com
+1.617.877.3271

BLACK HAT WINDOWS SECURITY BRIEFINGS 2002 KEYNOTES INCLUDE
NSA CHIEF AND DIRECTOR OF STANFORD LAW SCHOOL TECHNOLOGY CENTER

NSA System and Network Attack Center (SNAC) Chief Tony Sager & Clinical 
Director of Stanford Law School's Center for Internet and Society, Jennifer 
Granick

http://www.blackhat.com/ -- Black Hat Inc. today announced the keynote 
speakers for February's Black Hat Windows Security Briefings and Training 
2002, the annual conference and workshop designed to help computer 
professionals better understand the security risks to their Microsoft 
Windows systems and information infrastructures by potential threats. 
Speaker presentations will cover Protocol Attacks, Voice-over-IP, Oracle 
vulnerabilities, Windows Group Policy, and NTLMv2 Authentication as well as 
General Windows Exploits, Data Recovery, Incident Investigation & Response, 
and Better Protection Practices. There is also a special focus on Microsoft 
SQL vulnerabilities and how to both exploit and fix them. Black Hat Windows 
will be held at the Radisson Hotel in the heart of New Orleans, 5 through 8 
February, 2002.

Top-notch speakers will deliver to the conference's core audience of IT & 
network security experts, consultants and administrators the newest 
developments on the security problems and vital issues facing organizations 
using Windows-centric networks.

"The intense sessions of Black Hat Briefings bring to light the Windows 
security and misconfiguration problems confronting organizations and their 
network administrators. It is a common problem that security gets put off 
in lieu of constant network growth and upgrades," says Jeff Moss, founder 
of Black Hat Inc. "Our speakers discuss the strategies involved in 
correcting existing problems and inform attendees on upcoming issues, 
preparing them for the future."

The keynote speakers for this year's Black Hat Windows Security Briefings 
include:

         -- Tony Sager, NSA System and Network Attack Center (SNAC/C4) 
Chief, part of the Information Assurance Directorate of the National 
Security Agency (NSA). During his 24 years with NSA, he has served in a 
variety of technical and management positions, spanning computer security, 
cryptography, software analysis, and network security. His Center produces 
the NSA Security Recommendation Guides to Windows 2000, the first of 
several security products they have released to the public. Tony is also 
actively involved with a number of community-wide public activities in 
network security. He has degrees in Mathematics and Computer Science, and 
dabbles as a PC hobbyist, struggling to protect his home LAN from bad guys 
and three adventurous adolescent users.

         -- Jennifer Stisa Granick is a Lecturer in Law and Director of 
the Litigation Clinic at Stanford Law School's Center for Internet and 
Society. Ms. Granick's work focuses on the interaction of free speech, 
privacy, computer security, law and technology. She is on the Board of 
Directors of the Honeynet Project, a computer security research group, and 
has spoken at the National Security Agency, to law enforcement officials 
and to computer security professionals from the public and private sectors 
in the United States and abroad. Before joining Stanford Law School, Ms. 
Granick practiced criminal defense of unauthorized access, trade secret 
theft and email interception cases nationally. She has published articles 
on wiretap laws, workplace privacy and trademark law.

Other Black Hat Windows Security 2002 speakers include:

        -- Thomas W Shinder, M.D. trainer, writer and consultant. Shinder 
is a 10-year computing industry veteran who's worked for Fortune 500 
companies and has written or contributed to over 20 Windows 2000 related 
books. He was a Series Editor of the Syngress/Osborne Series of Windows 
2000 Certification Study Guides. He is also the author of the best selling 
book "Configuring ISA Server 2000: Building Firewalls with Windows 2000". 
Shinder will be giving a presentation with Microsoft's Jim Harrison on 
"Deploying and Securing Microsoft Internet Security and Acceleration 
Server" and will be signing some of his books after the talk.

        -- Laura Robinson, Independent Consultant and Trainer. Robison is 
a Microsoft Certified Trainer and Systems Engineer on both NT and Windows 
2000; a Certified Lotus Professional Systems Administrator, Application 
Developer and Instructor; and an instructor for Real World Security's 
@ctive Defense education series. She will be speaking on "The Devil Inside: 
Planning Security in Active Directory Design".

        -- Timothy Mullen, CIO and Chief Software architect, AnchorIS.Com. 
AnchorIS.com is a developer of secure enterprise-based accounting 
solutions.  Mullen is also a columnist for Security Focus' Microsoft Focus 
section, and a regular contributor of InFocus technical articles. He will 
be giving a presentation about "Web Vulnerability and SQL Injection 
Countermeasures: Securing Your Servers From the Most Insidious of Attacks"

        -- David Litchfield, Managing Director & Co-Founder, Next 
Generation Security Software. Known as the UK's NT Guru by ZDNet, David is 
a world-renowned security expert specializing in Windows NT and Internet 
security. His discovery and remediation of over 100 major vulnerabilities 
in products such as Microsoft's Internet Information Server and Oracle's 
Application Server have lead to the tightening of sites around the world. 
Litchfield will be looking into "Oracle Vulnerabilities".

        -- Halvar Flake, Reverse Engineer, Black Hat Consulting. 
Originating in the fields of copy protection and digital rights management, 
Flake gravitated more and more towards network security. Over time he 
realized that constructive copy protection is more or less fighting 
windmills. After writing his first few exploits he was hooked and realized 
that reverse engineering experience is a very handy asset when dealing with 
COTS software. With extensive experience in reverse engineering, network 
security, penetration testing and exploit development he recently joined 
BlackHat as their primary reverse engineer. Flake will be exposing "Third 
Generation Exploits on NT/Win2k Platforms".

        -- JD Glaser, Security Consultant for Foundstone. Glaser 
specializes in Windows NT system software development and COM/DCOM 
application development. His most recent achievement was the successful 
formation of NT OBJECTives, Inc., a software company exclusively centered 
on building NT security tools. He will be speaking about "One-Way SQL 
Hacking: Futility of Firewalls in Web Hacking".

         -- FX, leader of the German Phenoelit group and a Security 
Solution Consultant at n.runs GmbH. He will be covering "Routing and 
Tunneling Protocol Attacks".

        -- Eric Schultze, Senior Technologist, Microsoft Security 
Strategies Group. Schultze has memorized every security hotfix ever 
released by Microsoft in a security bulletin. In his spare time, he 
maintains the Microsoft hotfix XML database and designs new features for 
HFNetChk. Eric is a former Founder of Foundstone, co-creator of the 
Extreme/Ultimate Hacking training classes, and technical editor for the 
Hacking Exposed: Windows 2000 book. Schultze will tell attendees "How to 
keep up with all those frickin security patches".

New tools being released at BlackHat include:

        -- White Hat Arsenal, the next generation of professional Web 
security audit software from Jeremiah Grossman of WhiteHat Security, Inc.

        -- SQLPing 2.0, a tool from Chip Andrews and sqlsecurity.com that 
reveals detailed server information and sends discovery packets to entire 
networks for mass interrogation.


Black Hat Inc. will also conduct computer security training for several 
different topics the two days prior to the briefings - 5 through 6 February.

Subjects include:

        -- Advanced Scanning with ICMP
        -- Auditing Binaries: Reverse Engineering Windows 2000
        -- Complete Windows 2000 Security
        -- NT Network and Web Intrusion Detection Workshop
        -- Secure Development of Data-Driven Web Applications
        -- NSA InfoSec Assessment Methodology Course
        -- Foundstone's Ultimate Hacking: Black Hat Edition

The instructors for the training segment of this year's Black Hat are some 
of the top experts in their field and are fully active in the computer 
security community. You won't find most of these speakers anywhere else and 
these handpicked security gurus will train participants in understanding 
the real threats to any network and how to keep them from being exploited.

Other special features of this year's Black Hat Windows Security conference 
include that the dates are just after the Super Bowl XXXVI being held at 
the nearby Louisiana Superdome two days before the show, and in the days 
following the conference, attendees can experience New Orleans' Mardi Gras 
-- where the main parade goes right past the hotel.

Attendees will also have access to a wireless network during the show.

To register for BlackHat Briefings, visit the Web site at 
http://www.blackhat.com or register at the conference. Direct any 
conference-related questions to info () blackhat com.

For press registration, contact B.K. DeLong at +1.617.877.3271 or
via email at press () blackhat com.

About Black Hat Inc.

Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the need 
for computer security professionals to better understand the security risks 
and potential threats to their information infrastructures and computer 
systems. Black Hat accomplishes this by assembling a group of 
vendor-neutral security professionals and having them speak candidly about 
the problems businesses face and their solutions to those problems. Black 
Hat Inc. produces 5 briefing & training events a year on 3 different 
continents. Speakers and attendees travel from all over the world to meet 
and share in the latest advances in computer security. For more 
information, visit their Web site at
http://www.blackhat.com

###

--
B.K. DeLong
Press Coordinator
Black Hat Briefings
+1.617.877.3271

bkdelong () blackhat com
http://www.blackhat.com