Presentation Title: The Latest on Digital Security
Presentation Details: TBA

About Bruce Schneier (Founder and Chief Technical Officer, Counterpane Internet Security):

Internationally-renowned security technologist and author Bruce Schneier is both a Founder and the Chief Technical Officer of Counterpane Internet Security, Inc. the world’s leading protector of networked information - the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats.

Schneier is responsible for maintaining Counterpane’s technical lead in world-class information security technology and its practical and effective implementation. Schneier’s security experience makes him uniquely qualified to shape the direction of the company’s research endeavors, as well as to act as a spokesperson to the business community on security issues and solutions.

Schneier is the author of eight books, including his current best seller, Beyond Fear: Thinking Sensibly about Security in an Uncertain World, which tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. Secrets & Lies: Digital Security in a Networked World, which was published in October 2000, has sold 100,000 copies. One of his earlier books, Applied Cryptography, now in its second edition, is the seminal work in its field and has sold over 150,000 copies and has been translated into five languages. He writes the free email newsletter Crypto-Gram, which has over 100,000 readers. He has presented papers at many international conferences, and he is a frequent writer, contributing editor, and lecturer on the topics of cryptography, computer security, and privacy.

Schneier designed the popular Blowfish and Twofish encryption algorithms, the atter a finalist for the new Federal Advanced Encryption Standard (AES). Schneier served on the board of directors of the International Association for Cryptologic Research, and is an Advisory Board member for the Electronic Privacy Information Center.

Schneier holds an MS degree in computer science from American University and a BS degree in physics from the University of Rochester.

Presentation Title: The Challenges of OS Security
Presentation Details: TBA

About Paul Mcnabb (General Manager and Director of Business Development, Argus Systems Group):

Paul A. McNabb, General Manager and Director of Business Development, brings over 20 years experience with UNIX software development and administration to Argus. Mr. McNabb developed the architecture of the world’s first third-generation trusted operating system, including the design, development, and testing of many of Argus’ secure UNIX products. In addition, he supervised the unprecedented ITSEC certification of Argus security applications.

Mr. McNabb previously served as Manager of Trusted Products for Addamax Corporation from March 1988 through February 1993, where he was responsible for supporting the security evaluation of all trusted security products. From 1984-1985, he was employed as the Director of Research Facilities for the Computer Science Department at Purdue University. In this capacity, Mr. McNabb was responsible for managing the purchase and administration of all departmental hardware and software. He received a Master of Science degree in Computer Science from Purdue University in 1984.

Mr. McNabb is the deputy director of the University of Illinois Center for Advanced Research in Information Security (CARIS) and is also chairman of the ASP Industry Consortium (ASPIC) Best Practices Security Subcommittee.

Mr. McNabb has participated in defining security issues and economic solutions for architectures ranging from ASP and ISP hosting environments to government and defense information systems. He is a Certified Information Systems Security Professional (CISSP) and has over 20 years direct experience in Internet/ARPAnet development and security. He is a frequent lecturer before industry and academic groups and has been a speaker at more than 40 security conferences and symposia in North America, Europe, Asia and Australia.

Presentation Title: TBA
Presentation Details: TBA

About San: TBA

Presentation Title: TrustedBSD Security Policy Implementation through the MAC Framework
Presentation Details:

The TrustedBSD project is a non-profit effort for the development of FreeBSD’s security extensions. One of the more unique and definitely most powerful extensions is the MAC framework. By touring through the currently available ACL solutions, the benefits of MAC (and the benefits to come) will be made very clear. The TrustedBSD MAC framework permits extensions to be introduced at compile-time, boot-time or at run-time, and provides a number of services to support dynamically introduced policies, including policy-agnostic object labeling services and application interfaces. By tackling the design of the MAC framework through the analysis of the actual implementation, hackers will be introduced to the powerful MAC API that allows virtually infinite flexibility in security policy design, implementation and layering.

About Samy Al Bahra:

Samy Al Bahra has been involved with open-source for over four years, and contributes regularly as a TrustedBSD and arabeyes.org developer. An enthusiastic hobbyist at heart, Samy has contributed to a wide range of other open-source projects and serves as one of the representatives of the Saudi Computer Society’s Linux group (as a regular lecturer). Samy has also served as one of the technical reviewers for Addison Wesley’s “The Design and Implementation of the FreeBSD Operating System” and has several articles littered across the internet.

Presentation Title: Cyber Skirmishes
Presentation Details:

High-tech information warfare is fast becoming a reality. The term information warfare covers a wide range of activity, including corporate and military espionage and intelligence collection, psychological operations and perception management, attacks on communication systems, consumer fraud, and information piracy. In addition, the concept covers specifically computer-related issues: viruses, Trojan horses, and deliberate and targeted hacking efforts such as computer break-ins and denial-of-service attacks (where hackers flood an Internet server with traffic to overload and disable it). Cyber warfare is politically-motivated computer hacking that inflicts severe societal harm, and may also effect nation’s economy and defense. Cyber Warfare is so rapid that it may not give an opponent enough time to “surrender” before permanent and devastating damage is done. It has recently become of increasing importance to the military, the intelligence community, and the business world. Military planners are now imagining soldiers at computer terminals silently invading foreign networks to shut down radars disable electrical facilities and disrupt phone services.

# Introducing Cyber warfare
# Globalization of Cyber Warfare
# Outsourcing Warfare
# Cyber Targets
# Psychology of Modern Warfare
# Cyber Weapons
# Retaliation and Defense Tools

# Cyber battleground of Palestine and Israel
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of Iran and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of China and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of India and Pakistan
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Capabilities of Al Qaeda
# Al Qaeda’s Interest In Cyber Warfare
# Al Qaeda’s Cryptography as Communication
# Cyber attacks during war of Terrorism
# Cyber attack on Al Qaeda by US
# Cyber Defense Strategies
# How hacking affect military operations?
# Influencing Foreign Policy
# How cyber attacks can spark a Real War?
# Cyber Propaganda and Terrorism
# ECHELON
# Revolution in Military affairs and C4I
# International Law
# Future of Cyber Warfare

About Zubair:

Zubair Khan is a freelance network security consultant. He has been researching mainly on DDoS Attacks and also on various other facets of network security for the past six years. He has given network security consultancy to top organizations of Pakistan. Recently he worked as a network security consultant for C4i of Pakistan. C4i is one of the directorates of Pakistan Army providing secure mode of communication for peacetime and war.

Zubair is founder of hacker’s conferences in Pakistan. His two major events Islamabad Hackers Training Camp 2004 and Islamabad Hackers Convention 2005 turned out to be a huge success. These events created a platform for security professionals in Pakistan. He has also conducted security trainings at various forums which includes government organizations. His research and work is recognized by Chairman of Pakistan Engineering Development Board and Chairman of Pakistan Engineering Council. His work and efforts to create network security awareness are greatly appreciated by high officials of country and also by media agencies.

Presentation Title: Malicious Code Analysis
Presentation Details: This presentation will introduce the audience to the types of malicious code out there today, and how they go about doing what they do by analyzing them behaviourally, and also by reverse engineering the code. We will also examine the various propagation vectors, and what to expect to see in the future. Finally, a discussion of how anti-virus solutions are reactive and how to pro actively protect the network from malicious code by performing trend analysis.

Why is this dicussion important?

Anti-virus companies are reactive. As new viruses emerge and begin infecting customers, these companies then acquire the code, analyze it , and push out a signature to protect their customers. This approach is going to become obsolete with the way things are going. Security professionals will have to become proactive and understand the workings of malicious code, and then be able to protect their networks from the inside.

About Ahmad Elkhatib:

Ahmad Elkhatib is a currently an information security consultant with InnoKAT, a company specializing in security professional services, where he helps top enterprises in the region by designing and implementing their security strategies. Previous to InnoKAT, Ahmad worked at iDEFENSE where he was a Vulnerability Research Engineer with iDEFENSE Labs. He then later moved to the Malicious Code Team as a Malicious Code Analyst. In that role Ahmad analyzed, assessed and reported on cyber threats to iDEFENSE’s Fortune 100 customers. Ahmad also worked with British Telecom’s BTExact as a Wireless Network Security Engineer. He also was an IT consultant for the Computer Aided Engineering Network (CAEN) at the University of Michigan - Ann Arbor. Ahmad holds a degree in Computer Engineering from the University of Michigan - Ann Arbor and is a certified BS ISO 17799 Lead Auditor. Ahmad is also a member of the Information Systems Security Association - Northern Virginia chapter and has participated and presented at various security conferences and academic institutions.

Presentation Title: Whispers On The Wire - Network Based Covert Channels, Exploitation and Detection
Presentation Details:

The presentation aims to acquaint the listener with the intriguing theme of network based covert channels and describes how these copse data communication and hiding techniques can be, and are being actively exploited over various communication networks. It gives the reader a detail insight on the background, methods, tools, detection techniques and future implications associated with them. This presentation will provide the latest insight in to this rapidly evolving field.

About Pukhraj:

Pukhraj Singh is an information security researcher and a technology evangelist. He is currently employed at the Indian R&D base of a Silicon Valley headquartered security start-up. He is a part of the team working on a patent pending, avant-garde device which will prevent intrusions in an novel way. He had a short stint of working with Network Intelligence India, a leading security solutions provider in Asia-Pac region where he worked on varied information security domains like penetration testing, incidence response and vulnerability assessment. Having an innate interest in making people more aware about security and its importance in present scenario, he has spoken in many national conferences and technology meets and written in some leading security resource websites (SecurityFocus.com) and newspapers.

Presentation Title: Unix Kernel Auditing
Presentation Details:

This paper will deal with finding security flaws in unix kernels. Today kernel related security bugs are more important then ever, This is because the average administrator is paying attention to security these days. He/she will usually narrow down everything that can be ran as another user (network daemons, cron scripts, suid and sgid binairies, webapplications, …).

These are in most cases all programs that run in userspace and are usually fairly easy to narrow down. Things are not that easy when it comes to kernels. Most people see kernels as as blackboxes and will stay away from them except for some compile configurations. This is where the problem lies. besides the fact that it is very hard to minimize your kernel they are also a perfect target for attack. Unlike some network applications and suid/sgid binaries kernels have a lot (+1000) of inputs that a user initially controls. Given that no sofware is flawless, and the most unix kernels have more then 1000 inputs it’s safe to say that all unix kernels have severe security bugs that have yet to be discovered.

This paper will describe some common steps into looking for specific security flaws and will try to stipulate where to look for them.

About Ilja:

Ilja van Sprundel is a employee of Suresec Ltd. and has a passion for somewhat offensive computer security. Among other things he has previously implemented a secure credit card transaction solution. Ilja also attended the RWTH-Aachen summerschool of applied I.T security where he learned a great deal about offensive and defensive security mechanisms. He is also the winner of the 21c3 stacksmashing contest and a member of the Netric security research group.

Presentation Title: Wireless Prevention and Protection
Presentation Details: TBA

About Dr. Khaled Negm:

Khaled E. A. Negm, Ph.D., MIEEE, ISSA, ISACA, CISA, FMICTP. MECT*/NATO, USENIX. Dr. Negm is a member of the Information Systems Security Association (ISSA)-USA and Information Systems Audit and Control Association (ISACA)-USA. He is the Associate Chairman for the Security Standards Committee and Secretary for the Scientific Committee of the ISSA for the Middle East and Asia. He is also a member of the Technical Committee of Security Standards of the IEEE and the USENIX group.

He is currently Associate Professor in Etisalat College of Engineering, UAE. For the last 16 years Dr. Negm has been involved in carrying out responsibilities for the Network Security Architecture, including the design, implementation, and administration of firewalls, Web servers, proxy servers, SecureID and other network security components for several Governmental Departments, Security Agencies, Banks and Educational Institutes. He has also provided training and consulting in the areas of security solutions and security audits involving corporate security policies, designing and implementing the corporate firewall solutions, and providing secure access for remote systems.

Dr. Negm is a Senior Member of the IEEE and Member of the Applied Computational Society. His current interest lies in IPSEC, Wireless Security, IT Forensics and the AAA Wireless Problems. Dr. Negm is listed in Who’s Who in Information Technology and Networks Systems Security and Nominated to be the Professional of the Year 2004 (of IT Security) by the International Association of Networking Professionals-USA.

Presentation Title: TBA
Presentation Details: TBA

About Javed: TBA

Presentation Title: Toward Architectural Challenges of Secured Mobile Devices
Presentation Details:

Security is critical to a wide range of current and future wireless data applications and services. In this research proposal I would like to highlight the challenges posed by the need for security during system architecture design for wireless handsets, and provide an overview of emerging techniques to address them. My talk-objective evidently supports that directions.

There are several challenges unique to wireless devices and their environment, which will be addressed in my speech. I envision that, in addition to new security protocols optimized for the wireless environment, new system architectures and system design methodologies will be required to address many of these challenges, including the wireless security processing gap . I would like to mention the ways to discover & minimize those security gaps. Security considerations will become an integral part of system design for wireless handsets, rather than being addressed as an afterthought.

About Manzur:

Manzur Ashraf is a lecturer in the department of computer science & engineering, BRAC University, Dhaka.

Presentation Title: WLAN Security: A Survey of Challenges & Solutions
Presentation Details:

Wireless Local Area Network (WLAN) is a short-range wireless technology that has a niche promising market. WLAN was developed by IEEE in what is termed as IEEE802.11 family standard. The popularity of WLAN has been on the rise. Along with this popularity has come a well publicized series of vulnerabilities and risks in the IEEE802.11 implementations. Furthermore, the normal risk assessment/risk mitigation process is complicated by a confusing set of authentication and encryption mechanism and the strengths and weaknesses of each.

The aim of this paper is to address each of these risks in detail and identify the real-world best practices needed to deploy and maintain a secure WLAN. The taxonomy of ever-expanding list of WLAN attack techniques is described. The generic mechanisms available for authentication of users and the protection of the privacy and integrity of the data are presented. A basic analysis of each security countermeasure by looking at the attack techniques addressed by the mechanism is reported. A number of recommendations for WLAN security are stated. Without these suggestions, not only is a WLAN vulnerable, but the entire information infrastructure of which it is a part is at risk.

About Wafik:

Wafik Ajoor is Directorate of Wireless Licensing, Frequency & Monitoring, Ministry of Transportation Bahrain. He received his B.Sc. in Computer Engineering from the King Saud University, KSA, in 1991, his M.Sc. in Electronics Engineering (Communications) from the University of Wales, UK, in 1993, and his M.A.Sc. in Electrical and Computer Engineering (Wireless/Mobile Communications) from the University of Waterloo, Canada, in 2003. He also obtained a diploma in Training and Development from the Thames Valley University, UK, in 1996. He holds CompTIA Security+ certification.

In 1991, he worked for IBM as a Mainframe Field/Customers Care Engineer for 3 years. He worked for the University of Bahrain as a Computer Science Lecturer in 1996 for 2 years. He also worked for Enbridge Consumer Gas Inc. (Canada) as a Wireless Consultant, in 2001, and for V Technology (Canada) as a Hardware Design Testing Engineer in 2002. He is currently working for the Ministry of Transportation (Bahrain) as a Telecommunications Engineer. He is a recipient of the prestigious Canadian Wireless Telecommunications Association award. He is a member of the IEEE since 1999. He is the IT Officer of the IEEE-Bahrain Section. He served as a Local Arrangements Subcommittee Chair of the 2nd IEEE-GCC Electrical and Electronics Industries Conference, Nov. 23-25, 2004. He has been a reviewer for the IEEE Communications magazine and Wiley’s Wireless Communications and Mobile Computing journal.

His current research interest is wireless communications, 3G/B3G/4G Cellular Systems, UMTS/WCDMA Radio Network Optimization and Performance Analysis/Enhancement, WLAN, WLAN Security, 3G Security, and 3G/WLAN integration.

** Presenting with Fyodor Yarochkin

Presentation Title: Hacking automation with STIF: A New Breath
Presentation Details:

The STIF framework (http://o0o.nu/sec/STIF) was originally developed by Fyodor and Meder and presented at HITB2004 in Kuala-Lumpur, now is extended with new features and bug fixes, web front-end, database support, distributed communication, new ‘plugin’ interfaces and libraries for plug-and-play toolsutomation. Fyodor and Meder will present their way of automated hacking with STIF and demonstrate how the tool could be used by security analysts and network administrators in their daily routine of security assessments. The distributed coordinated attacks are now made easy by use of the database publishing interface, several integrated open source tools and web-based management console.

About Meder:

Meder Kydyraliev is a freelance security researcher, has obtained his bachelor of science degree in software engineering from AUK/Kyrgyzstan and is at early stage of getting to know what real security industry(sic) is. For past 2 years he has been involved in research and development of Xporbe2 active OS fingerprinting tool. Some of his personal interests include: network reconnaissance, information gathering techniques and applications of distributed computing in information security tools. His senior project was titled “Multi-threaded, distributed platform for information security tools".

** Presenting with Meder Kydyraliev

Presentation Title: Hacking automation with STIF: A New Breath
Presentation Details:

The STIF framework (http://o0o.nu/sec/STIF) was originally developed by Fyodor and Meder and presented at HITB2004 in Kuala-Lumpur, now is extended with new features and bug fixes, web front-end, database support, distributed communication, new ‘plugin’ interfaces and libraries for plug-and-play toolsutomation. Fyodor and Meder will present their way of automated hacking with STIF and demonstrate how the tool could be used by security analysts and network administrators in their daily routine of security assessments. The distributed coordinated attacks are now made easy by use of the database publishing interface, several integrated open source tools and web-based management console.

About Fyodor:

Fyodor Yarochkin is a security hobbyist and happy programmer with a few years spent in business objectives and the “security” service delivery field. These years, however, weren’t completely wasted - Fyodor has been contributing his spare time to a few open and closed source projects, that attracted limited use among non-business oriented computer society. He has a background of system administration and programming and holds Engineering degree in Software Engineering.

Note: Fyodor is not ‘nmap Fyodor’. (http://www.snort.org/docs/faq.html#1.2)

Presentation Title: Does Security Keep You Awake
Presentation Details:

About Jorge:

Founder and CEO at E-Security Gulf Group (ESGULF). With over 20 years of IS experience and nine years of security experience, Mr. Sebastiao brings experience, creativity, structure and innovation to the “E-Business Security”. He architects practical and business focused solutions using leading security technologies and information assurance processes. They include encryption, authentication, biometrics, smart card, content filtering monitoring and security event correlation. In Information Security Mr. Sebastiao as been the speaker at numerous international conferences, delivers training and awareness on a regular basis. Topics include: BCP/DRP, Physical Security, Biometrics, Standards, Information Security Insight, Ethical Hacking, BS7799, ISO17799, CISSP CBK, IDS, Firewall, Antivirus, Forensics, Incidence Response. Primary Audiences include: Financial Sector, Telecommunications, Airlines, Government, Defence, and Private Commercial.

Previously at Computer Associates Middle East and Computer Associates Canada he implemented leading Enterprise Management, Security Management and Information Management solutions for mission critical business applications. He has guided clients in the integration of current technologies and migration of legacy applications to newer computing paradigms which make use of–object orientation, distributed systems, client/server, multi-tier as well as E-technologies.

Mr. Sebastiao also co-authored a consumer credit and information book titled “La Face Cachée du Credit". (at: Jorge@esgulf.com)

Presentation Title: Packet Filtering Firewalls at the Network Perimeter
Presentation Details:

In this article, we will discuss packet filtering firewalls and how they are positioned in a Defense-In-Depth concept. We will introduce some basic guidelines for configuration to provide security against some types of attacks. Although we will concentrate on network security, we will also examine the possibilities of implementing PF firewalls in host security.

About Barbaros:

Barbaros Catkan. Presently a lecturer at the Kingdom University. Started his career as a systems programmer on IBM mainframes in early 1980s after graduating from the university. Worked up from technical to managerial positions in Information Management Departments and hence witnessed the change in the IT industry from centralistic mainframe environments to today’s distributed environments. Can be reached at b.catkan@ku.edu.bh

Presentation Title: Information Security in Banking
Presentation Details:

The presentation is aimed at both business users and technical people; using a language and examples both factions can understand. This presentation highlights challenges facing the Banking Industry today andin the near future. The talk is based on the speaker’s experience pen testing and auditing some of the largest
bank in Asia and will describe intrinsic problems in the banking infrastructure: (core banking, online banking, SMS banking, network of trust, threats from third party contractors, from insiders, etc…).

This presentation will focus on ways to defeat information security by ways of deception and taking advantage of specific subtleties in human behaviour. Social engineering attacks will be described in full to provide sufficient background and awareness during everyday business activities. It will also describe how security mechanisms such as firewalls, intrusion detection systems and VPN often give a false sense of safety when security isn’t integrated into business process.

The presentation will include 3 real-world case studies:

Case Study I: Penetration testing a major Asian bank (profiling, war dialing, war driving, internet pen test, social engineering, physical pen test, internal pen test, core banking pen test). The speaker will show how an attacker can compromise the most up to date and “secure” systems sometimes without using any exploits.

Case Study II: Core Banking Audit, taking a look at security through obscurity; cases of insider hacking and fraud in which employee erased loan files and tried to manipulate interest rates, vendor tempering with production environment, etc.

Wireless Security Survey in Jakarta (ATM banking transactions broadcasted in plain-text over wireless, another bank broadcasting multi-million dollars bank wires in plain-text, an entire credit card department exposed to attacks). Never-seen-before screenshots will be displayed (what the eye doesn’t see, the heart don’t grieve about.)

About Anthony:

Anthony Zboralski leads Bellua Asia Pacific, an Information Security consulting company based In Jakarta, Indonesia. He has more than 9 years of experience performing penetration tests, assessments, forensics and related services for some of the largest banks in Asia and a dozen Fortune 500 companies including Aerospatiale, Air France, Allianz, AXA, Electricite de France, Lagardere-Matra…

He is also known as Gaius, one of HERT cofounders and wrote some articles for phrack and hert.org (tunnelx, ciscogdb, procx, etc.). Anthony has been involved into hacking and security community since 1989 (started on x25 with otosync and bayernpower [Matthias]). He is 29 now, living in Indonesia with wife and two kids.

** Presenting with Fabio Ghioni

Presentation Title: Corp Vs Corp: Industrial Espionage and Cyberwars
Presentation Details:

In the aftermath of September 11th, security issues came into the limelight; everybody focalized their attention on increasing anti-terrorist measures and countering the increasing number of hacker attacks to business and government networks but hardly anyone has ever mentioned a more insidious and widespread criminal activity: industrial espionage. Today companies can rely on cyber-based techniques and methodologies to react to attacks coming from the real world.

1) Introduction: old and new threats after September 11th
2) Industrial Espionage: state-sponsored espionage
3) Cyber defense methodology: from digital identification of attacker to counterattack strategy
4) Cyber counterattacks: information leakage, Injected Interception

About Roberto:

Roberto Preatoni (aka Sys64738): 37, is the founder of the defacement/cybercrime archive Zone-H (http://www.zone-h.org). He’s also CEO of an International ITsec company (Domina Security) which is active in European and former soviet countries. He has been globetrotting, lecturing in several ITsec security conferences, including Defcon in the US. He has been interviewed by several print and online newspapers where he shares his experiences relating to cyberwar and cybercrimes.

** Presenting with Roberto Preatoni

Presentation Title: Corp Vs Corp: Industrial Espionage and Cyberwars
Presentation Details:

In the aftermath of September 11th, security issues came into the limelight; everybody focalized their attention on increasing anti-terrorist measures and countering the increasing number of hacker attacks to business and government networks but hardly anyone has ever mentioned a more insidious and widespread criminal activity: industrial espionage. Today companies can rely on cyber-based techniques and methodologies to react to attacks coming from the real world.

1) Introduction: old and new threats after September 11th
2) Industrial Espionage: state-sponsored espionage
3) Cyber defense methodology: from digital identification of attacker to counterattack strategy
4) Cyber counterattacks: information leakage, Injected Interception

About Fabio:

Fabio Ghioni is advisor to several Multinational Corporations as well as Governments. He is the leading expert in the field of information security, competitive intelligence and intrusion management in an asymmetric environment. As consultant to several different Government institutions he has been the key to the solution of several terrorism cases in the past. He has serviced leading international corporations involved in the military, telecommunications, banking and technology industries. His key fields of research range from mobile and wireless competitive security to the classification of information and forensics technologies applied to identity management and ambient intelligence.

Presentation Title: Carrier-grade security: A primer for telecommunications operators
Presentation Details:

Telecommunications operators are at a crossroad. After enjoying decades of steady growth in a protected sector, they now face increasingly aggressive competition from smaller players due to the deregulation wave. On the technological front, they must find answers to the threat of mobile data services such as Wi-Fi and telephony alternatives based on VoIP protocols. For the first time since they were created, they must also take the security threat seriously, as opposed to the proverbial lip service they were content with until now. This presentation will present the evolution of the security threats facing telecommunications operators, and what they must do about it.

About Emmanuel:

Emmanuel started his career in GSM telecommunications in 1994, specializing in Network Management Systems and Intelligent Networks, participating in the launch of several cellular networks across Asia and Europe, with a focus on Value-Added Services. In 1997 he founded a consulting firm focusing on the highly specialized security services for the GSM and 3G operators. Personal interests include X.25 networks and SS7 signalling. Emmanuel focuses on the emerging threats facing the telecommunications industry today. He founded the Telecom security Task Force (TSTF) to provide clients with specialized security services for their GSM/GPRS/UMTS/SS7/VoIP/IMS networks

Presentation Title: IT security in an active warzone
Presentation Details:

We draw general lessons in technology deployment and project management from the extreme environment of Iraq. This environment has some unique characteristics – active adversaries, physical insecurity, recently destroyed infrastructure, and a dynamic and uncertain political environment – but also has many universal characteristics, such as a vast potential market, substantial “anchor customers", and technological problems which seem ideally suited to the features of next-generation and almost-there technical solutions, but which demand simplicity and reliability.

In deploying these cutting-edge systems in this demanding environment, we have learned many technological and organizational lessons which should greatly assist in similar deployments in more traditional environments throughout the world.

About Ryan Lackey:

Ryan Lackey is founder and CEO of Blue Iraq, a communications and IT company which provides satellite, cellular, and microwave networking throughout Iraq, both for the military and civilian markets. Blue Iraq aims to bring communications and finance technologies to emerging markets throughout the Middle East, North Africa, and Asia. Previously, he operated HavenCo, an offshore datahaven located in the “Principality of Sealand” in the North Sea off the coast of the UK, and has been involved in electronic cash, tamper resistant computing, payment networks, and cryptography.

Presentation Title: Web Application Kung-Fu, The Art of Defense
Presentation Details:

Web application attacks are growing at rapid rate in last 5 years. Many innovative ways of breaking system have come into existence. Web Applications are even more vulnerable since they cannot be protected by Firewalls and become easy prey for attackers. Next generation web application attacks have arrived and are here to stay. These attacks are targeted towards vulnerable and poorly written web applications. Web application defense strategies require secure coding at application level, knowing your application and protecting them by human intelligence. Knowing your application can lead to profiling your web assets in logical way. Profiling web assets provides better picture of various possible attacks set. Knowing entire attack set greatly helps in designing and implementing defense strategies. This presentation will cover attacks in depth with live demonstration and tools. Several new techniques of defense will be exposed to audience as part of “Art of defense”.

About Shreeraj:

Shreeraj founded Net-Square in January 2000, to establish the company as a strong security research and security software development company. He leads research and development arm of Net Square. He has over 7 years of experience with system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. In the past Shreeraj worked with Foundstone, Chase Bank and IBM in area of web security.

Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his graduate degree in Computer Engineering from Gujarat University, and an MBA from Nirma Institute of Management, India. Shreeraj has also authored a book titled “Web Hacking: Attacks and Defense” published by Addison Wesley. Shreeraj spoke at conferences like HackInTheBox, RSA, Blackhat, CII and NASSCOM etc. in the past. He is also contributing writer on Infosecwriters.com.