[ISN] Breakpoint 2013 Call For Papers

Forwarded from: cfp (at) ruxcon.org.au Breakpoint 2013 Call For Papers Melbourne, Australia, October 24th-25th Intercontinental Rialto http://www.ruxconbreakpoint.com .[x]. Introduction .[x]. The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organised by the Ruxcon team and offers a specialised security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research. Breakpoint presents a great opportunity for our selected speakers to receive a complimentary trip to Australia and experience both the Breakpoint and Ruxcon conferences, not to mention the great weather, awesome parties, and friendly people. Melbourne is a city of many subcultures, personalities and styles. Melbourne has a vibrant arts and music scene, eccentric cafes, intimate bars and restaurants, and is known as Australia’s cultural capital. .[x]. Important Dates .[x]. May 1 – Call For Presentations Open August 23 – Call For Presentations Close October 22-23 – Breakpoint Training October 24-25 – Breakpoint Conference October 26-27 – Ruxcon Conference .[x]. Topic Scope .[x]. Topics of interest include, but are not limited to: o Mobile Device Security o Exploitation Techniques o Reverse Engineering o Vulnerability Discovery o Rootkit Development o Malware Analysis o Code Analysis o Virtualisation, Hypervisor Security o Cloud Security o Embedded Device Security o Hardware Security o Telecommunications Security o Wireless Network Security o Web Application Security o Law Enforcement Activities o Forensics o Threat Intelligence o You get the idea .[x]. Submission Guidelines .[x]. In order for us to process your submission we will require the following information: 1. Presentation title 2. Detailed summary of your presentation material 3. Name/Nickname 4. Mobile phone number 5. Brief personal biography 6. Description of any demonstrations involved in presentation 7. Information on where the presentation material has or will be presented before Breakpoint * Preference will be given to presentations that contain original research that will be first presented at Breakpoint. * As a general guideline, Breakpoint presentations are between 45 and 60 minutes, including question time. If you have any questions about submissions, or would like to make a submission, please send an email to bpx@ruxconbreakpoint.com .[x]. Speaker Benefits .[x]. Speakers at Breakpoint will be entitled to the following benefits: – A return economy airfare to Melbourne (total cost limit applies) – Three nights accommodation at the Intercontinental Rialto – Complimentary registration for Breakpoint and Ruxcon conferences – Invitation to all Breakpoint and Ruxcon parties – Unlock ‘Presented on world’s smallest continent’ achievement * All speaker benefits apply to a single speaker per submission. .[x]. Contact .[x]. If you have any questions or inqueries, contact us at: * Email: bpx (at) ruxconbreakpoint.com * Twitter: @ruxconbpx ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Fun Times, InfoSec, and No Wind in Chicago

https://jerichoattrition.wordpress.com/2013/04/29/fun-times-infosec-and-no-wind-in-chicago/ By jerichoattrition April 29, 2013 I just returned from a brief trip to Chicago, where I attended and presented at Thotcon, as well as attended BSides Chicago. Thursday: After a two hour delay due to “mechanical” issues, I arrived in Chicago. I am a bit surprised, as the flight crew in Denver did not give us a lot of confidence. We were told a “switch” needed to be replaced and it wasn’t switching or something. This led to them telling us that they would have to “rewind” the engine, which doesn’t seem logical. From the airport, a long and slow taxi ride made me late for the THOTCON speaker dinner at the Northdown Cafe and Taproom. This is where I found the ‘Curmudgeon’ beer pictured below. There is something very satisfying about ordering a ‘curmudgeon’ at a bar and getting a bottle. After the dinner, Space Rogue, Josh Corman, Banshee, and I went out looking for some good Blues music. We started at Kingston Mines but found the music to be too upbeat. Across the road at B.L.U.E.S. we found exactly what we were looking at. I had told my companions that I wanted a guy sitting on stage singing and playing the guitar, and it delivered. The $1.50 Jägermeister shots appealed to Space Rogue greatly. Friday: As happened a few times, the day began with or included a packed cab ride. The immediate surprise was the venue. The Ravenswood Event Center sounds like any other hall for a convention, but in reality is a unique space. Around the main conference room were a variety of old sports cars in immaculate condition. The third floor space reserved for speakers had high glass walls for a bright room with good views. Courtesy of THOTCON staff, the speakers could use this as a lounge for talk preparation, free booze, and a hosted lunch. I ran into Jeff Jarmoc again who delivered on his promise to bring us a jar of peanut butter for a stage prop. The picture of the Jif alongside the THOTCON wireless information was proof for Advanced Threat who doubted my presence in Chicago. Not to be outdone by Jarmoc, Banshee produced a stuffed squirrel who could enjoy the jar. The first keynote of the day was by Bruce Schneier, who treated the audience like a bunch of eight-year olds, going into the very basics of social contract by stretching it out 30 minutes via the speaking method of “repeat yourself using different words seventeen times”. Josh and I were both groaning throughout his presentation and I opted to take a ‘meta’ picture by photographing the event photographer. Of course, any InfoSec conference needs drama, and THOTCON’s was in the form of someone complaining about the “race card” that was being passed around. Of course, it had absolutely nothing to do with race, and everything to do with Mario Kart racing, but that didn’t matter. I thought the cards were hilarious. The other sticker that came with registration was potentially a trigger, but everyone seemed to love it as well as the shirts that said “Fork My Dongle“. Shortly before my talk, I jumped over to Track 2 to see James Arlen present on how to do a better presentation. His very brief talk was a boiled down version of a much longer workshop he gives, and it should be required viewing by anyone presenting, especially in InfoSec. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Chinese Cyberespionage: Brazen, Prolific, And Persistent

http://www.darkreading.com/attacks-breaches/chinese-cyberespionage-brazen-prolific-a/240153934 By Kelly Jackson Higgins Dark Reading April 30, 2013 China, China, China: New data and intelligence is shedding more light on just how bold and pervasive Chinese cyberespionage activity is today. Tracing malware and breaches to their attackers is not straightforward — anyone can hide behind layers of IP addresses — but China has been confirmed as a major player in cyberespionage in multiple reports this month, as both Verizon and FireEye independently have released data that points the finger at the country for the bulk of cyberspying activity. And even after Mandiant’s exhaustive report on a long-suspected Chinese military link to cyberespionage against U.S. firms that was published in February, the APT1/Comment Crew gang behind that operation appears to be back in action despite the publicity the report drew. The APT1/Comment Crew appears to have done little to change its tactics and methods of attack even after it was unmasked with key intelligence from Mandiant. “I was personally part of the camp that thought these guys would change significantly” after the Mandiant report was published, says Rich Barger, chief intelligence officer with Cyber Squared, which last week unveiled new evidence of the group targeting the defense and aerospace community using many of the same techniques and command-and-control (C&C) capabilities as before. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How a Serial-Killing Night Nurse Hacked Hospital Drug Protocol

http://www.wired.com/threatlevel/2013/04/charles-cullen-hospital-hack/ BY CHARLES GRAEBER Threat Level Wired.com 04.29.13 Nurses deal with drugs every day. Most do so professionally, safely, reliably. A very few abuse them, getting high or selling them for a profit, mostly opiates. And a tiny minority — a handful in the history of nursing — turn medicines into a murder weapon. One such nurse was Charles Cullen, who is the subject of my book The Good Nurse. A former Navy electronics technician who used his technical acumen to enable his crimes and avoid detection, Cullen got away with medical murder in at least nine hospitals over the course of his 16-year career. (He was finally arrested in 2003; he’s currently serving life in Trenton Maximum Security Prison.) He eventually admitted to 40 murders, but experts familiar with the case believe that number is low, perhaps by several hundred. If they’re right, Charles Cullen is the most prolific serial killer in American history. For a murderer, a hospital is a convenient place to work. Deaths occur there every day; people are sick and succumb to illness. It was difficult to sort out Cullen’s crimes from the usual stream of codes and crashes. But Cullen was especially good at what he did. And he was an expert at getting away with it. In essence, Cullen hacked the hospital systems that regulate medications. Part of his secret lay in the drugs he used. Many hospitals strictly regulate drugs like ketamine, OxyContin, Vicodin, Percocet, Darvocet, Demerol, morphine — anything that can get you high and everything addictive. But Charles Cullen avoided these drugs, and committed murder using medications normally employed to save lives. Drugs like digoxin, which is commonly used to help regulate heart rhythm, became a weapon in Cullen’s hands when employed in large enough doses and injected into a port on their IVs. It was especially lethal to patients with a history of heart problems. Insulin was another drug Cullen frequently used, sending patients into spiraling diabetic comas and generally stressing their already fragile systems. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CFTC eyes rule to address hacker manipulation

http://www.argusmedia.com/pages/NewsBody.aspx?id=845092 Argus Media Ltd 30 Apr 2013 The US Commodity Futures Trading Commission (CFTC) may initiate a rule to address market manipulation from social media cyber-attacks after the stock market took a momentary dip last week in response to a false news report from a hacked Twitter account. CFTC chairman Gary Gensler said today that the commission is working to put out a concept release which he described as a draft regulatory framework that could presage a formal rulemaking for “risk controls and system safeguards for automatic trading environments.” On 23 April an account on online messaging service Twitter operated by the Associated Press was accessed by hackers who falsely reported to the account’s nearly 2mn followers that President Barack Obama had been injured in an explosion at the White House. The news spurred immediate, precipitous drops of roughly 1pc in several leading US securities and commodities markets, though markets bounced back once the message was found to be a hoax. Gensler said that in the wake of that attack he wants to issue the concept paper “in the next month to two months” and get input from the public. Gensler spoke during a hearing of the commission’s Technology Advisory Committee. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail