Duo Hits Vegas for Black Hat, DEF CON, B-Sides, PasswordsCon & Securing IoT
It’s a busy, busy, busy time for infosec - in the dead of summer, we’re heading to Las Vegas to speak about security at some of the top infosec conferences all year, including Black Hat, DEF CON, B-Sides, PasswordCon, and Securing IoT.
As always, check out our carefully curated Security Conference Calendar to find a great list of infosec events and Duo-attended ones outlined in green!
Black Hat
This self-described “show that sets the benchmark for all other security conferences,” Black Hat is 17 years strong, drawing the brightest in the industry for training and briefings. We’ll be at booth #866 - be sure to stop by for free schwag and good conversation!
Duo Security’s own Senior Security Researcher Zach Lanier is presenting at the conference with Tumblr's Security Engineer Kelly Lum on Thursday, August 7th at 9am PT in the Jasmine Ballroom.
Their talk, Stay Out of the Kitchen: A DLP Security Bake-Off will present their research on different Data Loss Prevention (DLP) solutions, including their capabilities and shortcomings. Although DLP solutions have been seen as the 'silver bullet' for defending against data breaches, they can also be vulnerable to bypasses.
The session will also include demos of the DLP vulnerabilities they discovered throughout their research.
Other briefing sessions at the conference include topics and discussions on:
- Top cryptography challenges within context of software flaws, including block cipher mode selection to public key agreement algorithms, with step-by-step exploit code demonstrations
- Point-of-sale compromises from the retailer’s and software vendor’s perspective, including a focus on one of the most common methods - memory scraping
- Automotive security, including the types of remote vulnerabilities that apply to an automotive network of a diverse number of manufacturers
- New Android vulnerability found in Android app handling, allowing malicious apps to get special security privileges without any user notification, with the technical root cause and how it can be exploited against a live device
- Exploiting unpatched iOS vulnerabilities, including to discover new avenues of attack to run unsigned code out of the sandbox, as well as detailed disclosure of new vulnerabilities and exploit techniques developed
And many more - check out the Black Hat briefing agenda for full descriptions and talks.
Zach is moderating a panel with Don Bailey of Lab Mouse Security, entitled Embedded Devices Roundtable: Embedding the Modern World, Where Do We Go From Here? on Wednesday, August 6th at 4:15pm PT in Palm A. This interactive roundtable discussion will cover how the ubiquity of embedded devices changes our security landscape.
The discussion will cover:
- How this new environment can be secured
- What security means in a fully network-enabled world of embedded computers
- Including devices such as smart watches, cameras, industrial control systems and robots
Come prepared with questions to participate in this roundtable discussion!
DEF CON
In the same week, Duo will be speaking at DEF CON as well as exhibiting at table #23 in Las Vegas! DEF CON is one of the largest and long-standing hacker conferences in the world, held annually since 1993.
Duo Security’s Security Evangelist Mark Stanislav and Zach Lanier will be speaking on Saturday, August 9th at 11am PT (Track 1).
Their talk, The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right will cover the research, outcomes and recommendations on information security for the Internet of Things (IoT).
They’ll discuss some major IoT security failures derived from their own and others’ research, and the progress of their own initiative, BuildItSecure.ly. In efforts to support smaller tech vendors, BuildItSecure.ly seeks to centralize vendors, partners and researchers seeking to support the information security in the IoT industry.
Other talks at DEF CON include:
- AWS (Amazon Web Services) for Hackers
- Protecting SCADA From the Ground Up
- Reverse Engineering Mac Malware
- How To Get Phone Companies To Just Say No To Wiretapping
- Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance
Check out the full DEF CON 22 schedule.
Duo Security is also sponsoring a party Friday night in the Chill Out & DEF CON Cafe (the Miranda room) with music by SOMA.FM. The cafe will be open until midnight and music until 2am.
If you're going, come chill and have a beer with Duo!
PasswordsCon
And, Duo will be speaking at yet another conference in the same week in Las Vegas, PasswordsCon, now in its fifth year.
Hosted in the Siena Room at Tuscany Suites & Casino, PasswordsCon is a hacker conference all about passwords, PIN codes and digital authentication. Bringing together leading researchers, password crackers and experts in password security worldwide, the conference discusses creating, securing, cracking and exploiting authentication solutions.
Mark will be presenting his research in the presentation, Security for the People: End-User Authentication Security on the Internet on August 5 at 4:50pm PT (Track 2). Detailing his recent research on password policies, strong authentication and complementary browser security features, the talk will discuss the current state of end-user-facing authentication security.
With this analysis of the way organizations can protect consumer authentication and deploy relevant browser security features, we can gain insight into which sites and services are most focused on ensuring consumers have the best chance defending against attackers.
Other presentations include:
- Authentication in the Cloud – Building Service
- How We Deciphered Millions of Users’ Encrypted Passwords Without the Decryption Keys
- Tradeoff Cryptanalysis of Password Hashing Schemes
Securing IoT Masters
Hosted by CyberTECH, the Security of the Internet of Things (IoT) Masters 2014 will be held on August 5, 2014 at Mandalay Bay in Las Vegas.
The forum will bring together leading innovators, investors and executives to explore the Internet of Things (physical devices - such as vehicles, commercial equipment, medical devices, etc. - that are connected to networks linked to the Internet) and discuss how to approach privacy and security across widely distributed networks in order to protect the mass amount of resulting data.
Zach and Mark will be presenting August 5, 2014 at 2pm PT on their initiative, BuildItSecure.ly, an initiative designed to connect security professionals with IoT innovators and developers. Providing technical guidance and standards documents on mobile, cloud and network app security, the site is a springboard for the IoT industry to use as a valuable resource to integrate security best practices into product design. Follow @BuildItSecure.ly for updates!
B-Sides
Duo will also be at B-Sides Las Vegas 2014 hosted at Tuscany Suites & Casino! Security B-Sides is a grassroots, DIY security conference held at different locations nationwide. As a completely volunteer organized event put on by and for the community, B-Sides strives to keep information free.
Our Security Historian Intern Domenic Rizzolo will be presenting on his security history research with his talk, A Place to Hang Our Hats: Security Community and Culture at B-Sides on August 6th at 3:30pm PT. Examining the evolution of various hacking groups and collectives over the years, his talk will present insight into the structure of today’s hacking space and security culture from a social perspective.
From white hat companies to prison, Domenic will discuss how innovation in exploits, anonymity, and monetary incentives have reformed and regrouped the hacking clubs of yore.
Zach also speaks on a B-Sides panel with other security experts as they answer questions from the crowd about issues concerning the security community. Moderated by David Mortman, Chief Security Architect and Engineer at Dell Enstratius, the panel will be held Wednesday, August 6 at 4:00pm.
Duo is representing very well this year at B-Sides with another short presentation given by Mark Stanislav on Wednesday August 6th, 11:00am PT as part of the 'I Am The Cavalry' track about the status of efforts around IoT security for the consumer space.