The Internet of Things: Duo Presents at Security B-Sides in San Francisco
This Sunday and Monday, Duo Security’s Security Evangelist Mark Stanislav and Senior Security Researcher Zach Lanier will be presenting at Security B-Sides in San Francisco!
Security B-Sides is a community-driven framework for event-building by information security community members, largely a grassroots type of organization allowing for infosec discussions, demos and participant interaction.
Held at the DNA Lounge from 9am-7pm, February 23-24, the event will feature two tracks of sessions on information security topics, including:
- Pwn All The Things: State of the Modern Penetration Testing Toolkit
- Auto-Scaling Web Application Security in the Cloud
- Running at 99%: Surviving An Application DoS
Mark and Zach will be presenting on The Internet of Things: We’ve Got to Chat, on February 23 at 5pm PT. What is meant by the “Internet of Things” (IoT)? Referring to the explosive growth of the number of devices and innovative technology connecting to the Internet, the IoT is a reflection of rapid vendor response to consumer demand.
But the IoT has now reached a tipping point, as vendors that choose time-to-market and profits over ensuring device security can present serious risk to unknowing consumers.
One prime example of that is TRENDnet, a company that produced IP cameras with major security issues - the cameras allowed an unauthorized person to access an affected camera’s live video feed without the knowledge of the owner, as Mark wrote about in Fear the Unmanaged Growth of the “Internet of Things.”
Following the discovery of this problem (someone aggregated a list of 700 flawed IP cameras and posted it online), the Federal Trade Commission (FTC) reached a settlement with TRENDnet that required them to establish a security program, conduct a security audit every two years and stop marketing their products as secure.
This serves as a reason to fear the unmanaged growth of the IoTs, as Mark puts it:
The ability for just about anyone to mass produce an Internet-enabled device that can speak to you, or record video of you, or track you via GPS, is continually becoming less of a challenge.
While this amazing technology can certainly provide our lives with all sorts of great conveniences, the trade-off to our security may be immense. Information security isn’t easy and few people understand the requisite nuances to handle the responsibilities of always-connected life well enough to assure our safety and privacy.
In this presentation, Mark and Zach will examine some of the recent failures of IoT security, engineering challenges facing entrepreneurs, and a look at the IoT security researcher quandary. Details will be given about a new effort to help all parties involved proceed with the IoT in a safer, more successful manner. Whether you're a security researcher, software engineer, or product designer, this presentation will represent the thoughtful look at the state of IoT security we desperately need.
Mark Stanislav, Security Evangelist at Duo Security
Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Stanislav has worked within small business, academia, startup and corporate environments, primarily focused on Linux architecture, information security and web application development. He earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. He also holds his CISSP, Security+, Linux+ and CCSK certifications. Follow Mark on Twitter @markstanislav!
Zach Lanier, Senior Security Researcher at Duo Security
Zach Lanier is a Senior Security Researcher at Duo Security. Though an old net/web/app pen tester type, he has been researching mobile and embedded device security since 2009, ranging from app security, to platform security (especially Android); to device, network, and carrier security. He has presented at various public and private industry conferences, such as BlackHat, DEFCON, INFILTRATE, ShmooCon, RSA, Amazon ZonCon, and more. He is also a co-author of the upcoming "Android Hacker's Handbook" (published by Wiley). Follow Zach on Twitter @quine!