Monday, June 14, 2010

Security BSides Las Vegas announcements

The venue for Security BSides Las Vegas is phenomenal.  As great as that is, BSides is about content and community, and I’m happy to spill a few details about content.  The first few talks confirmed are great and there are plenty more killer talks to be announced.  Here are a few teasers:

David Mortman has assembled an all-star panel including Marisa Fagan, Erin Jacobs, James Arlen, Dave Lewis, Leigh Honeywell, and Rafal Los for “Mentoring, Mentee-ing (Telamachusing? Manatee-ing?) In Information Security: A How-To Panel.”: Come and learn how to get the most of out the Mentor/Protégé relationship from our panel of experts.

HD Moore will present “Fun with VxWorks”: this talk focuses on the VxWorks operating system, how it works, what devices use it, and how to compromise it.  The content will include background information on VxWorks itself, a checklist of common vulnerabilities, mappings from these vulnerabilities to shipped products, and a live demo of gaining access to a widely deployed commercial product.

Gene Kim will present “Mobilizing the PCI Resistance: Lessons Learned From Fighting Prior Wars (SOX-404)”: I have noticed that there is a growing wave of discontent from the information security and compliance movement around complying with the PCI DSS… My desired outcome is to find fellow travelers who also see the pile of dead bodies in PCI compliance efforts... and catalyze a similar movement to achieve the spirit and intent of PCI DSS.

Bruce Potter will bring bring us “How to Make Network Diagrams that Don't Suck”:  We've all been there.  You walk in to a network blind and the first thing you ask for is a network diagram.  What gets handed to you has apparently fallen out of a bowl of ramen and on to the page.  Overlapping lines, big arrows, and host names in print so small that only insects can read it.

Egyp7 will deliver “Beyond r57”: PHP is an easy language to learn and is among the most popular in the web development world.  Because of this, many PHP applications are written by novice programmers with little knowledge of writing secure code.  Combine that fact with a few poor design decisions and you end up with vulnerabilities in PHP applications being published daily.

And that is barely scratching the surface.  There will be plenty more, and there will be informal and impromptu talks, too.  And healthy conversations.  Maybe an argument.

And a first for BSides, we will be arranging a press area for BSides LV.  It is the place to be, and we want to provide those covering the event a place to hold interviews and get work done.