Hey folks, it’s that kind of week again… A nice upstanding Information Security Professionals’ get together, followed by a bunch of hackers doing their thing.
The difference of course is that this isn’t August and we’re not in Vegas.
First up – Black Hat Europe — Barcelona, Spain — the training sessions are already underway and the briefings are Wednesday and Thursday.
I’m talking on Wednesday afternoon — join me if you get a chance.
First up: SCADA and ICS for Security Experts: How to avoid cyberdouchery
The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product fixes SCADA. And because they don’t know what the hell they’re talking about — ‘fake it till ya make it’ doesn’t work — they’re making all of us look stupid.
Attendees will gain a practical level of knowledge sufficient to keep them from appearing foolish should they choose to opine on any of the various real issues stemming from Industrial Control or SCADA systems. Attendees will also feel embarrassed for something they’ve said, empowered to call out charlatans, and much less worried about cyberhackers unleashing cyberattacks which cybercause cyberpipelines and cybermanufacturing plants to cybergonuts and cybertakeovertheplanet using cybercookiesofdeath.
Over the weekend – It’s Notacon time again — yup, ‘the con that hugs you’ is back for another year.
Notacon 7 is coming to Cleveland April 15th – 18th, 2010 and yours truly is scheduled for a total of three appearances – one talk, moderate one panel and participate in a second panel.
I’m doing the Black Hat Europe talk again, but I’m up against serious competition for the time slot… hope that works out well.
Moderating: Hacking The Future: Weaponizing the Next Generation
Join this panel of experts (Leigh Honeywell, Tiffany Rad, Jillian Loslo, James Arlen) who will discuss, debate, enlighten, and do battle on the topic of Hacker Parenting. From a multitude of viewpoints – paternal, maternal, fictive aunt and victim – the methodologies and techniques of applying the hacker mindset to parenting will be discussed. It is expected that the audience will participate as this topic is one on which everyone has an opinion. Maybe it’s possible to do great work and develop a generation of people primed to hack the planet and take over.
And bringing the lulz: Social Engineering Security Into Your Business
Finding security vulnerabilities is easy. Getting them remediated is HARD. Many of the real problems in information security are not about technical prowess with packet dumps or disassemblers, they’re about exercising the “soft skills†you discarded when entering IT. In this talk the four of us will show how social engineering can be applied not to break into systems, but to secure them. How do you convince your DBAs they really do need to apply the latest Oracle patch? How do you convince the CIO that you need funds and people to perform dedicated vulnerability scanning? How do you convince your users that they really shouldn’t put that password on their monitor? We’ll cover all this and more with a little shouting, a lot of scolding, and some live demonstrations. With James Arlen, Chris Clymer, Mick Douglas, and Brandon Knight
YOU need to be at Notacon! It’s the con that hugs you! There’s going to be a fairly large contingent from the Ontario hackerspaces and it’s your chance to hang around with people from hackerspaces all over North America.
Co-happening with Notacon is Blockparty – a totally awesome demoscene madness event, there will be dancing and laughter and learning and awesomeness.