Technical Level: Non-Technical to Intermediate Speaker: Kelly Anderson, Detective Sergeant, OPP, e-Crime Section Topic: Payment Card (Skimming) Compromises and Trends. The advent of the payment card reduced complaints of NSF Cheque frauds. However the payment card system is under attack from criminals who find that the technology yields a greater payoff than cheque fraud ever did. This presentation will show the evolution of skimming compromises showing an evolution in the technical capabilities...

Read More »

Location: Health Sciences Building, 155 College St., Auditorium Technical Level: Highly Technical Speaker: Nish Bhalla and Rohit Sethi, Security Compass Web application security continues to be one of the most pressing issues facing enterprises today. While many security experts understand the need for application threat modeling, few have actually implemented them successfully in practice. In their talk to TASK, Nish...

Read More »

Topic: Recon 2 Root Speaker: Jeremy Richards Jeremy will demonstrate the usage of BackTrack 2.0 (a live linux penetration testing distribution) to perform a staged penetration test from initial recon and knowledge gathering, to identification of logical and software vulnerabilities and, finally, the tools used to exploit these vulnerabilities. Jeremy has been performing network and application based security audits for financial institutions, critical infrastructure, as well as government and...

Read More »

Technical Level: All Levels (Mostly technical) Topic: Introductions Presentation: Click here for PPT Speaker: Fred Hopper Topic: PCI DSS 101 - An introduction to the Payment Card Industry (PCI) Security Standards Council's Data Security Standard - what it is, where it came from and why your shop may find it useful, even if you do not process credit card data. Presentation: Click here for PPT...

Read More »

Technical Level: Intermediate Speaker: Seth Hardy Key and Identity Management With PGP There are many introductory tutorials out there on PGP (and its open source equivalents), but few seem to touch on one of the most important aspects of it, why many people choose to use it: key and identity management. It's been said that key management is the hardest (and worst) part of cryptography; trust is hard to manage because it's both very important and completely intangible. There's a reason why...

Read More »

Technical Level: Intermediate to Advanced Speaker: Bruce Cowper, Rodney Buike With launch of Windows Vista, there is much speculation about the new approach to securing Windows and the numerous security features in the operating system. This session will be hosted by Microsoft and provides an opportunity to see and discuss ‘the most Secure version of Microsoft Windows to date’. You will be taken through an in-depth look at feature functionality as well as given an opportunity to ask your security...

Read More »

Technical Level: Advanced Speaker: Larry Gagnon and Robert Beggs One of the most exciting area in the field of data forensics is live system response - the collection and analysis of forensic evidence from a live system that has been compromised, or during the actual attack itself This seminar will demonstrate the process for responding to a security incident involving a live system, including a hands on demonstration of tools and a walk through of writing and using a script for automated data collection By the end of the seminar, you will know how to collect the maximum amount of information from a live system before starting more conventional forensic analysis of a system hard drive ...

Read More »

Technical Level: Intermediate to Highly Technical. Speakers: Brian Bourne, Robert Beggs, Bruce Cowper For those of you who haven't had the opportunity, we'll be re-visiting Hidden Rootkits in Windows. We'll demo Hacker Defender and FuTo... we'll discuss hardware virtualization rootkits and most importantly we will focus on detection and removal. In addition, Robert Beggs and Bruce Cowper will discuss some of their findings with detection and removal of malware. We also hope to have...

Read More »

Technical Level: Intermediate Speaker: Andrew Graydon, CTO, BorderWare Technologies Inc. VoIP is no longer hype. It’s a business reality. Gartner predicts that 90% of all new corporate telephone networks will be IP-enabled and based on SIP protocols by 2008. It’s only a matter of time before VoIP becomes a mission critical communication system. Still, concerns remain around the security of VoIP and the underlying SIP protocol, fearing that they are susceptible to similar types of threats and exploits that plague the Web and email. Today organizations of all sizes need to evaluate and understand the security measures available that allow companies to deploy real-time messaging, voice, data, video and other SIP based applications with confidence. ...

Read More »

Technical Level: Highly Technical. Speakers: Jeremy Richards, Robert Beggs, Sue McGlashan, Jay Graver, Marcelo Tamaki, Brian Bourne, Gord Taylor, Jason Lam In this presentation, we'll cover the highlights of each conference. The new exploits and tool releases, new research and make sure you know what you missed out on! This is the MUST ATTEND TASK event of the year. If there is any specific topic you'd like covered, be sure to contact us and let us know. Reference: Defcon Official Website...

Read More »