Topic: The Catahoula Leopard Dog - A Study in Heuristics for Virus Detection Technical Level: Non-Technical Speaker: Randy Abrams, Director of Technical Education at ESET This presentation explains what heuristics are in manner that is easily understood by non-technical users while providing information that is often new to experienced professionals as well. Users who already understand the topic well will probably find useful ways to help explain the subject when the occasion arises. Focus is given to how heuristics relate to AV software, the strengths and limitations, as well as different types of heuristic approaches. Examples of false positives are used to help provide insight into some of the thinking that is involved with the development of heuristic approaches. ...

Read More »

Technical Level: Non-Technical to Intermediate Speaker: Kelly Anderson, Detective Sergeant, OPP, e-Crime Section Topic: Payment Card (Skimming) Compromises and Trends. The advent of the payment card reduced complaints of NSF Cheque frauds. However the payment card system is under attack from criminals who find that the technology yields a greater payoff than cheque fraud ever did. This presentation will show the evolution of skimming compromises showing an evolution in the technical capabilities...

Read More »

Location: Health Sciences Building, 155 College St., Auditorium Technical Level: Highly Technical Speaker: Nish Bhalla and Rohit Sethi, Security Compass Web application security continues to be one of the most pressing issues facing enterprises today. While many security experts understand the need for application threat modeling, few have actually implemented them successfully in practice. In their talk to TASK, Nish...

Read More »

Topic: Recon 2 Root Speaker: Jeremy Richards Jeremy will demonstrate the usage of BackTrack 2.0 (a live linux penetration testing distribution) to perform a staged penetration test from initial recon and knowledge gathering, to identification of logical and software vulnerabilities and, finally, the tools used to exploit these vulnerabilities. Jeremy has been performing network and application based security audits for financial institutions, critical infrastructure, as well as government and...

Read More »

Technical Level: All Levels (Mostly technical) Topic: Introductions Presentation: Click here for PPT Speaker: Fred Hopper Topic: PCI DSS 101 - An introduction to the Payment Card Industry (PCI) Security Standards Council's Data Security Standard - what it is, where it came from and why your shop may find it useful, even if you do not process credit card data. Presentation: Click here for PPT...

Read More »

Technical Level: Intermediate Speaker: Seth Hardy Key and Identity Management With PGP There are many introductory tutorials out there on PGP (and its open source equivalents), but few seem to touch on one of the most important aspects of it, why many people choose to use it: key and identity management. It's been said that key management is the hardest (and worst) part of cryptography; trust is hard to manage because it's both very important and completely intangible. There's a reason why...

Read More »

Technical Level: Intermediate to Advanced Speaker: Bruce Cowper, Rodney Buike With launch of Windows Vista, there is much speculation about the new approach to securing Windows and the numerous security features in the operating system. This session will be hosted by Microsoft and provides an opportunity to see and discuss ‘the most Secure version of Microsoft Windows to date’. You will be taken through an in-depth look at feature functionality as well as given an opportunity to ask your security...

Read More »

Technical Level: Advanced Speaker: Larry Gagnon and Robert Beggs One of the most exciting area in the field of data forensics is live system response - the collection and analysis of forensic evidence from a live system that has been compromised, or during the actual attack itself This seminar will demonstrate the process for responding to a security incident involving a live system, including a hands on demonstration of tools and a walk through of writing and using a script for automated data collection By the end of the seminar, you will know how to collect the maximum amount of information from a live system before starting more conventional forensic analysis of a system hard drive ...

Read More »

Technical Level: Intermediate to Highly Technical. Speakers: Brian Bourne, Robert Beggs, Bruce Cowper For those of you who haven't had the opportunity, we'll be re-visiting Hidden Rootkits in Windows. We'll demo Hacker Defender and FuTo... we'll discuss hardware virtualization rootkits and most importantly we will focus on detection and removal. In addition, Robert Beggs and Bruce Cowper will discuss some of their findings with detection and removal of malware. We also hope to have...

Read More »

Technical Level: Intermediate Speaker: Andrew Graydon, CTO, BorderWare Technologies Inc. VoIP is no longer hype. It’s a business reality. Gartner predicts that 90% of all new corporate telephone networks will be IP-enabled and based on SIP protocols by 2008. It’s only a matter of time before VoIP becomes a mission critical communication system. Still, concerns remain around the security of VoIP and the underlying SIP protocol, fearing that they are susceptible to similar types of threats and exploits that plague the Web and email. Today organizations of all sizes need to evaluate and understand the security measures available that allow companies to deploy real-time messaging, voice, data, video and other SIP based applications with confidence. ...

Read More »