Topic: Testing your network with BackTrack 4 Speaker: Jeremy Richards Backtrack 4 Beta was released at shmoocon this year... seven days later over 50,000 copies have been downloaded! If you're not using Backtrack 4 yet come find out what you're missing in this fast paced technical talk. Jeremy Richards from NCI will be providing demos on using the new tools for Information Discovery, Recon, Network Mapping, Vulnerability Identification, Exploitation and Privilege Escalation. - Automatic...

Read More »

Topic: SQL Server Security Speaker: Kevvie Fowler A regular speaker at such events as BlackHat and SecTor, Kevvie is a well recognized expert on all topics relating to SQL Security. Kevvie is also the author of "SQL Server Forensics", and contributor to "The Best Damn Exchange, SQL and IIS Book Period" and "How to Cheat at Securing SQL Server 2005". Kevvie will be presented his latest research on SQL security. In the past, his research has included SQL rootkits, SQL data encryption attacks and many other interesting topics....

Read More »

Topic: Shmoocon Review Speaker: Brian Bourne Shmoocon is self-described as "an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues." We will be reviewing the best talks and new releases that happen at the conference in this talk. Much like the Blackhat review, expect a summary of all sorts of random technology! Presentation:...

Read More »

Topic: Privileged ID management – are you really in control? Speakers: Vivek Khindria and Mike Bronson, CIBC Many organizations have embarked on strategies, technologies and processes to support the effective lifecycle management of user IDs, but what about the accounts that are used to manage the supporting infrastructure? These IDs frequently have the authority to create new accounts, modify configuration parameters, edit logs, install potentially malicious software, and view sensitive data. Organizations will be increasingly put under the microscope to demonstrate the effectiveness of their privileged ID management processes. Vivek and Mike will share their view of this emerging topic and the journey that CIBC has taken down this road. ...

Read More »

Topic: The McColo Takedown - How taking out one ISP cured spam Speaker: Matt Sergeant On Tuesday the 11th November, 2008 at around 10pm UTC a small San Jose ISP was taken off the air in an action known as "de-peering". Almost immediately spam levels dropped by around 80%. In this talk we look at who McColo were, how this take down happened, and why it had such drastic effects on global spam volumes. Of course this isn't the end of the story, so we also examine: What happens now? Topic: Achieving...

Read More »

Topic: Computer Fraud – Computer Crime Speaker: Jerrard B. Gaertner, Director of Technology Assurance Services at Soberman LLP The Criminal Code of Canada deals with some computer offences directly (theft of telecommunications) and with others indirectly (fraud, theft, electronic distribution of child pornography). However, many people believe the Code is out of date or ineffective when it comes to computer-related offences. • Just what is computer crime? How is it different from other offences?...

Read More »

Topic: Virtualization Security Speaker: Robert Beggs Virtualization, which allows users to run multiple operating systems on a single physical box, can reduce costs and improve network manageability. From a security perspective, this simplified management can enhance system security, and virtualized systems are supporting security in roles such as secure software development, malware analysis, and disaster recovery But what are the risks of putting virtual systems into your production...

Read More »

Topic: BlackHat and Defcon Review Speakers: Various Event Attendees In this presentation, we'll cover the highlights of each conference. The new exploits and tool releases, new research and make sure you know what you missed out on! This is the MUST ATTEND TASK event of the year. If there is any specific topic you'd like covered, be sure to contact us and let us know. Reference: Defcon Official Website Reference: Blackhat Briefings 2008 Website...

Read More »

Topic: SpeedTalks! Presentations linked where available. Technical-focused content: New insecurities in Ipv6 (Tyler Reguly) Adventures in Remote Access (Chuck) Digital Watermarking (Paul Shields) The Canadian Honeynet Projet (Sami Kamel) Office...

Read More »

Topic: Privacy for Security Geeks Speaker: Tracy Ann Kosa Overworked. Underpaid. And now you’re responsible for privacy too. Get under the covers and find out why this job is a lot easier then it sounds. The secret to privacy design: once you’ve done it, you’re done it. This session will provide you with compliance based design requirements, and the teach you how to get there yourself. The legislation hasn’t changed in years, and though the technology evolves, the architecture requirements for compliant privacy design haven’t no matter who your clients are. Do privacy and security make good bedfellows? You bet. And it’s better then doing it alone....

Read More »