Hacking the Privacy Legislation - Tracy Ann Kosa In today’s environment of particularly scarce resources, privacy can be easily buried under its sexier older sister - security. But the need to balance the two is an ongoing concern when it comes to any system that collects, uses and discloses personal information. This session will focus on exploring the differences between the two, and identifying what areas of the privacy legislation are mainly unenforced or unenforceable. In addition, it will...

Read More »

Topic: SpeedTalks. Ms. Mary-Lynn Manton and several students will be presenting a brief overview of the information security program at Seneca College, and some of the research that they have been conducting. Mr. Eldon Sprickerhoff, will be presenting: The Rumours of My Death Have Been Greatly Exaggerated - Redeeming NIDS in the Corporate Environment Mr. Serge Gorbunov, speaking on the Canadian Honeynet Project Mr. Colin McGregor, speaking on Damn Vulnerable Linux Mr. Byron Sonne and Jeremy Richards will talk on “Hacking Public Opinion”...

Read More »

Topic: BlackHat and Defcon Review Speaker: Various Attendees In this presentation, we'll cover the highlights of each conference. The new exploits and tool releases, new research and make sure you know what you missed out on! This is the MUST ATTEND TASK event of the year. If there is any specific topic you'd like covered, be sure to contact us and let us know. Reference: Defcon Official Website Reference: Blackhat Briefings Website...

Read More »

Topic: Security-in-Agile Speaker: Tatiana Outkina, PhD, CISSP, CSSLP, TOGAF Agile development methodology affects the framework of SecSDLC. While the concept of SecSDLC remains the same, the approach and the solutions must provide the ability to develop secure systems within the agile development framework. A certain number of contradictions must be resolved to ensure the appropriate security level of each and every Sprint. In our message, we present the Agile-SecSDLC framework to outline IT security...

Read More »

Topic: Understanding & Preventing Insider Threat/Corporate Espionage. Speaker: Kai Axford Many analysts have stated that the Number One issue facing corporate customers today is the threat of targeted corporate espionage coming from within the organization. Join Kai Axford, a security strategist from the Microsoft Trustworthy Computing team for an entertaining and engaging session, as he shares real stories from the trenches about the risk this threat presents for both you and your customers....

Read More »

Topic: Testing your network with BackTrack 4 Speaker: Jeremy Richards Backtrack 4 Beta was released at shmoocon this year... seven days later over 50,000 copies have been downloaded! If you're not using Backtrack 4 yet come find out what you're missing in this fast paced technical talk. Jeremy Richards from NCI will be providing demos on using the new tools for Information Discovery, Recon, Network Mapping, Vulnerability Identification, Exploitation and Privilege Escalation. - Automatic...

Read More »

Topic: SQL Server Security Speaker: Kevvie Fowler A regular speaker at such events as BlackHat and SecTor, Kevvie is a well recognized expert on all topics relating to SQL Security. Kevvie is also the author of "SQL Server Forensics", and contributor to "The Best Damn Exchange, SQL and IIS Book Period" and "How to Cheat at Securing SQL Server 2005". Kevvie will be presented his latest research on SQL security. In the past, his research has included SQL rootkits, SQL data encryption attacks and many other interesting topics....

Read More »

Topic: Shmoocon Review Speaker: Brian Bourne Shmoocon is self-described as "an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues." We will be reviewing the best talks and new releases that happen at the conference in this talk. Much like the Blackhat review, expect a summary of all sorts of random technology! Presentation:...

Read More »

Topic: Privileged ID management – are you really in control? Speakers: Vivek Khindria and Mike Bronson, CIBC Many organizations have embarked on strategies, technologies and processes to support the effective lifecycle management of user IDs, but what about the accounts that are used to manage the supporting infrastructure? These IDs frequently have the authority to create new accounts, modify configuration parameters, edit logs, install potentially malicious software, and view sensitive data. Organizations will be increasingly put under the microscope to demonstrate the effectiveness of their privileged ID management processes. Vivek and Mike will share their view of this emerging topic and the journey that CIBC has taken down this road. ...

Read More »

Topic: The McColo Takedown - How taking out one ISP cured spam Speaker: Matt Sergeant On Tuesday the 11th November, 2008 at around 10pm UTC a small San Jose ISP was taken off the air in an action known as "de-peering". Almost immediately spam levels dropped by around 80%. In this talk we look at who McColo were, how this take down happened, and why it had such drastic effects on global spam volumes. Of course this isn't the end of the story, so we also examine: What happens now? Topic: Achieving...

Read More »