iSEC Open Forum Bay Area
DATE: Thursday, October 27, 2011
LOCATION: iSEC Partners, Inc. 123 Mission Street, Suite 1020 (Our new office!) San Francisco, CA 94105
Please RSVP if you wish to attend!
***technical managers and engineers only please***
***food and beverage provided***
SPEAKER: Tim Hwang / Managing Partner / The Pacific Social Architecting Corporation
PRESO TITLE: I'm Not A Real Friend, But I Play One On The Internet
PRESO SUMMARY: What if bots could be used for more than just spreading spam? This talk will discuss some recent research into the use of swarms of realistic-looking bot identities on social platforms to invisibly shape the behavior and patterns of relationships of large communities of users online. Specifically, we'll discuss the use of these bots to engage in large scale, quantitative "social penetration testing," probing the cognitive holes and influence dynamics that might permit an operator to more effectively spread disinformation or disrupt social cohesion. Hilarity ensues.
SPEAKER BIO: Tim Hwang is the founder and managing partner of the Pacific Social Architecting Corporation, a California-based research and development firm focusing on innovative technologies to enable precise, large scale social shaping online. He is also the co-founder of ROFLCon, a biennial conference bringing together various internet celebrities, scholars, and commentators to discuss the past, present, and future of memes and web culture. Formerly, he served as a research associate at the Berkman Center for Internet and Society at Harvard University. For his work, he has previously appeared in the Atlantic Monthly, the New York Times, the Washington Post, and Wired Magazine. He loves Choco Tacos.
SPEAKER: Jason Chan / Cloud Security Architect / Netflix PRESO T
ITLE: Practical Cloud Security
PRESO SUMMARY: Over the past several years, there has been much hand wringing and teeth gnashing related to public cloud security. Because of this, many organizations have limited or delayed their cloud usage. Faced with business and market imperatives that demanded scale and elasticity that traditional data center architectures could not provide, Netflix jumped head first into the public cloud two years ago. As we continue to mature our environment, we’ve also begun leveraging the benefits of the public cloud to enhance our security posture and capabilities. This presentation will be a practical examination of Netflix’s approach to cloud security. Topics covered include: • Using public cloud automation and APIs to enhance security visibility • Netflix’s “Security Monkey” tool for cloud security monitoring and alerting • Inter-host reachability and connectivity analysis for firewall policy evaluation and optimization • Netflix’s model-driven architecture for securing and managingsystems and applications • Call to action: Cloud Security Gap Analysis and Next Steps
SPEAKER BIO: Jason Chan is Netflix's Cloud Security Architect. Prior to joining Netflix, he led VMware's security team, and spent much of his career as a security consultant with firms such as @stake and iSEC Partners. He has presented at various conferences, published several papers and articles, and contributed to a book.
SPEAKER: Aaron Grattafiori and B.J. Orvis / Senior Security Consultants / iSEC Partners
PRESO TITLE: Mac OS X in the Enterprise
PRESO SUMMARY: The term "Advanced Persistent Threat" has been wildly overused, often by intrusion victims attempting to make excuses for their poor security preparedness. This labeling abuse should not distract from the fact that many Western businesses are facing industrial espionage on a wide scale. These attacks utilize a very effective combination of social engineering, custom malware development and a good understanding of the weaknesses commonly found in corporate Windows networks. The increasing market share of Macs in large and small businesses throws a wrench into the plans of attackers and defenders alike. Does the Cocoa API provide equivalent opportunities for malicious software as Win32? Should corporate IT departments utilize OpenDirectory and other Apple management technologies to take control of their Macs? Can OS X Server stand up to escalation attacks better than the oft-updated Active Directory? This talk will attempt to answer these questions by examining how Macs compare to Windows during every step of the APT attack chain. The speakers will use their experience responding to these attacks to measure OS X against the resiliency of Windows 7 and 2008R2, and will game out how attackers can carry out each step, from initial exploitation to exfiltration, using only issues in Apple technologies. We will complete the talk with recommendations on how to handle Macs in your corporate network, and will demonstrate steps to harden OS X Servers and detect infiltration early in it's lifecycle.
SPEAKER BIO: Aaron Grattafiori is a Security Consultant with iSEC Partners. With over 7 years of security experience, he utilizes a wide array of skills and a history of independent research to discover vulnerabilities. Prior to working at iSEC Partners, Aaron was a Security Consultant at Security Innovation as well as a Linux Systems Administrator for a statewide ISP. During this time Aaron independently discovered and privately reported major vulnerabilities in widely deployed software and wireless systems. Aaron will be discussing major design flaws in Apple's Enterprise Server Security at SOURCE:Seattle. Aaron's areas of interest include vulnerability research and analysis, exploit development, intelligent fuzzing systems, and reverse engineering.
William (B.J.) Snow Orvis is a security researcher and consultant at iSEC Partners, an information security firm specializing in application, network, and mobile security. William's current research interests include Mac OS X security, and mobile application security. Before working at iSEC Partners, William finished a Masters degree in Computer Science from UC Davis, with a focus in computer security.