addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

iSEC Open Forum Austin

iSEC Open Forum Austin
DATE: Thursday, March 7, 2013
TIME: 6:00pm-9:00pm
LOCATION: Buffalo Billiard's
201 East 6th Street
Austin, TX 78701

Please RSVP if you wish to attend!

***technical managers and engineers only please***
***food and beverage provided***

SPEAKER: Bill Leddy / Principle Security Strategist / PayPal

PRESO TITLE: FIDO (Fast IDentity Online)

PRESO SUMMARY: The recently announced FIDO Alliance (see intends to enable a broader range of strong authentication options, user choice, and lower costs with a non-proprietary approach to authentication. The FIDO approach is to enable BYOD (Bring Your Own Device) through dynamic discovery of authentication tokens at end points, using third party attestation to validate these tokens. The presentation will cover the business and technical motivation for End Users, Relying Parties, Security Token Vendors and Integrators. A high-level overview of the proposed architecture will be presented and example FIDO user interactions will be shown. How FIDO can be used in conjunction with Risk Based Authentication to create a streamlined experience for many transactions will be discussed.

SPEAKER BIO(S): Bill Leddy is currently a Principle Security Strategist at PayPal, where he has been focused primarily on Risk Based Authentication, new authentication options and FIDO. Bill has been at PayPal for almost 6 years. Prior to that he has been VPE and/or Technical Product Manager at multiple startup companies in the Austin area, but unfortunately only a few have had modest success. Bill’s background is primarily in distributed computing (DCE, InfiniBand) and Security (Host Intrusion Detection, Authentication). Bill was in the Parallel Processing group at MCC during its heyday where he was the first users of the GNU C++ Compiler. Bill has a BSEE and BACS from Rice University a long time ago.

SPEAKERS: Anson Gomes / Security Engineer / iSEC Partners &

Jonathan Chittenden / Senior Security Engineer / iSEC Partners

PRESO TITLE: Untwining Twine

PRESO SUMMARY: Kevin Ashton was the first to coin the term "internet of things", and pointed out that data on the Internet was mostly created by humans in 1999. Things have changed considerably since then - many appliances ship with embedded systems that can be remotely monitored, Lou Bega's Mambo No. 5 is no longer on the radio, and the smart home is something that both excites and terrifies us.

Twine is a consumer device that allows you to remotely monitor its environment through a variety of sensors (like moisture or vibration). We're offering a sneak peek of our analysis of Twine, and will lead you through the steps taken to understand what's going on under the hood of a "blackbox" device. We'll talk about what we've found so far, discuss the challenges we overcame, the challenges we still face, and how you can use these techniques on tweeting refrigerators (and similar devices). Topics include: capturing traffic on a non-proxy aware device, pulling and reverse engineering the firmware, and analyzing opaque binary traffic.

SPEAKER BIO(S): Anson Gomes is a security consultant/researcher at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Anson specializes in network and application security testing and has been tasked with a wide variety of engagements. Anson is comfortable with external as well as internal network security assessments. He has also performed several application assessments in programming languages such as Java, .NET and PHP.
Prior to working at iSEC, Anson worked as a software developer. In this role he built applications and performed both vulnerability assessments and penetration tests. Anson graduated with a M.S. in Computer Science from NYU: Polytechnic focusing on Security and a B.E. in Computer Engineering from Mumbai, India.

Prior to his employment with iSEC, Jonathan Chittenden worked for the Air Force as a civilian. His roles consisted of reverse engineering malware for both signature and exploitation development. This experience enabled Jonathan to be comfortable working at a low-level with unknown protocols and binaries. During this time, he also assisted in the development of an open-source intelligence application to be used to identify indicators of compromise.

During his employment with iSEC Partners, Jonathan has been tasked with a variety of engagements. Of which his memorable projects include code reviewing custom kernel modules to be used for virtualization and reverse engineering Android applications. Jonathan has also collaborated and presented on a tool called AWS Scout. Scout helps automate security assessments of several Amazon Web Services. The tool was showcased at Blackhat USA 2012 Arsenal and OWASP AppSec 2012 conference.

Jonathan graduated with a M.S. in Cyber Security from NYU: Polytechnic and a BBA in Infrastructure Assurance and Information Security from UTSA.

SPEAKER: Josh Sokol / Information Security Program Owner / National Instruments

PRESO TITLE: The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems

PRESO SUMMARY: Throw out everything that you know about security tools today. No more six-figure appliances that only do one thing marginally well. No more proprietary protocols. We deserve better and we demand better. Envision a world where your security tools talk with each other. They communicate and share data in order to leverage each others strengths and help compensate for their weaknesses. They work together to solve problems. Envision "Symbiotic Security".

Symbiotic Security is a new term that was coined to describe the ability of a tool to consume data from other tools or provide data to other tools. As part of our research, we have examined various classes of tools on the market and identified these abilities in each of them resulting in a label of "Consumer", "Provider", or "Symbiotic". As a consumer of security tools, this completely revolutionizes the way that we make purchases. Like any new concept it can take some time to embrace, but we feel certain that labeling tools according to their abilities as "Consumers" and "Providers" can help to facilitate a much needed turn towards openness in our industry. Vendors will get the message that consumers want to select tools that work together in order to achieve their maximum effectiveness. Consumers will get the added value of having tools that work outside of their silos to make their jobs more efficient and maximize their ROI. Please join us in embracing this bold new concept.

SPEAKER BIO: Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Josh manages all compliance, security architecture, risk management, and vulnerability management activities for NI. Josh currently serves as the Chair of the OWASP Global Chapters Committee and is very active in the Austin security community. He holds a CISSP certification and has spoken on dozens of security topics including the much hyped "HTTPSCan Byte Me" talk at BlackHat 2010.

Interested in presenting at a future Forum? Email [masked]. Talks should be 30-40 minutes max.

About the iSEC Open Security Forum
The iSEC Open Security Forum is an informal and open venue for the discussion and presentation of security related research and tools, and an opportunity for security researchers from all fields to get together and share work and ideas. The Forum meets quarterly in the Bay Area, Seattle, New York City and Austin. Forum agendas are crafted with the specific needs/interests of its members in mind and consist of brief 30-40 minute talks. Talks are not product pitches or strongly vendor preferential. Attendance is by invite only and is limited to engineers and technical managers. Any area of security is welcome including reversing, secure development, new techniques or tools, application security, cryptography, etc.

Join or login to comment.

  • A former member
    A former member

    Looking forward to the discussions

    March 4, 2013

  • John W.

    I'll be there if I'm in town, which seems likely at this point.

    February 27, 2013

  • Wandering G.

    I'll be at CanSec but I'll try to make the next event

    February 25, 2013

29 went

Our Sponsors

  • NCC Group

    Venue, catering, and bar tab sponsored by NCC Group.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy