iSEC Open Forum Bay Area

DATE: Thursday, June 21, 2012

TIME: 6:00pm-9:00pm

LOCATION: iSEC San Francisco Office, Suite 1020

123 Mission Street

San Francisco, CA 94105

Please RSVP if you wish to attend!

technical managers and engineers only please

food and beverage provided

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

AGENDA

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

SPEAKER: Luis Miras / Independent Security Researcher

PRESO TITLE: The Baseband Playground: How Third-Party Mobile App Markets Impact Mobile Device Security

PRESO SUMMARY: Baseband processors control access to the radio hardware on cell phones. There has been published security research and presentations on remotely attacking baseband processors. This talk will take a different approach and focus on code injection into the baseband from the application processor. This is the same method that many unlocks (ultrasn0w) use to bypass carrier restrictions. Interestingly, these unlocks (exploits) can also be used to load your own code onto the baseband. This enables the patching of existing GSM code and other phone functionality :) This talk will cover baseband architecture, setting up a development environment, injecting custom code into the baseband using a variety of exploits, and interesting areas for modification. The case study for the talk will be an iPhone baseband running the Nucleus RTOS, but the concepts will be applicable to other basebands and OS.

SPEAKER BIO: Luis Miras is an independent security researcher. He has worked for both security product vendors and leading consulting firms. His interests include mobile security, vulnerability research, binary analysis, and hardware/software reverse engineering. In the past he has worked in digital design, and embedded programming. He has presented at CanSecWest, Black Hat, CCC Congress, ekoparty, XCon, REcon, Defcon, and other conferences world-wide.

SPEAKER: Marcia Hofmann / Senior Staff Attorney / Electronic Frontier Foundation

PRESO TITLE: Legal Issues in Mobile Security Research

PRESO SUMMARY: This presentation will identify and discuss sticky legal problems raised by researching the security of mobile devices. Using American law as a jumping-off point, I'll discuss common legal issues that arise in mobile security research such as reverse engineering, jailbreaking, and interception of communications. We'll also talk about practical ways to reduce the risks of your research so that you can go about your work with less potential for legal trouble.

SPEAKER BIO: Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she works on a broad range of digital civil liberties issues including computer security, electronic privacy, free expression, and copyright. She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes innovation and protects the rights of curious tinkerers and researchers in their cutting-edge exploration of technology.

SPEAKER: Alex Stamos / Artemis

PRESO TITLE: New TLDs, ICANN and the Madness of Internet Governance

PRESO SUMMARY: As technologists it is easy for us to go heads down and focus on the hardware and software that underpins the Internet. We are generally happy to let the lawyers, lobbyists and bureaucrats argue about access fees, trademark protection and multi-stakeholder governance models with the assumption that the opinions of the technically gifted will never hold sway, and mollifying ourselves with slogans like "The Internet treats censorship like damage and routes around it."

For a decade powerful forces have been pushing for Internet "reform", but the decisive battle is only now beginning, trigged by the start of the new gTLD process. This talk will dispel the notion that Internet governance is an area that can be overlooked by engineers and the security industry, and will provide a background on the fight so far, the major players and the agendas they protect. We will discuss the gTLD process from the view of a security veteran turned registry applicant, and preview some of the fights that will play out at ICANN Prague this month and in the years to come.

SPEAKER BIO: Alex Stamos is the CTO of Artemis, the division of NCC Group that is taking on hard security problems starting with the .Secure gTLD. He was the co-founder of iSEC Partners, one of the world's premier security consultancies and also a part of NCC Group. Alex has spent his career building or improving secure, trustworthy systems, and is a noted expert in Internet infrastructure, cloud computing and mobile security. He is a frequently request speaker at conferences such as Black Hat, Defcon, Amazon ZonCon, Microsoft Blue Hat, FS-ISAC and Infragard. He holds a BSEE from the University of California, Berkeley and his personal security writings are available at http://unhandled.com.