Noteworthy speakers and topics
Here's a short list of talks among many that deserve attention.
•Kenneth Geers of the Naval Criminal Investigative Service proposes “four nation-state approaches to cyber attack mitigation.†No, DEFCON isn't just for project hackers. (P.S. IPv6 provides the basis for one approach.)
•Two engineers from GoDaddy suggest some approaches to Voice Data Leakage Prevention. G. Devarajan and D. Lebert will remind listeners that switching to voice communications will not necessarily prevent exfiltration of financial or medical data, and that insider threat risk assessments should consider this channel as well as the usual ones.
•Traditionalists will be pleased to hear that “Deviant Ollam†is reprising the topic of lockpicking -this time, lockpicking for gun safes. Ollam believes most gun lockboxes are easily compromised by a determined adversary.
•As network professionals push out VM's like so many summer cicadas, Nelson Elhage's demonstration of breaking out of KVM, the Linux Kernel Virtual Machine, is a sobering reminder of possible risks that may be hiding somewhere in the thorax of those VM's. Lehage uses “a fully-functioning exploit†to explain some of the challenges for would-be attackers.
•For many organizations, SOA and web services have moved from textbook to “hopefully hardened,†yet not all enterprises will have developed practices to support secure web service development or testing. Tom Eston, Josh Abraham and Kevin Johnson will “release an updated web service testing methodology†that can be used for pen testing, and review new Metasploit modules and exploits.
•DEFCON 19 would not be complete if it failed to address some aspect of cloud security. Dell's Ben Feinstein and Jeff Jarmoc contemplate ways in which credentials in Amazon Web Services could unintentionally persist in the cloud and fall into the hands of third parties. They will release their tool “AMIexposed,†which can check whether your Amazon Machine Image (a VM) is advertising something better kept under wraps.
