Schedule

Date Start End Speaker

10/15/10 11:30 AM 12:00 PM Opening/Welcome
Print Me!
10/15/10 12:15 PM 01:00 PM

10/15/10 01:15 PM 02:00 PM

10/15/10 02:15 PM 03:00 PM Mirovengi Puppet for Data Automation
10/15/10 03:15 PM 04:00 PM John McNabb Environmental Impacts of the IT Industry
10/15/10 04:15 PM 05:00 PM David Krause A Practical Guide to IPv6
10/15/10 05:00 PM 07:00 PM Dinner break

10/15/10 07:15 PM 08:00 PM
Lightning Talks
10/15/10 08:15 PM 09:00 PM Iridium Introduction to QA: Testing really isn't that hard!
10/15/10 09:15 PM 10:00 PM James Ruffer Using Information Gathering and how it can change your attack.






10/16/10 12:15 PM 01:00 PM James Church Mathematician & Code Breaker
10/16/10 01:15 PM 02:00 PM Bluma Schlagentweit Penetration of the GTD5 EAX phone system
10/16/10 02:15 PM 03:00 PM Irongeek Maltronics: Malicious Hardware
10/16/10 03:15 PM 04:00 PM Mog How to create free hardware
10/16/10 04:15 PM 05:00 PM Tyler Pitchford Imaginary Property
10/16/10 05:00 PM 07:00 PM Dinner break

10/16/10 07:15 PM 08:00 PM Gene Branfield Why Security People Suck
10/16/10 08:15 PM 09:00 PM Decius The Annual Rant
10/16/10 09:15 PM 10:00 PM Abaddon & Timball Why You Suck
10/16/10 10:15 PM 11:00 PM Awards/Closing







Mirovengi - Puppet for Data Automation

Puppet (http://www.puppetlabs.com) is an open source data center automation toolkit that can used to unify configurations, installations and tasks across multiple computers and environments. My talk will cover some of the basics of deployment/installation, how to use Puppet and cover my experiences using it in my University Department's environment.

John McNabb - Environmental Impacts of the IT Industry

From the manufacturing of integrated circuits in Silicon Valley, to the assembly of computers and their sale to end users and eventual use and disposal, the life-cycle of the hardware used in the IT industry has an environmental impact. These impacts include hazardous waste, energy and water use, and dumping of discarded computers in landfills, incinerators, and in the developing world. In this talk, the impacts from each stage in the life cycle of a computer will be examined, and potential means to reduce those impacts, such as requiring computer manufacturers to be financially responsible for the collection & processing of their used computers (called Extended Producer Responsibility), will be discussed.

Iridium - Introduction to QA: Testing really isn't that hard!

Often overlooked except in a security context, many developers focus on the new or interesting things they can do with their applications. Work flow diagrams, input sanitization (not just SQL injection based!), and UI sketches are just some of many basic steps that developers (or testers) can use to ensure software can flow as it needs to be. Various development methodologies (AGILE, SCRUM, Waterfall, etc) are also explained - pros and cons of each.. While having a test plan or outline for your software might not win you sales - end users finding bugs in a corporate environment can certainly lose you a lot of money/time supporting it after release.

James Ruffer - Using Information Gathering and how it can change your attack.

Whether you are attacking a target alone or with a team, information gathering is still key in being successful. James will talk about how his team was setting up for one attack but changed it last min due to the information. He will show how social media and social engineering was used to breach a Canadian financial institute.

Mog - How to create free hardware

There is currently an explosion in the creation of free hardware, arduino, usrp, pandora, reprap etc etc. Why let everyone else have the fun. Learn how to scratch your own itch and build your own pcbs to get what you need done.

Decius - Drunken RantLawful Intercept technology

Changed his mind, he's gonna go on a drunken rant per tradition. This talk will review published architectures for lawful intercept and explain how a number of different technical weaknesses in their design and implementation could be exploited to gain unauthorized access and spy on communications without leaving a trace. The talk will explain how these systems are deployed in practice and how unauthorized access is likely to be obtained in real world scenarios. The talk will also introduce several architectural changes that would improve their resilience to attack if adopted. Finally, we'll consider what all this means for the future of surveillance in the Internet - what are the possible scenarios and what is actually likely to happen over time.