|10/15/10||11:30 AM||12:00 PM||Opening/Welcome||Print Me!|
|10/15/10||12:15 PM||01:00 PM|
|10/15/10||01:15 PM||02:00 PM|
|10/15/10||02:15 PM||03:00 PM||Mirovengi||Puppet for Data Automation|
|10/15/10||03:15 PM||04:00 PM||John McNabb||Environmental Impacts of the IT Industry|
|10/15/10||04:15 PM||05:00 PM||David Krause||A Practical Guide to IPv6|
|10/15/10||05:00 PM||07:00 PM||Dinner break|
|10/15/10||07:15 PM||08:00 PM||Lightning Talks|
|10/15/10||08:15 PM||09:00 PM||Iridium||Introduction to QA: Testing really isn't that hard!|
|10/15/10||09:15 PM||10:00 PM||James Ruffer||Using Information Gathering and how it can change your attack.|
|10/16/10||12:15 PM||01:00 PM||James Church||Mathematician & Code Breaker|
|10/16/10||01:15 PM||02:00 PM||Bluma Schlagentweit||Penetration of the GTD5 EAX phone system|
|10/16/10||02:15 PM||03:00 PM||Irongeek||Maltronics: Malicious Hardware|
|10/16/10||03:15 PM||04:00 PM||Mog||How to create free hardware|
|10/16/10||04:15 PM||05:00 PM||Tyler Pitchford||Imaginary Property||10/16/10||05:00 PM||07:00 PM||Dinner break|
|10/16/10||07:15 PM||08:00 PM||Gene Branfield||Why Security People Suck|
|10/16/10||08:15 PM||09:00 PM||Decius||The Annual Rant|
|10/16/10||09:15 PM||10:00 PM||Abaddon & Timball||Why You Suck|
|10/16/10||10:15 PM||11:00 PM||Awards/Closing|
Puppet (http://www.puppetlabs.com) is an open source data center automation toolkit that can used to unify configurations, installations and tasks across multiple computers and environments. My talk will cover some of the basics of deployment/installation, how to use Puppet and cover my experiences using it in my University Department's environment.
From the manufacturing of integrated circuits in Silicon Valley, to the assembly of computers and their sale to end users and eventual use and disposal, the life-cycle of the hardware used in the IT industry has an environmental impact. These impacts include hazardous waste, energy and water use, and dumping of discarded computers in landfills, incinerators, and in the developing world. In this talk, the impacts from each stage in the life cycle of a computer will be examined, and potential means to reduce those impacts, such as requiring computer manufacturers to be financially responsible for the collection & processing of their used computers (called Extended Producer Responsibility), will be discussed.
Often overlooked except in a security context, many developers focus on the new or interesting things they can do with their applications. Work flow diagrams, input sanitization (not just SQL injection based!), and UI sketches are just some of many basic steps that developers (or testers) can use to ensure software can flow as it needs to be. Various development methodologies (AGILE, SCRUM, Waterfall, etc) are also explained - pros and cons of each.. While having a test plan or outline for your software might not win you sales - end users finding bugs in a corporate environment can certainly lose you a lot of money/time supporting it after release.
Whether you are attacking a target alone or with a team, information gathering is still key in being successful. James will talk about how his team was setting up for one attack but changed it last min due to the information. He will show how social media and social engineering was used to breach a Canadian financial institute.
There is currently an explosion in the creation of free hardware, arduino, usrp, pandora, reprap etc etc. Why let everyone else have the fun. Learn how to scratch your own itch and build your own pcbs to get what you need done.
Changed his mind, he's gonna go on a drunken rant per tradition. This talk will review published architectures for lawful intercept and explain how a number of different technical weaknesses in their design and implementation could be exploited to gain unauthorized access and spy on communications without leaving a trace. The talk will explain how these systems are deployed in practice and how unauthorized access is likely to be obtained in real world scenarios. The talk will also introduce several architectural changes that would improve their resilience to attack if adopted. Finally, we'll consider what all this means for the future of surveillance in the Internet - what are the possible scenarios and what is actually likely to happen over time.