After the SFMTA Ransomware attack there are many questions about what is the proper response to such attacks and hackers’ motivations. Based on evidence directly from the hackers behind the recent ransomware attack against San Francisco's Muni, we know what led to the breach. We will be answering your questions about the hackers’ operation, motivations, and victim’s response to this and similar attacks.Read more >
As we move into a new era of ITSM computing, new big data and machine learning tools and methodologies are being developed to support IT staff by intelligently extracting insights and making predictions from the enormous amounts of data accumulated from the organization. According to Gartner, I&O leaders must take a comprehensive approach to incorporate advanced big data and machine learning technologies into their organizations or risk becoming irrelevant. But what exactly is big data and machine learning all about? How can you introduce these concepts into your existing Service Desk?
Join USF’s distinguished Computer Science and Engineering Professor Lawrence Hall and SunView Software’s VP of Marketing and Product Strategy John Prestridge as they break down the fundamentals of big data and machine learning and provide real-world examples of the impact the technologies will have on ITSM.
Lawrence Hall is a Distinguished University Professor of Computer Science and Engineering at University of South Florida. He has authored over 190 publications in journals, conferences, and books. Recent publications appear in Pattern Recognition, IEEE Access, IEEE Transactions on Fuzzy Systems, and the International Conference on Pattern Recognition.
Lawrence has received funding from the National Institutes of Health, NASA, DOE, National Science Foundation and others. His research interests lie in distributed machine learning, extreme data mining, bioinformatics, pattern recognition and integrating AI into image processing.
We run down the recent happenings at the RSA and B-Sides conferences in San Francisco, including an interview with industry luminary Tom Kellermann, VP of Cyber Security at Trend Micro.
We also look at recent and upcoming BrightTALK events, such as the ongoing Advanced Threat Protection Summit and the recent Software Assurance Summit.
In 2009, the stock of LEED certified square footage in San Francisco increased 5-fold to 16.8 million LEED certified square feet as of December 1. Existing Buildings account for 75 percent this local LEED certified square footage, including properties ranging from the iconic Pyramid to historic 601 Townsend St. Transit density, requirements for recycling and water efficiency, and incentives from SF Energy Watch and PG&E, all contribute to a revolution in both commercial and government-managed facilities in The City.
Learn how San Francisco is nurturing and pushing a resource efficient, healthy, and cost-effective built environment. The talk will feature the results of Mayor Newsom’s Task Force on Existing Commercial Buildings, which charts the path to dramatic acceleration of energy efficiency investment and improvements through an integrated strategy of financing, transparency, education, and civic leadership.
Secuity B-Sides: Beyond PasswordsRead more >
Featuring EFF staff Dan Auerbach, Eva Galperin, Hanni Fakhoury, Marcia Hofmann, Jennifer Lynch and Trevor Timm.Read more >
Ah, the life of a security consultant. You get paid well, tell people about their problems and how to fix them, and still see the same stupid human tricks over and over again. In this presentation, I'll talk about a few lessons learned in consulting. Often times, what we say or recommend is interpreted inaccurately, partially, or completely ignored by business units and sometimes even security or IT teams. This presentation will describe some interesting cases where recommendations were given, and hilarity ensued.Read more >
Protecting yourself against known and unknown threats, the “always-on” nature of securing against advanced attacks. (AWS SF Loft Series – April 2015)Read more >
Statistics are trendy, real metrics measure outcomes. Inspired by Money Ball (pre-movie) last year we proposed a list of 14 metrics we believe have the greatest correlation to reducing incidents. We've refined our thoughts, candidate metrics, and have some experience to share. Metrics programs struggle for attention in today’s reactive world so we need your support, more measurement, and contribution: pre & post-prod app vulns, role verification, device vuln age, change regressions, social eng. incidents, and more. Help us to inspire and call out the IT industry to stop whining and start measuring what matters.Read more >
An overview of the common techniques used by con men, psychics, spiritualists, and salesmen. The talk will cover a wide range of cold, warm, subtle expressions, Barnum statements, , selective memory, and body language.
Participants will learn:
1) How Cold reading works
2) Why it works
3) What and when warm reading is used
4) How to interpret body language in context
5) How to use "hooks" I.E. Tarot Cards
6) How to spot verbal techniques involved in these practices
7) Leave the talk and start using these techniques
Lastly they should be fully armed to walk into the world and pretend they too too are psychic!
The current trajectory in security is leading us straight into a brick wall. You have only to look at the number of high profile breaches to realize this is true. If we don't make changes, companies are going to start realizing they're going to be compromised no matter how much money they throw at security, so why try at all? What is it that got us to this point in history? There are fundamental flaws in the assumptions we make about security, those that form the most basic building block that we use to form our every idea. Building blocks that are more sandstone than granite. Walk through some of our history with me and examine how these flawed assumptions have expressed themselves in PCI and the wider world of securityRead more >
Recent reports around mobile security threat ignited strong responses from some in the security community claiming that the reports overstate the concern and that security controls built into the phone like sandboxing, mitigate the threat. In November, a number of reports emerged within the security community finding a staggering growth in malware targeting smartphones on Android and other platforms. Reports from both Juniper Networks and McAfee found significant increases in malicious applications targeting Android and Lookout Mobile Security identified malware on the official Android Marketplace. So who’s right?
This session will deconstruct this debate and argue that mobile security, while different than traditional PC security, is a growing and significant concern. It will explore the risks presented by malware, as well as the threats presented by unsecured wireless networks and other threats absent in the current public debate.
The session is intended to be interactive and encourage audience participation in the discussion into this newly emerging trend, looking to separate the real threats from the hype.
Although the Mayans predicted the world would end at the end of 2012, I am predicting that 2012 will mark the end of stupidity in the world of information security. How much longer can we put up with: meaningless certifications, inadequate technical training, vendor point solutions that do not stop criminals and nation-state attackers, and hoards of industry know-it-alls that comment on everyone else's woes while secretly freaking because they themselves are probably owned as well. All will change in 2012.
This presentation explores two main areas:
1) what's wrong with security today from the perspective of a seasoned technical security executive who has worked across government, start-ups and the private sector, and
2) provides some fresh thinking on how we can all move past the recent apocalypse of hacktivists, nation-sponsored groups, and deficiencies, including gaps in training, collaboration, technology, and security operations.
While developers and administrators are paying attention to handling slow HTTP requests without issues, another aspect is being overlooked – making sure clients of HTTP servers are accepting server data fast enough.
This workshop will present a tool that, along with other attacks, performs a Slow Read Application Layer DoS attack, that keeps the HTTP server busy by requesting relatively large resources and accepting them abnormally slowly by exploiting TCP Persist Timer (MS09-048, CVE-2008-4609, CVE-2009-1925, CVE-2009-1926). Although the possibility to prolong the TCP connection forever was first mentioned three years ago, most web servers are still not able to handle this issue. My approach, unlike others, doesn’t require any TCP packet crafting, and the tool I developed controls TCP bandwidth by manipulating socket options through the socket API.
The attack is easy to execute because a single machine is able to establish thousands of connections to a server and generate thousands of legitimate HTTP requests in a very short period of time using minimal bandwidth. Due to implementation differences among various HTTP servers, different attack vectors exist which will be discussed in this talk, along with demonstration and the best approaches to detect vulnerability to these attacks. Detection and mitigation techniques will also be discussed.
This session will explore how we cracked the encryption algorithm and decoded the command and control protocol of a p2p botnet that is being used by cybercriminals to control an advanced malware distribution system used for wide scale fraud and identify theft attacks.
The analysis starts with the discovery of an unusual traffic pattern from computers infected with a variety of malware in a real-world deployment. A relatively small group of infected computers (~300) from the monitored network were communicating with over 60,000 computers on the Internet, using what was obviously an encrypted command and control protocol. One infected computer was in communication with over 5,000 different peers in a single day.
The obvious conclusion was that this was a new p2p botnet that was being used to control these computers and infect them with a variety of malware. The scale of the infection and the number of different malware varieties involved indicated that this was a significant operation.
In this session we will describe how we used traffic analysis from our network sensors and malware samples in the lab to reverse engineer this bot, crack the encryption algorithm and decode the command and control protocol. In addition, we will describe the infection process, how the malware injects itself into a variety of system processes and how it protects itself from detection. We will provide a detailed analysis of how it maintains contact with its peers and discuss various approaches for infiltrating this botnet.
By examining the protocol in more detail, we can see how it is used by cybercriminals to manage a large multi-tiered botnet, which is then used to distribute additional malware components for a fee or launch widescale fraud or identity theft attacks.
Landing the perfect security job and finding the right candidate takes more than merely matching the person’s skills to the job requirements. The hiring manager and the candidate explore each other’s traits and persuade each other of the right fit during email, phone and in-person interactions. Succeeding at these discussions and getting the upper hand requires understanding your negotiation objectives and the other party’s tactics.
This session investigates the perspectives of both sides of the hiring process: the candidate and the employer. The two speakers, experienced in recruiting, hiring and job-searching, will alternate between the viewpoints to clarify how each side views topics such as the resume’s role, the job’s appeal, career advancement, interview communications and compensation. Providing insight into the hiring process, they’ll dispel some of the myths of how it really works. Attendees will come away as more effective interviewers and interviewees, as they pursue to build their teams and attain career goals.
The session starts by clarifying why the dynamics of the job search and the hiring process are often misunderstood, which leads to bad decisions. It then explores several key topics related to the job search and to filling an open position in the information security industry:
1. Presentation: How to describe the candidate and the job?
2. Expertise: What skills to possess and to demand
3. Negotiations: How to get what you need or want
The presenters will demonstrate how the same event or issue can be seen from two points of view, which often leads to sub-optimal negotiations or bad job decisions.
The discussion completes by explaining that like in dating, finding the right match in a candidate and employer is hard: there are many variables to consider and track. Understanding the other party's perspective is key to a successful outcome.
How does your organization measure and report its security posture and performance? Do you have spreadsheets that show how many vulnerabilities you found last month, or how many viruses your AV system stopped? Those numbers might pacify your management, but any security pro can tell you that they are no way to benchmark the real work you do – or how much danger your enterprise might be in.
Maybe the problem is that we’re all trying to use the data we already have – host metrics, network metrics, applications data – instead of building the data we actually need. We need metrics that show the current range of threats, and the enterprise’s exposure. We need data that shows whether our security tools and programs are actually working or not. We need methods for demonstrating that our security teams are performing well – not only this month, but over a period of time.
In this thought-provoking presentation, we’ll describe methods for building an enterprise security metrics program that’s completely different from the current, sucky model of counting vulnerabilities or numbers of patches applied. We’ll outline methods for monitoring the threat landscape, and your organization’s exposure. We’ll offer some best practices for measuring the effectiveness of current security tools and systems. Best of all, we’ll outline a way to build a maturity model for security, so that you can show your security team’s performance on a month-to-month basis, and demonstrate its continuing improvement over time.
Want to stop reporting a bunch of crap and start building a real set of data that accurately measures your organization’s risk and its effectiveness in controlling it? Want to learn how to integrate security data across hosts, networks, and applications? Want your performance – and your company’s security posture – to be monitored using metrics that don’t suck? Here’s a chance to look at the picture from a whole new angle.
Have you ever wondered what role data science should play in your organization and how it should work with or differentiate itself from existing teams? If you have, you're not alone. Many companies are realizing the potential value that can come from their data streams and are seeking to dig into it using teams of data scientists.
If you want to learn more about data science workflows and how to create an effective team, join this roundtable which will be streamed live from Trulia HQ in downtown San Francisco.
-- Abe Gong, Data Scientist, Jawbone
-- Todd Holloway, Data Science Lead, Trulia
-- Nick Kolegraff, Director of Data Science, Rackspace
-- Moderator: Krishan Gupta, Director of Analytics and Big Data Products, eMeter
Also, check out the SF Data Mining Meetup Group for more interesting content: http://www.meetup.com/Data-Mining/
For four decades, Dr. Ralph Kilmann has been using the MBTI and TKI tools to help organizations identify and then resolve their most troublesome problems.
His approach starts by bringing recurring and unresolved differences between people out into the open, using four MBTI type groups (based on the functional pairs ST, NT, SF and NF). Once these differences have been identified, the TKI’s five conflict modes are used to develop an effective resolution for all concerned.
In this one-hour webinar, Dr. Kilmann will describe how the combined TKI and MBTI assessments offer a powerful toolkit for solving complex problems and conflicts.
From Security B-Sides San Francisco 2013Read more >
From Security B-Sides San Francisco 2013Read more >
From Security B-Sides San Francisco 2013Read more >
From Security B-Sides San Francisco 2013Read more >