jueves, 18 de marzo de 2010

BlueHat Security Briefings: Buenos Aires 2010

I will brieftly comment my technical highlights of the BlueHat Security Briefings hosted at Buenos Aires today. This conference is organised by Microsoft and for the second time is hosted outside United States. The reason why is located here is that Core Security Technologies and the Ekoparty Security Conference assistants are collaborating a lot to the international computer security community.

Some personal highlights:
  • Anchies Moraes Guimaraes noticed that there is little interaction between the Brazilian and the Argentine security research communities. I agree with that, there is no Southamerican conference or community effort in that direction yet.
  • Mark Curphey made a very attractive presentation on how he entered Microsoft to evolve the processes related to security involved in software development, particularly Agile Methodologies and Secure Architectures. He mentions also some funny Software Patterns related to security described on an article called Big Ball of Mud.
  • Chris Hoff replicated a previous talk from another conference, focusing on surveying Cloud Computing Models and Security. I take notes on an attack he mentioned involving VMotion subversion, that is, virtual machine migration attacks.
  • Nelson Murilo discussed a survey on mobile devices security. I take notes on a simple attack that took my attention, involving smartphone's Safari browser and auto dialing to consume resources.
  • Peter Varangot made a very insightful presentation on OSINT and Social Networks Infiltration. We are working on a new version of Exomind, a little framework in those directions.
  • Felix Linder also made a survey but in this case related to embedded devices inside companies. Most remarkable he pointed to research on the security of routers and printer machines.
  • The Discussion Panel of various Southamerican experts was very interesting also, including old school and new security researchers and managers.
Happy Conference Networking!

Detailed Schedule:

Keynote: The Evolution of TrustWorthy Computing – Towards a Safer, More Trusted Internet and
Hackers & You: Panel discussion
Keynote and Panel Moderator—Andrew Cushman (Senior Director, TwC Security, Microsoft) + Various Guests of the Security Community

The Vulnerability Market: A Latin American Perspective - Anchises Moraes Guimarães
de Paula (Latin America Threat Intelligence Analyst, iDefense) & Kristen Dennesen (Intelligence Analyst and Deputy of the International Cyber Intelligence Team, iDefense)

State of the Art Automation of Open Source Intelligence and Impersonation in Social
Networks - Pedro Varangot (Security Researcher, Corelabs)

The Whole Nine Years (of Web App Security) - Mark Curphey (Product Unit Manager,
Microsoft)

Cloudifornication: Indiscriminate Information Intercourse Involving Internet
Infrastructure - Chris Hoff (Director of Cloud and Virtualization Solutions, Data Center Solutions at Cisco Systems)

Your Other Network - Felix 'FX' Lindner (Head of Recurity Labs)

[S]erious [M]obile [S]ecurity, is there such thing? - Nelson Murilo (YSTS Co-founder)


Behind-the-Scenes of the Microsoft Security Response and Engineering Centers
Mike Reavey (Director of Microsoft Security Response Center, Microsoft) & Damian Hasse (Principal Security Development Manager, Microsoft)

Lightning Talks - Various attendees

Update (2010-03-19): detailed schedule added!

No hay comentarios:

Publicar un comentario