RSA Conference Brochure 2008 - (Page 29) frEsh insights into EMErging thrEats & tEchnologiEs thursday, april 10 8:00 a.m. – 8:50 a.m. HT1-301 friday, april 11 9:00 a.m. – 9:50 a.m. HT1-401 (T1) locking the Door: Backdoor Threats to Applications (T1) Using Game Theory to Tim Keanini | CTO, nCircle Network Security Outmaneuver Your Opponent Chris Wysopal | Founder and CTO, Veracode While other software vulnerabilities have been classified, and processes put in place for detection, backdoors have been largely hidden or neglected. This presentation will describe a new way to classify backdoors that have been detected in applications. It will provide real-world examples of application backdoors, the mechanisms they use and strategies for detecting them. 9:10 a.m. – 10:20 a.m. HT1-302 Traditional security strategies fail to protect us because the threat is no longer an automated piece of code — the threats are real-life bad guys who can change the game at any moment. This session will explore through game theory how some best practices might be weakening your defensive posture. Concepts and patterns in game theory that you can apply today to your security strategy will also be discussed. 10:05 a.m. – 10:55 a.m. HT1-402 (T1) Timing Attacks for recovering Entries from Database Engines (T1) Designing and Attacking DrM: reversing vs. renewability Ariel Waissbeing | Researcher, CoreLabs, Core Security Technologies Nate Lawson | Principal, Root Labs hackErs & thrEats 1 Data security breaches are mostly due to the exploitation of bugs in front-end web applications. CoreLabs devised an attack that works without requiring the existence of implementation bugs or security misconfigurations in the database. The researchers will explain how this technique makes it possible to extract private data from a database by performing record insertion operations. 10:40 a.m. – 11:50 a.m. HT1-303 How do DRM systems like iTunes, Windows Media and AACS actually work? How do they fail? This presentation covers techniques like obfuscation, anti-debugging, key management and renewability. An “over-the-shoulder” view of analyzing a typical system will be presented, and an update on the latest status of various DRM systems and why they succeeded or failed will be shown. 11:10 a.m. – 12:00 p.m. HT1-403 (T1) Defeating Obfuscation: Methodologies and Attack Testing (T1) Pharming via DNS Forgery Amit Klein | CTO, Trusteer (DNS Cache Poisoning reloaded) Mike Hall | Senior Technical Leader, Cisco Systems, Inc. Keith Stewart | Product Line Manager, Cisco Systems, Inc. Effective mitigation of application-layer threats requires defeating attempts to obfuscate malicious headers and payloads. However, active evasion protections can introduce misleading results in the testing of a network IPS. This session will present well-known and recent obfuscation techniques, methods for their mitigation and prevention and guidelines for effective testing, including a live demo. DNS forgery is a renewed pharming technique. The current, cryptographically weak DNS implementations offered by some leading DNS server vendors enable attackers to poison the cache of DNS servers. This allows attackers to reroute traffic to their own sites, effectively conducting a mass pharming attack. This session will examine how this is possible, and what measures are available to defend against DNS forgery. Sessions and speakers are subject to change without notice. Track sponsored by: sEssion codE AUTH - 303 Track Code Timeslot Code Day Code WWW.rsaconfErEncE.coM/2008/us 29 http://WWW.RSACONFERENCE.COM/2008/US
Table of Contents Feed for the Digital Edition of RSA Conference Brochure 2008 Table of Contents Who Should Attend & Why Keynote Speakers Agenda At-A-Glance Session Classification Special Events & Activities Connect & Network Highlights 1-Day Pre-Conference Tutorials 2-Day Pre-Conference Tutorials Tracks & Sessions Authentication Consumer Protection Business Trends & Impact Case Studies Cryptographers Deployment Strategies Developing with Security Enterprise Defense Hackers & Threats 1 Hackers & Threats 2 Identity & Access Management Industry Experts Law & Liability Policy & Government Professional Development Security-Oriented Architecture Standards Wireless Sponsor Sessions List of Exhibitors Registration Information Sponsors RSA Conference Brochure 2008 RSA Conference Brochure 2008 - (Page Cover1) RSA Conference Brochure 2008 - Table of Contents (Page Cover2) RSA Conference Brochure 2008 - Who Should Attend & Why (Page 1) RSA Conference Brochure 2008 - Keynote Speakers (Page 2) RSA Conference Brochure 2008 - Keynote Speakers (Page 3) RSA Conference Brochure 2008 - Agenda At-A-Glance (Page 4) RSA Conference Brochure 2008 - Session Classification (Page 5) RSA Conference Brochure 2008 - Special Events & Activities (Page 6) RSA Conference Brochure 2008 - Special Events & Activities (Page 7) RSA Conference Brochure 2008 - Connect & Network (Page 8) RSA Conference Brochure 2008 - Highlights (Page 9) RSA Conference Brochure 2008 - 1-Day Pre-Conference Tutorials (Page 10) RSA Conference Brochure 2008 - 1-Day Pre-Conference Tutorials (Page 11) RSA Conference Brochure 2008 - 2-Day Pre-Conference Tutorials (Page 12) RSA Conference Brochure 2008 - 2-Day Pre-Conference Tutorials (Page 13) RSA Conference Brochure 2008 - Authentication (Page 14) RSA Conference Brochure 2008 - Consumer Protection (Page 15) RSA Conference Brochure 2008 - Business Trends & Impact (Page 16) RSA Conference Brochure 2008 - Business Trends & Impact (Page 17) RSA Conference Brochure 2008 - Case Studies (Page 18) RSA Conference Brochure 2008 - Case Studies (Page 19) RSA Conference Brochure 2008 - Cryptographers (Page 20) RSA Conference Brochure 2008 - Cryptographers (Page 21) RSA Conference Brochure 2008 - Deployment Strategies (Page 22) RSA Conference Brochure 2008 - Deployment Strategies (Page 23) RSA Conference Brochure 2008 - Developing with Security (Page 24) RSA Conference Brochure 2008 - Developing with Security (Page 25) RSA Conference Brochure 2008 - Enterprise Defense (Page 26) RSA Conference Brochure 2008 - Enterprise Defense (Page 27) RSA Conference Brochure 2008 - Hackers & Threats 1 (Page 28) RSA Conference Brochure 2008 - Hackers & Threats 1 (Page 29) RSA Conference Brochure 2008 - Hackers & Threats 2 (Page 30) RSA Conference Brochure 2008 - Hackers & Threats 2 (Page 31) RSA Conference Brochure 2008 - Identity & Access Management (Page 32) RSA Conference Brochure 2008 - Identity & Access Management (Page 33) RSA Conference Brochure 2008 - Industry Experts (Page 34) RSA Conference Brochure 2008 - Industry Experts (Page 35) RSA Conference Brochure 2008 - Law & Liability (Page 36) RSA Conference Brochure 2008 - Law & Liability (Page 37) RSA Conference Brochure 2008 - Policy & Government (Page 38) RSA Conference Brochure 2008 - Policy & Government (Page 39) RSA Conference Brochure 2008 - Professional Development (Page 40) RSA Conference Brochure 2008 - Security-Oriented Architecture (Page 41) RSA Conference Brochure 2008 - Standards (Page 42) RSA Conference Brochure 2008 - Wireless (Page 43) RSA Conference Brochure 2008 - Sponsor Sessions (Page 44) RSA Conference Brochure 2008 - Sponsor Sessions (Page 45) RSA Conference Brochure 2008 - List of Exhibitors (Page 46) RSA Conference Brochure 2008 - List of Exhibitors (Page 47) RSA Conference Brochure 2008 - Registration Information (Page 48) RSA Conference Brochure 2008 - Registration Information (Page Cover3) RSA Conference Brochure 2008 - Registration Information (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.