Events to Attend While at Black Hat USA 2011
Posted on by Zuly GonzalezCategories Computer Security, Events, SecurityLeave a comment on Events to Attend While at Black Hat USA 2011

Black Hat USA 2011 LogoThere are usually a lot of events scheduled the week of the Black Hat conference. I’ll be attending some of these events, and I encourage you to attend some as well. This is a list of after parties and Black Hat sponsored special events that will keep you busy all week.

Black Hat After Parties

The links will take you to the RSVP page for each event.

MANDIANT Reception: Enjoy an assortment of hors d’oeuvres and drinks while getting the opportunity to chat with some of MANDIANT’s instructors and executives.

When: Aug 3, 8:00 p.m. – 10:00 p.m
Where: Shadow Bar Inside Caesar’s Palace

Rock-It To The Moon Party: Sponsored by Rapid7, EWF, FireMon, NitroSecurity and Veracode. Come for Dual Core, DJ, open bar and dessert.

When: Aug 3, 9:00pm – 2:00am
Where: Moon Nightclub at the Palms Fantasy Tower, 52nd Floor

FireMon and FishNet Security Party: Drinks, appetizers and some Salsa Dancing. Bring your business card to be entered into the raffle.

When: Aug 3, 9pm – 12am
Where: The Rhumbar at the Mirage

ModSecurity Happy Hour: A relaxed, social setting where you can meet the ModSecurity Project Team and other ModSecurity users face-to-face.  Anyone who uses or contributes to the project should stop by for some drinks and food.

When: Aug 3, 4pm – 6pm
Where: MunchBar at the Caesars Palace

EWF Meet & Greet: Network with your peers and enjoy a few drinks. Learn more about the Executive Women’s Forum and our Cyber Security School Challenge.

When: Aug 2, 6:00pm-8:30pm
Where: Caesar’s Palace – Pisa Room

SecurityTwits Meetup: This is a cash bar event. There will not be a guest list/sign-up process. Just show up. If there is room, you’ll get in.

When: 8:00pm till whenever
Where: The Artisan Hotel in the bar/pool area

Qualys Reception: Honoring their customers in a private reception of cocktails and fine cuisine.

When: Aug 3, 7:30pm
Where: Yellowtail Restaurant at the Bellagio

The Qualys & Dell SecureWorks Party: Enjoy a night of entertainment, cocktails & dancing. Open bar available from 10pm to 2am.

When: August 3, 10pm – 2am
Where: The Bank nightclub at the Bellagio

Absolute Madness: Sponsored by MAD Security, Core Security, NitroSecurity, and RedSeal Systems.

Where: Caesars Palace Suite

nCircle Party: Another after party.

When: Aug 3, 7:30pm
Where: Caesars Palace

NetWitness Party: Yet another after party.

When: Aug 3, 8pm – 12am
Where: Jet nightclub at the Mirage

Cisco Party: The registration site for the Cisco Customer Social Event at PURE Nightclub is now closed. If you would like to register for the event, visit Cisco in booth #305.

When: Aug 3, 8pm – 12am
Where: PURE Nightclub at Caesars Palace

Black Hat Special Events

Black Hat Arsenal: This year Black Hat will be offering a tool/demo area for independent researchers and the open source community to showcase their work and answer questions from conference attendees. This is not an exhibit space for big enterprise sized companies. You can find a description of the demos on the Black Hat website. And below is the schedule.

When: Aug 3-4, 10:00-18:00
Where: Caesars Palace: 4th Floor Promenade

Day 1

Black Hat Arsenal Day 1 Schedule

Day 2

Black Hat Arsenal Day 2 Schedule

Black Hat Circuit: The Black Hat Circuit will feature themed rooms from key exhibitors; offering conference delegates a venue to continue their technology conversations and networking activities. Participating Circuit sponsors will be providing food and drinks, along with opportunities to win prizes.

When: Aug 3, 19:00-22:00
Where: Caesars Palace: 3rd Floor

Hacker Court: Go behind the scenes with the Hacker Court team to discover what goes into preparing for a computer crime trial. This year, the Hacker Court team takes you behind the scenes to discuss just how much work is involved in preparing for a computer crime trial. This panel will discuss the lifecycle of prosecuting and defending against a computer crime charge: what constitutes a computer crime, how it affects businesses, how computer crime is detected and investigated, how a case is prepared and finally the theater known as Court.

When: Aug 3, 18:00-19:30

Pwnie Awards: The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of the security community over the past year. The award categories are:

  • Pwnie for Best Server-Side Bug
  • Pwnie for Best Client-Side Bug
  • Pwnie for Best Privilege Escalation Bug
  • Pwnie for Most Innovative Research
  • Pwnie for Lamest Vendor Response
  • Pwnie for Best Song
  • Pwnie for Most Epic FAIL
  • Pwnie for Lifetime Achievement
  • Pwnie for Epic Ownage

When: Aug 3, 18:15-19:30

Black Hat Store: Get Black Hat branded merchandise like t-shirts, jackets, mugs, barware, lab coats and more.

When: Aug 2 – 15:00-21:00, Aug 3-4 – 08:00-18:00
Where: Caesars Palace: Emperor’s Ballroom

This is by no means an exhaustive list. If you are aware of other events planned for the week that I have not listed, let us know in the comments. Do you plan on attending any of these events? If so, which ones?


FOSE 2011 Government IT Conference – My Thoughts
Posted on by Zuly GonzalezCategories Events, Opinion, SecurityLeave a comment on FOSE 2011 Government IT Conference – My Thoughts

FOSE Government IT Conference logoI attended the 2011 FOSE Conference and Exposition, which was held July 19 – 21 at the Walter E. Washington Convention Center in Washington DC. This is a summary of my overall experience.

What Is FOSE?

FOSE is a government Information Technology event hosted in DC every year that features IT products and services, and provides education on the latest IT trends. FOSE brings together federal, state, and local governments with industry partners to share experiences and evaluate new solutions.

FOSE offers a free exposition, as well as a paid conference portion. At the free expo there were over 250 vendors demonstrating their latest products and services. In addition to the vendor exposition, the conference portion also included educational tracks and conference-only keynotes. The four conference educational tracks were:

  • Cybersecurity, Network Defense, and Information Assurance: Strategies and technologies for protecting government information systems and the data that moves across them.
  • Information Management and Collaboration: Ways that new tools and approaches are improving enterprise-wide and federated decision making.
  • Next-Generation Infrastructure Strategies: Infrastructure strategies from desktop virtualization to cloud computing and everything in between.
  • Enabling the Mobile Government Workforce: Harnessing mobile web apps, social media and emerging wireless technologies for more effective government.

I attended the cybersecurity track. The two conference keynotes were:

  • Operation Trident Breach- Lessons Learned from FBI Global Cyber Crime Arrests: Representatives from the FBI, Metropolitan Police in the UK, Cyber Crime officials from the Netherlands and the Ukrainian Security Service explained their multi-year Zeus malware investigation which led to the arrest of over 100 criminals in the United States, United Kingdom, Moldova and the Ukraine on a variety of cyber related, money laundering, fraudulent passports and identify theft crimes. Additionally, they presented Open Source intelligence techniques used in investigating the network of financial crime based on the Zeus trojan.
  • The Federal IT Agenda in 2012: This presentation provided perspectives and insights to fellow CIOs, CISOs, and IT/Network managers in government about the direction of cyber security, data center consolidation and the move to cloud computing within agencies and what lessons there are to be learned.

My Thoughts on FOSE 2011

Zuly Gonzalez at FOSE 2011 Government IT ConferenceThe Good

From the conference tracks, to the keynote presentations, to the vendor exhibits, there was a lot going on at FOSE – more than one person could do at any given time.

I was impressed by the quality of some of the free sessions at FOSE. They offered four free keynote presentations, free workshops, free education sessions, and free vendor exhibits. I didn’t attend all of the free sessions since I registered for the paid conference talks, but of the ones I attended, most were fairly good. For instance, Steve Wozniak, co-founder of Apple, was one of the free keynote speakers this year. Steve talked about fostering creativity and innovation in any environment (including big enterprises), and shared his view on the revolution under way in mobile computing. It’s not everyday that you get to hear someone of that caliber speak in person. Other keynote speakers included General James E. Cartwright, Vice Chairman of the Joint Chiefs of Staff, and Dr. David McQueeney, Vice President of Software at IBM Research.

Of the paid conference sessions, some were really good, and some were just OK. I really enjoyed the Operation Trident Breach presentation where law enforcement officials discussed their multi-year Zeus malware investigation that led them to organized crime around the world. They discussed how Zeus was propagated, and how they used Facebook to identify some of the criminals.

Another interesting presentation was Mitigating the Next Stuxnet. In this presentation they discussed the history of the Stuxnet worm, how Stuxnet could have been mitigated, and steps the government can take to prevent cyber attacks of this magnitude.

I’ll summarize these presentations in future blog posts.

The Bad

The thing that stood out the most for me was how unorganized the event was. I wasn’t given any information when I registered other than where to go to pick up the agenda. When I did ask the onsite personnel a question, they weren’t able to help me. They were nice, and tried to be helpful, but for some reason even the onsite personnel were left in the dark. It turned out that registration was in one place, the agenda was handed out at a different place, and the conference swag was handed out at a third place. Now why these three things couldn’t have been handled in one place, I don’t know, but I do know it was a stupid way to set things up, especially when the attendees aren’t even told that this is the process.

One other minor, though understandable, annoyance was that every time I went into one of the conference talks, there was someone there policing the entrance and checking for badges. I understand the need to do this, but it was a bit annoying. It’s akin to having to show your receipt when leaving Wal-Mart.


Despite these issues I would consider attending the free expo portion next year. For one, since I have experience with the event now, I’ll be better prepared for next year. Second, it’s always interesting to see what new products and solutions are available, especially in the cybersecurity arena. Plus the expo is free, so there’s not a whole lot to lose, although parking in DC can get expensive (you could pay as much as $75 in parking for the 3 days). Lastly, in addition to the vendor booths at the expo, FOSE also offers free educational workshops and free keynote talks.

Will I attend the paid conference portion next year? I don’t know. It’ll depend on the topics and speakers.

FOSE Resources

I plan on summarizing a couple of the FOSE talks in future blog posts, but for the time being, take a look at these links.

Some of the FOSE talks were recorded, including Steve Wozniak’s keynote. You can view them here. In addition, some of the PowerPoint slides have been made available. You can find the slides here.

Did you attend FOSE? Have you attended in previous years? What did you think of it? What was your favorite part? Will you consider attending FOSE next year?

Why Antivirus Isn’t Enough
Posted on by Beau AdkinsCategories Computer Security, Light Point Web, Security, Web SecurityLeave a comment on Why Antivirus Isn’t Enough

Computer SecurityI have come to realize recently that almost all computer security products (including antivirus) are what I call “filter-based”. The problem though is that when (not if) the filter is wrong, the user’s security is compromised.

What Is Filter-Based Security?

A filter-based security product is any security product which roots its security in the premise that it can filter all the bad things that might happen away from the non-bad things. So for anything that a user tries to do, the security product first attempts to decide if that thing is bad. If it’s bad, the product will stop that thing from happening. Thus, the effectiveness of the product is totally dependent on the accuracy of the filter.

For example, antivirus software maintains a huge list of malware signatures that is used as it’s filter. Any time a process tries to run, or a file gets saved to your disk, the antivirus will compare it to all its known signatures. If a match is found, it must be bad, and the antivirus will stop it. This is why antivirus products are always downloading new signatures, and why out-of-date antivirus is not very effective.

Personal firewalls work in a similar way, except the filter list is mostly curated by the user. If an unknown program attempts to access the internet, the firewall will just ask the user if its OK or not. In this case, the correctness of the filter list is in the hands of the user.

In the realm of web browsing security, the technology is similar. One approach is used by very popular tools such as Web Of Trust (or WOT) and Google’s Safe Browsing. These products maintain a huge list of known websites, along with a trustworthiness score for each one. In WOT’s case, the trustworthiness scores are decided directly by its users. If one user says a certain website is bad, then that site’s score is lowered for all the users of WOT. In the case of Google’s Safe Browsing, the trustworthiness is decided by Google. In both cases, if a user tries to go to a site, the tool first determines the site’s trustworthiness, and if it is too low, the tool will try and stop the user from visiting the site.

The other tactic used in web browsing security is taken by NoScript. The makers of NoScript realize it is the scripting present in a webpage that poses the most danger to a user. For any website a user attempts to visit, the HTML will be fetched and rendered, but scripts will only run if a user has granted permission. By default NoScript will stop all scripts, and a user must manually build a list of trusted scripts. There are 2 related problems with this. First, scripting is heavily relied on these days for most of a website’s functionality. If the scripts are blocked, the sites just don’t work. The second problem is that it is too hard for a user to correctly decide if a script should be allowed or not.

What Alternative Is There?

A popular alternative is using a Virtual Machine. For web browsing, a lot of advanced users will create a virtual machine that they can use to browse the web. The advantage of doing this is two-fold. First, the dangerous task of web browsing is moved off of their real computer. Second, and equally as important, is that virtual machines allow the user to revert all the changes made to the machine to a known good state.

The virtual machine approach is very safe, but also very tedious. For one, starting a virtual machine can take a few minutes. When you are finished, you must then revert all your changes, which can also take a while. In addition, virtual machines take up a lot of resources, usually at least 1 Gigabyte of RAM. This can slow down your whole computer while it is active. The workflow goes like this:

  • A user decides to browse the web.
  • Wait a couple minutes while the virtual machine starts.
  • Browse the web.
  • Wait a minute while the virtual machine shuts down and reverts changes.
  • In addition, the user needs to keep their virtual machine up-to-date.

This is a good approach, but it is not for everyone. Light Point Web was created to give all users access to this level of safety, but without any of the tedium.

Light Point Security’s Approach

Light Point Security is a pioneer in alternatives to filter-based security. We believe that building a filter that can identify all the bad operations and to be right 100% of the time is simply impossible. Our approach to security is to move all potentially dangerous activities off of the user’s computer. By doing this, it doesn’t matter if something is good or bad. We can run it in a controlled environment that can be restored to a pristine state whenever we want.

Light Point Web lets you browse the web from our computers instead of yours. Using this approach, it is like each time you browse the web, you do it from a brand new computer that has never been used before, and when you are finished, you throw the computer away, never to be used again. If you think about it like this, it doesn’t matter how bad the sites are that you visit.

Light Point Web 1.0 Officially Released
Posted on by Beau AdkinsCategories Light Point Security Update, Light Point Web, StartupsLeave a comment on Light Point Web 1.0 Officially Released

Light Point Web LogoLight Point Security has released Light Point Web 1.0. Light Point Web gives users safe browsing, private browsing and anonymous browsing. No other product on the market can protect a user from web-based malware as thoroughly as Light Point Web.

What’s Next for Light Point Web?

Now that we have a version 1.0 product, and all supporting infrastructure in place, all our efforts will switch to getting the word out. This will be the hard part, as we have never ran marketing campaigns before.

It’s going to be a long, hard road, but we are excited about it, and can’t wait to see how well we can do.

If you would like to try Light Point Web, you can sign up for a free trial here.