Perimeter
2/27/2012
11:35 PM
Tom Parker
Tom Parker
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

RSA Conference, One Year Later

How I hope history has reshaped this year's RSA Conference one year after one of the most significant breaches in the past decade

Click here for more articles.

It’s that time of year again: tomorrow the annual RSA Conference in San Francisco will get into full-swing, with one major difference. This year’s conference marks (approximately) the one year mark from the 2011 compromise which for many, served as a chilling reminder of what can happen when your organization becomes a big enough target with too few defenses. I’ve publically stated before that I wasn’t a huge fan of RSA’s (mis)handling of the whole fiasco. However, I’m all for looking forward and not back, so here’s what I hope we will see out of the RSA Conference this year.

First and foremost, I hope that RSA will help the community at large gain a healthier understanding of the advanced persistent threat. Since the RSA compromise, there’s been a whole lot of‘APT name-dropping, much of which has been to incorrectly describe any attack with a vague whiff of anything that might be more sophisticated than what-ever-it-was that the name-dropper was used to. RSA is certainly well-positioned to craft a conference which addresses this misnomer head-on and highlight some of the strategic objectives of an APT, which often are more important than the technical nuts-and-bolts, but often get left by the wayside.

Following this, while RSA may now have its house in order (here’s hoping?), many others still have not and are dealing with many of the things that RSA found itself going through right around this time last year.

What’s often most valuable and motivates folks the most is the story of a victim and an honest-to-goodness lessons- learned session. I don’t see anything on the agenda which seems to address this directly, but hopefully this theme will be carefully interwoven into some of the talks which the RSA team is participating in.

Finally, while RSA is one of the less technical conferences on the annual event track, I’m hoping that some of the more technical tracks help a little in developing the community’s level of understanding for what a sophisticated attack really looks like. For one, the team from the newly announced CrowdStrike (www.crowdstrike.com) will be giving a talk on Wednesday on mobile device exploitation and Android remote administration tool -- which I’m definitely looking forward to listening in on. While in its genesis mobile security is definitely a growing trend out at RSA this year, it will continue to take center-stage as attacks against mobile devices continue to increase.

RSA is a multi-track event and has a lot of content to choose from. I’m often asked which talks I’m planning on listening in on, so I thought I’d also post my picks for those of you with an interest in advanced threats and related topics. As follows:

Sustaining Trust in a Hyperconnected World (Art Coviello - RSA) (Tues: Keynote/8AM)
Deconstructing the Breach (Tues 1:10 – 2:20 PM) Elephant in the Room: Intellectual Property Hacking (Tues 3:50-5:00 PM)
Cyber Battlefield: The future of Conflict (Weds: 8 – 9:10 AM)
Modern Cyber Threats: The changing face behind the keyboard (Weds: 9:30 – 10:20 AM)
Hacking Exposed: Mobile RAT Edition (Weds: 10:40 – 11:30 AM)
Worm: The first digital world war (Thurs: 8 – 9:10 AM) Showcase Showdown: Browser Security Edition (Thurs: 1 – 1:50 PM)
iOS Security Internals (Fri: 10:10 - 11 AM)

Tom Parker is Chief Technology Officer at FusionX.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web