Perimeter
2/27/2012
11:35 PM
Tom Parker
Tom Parker
Commentary
Connect Directly
RSS
E-Mail
50%
50%

RSA Conference, One Year Later

How I hope history has reshaped this year's RSA Conference one year after one of the most significant breaches in the past decade

Click here for more articles.

It’s that time of year again: tomorrow the annual RSA Conference in San Francisco will get into full-swing, with one major difference. This year’s conference marks (approximately) the one year mark from the 2011 compromise which for many, served as a chilling reminder of what can happen when your organization becomes a big enough target with too few defenses. I’ve publically stated before that I wasn’t a huge fan of RSA’s (mis)handling of the whole fiasco. However, I’m all for looking forward and not back, so here’s what I hope we will see out of the RSA Conference this year.

First and foremost, I hope that RSA will help the community at large gain a healthier understanding of the advanced persistent threat. Since the RSA compromise, there’s been a whole lot of‘APT name-dropping, much of which has been to incorrectly describe any attack with a vague whiff of anything that might be more sophisticated than what-ever-it-was that the name-dropper was used to. RSA is certainly well-positioned to craft a conference which addresses this misnomer head-on and highlight some of the strategic objectives of an APT, which often are more important than the technical nuts-and-bolts, but often get left by the wayside.

Following this, while RSA may now have its house in order (here’s hoping?), many others still have not and are dealing with many of the things that RSA found itself going through right around this time last year.

What’s often most valuable and motivates folks the most is the story of a victim and an honest-to-goodness lessons- learned session. I don’t see anything on the agenda which seems to address this directly, but hopefully this theme will be carefully interwoven into some of the talks which the RSA team is participating in.

Finally, while RSA is one of the less technical conferences on the annual event track, I’m hoping that some of the more technical tracks help a little in developing the community’s level of understanding for what a sophisticated attack really looks like. For one, the team from the newly announced CrowdStrike (www.crowdstrike.com) will be giving a talk on Wednesday on mobile device exploitation and Android remote administration tool -- which I’m definitely looking forward to listening in on. While in its genesis mobile security is definitely a growing trend out at RSA this year, it will continue to take center-stage as attacks against mobile devices continue to increase.

RSA is a multi-track event and has a lot of content to choose from. I’m often asked which talks I’m planning on listening in on, so I thought I’d also post my picks for those of you with an interest in advanced threats and related topics. As follows:

Sustaining Trust in a Hyperconnected World (Art Coviello - RSA) (Tues: Keynote/8AM)
Deconstructing the Breach (Tues 1:10 – 2:20 PM) Elephant in the Room: Intellectual Property Hacking (Tues 3:50-5:00 PM)
Cyber Battlefield: The future of Conflict (Weds: 8 – 9:10 AM)
Modern Cyber Threats: The changing face behind the keyboard (Weds: 9:30 – 10:20 AM)
Hacking Exposed: Mobile RAT Edition (Weds: 10:40 – 11:30 AM)
Worm: The first digital world war (Thurs: 8 – 9:10 AM) Showcase Showdown: Browser Security Edition (Thurs: 1 – 1:50 PM)
iOS Security Internals (Fri: 10:10 - 11 AM)

Tom Parker is Chief Technology Officer at FusionX.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant