Perimeter
2/27/2012
11:35 PM
Tom Parker
Tom Parker
Commentary
Connect Directly
RSS
E-Mail
50%
50%

RSA Conference, One Year Later

How I hope history has reshaped this year's RSA Conference one year after one of the most significant breaches in the past decade

Click here for more articles.

It’s that time of year again: tomorrow the annual RSA Conference in San Francisco will get into full-swing, with one major difference. This year’s conference marks (approximately) the one year mark from the 2011 compromise which for many, served as a chilling reminder of what can happen when your organization becomes a big enough target with too few defenses. I’ve publically stated before that I wasn’t a huge fan of RSA’s (mis)handling of the whole fiasco. However, I’m all for looking forward and not back, so here’s what I hope we will see out of the RSA Conference this year.

First and foremost, I hope that RSA will help the community at large gain a healthier understanding of the advanced persistent threat. Since the RSA compromise, there’s been a whole lot of‘APT name-dropping, much of which has been to incorrectly describe any attack with a vague whiff of anything that might be more sophisticated than what-ever-it-was that the name-dropper was used to. RSA is certainly well-positioned to craft a conference which addresses this misnomer head-on and highlight some of the strategic objectives of an APT, which often are more important than the technical nuts-and-bolts, but often get left by the wayside.

Following this, while RSA may now have its house in order (here’s hoping?), many others still have not and are dealing with many of the things that RSA found itself going through right around this time last year.

What’s often most valuable and motivates folks the most is the story of a victim and an honest-to-goodness lessons- learned session. I don’t see anything on the agenda which seems to address this directly, but hopefully this theme will be carefully interwoven into some of the talks which the RSA team is participating in.

Finally, while RSA is one of the less technical conferences on the annual event track, I’m hoping that some of the more technical tracks help a little in developing the community’s level of understanding for what a sophisticated attack really looks like. For one, the team from the newly announced CrowdStrike (www.crowdstrike.com) will be giving a talk on Wednesday on mobile device exploitation and Android remote administration tool -- which I’m definitely looking forward to listening in on. While in its genesis mobile security is definitely a growing trend out at RSA this year, it will continue to take center-stage as attacks against mobile devices continue to increase.

RSA is a multi-track event and has a lot of content to choose from. I’m often asked which talks I’m planning on listening in on, so I thought I’d also post my picks for those of you with an interest in advanced threats and related topics. As follows:

Sustaining Trust in a Hyperconnected World (Art Coviello - RSA) (Tues: Keynote/8AM)
Deconstructing the Breach (Tues 1:10 – 2:20 PM) Elephant in the Room: Intellectual Property Hacking (Tues 3:50-5:00 PM)
Cyber Battlefield: The future of Conflict (Weds: 8 – 9:10 AM)
Modern Cyber Threats: The changing face behind the keyboard (Weds: 9:30 – 10:20 AM)
Hacking Exposed: Mobile RAT Edition (Weds: 10:40 – 11:30 AM)
Worm: The first digital world war (Thurs: 8 – 9:10 AM) Showcase Showdown: Browser Security Edition (Thurs: 1 – 1:50 PM)
iOS Security Internals (Fri: 10:10 - 11 AM)

Tom Parker is Chief Technology Officer at FusionX.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.