Perimeter
2/27/2012
11:35 PM
Tom Parker
Tom Parker
Commentary
50%
50%

RSA Conference, One Year Later

How I hope history has reshaped this year's RSA Conference one year after one of the most significant breaches in the past decade

Click here for more articles.

It’s that time of year again: tomorrow the annual RSA Conference in San Francisco will get into full-swing, with one major difference. This year’s conference marks (approximately) the one year mark from the 2011 compromise which for many, served as a chilling reminder of what can happen when your organization becomes a big enough target with too few defenses. I’ve publically stated before that I wasn’t a huge fan of RSA’s (mis)handling of the whole fiasco. However, I’m all for looking forward and not back, so here’s what I hope we will see out of the RSA Conference this year.

First and foremost, I hope that RSA will help the community at large gain a healthier understanding of the advanced persistent threat. Since the RSA compromise, there’s been a whole lot of‘APT name-dropping, much of which has been to incorrectly describe any attack with a vague whiff of anything that might be more sophisticated than what-ever-it-was that the name-dropper was used to. RSA is certainly well-positioned to craft a conference which addresses this misnomer head-on and highlight some of the strategic objectives of an APT, which often are more important than the technical nuts-and-bolts, but often get left by the wayside.

Following this, while RSA may now have its house in order (here’s hoping?), many others still have not and are dealing with many of the things that RSA found itself going through right around this time last year.

What’s often most valuable and motivates folks the most is the story of a victim and an honest-to-goodness lessons- learned session. I don’t see anything on the agenda which seems to address this directly, but hopefully this theme will be carefully interwoven into some of the talks which the RSA team is participating in.

Finally, while RSA is one of the less technical conferences on the annual event track, I’m hoping that some of the more technical tracks help a little in developing the community’s level of understanding for what a sophisticated attack really looks like. For one, the team from the newly announced CrowdStrike (www.crowdstrike.com) will be giving a talk on Wednesday on mobile device exploitation and Android remote administration tool -- which I’m definitely looking forward to listening in on. While in its genesis mobile security is definitely a growing trend out at RSA this year, it will continue to take center-stage as attacks against mobile devices continue to increase.

RSA is a multi-track event and has a lot of content to choose from. I’m often asked which talks I’m planning on listening in on, so I thought I’d also post my picks for those of you with an interest in advanced threats and related topics. As follows:

Sustaining Trust in a Hyperconnected World (Art Coviello - RSA) (Tues: Keynote/8AM)
Deconstructing the Breach (Tues 1:10 – 2:20 PM) Elephant in the Room: Intellectual Property Hacking (Tues 3:50-5:00 PM)
Cyber Battlefield: The future of Conflict (Weds: 8 – 9:10 AM)
Modern Cyber Threats: The changing face behind the keyboard (Weds: 9:30 – 10:20 AM)
Hacking Exposed: Mobile RAT Edition (Weds: 10:40 – 11:30 AM)
Worm: The first digital world war (Thurs: 8 – 9:10 AM) Showcase Showdown: Browser Security Edition (Thurs: 1 – 1:50 PM)
iOS Security Internals (Fri: 10:10 - 11 AM)

Tom Parker is Chief Technology Officer at FusionX.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.