Perimeter
2/27/2012
11:35 PM
Tom Parker
Tom Parker
Commentary
50%
50%

RSA Conference, One Year Later

How I hope history has reshaped this year's RSA Conference one year after one of the most significant breaches in the past decade

Click here for more articles.

It’s that time of year again: tomorrow the annual RSA Conference in San Francisco will get into full-swing, with one major difference. This year’s conference marks (approximately) the one year mark from the 2011 compromise which for many, served as a chilling reminder of what can happen when your organization becomes a big enough target with too few defenses. I’ve publically stated before that I wasn’t a huge fan of RSA’s (mis)handling of the whole fiasco. However, I’m all for looking forward and not back, so here’s what I hope we will see out of the RSA Conference this year.

First and foremost, I hope that RSA will help the community at large gain a healthier understanding of the advanced persistent threat. Since the RSA compromise, there’s been a whole lot of‘APT name-dropping, much of which has been to incorrectly describe any attack with a vague whiff of anything that might be more sophisticated than what-ever-it-was that the name-dropper was used to. RSA is certainly well-positioned to craft a conference which addresses this misnomer head-on and highlight some of the strategic objectives of an APT, which often are more important than the technical nuts-and-bolts, but often get left by the wayside.

Following this, while RSA may now have its house in order (here’s hoping?), many others still have not and are dealing with many of the things that RSA found itself going through right around this time last year.

What’s often most valuable and motivates folks the most is the story of a victim and an honest-to-goodness lessons- learned session. I don’t see anything on the agenda which seems to address this directly, but hopefully this theme will be carefully interwoven into some of the talks which the RSA team is participating in.

Finally, while RSA is one of the less technical conferences on the annual event track, I’m hoping that some of the more technical tracks help a little in developing the community’s level of understanding for what a sophisticated attack really looks like. For one, the team from the newly announced CrowdStrike (www.crowdstrike.com) will be giving a talk on Wednesday on mobile device exploitation and Android remote administration tool -- which I’m definitely looking forward to listening in on. While in its genesis mobile security is definitely a growing trend out at RSA this year, it will continue to take center-stage as attacks against mobile devices continue to increase.

RSA is a multi-track event and has a lot of content to choose from. I’m often asked which talks I’m planning on listening in on, so I thought I’d also post my picks for those of you with an interest in advanced threats and related topics. As follows:

Sustaining Trust in a Hyperconnected World (Art Coviello - RSA) (Tues: Keynote/8AM)
Deconstructing the Breach (Tues 1:10 – 2:20 PM) Elephant in the Room: Intellectual Property Hacking (Tues 3:50-5:00 PM)
Cyber Battlefield: The future of Conflict (Weds: 8 – 9:10 AM)
Modern Cyber Threats: The changing face behind the keyboard (Weds: 9:30 – 10:20 AM)
Hacking Exposed: Mobile RAT Edition (Weds: 10:40 – 11:30 AM)
Worm: The first digital world war (Thurs: 8 – 9:10 AM) Showcase Showdown: Browser Security Edition (Thurs: 1 – 1:50 PM)
iOS Security Internals (Fri: 10:10 - 11 AM)

Tom Parker is Chief Technology Officer at FusionX.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7441
Published: 2015-05-29
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2014-9727
Published: 2015-05-29
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

CVE-2015-0200
Published: 2015-05-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

CVE-2015-0751
Published: 2015-05-29
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

CVE-2015-0752
Published: 2015-05-29
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?