Share with Your Network
BayThreat, an annual bay area information security conference, was this past weekend. As in years past it was top notch and well organized. The conference returned to it’s old home, the Hacker Dojo, for this fourth incarnation.
Some highlights (in no particular order):
- Nick Sullivan spoke on white box cryptography, and the lack of a current open source implementation. White box cryptography attempts to address situations where the attacker has already compromised a host, but you want to prevent them from making use of encryption keys. Nick outlined some techniques, caveats and examples of current implementations. He then announced the Open WhiteBox project, which aims to release an open source implementation of this style of crypto.
- Allison Miller discussed using operations management paradigms to create risk models. Using (don’t call it big) data to find leading risk indicators allows you to focus on the variables that matter. She also covered using feedback loops to improve and adjust your model over time, keeping you responsive to new threats.
- Scott Roberts explained how GitHub uses Hubot to manage many aspects of operations, including security. Having the company exist in a series chatrooms allows everyone to be involved in responding to security incidents, something Scott compared to pair programming. GitHub has given Hubot a central role in management and is easily extensible, allowing others to customize it for their needs.
- Finally, Nathan McCauley from Square presented on the challenges of deploying hardware cryptographic devices on the cheap. Square allows merchants to accept payments via a small hardware device that plugs into a smartphone or tablet. Creating such a device brought interesting challenges such as: no random number generator, only 256 bytes of memory, low power and overseas production. The talk covered how Square addressed these during the design of their solution.
I also presented on surviving an application DoS attack. BayThreat did not disappoint, and I’ll definitely be returning next year. If you would like to know more about BayThreat and these subjects, check out their website at http://www.baythreat.org/.
Read the Latest Content
Research Reports
Prioritization to Prediction Volume 5: In Search of Assets at Risk
The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.
DOWNLOAD NOW
eBooks
5 Things Every CIO Should Know About Vulnerability Management
If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look. Managing vulnerabilities is...
DOWNLOAD NOW
Videos
Videos
Get Started Using the Exploit Prediction Scoring System (EPSS).
Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...
READ MORE