Video and Materials


Paul Howell

U-M Security Initiatives Update

Paul Howell (CISSP) is the Chief Information Technology Security Officer at the University of Michigan, and he directs the Information Technology Security Services office. He is a graduate of the University of Michigan in Computer Science, with a Master's degree in Information Security from Eastern Michigan University. Paul has over 20 years of computer and network security experience.

Jack Bernard

This presentation will discuss IT security from a legal perspective: what we must protect, what we must disclose, and what we must retain and destroy. It will look at specific laws, such as HIPAA, FERPA, FOIA, and USA-PATRIOT ACT, among other federal and state laws in the evolving legal landscape. It will also delve into University policy and practice including some discussion of the University's defense and indemnification policy.

Jack Bernard has been an academic administrator for 18 years and has worked at the University since 1993 in a variety of capacities. Now, an attorney in the General Counsel's Office, his primary areas of responsibility include intellectual property law, cyberlaw, privacy, security, the First Amendment, student law, and transactional work. Jack is an adjunct faculty member in the schools of Law, Education, Information, Public Policy, and Business, and he serves as chair of the University's Council for Disability Concerns.

Joshua Brashars

Google Hacking

This simple tool can be bent by hackers and those with malicious intents to find hidden information, break into sites, and access supposedly secure information. Borrowing the techniques pioneered by malicious "Google hackers," this presentation aims to show security practitioners how to protect clients properly from this often overlooked and dangerous form of information leakage.

Joshua Brashars has been in love with technology from an early age. A moderator of since 2004, Joshua is honored to have been invited to present at SUMIT_05. In addition to Google Hacking, he is also a wireless security enthusiast. Joshua would like to thank his friends, family, and his fellow moderators for their endless support in his pursuit of the CISSP certification.

Dr. Jose Nazario

This presentation will focus on malicious worms and denial of service attacks and their potential for disrupting the Internet and worldwide business. 

Dr. Nazario is a security researcher and senior software and security engineer at Arbor Networks. He is the author of Defense and Detection Strategies Against Internet Worms, (2003). His interests include Internet events that disrupt worldwide networks such as worms and denial of service attacks. He is a frequent presenter at Internet security events and forums.

Bruce Burrell

Contemporary Developments in PC Malware

This presentation will examine a brief history of computer attacks and attackers. Methods and motivations of the current environment and how to safeguard against them will be discussed. Bruce will also take a look into a "murky crystal ball" and attempt to guess what the future may bring.

Bruce Burrell joined the U-M antivirus team at its inception in 1988. He became the team leader in 1992 but continues to wear his tech hat: he handles product testing, builds installers, maintains current virus definitions for auto updating, and provides antivirus support. He also keeps an ever-wary eye peeled for new malware outbreaks worldwide.

Brian Hernacki

Symbian Malware: Worms/Viruses and Other Malware that Infect Smart Phones and Other Mobile Devices

This presentation examines the emerging class of malware focused on the Symbian operating system, the leading platform for mobile devices and smart phones. It discusses the exploitation trends observed over the last year and then examines several examples in detail by reviewing the introduction, infection, and propagation techniques for each example, describing how they operate, and explaining what this tells us about the evolution of mobile malware. The presentation also includes a frank discussion of current defensive methods and possibilities about future improvements.

Brian Hernacki works for Symantec Research Labs on the development of future technologies. Brian has more than ten years of experience with computer security and enterprise software development. He has conducted research and commercial product development in a number of security areas including intrusion detection and analysis techniques, honeypots, and wireless and mobile technologies. Prior to Symantec, Hernacki was Chief Scientist at Recourse Technologies and a senior engineer at Netscape Communications. Brian graduated from the University of Michigan with a degree in Computer Engineering.

Daniel Drumm and Seth Meyer

Two-Factor Authentication at U-M

This presentation will discuss the Two-Factor Authentication project, which the MAIS Security and Network Services Group has undertaken in support of a MAIS initiative to augment logins to M-Pathways, Wolverine Access, and other internal Michigan Administrative Information Services (MAIS) systems. It will review other authentication efforts at U-M, such as the MCard Office experimentation with smartchips in the identity badge and password generation tokens that various departments and schools have adopted to augment memorized passwords. The future direction for the project and its potential relevance to users outside MAIS will be discussed. The presentation will include information about one-time password tokens, and it will cover smartcards, which the project is considering to meet the immediate goal of providing one-time, non-reusable passwords to specific kinds of users. 

Daniel Drumm is the Information Systems Security Manager for MAIS, the U-M division that designs, implements, and supports U-M administrative information systems and processes. Dan received his B.A. from the University of Michigan in 1990, and went on to Rush University in Chicago, where he helped design and implement the first converged voice, video, and data network for a major medical center in Chicago. In 1998, Dan began working in Colorado for Cisco Systems as a network security and Voice Over IP systems engineer. He recently returned to Michigan after working as Ball Packaging and Aerospace's chief network and security architect for two years. Dan has earned several IT certifications from Cisco, Checkpoint and others in a variety of security and networking technologies. Dan is working on his CISSP and CISM currently.

Seth Meyer is an Information Systems Security Analyst for MAIS. Seth received his B.S. from the University of Michigan with a concentration in Mathematics and Statistics. Seth first became interested in the Unix operating system and internet security issues during an internship with the ITD Statistics and Computation Service. Seth became the technical lead and manager of the ITD Login Service in 1999, working on projects including synctree, OS templatization, and SSH integration. In 2003 Seth joined the MAIS Security and Network Services team. Projects he has worked on at MAIS include SSH deployment, broadening the usage encryption, and architecture of enterprise authentication systems. Seth is currently working on comprehensive logging and two-factor authentication.

Erkan Chase

Erkan Chase is a graduate of Binghamton University, State University of New York. He majored in Industrial Engineering and Sociology and minored in Business. Erkan has worked as an investment banker for Manufacturers Hanover Trust Bank and as a New York City Probation Officer. He was later employed by the New York City Police Department as a Detective in the Major Case Narcotics Section and the Organized Crime Section. Erkan subsequently was employed as a special agent for the Federal Bureau of Investigation. He was assigned to investigate bank fraud and white collar crime in the New York Field Office. He worked in the Computer Crime Program and Computer Intrusion Program in the Detroit Field Office. He was then transferred to FBI Headquarters as Supervisory Special Agent in the Computer Intrusion Unit. Currently, Erkan is the Unit Chief for the Criminal Computer Intrusion Unit.