October 15, 2013
U-M Rackham Auditorium
October 15, 2013
U-M Rackham Auditorium
Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors
IPMI: Understanding Your Server's Remote Backdoor
Protecting Data on iOS Devices
Terms of Abuse
Lunch on your own
DIRTy rats: Adventures in the Online Underworld
Defense in Depth
Visiting Scholar at the University of Michigan
Electromagnetic interference (EMI) affects circuits by inducing voltages on conductors. Analog sensing of signals on the order of a few millivolts is particularly sensitive to interference. This talk will present an overview of work that (1) measures the susceptibility of analog sensor systems to signal injection attacks by intentional, low-power emission of chosen electromagnetic waveforms, and (2) proposes defense mechanisms to reduce the risks.
Denis Foo Kune is a Visiting Scholar at the University of Michigan working with Prof. Kevin Fu. Dr. Foo Kune received his M.S. and Ph.D. in Computer Science from the University of Minnesota. His current work focuses on the security of medical devices and his latest publication investigates the impact of signal injection over electromagnetic interference on analog sensors. His other work includes secure protocols for clinical environments and location privacy on cellular network protocols. He has over a decade of experience in the industrial control industry, primarily at the Honeywell Labs where he worked on designing industrial wireless network protocols, evaluate industrial networks, and represented Honeywell on technical standard committees.
Computer Science Graduate Student, University of Michigan
Recently, the security of Intelligent Platform Management Interface (IPMI) devices has emerged from the relatively unknown to become a major new security concern. IPMI is an industry-standard specification for remote out-of-band server management, providing powerful remote management capabilities to the wielder. In this talk, we explore the resulting security concerns, including many recent developments. In addition, we present our work in which we reverse-engineered the IPMI implementation of a major OEM, and discovered blatant textbook vulnerabilities. These vulnerabilities allow a remote user to gain full control of the system. Using data from Internet-wide scans, we found at least 100,000 IPMI-enabled servers (across three large vendors) running on publicly accessible IP addresses, contrary to recommended best practice. In conclusion, we suggest defensive strategies for system administrators and consider lessons that IPMI can teach us about security.
This talk is based on work presented at the 7th Usenix Workshop on Offensive Technologies (WOOT) entitled "Illuminating the Security Issues Surrounding Lights-Out Server Management"
Anthony J Bonkoski is a Computer Science Graduate Student at the University of Michigan. He has numerous interests including Robotics, Security, and Compilers. Professionally, he works on research and development of self-driving vehicles. On the side, he experiments with JIT compilers, enjoys reverse-engineering software to audit security, and occasionally blogs at jabsoft.io. In his recent security work, he discovered numerous blatant security flaws in crucial server management firmware.
We've seen the deep technical research showing what makes iOS devices secure (or sometimes not so much). But once you grok ASLR and code signing, are you really any closer to understanding the risk these devices present to your environment?
This talk reviews the key technologies available to keep data protected on iStuff, hopefully framing the discussion in a way decision makers can understand. From built-in features, to tricks for getting around them, to advanced attacks, we look at the most important things you can do to keep your data secure. It also provides a no-nonsense reality check on the reasons you'll never be 100% safe.
The talk concludes with a short review of best practices, both for configuration and custom application development, as well as a review of improved controls introduced in iOS 7.
David is a Senior Consultant with Intrepidus Group, where he performs web and iOS application security testing, penetration testing, iOS research, MDM reverse engineering, and other such fun. He's fortunate to have spoken at multiple security conferences on topics from rainbow tables to MDM to puzzle contests.
When not actively engaged in paying work, David loves solving crypto puzzles, working on side projects, and, when he remembers the app on his phone, looking for Geocaches. He can be found on Twitter as DarthNull, and is way behind on his puzzle writeups at darthnull.org.
Computer Science Ph.D. Student, Stanford University
Odds are, you're a criminal. That's because an 80s-era hacking statute, the Computer Fraud and Abuse Act, makes it unlawful to "access" a computer system "without authorization." In the most expansive interpretation, merely running afoul of a website's legalese is a violation of federal law. CFAA may have made sense when it was enacted, but it now poses serious risks to consumers, entrepreneurs, and especially computer security researchers. This talk will review the history of CFAA and explain how the statute is backfiring. It will also present research on how CFAA has proven dysfunctional in private litigation, doing little to promote computer security and privacy while establishing expansive liability. The talk will close by addressing efforts at reform by legislators and the judiciary—and detailing how they don't go far enough.
Jonathan Mayer is a Ph.D. student in computer science at Stanford University, where he received his J.D. in 2013. Jonathan is a Cybersecurity Fellow at the Center for International Security and Cooperation, a Junior Affiliate Scholar at the Center for Internet and Society, and a Stanford Interdisciplinary Graduate Fellow . He earned his A.B. at Princeton University in 2009, concentrating in the Woodrow Wilson School of Public and International Affairs . Jonathan has consulted for both federal and state law enforcement agencies, and his research on consumer privacy has contributed to multiple regulatory interventions. A proud Chicago native, Jonathan is undaunted by freezing weather and enjoys celery salt on a hot dog.
Blogs are an attractive target for hackers, since many are poorly secured but have access to immense network bandwidth. We'll examine a case study of a piece of malware dubbed Fort Disco that compromised thousands of blogs, and examine the attacker's tools, techniques, and motivations.
Matt Bing started his career in 2000 at the Ann Arbor-based intrusion detection system vendor Anzen Computing, shortly thereafter purchased by NFR Security. At both organizations, Matt was focused on analyzing exploits and writing network-based signatures to detect attacks. In 2004 Matt helped form ITSS, the new central security office at the University of Michigan. For the next eight years, Matt acted as the incident response coordinator for the university, helping to expertly respond to the most serious IT security incidents across campus. Matt is now a malware analyst on the ASERT team at Arbor Networks.
Spying on people through the webcams and microphones of their laptop computers isn't the stuff of science fiction—and it's not limited to hackers. We'll take a look at how remote access tools (RATs) have been appropriated by everyone from voyeurs to school districts to the FBI, and what RATs mean in an age of changing privacy principles.
Nate is the deputy editor at Ars Technica, where he writes regularly about technology law and policy, and his work has also been published in outlets like The Economist and Foreign Policy. He is the author of the new book, The Internet Police: How Crime Went Online, and the Cops Followed. His first computer was an Atari 600XL with a tape drive and so little memory that it could be filled just by typing in programs from magazines.
WellStar Health System, Inc.
For years information security practitioners have been encouraged to use "Defense In Depth" as a strategy to cope with the rapidly evolving threats we see every day. The problem is that we’ve approached this as a technological problem instead of the actual philosophical problem. In this talk we will discuss how to think about defense in depth and how to avoid missteps and mistakes as you rethink your security posture.
Martin Fisher has been in IT for over 20 years and in information security for the last eight. He currently serves as the Director of Information Security for multi-hospital, 13,000 employee healthcare provider in Atlanta, Georgia. In the past he has worked in the commercial aviation and finance sectors for organizations large and small.
Martin is passionate about "Doing Security Right" and has spoken internationally on a variety of information security topics. He is also the host of the Southern Fried Security podcast which has reached thousands of information security practitioners over the last three years.
You can engage Martin on Twitter as @armorguy and through the Southern Fried Security Podcast website.