Thursday, August 4, 2005 - 8 a.m. to 5 p.m.

The first annual Security at University of Michigan IT (SUMIT) was held on Thursday, August 4, 2005. As the university's flagship event for National Cybersecurity Awareness Month, SUMIT is an exciting opportunity to hear nationally recognized experts discuss the latest technical, legal, and operational trends and threats in cyberspace. 

Paul Howell

University of Michigan Chief Information Technology Security Officer

U-M Security Initiatives Update

Paul Howell (CISSP) is the Chief Information Technology Security Officer at the University of Michigan, and he directs the Information Technology Security Services office. He is a graduate of the University of Michigan in Computer Science, with a Master's degree in Information Security from Eastern Michigan University. Paul has over 20 years of computer and network security experience.

Jack Bernard

Current Legal Issues Impacting IT Security

This presentation discussed IT security from a legal perspective: what we must protect, what we must disclose, and what we must retain and destroy. It looked at specific laws, such as HIPAA, FERPA, FOIA, and USA-PATRIOT ACT, among other federal and state laws in the evolving legal landscape. It also delve into University policy and practice including some discussion of the University's defense and indemnification policy.

Jack Bernard has been an academic administrator for 18 years and has worked at the University since 1993 in a variety of capacities. Now, an attorney in the General Counsel's Office, his primary areas of responsibility include intellectual property law, cyberlaw, privacy, security, the First Amendment, student law, and transactional work. Jack is an adjunct faculty member in the schools of Law, Education, Information, Public Policy, and Business, and he serves as chair of the University's Council for Disability Concerns.

Joshua Brashars

Google Hacking

This simple tool can be bent by hackers and those with malicious intents to find hidden information, break into sites, and access supposedly secure information. Borrowing the techniques pioneered by malicious "Google hackers," this presentation aimed to show security practitioners how to protect clients properly from this often overlooked and dangerous form of information leakage.

Google Hacking - Presentation Materials

Joshua Brashars has been in love with technology from an early age. A moderator of since 2004, Joshua is honored to have been invited to present at SUMIT_05. In addition to Google Hacking, he is also a wireless security enthusiast. Joshua would like to thank his friends, family, and his fellow moderators for their endless support in his pursuit of the CISSP certification.

Dr. Jose Nazario

Current Trends and Future Predictions for Large-Scale Attacks and Worms

This presentation focused on malicious worms and denial of service attacks and their potential for disrupting the Internet and worldwide business. 

Current Trends and Future Predictions for Large-Scale Attacks and Worms - Presentation Materials

Dr. Nazario is a security researcher and senior software and security engineer at Arbor Networks. He is the author of Defense and Detection Strategies Against Internet Worms, (2003). His interests include Internet events that disrupt worldwide networks such as worms and denial of service attacks. He is a frequent presenter at Internet security events and forums.

Bruce Burrell

Contemporary Development in PC Malware

This presentation examined a brief history of computer attacks and attackers. Methods and motivations of the current environment and how to safeguard against them will be discussed. Bruce will also take a look into a "murky crystal ball" and attempt to guess what the future may bring.

Contemporary Development in PC Malware - Presentation Materials

Bruce Burrell joined the U-M antivirus team at its inception in 1988. He became the team leader in 1992 but continues to wear his tech hat: he handles product testing, builds installers, maintains current virus definitions for auto updating, and provides antivirus support. He also keeps an ever-wary eye peeled for new malware outbreaks worldwide. 

Brian Hernacki

Symbian Malware: Worms/Viruses and Other Malware that Infect Smart Phones and Other Mobile Devices

This presentation examined the emerging class of malware focused on the Symbian operating system, the leading platform for mobile devices and smart phones. It discussed the exploitation trends observed over the last year and then examined several examples in detail by reviewing the introduction, infection, and propagation techniques for each example, describing how they operate, and explaining what this tells us about the evolution of mobile malware. The presentation also included a frank discussion of current defensive methods and possibilities about future improvements.

Symbian Malware - Presentation Materials 

Brian Hernacki works for Symantec Research Labs on the development of future technologies. Brian has more than ten years of experience with computer security and enterprise software development. He has conducted research and commercial product development in a number of security areas including intrusion detection and analysis techniques, honeypots, and wireless and mobile technologies. Prior to Symantec, Hernacki was Chief Scientist at Recourse Technologies and a senior engineer at Netscape Communications. Brian graduated from the University of Michigan with a degree in Computer Engineering.

Daniel Drumm

Two-Factor Authentication at U-M

This presentation discussed the Two-Factor Authentication project, which the MAIS Security and Network Services Group has undertaken in support of a MAIS initiative to augment logins to M-Pathways, Wolverine Access, and other internal Michigan Administrative Information Services (MAIS) systems. It reviewed other authentication efforts at U-M, such as the MCard Office experimentation with smartchips in the identity badge and password generation tokens that various departments and schools have adopted to augment memorized passwords. The future direction for the project and its potential relevance to users outside MAIS were discussed. The presentation included information about one-time password tokens, and it covered smartcards, which the project was considering to meet the immediate goal of providing one-time, non-reusable passwords to specific kinds of users. 

Two-Factor Authentication at U-M - Presentation Materials

Daniel Drumm is the Information Systems Security Manager for MAIS, the U-M division that designs, implements, and supports U-M administrative information systems and processes. Dan received his B.A. from the University of Michigan in 1990, and went on to Rush University in Chicago, where he helped design and implement the first converged voice, video, and data network for a major medical center in Chicago. In 1998, Dan began working in Colorado for Cisco Systems as a network security and Voice Over IP systems engineer. He recently returned to Michigan after working as Ball Packaging and Aerospace's chief network and security architect for two years. Dan has earned several IT certifications from Cisco, Checkpoint and others in a variety of security and networking technologies. Dan is working on his CISSP and CISM currently.

Seth Meyer

Two-Factor Authentication at U-M

Seth Meyer is an Information Systems Security Analyst for MAIS. Seth received his B.S. from the University of Michigan with a concentration in Mathematics and Statistics. Seth first became interested in the Unix operating system and internet security issues during an internship with the ITD Statistics and Computation Service. Seth became the technical lead and manager of the ITD Login Service in 1999, working on projects including synctree, OS templatization, and SSH integration. In 2003 Seth joined the MAIS Security and Network Services team. Projects he has worked on at MAIS include SSH deployment, broadening the usage encryption, and architecture of enterprise authentication systems. Seth is currently working on comprehensive logging and two-factor authentication.

Erkan Chase

Current Trends in Computer Crim

Erkan Chase is a graduate of Binghamton University, State University of New York. He majored in Industrial Engineering and Sociology and minored in Business. Erkan has worked as an investment banker for Manufacturers Hanover Trust Bank and as a New York City Probation Officer. He was later employed by the New York City Police Department as a Detective in the Major Case Narcotics Section and the Organized Crime Section. Erkan subsequently was employed as a special agent for the Federal Bureau of Investigation. He was assigned to investigate bank fraud and white collar crime in the New York Field Office. He worked in the Computer Crime Program and Computer Intrusion Program in the Detroit Field Office. He was then transferred to FBI Headquarters as Supervisory Special Agent in the Computer Intrusion Unit. Currently, Erkan is the Unit Chief for the Criminal Computer Intrusion Unit.