SecTor Talks – October 28, 2009

Hacking the Privacy Legislation – Tracy Ann Kosa
In today’s environment of particularly scarce resources, privacy can be easily buried under its sexier older sister – security. But the need to balance the two is an ongoing concern when it comes to any system that collects, uses and discloses personal information. This session will focus on exploring the differences between the two, and identifying what areas of the privacy legislation are mainly unenforced or unenforceable. In addition, it will identify what people, processes and technical requirements overlap and give you better bang for your compliance dollar.

Portable Document Malware, the Office, and You – Get owned with it, can’t do business without it – Seth Hardy
Many new types of malware, particularly targeted attacks against high-value targets, are using a very effective vector: common document formats such as Word, PowerPoint, and PDF. Unlike executables, businesses can’t just block these ubiquitous file types. While there are ways to spot this kind of malware, many antivirus companies are lagging behind with generic detection, making AV evasion simpler than you’d be comfortable with.
We’ll start with a high level overview of the file formats for Microsoft Office (Word, Excel, PowerPoint) and PDF, and see how they can be used to distribute malware. Then, we’ll take a look at why these formats are difficult to scan using traditional (signature-based) antivirus techniques. Finally, we’ll cover effective (heuristic-based, deep inspection) methods for spotting malware which attempts to hide in file formats which can’t just be blocked.

Crimeware: Web Exploitation Kits Revealed – Roy Firestein
The session introduces the attendee to how crimeware has become increasingly popular in recent years, the indistinguishable similarities with legitimate business and the dangers the internet community is facing. There will also be a live demonstration of the infamous Mpack (or other similar kit), including a minor exercise encouraging one to identify methods to mitigate or detect such scenarios.
Source: task



Posted in Events.