Core Security Developers Selected to Present at CanSecWest.Leading Security Experts to Discuss Smart Phone Insecurities and Persistent BIOS Infection BOSTON -- Core Security Technologies, provider of the CORE IMPACT family of comprehensive enterprise security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, solutions, today announced that three of its CoreLabs exploit authoring and vulnerability research experts - Alfredo Ortega, Anibal Sacco and Nico Economou, have been selected to serve as speakers at the upcoming CanSecWest conference being held in Vancouver from March 16-20. Presentations Who: Alfredo Ortega and Nico Economou, Core Security Technologies What: "Multiplatform iPhone, Android An open platform for cellphones from the Open Handset Alliance (OHA). Based on Linux, Android includes a library of Java classes for building mobile applications. Android and GPhone Shellcode and other smart phone insecurities" Where: CanSecWest - Sheraton Wall Centre - Vancouver, B.C. When: Wednesday, March 18, 3:00 p.m. EDT EDT abbr. Eastern Daylight Time EDT Eastern Daylight Time EDT n abbr (US) (= Eastern Daylight Time) → hora de verano de Nueva York EDT Presentation Details Smartphones are becoming a ubiquitous communications platform, but many potential security risks reside in the devices with few technological barriers to prevent them. This talk will highlight the device architectures and onboard protection measures offered in three major smartphone platforms: Google Android, Apple iPhone and Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. Mobile. A multi-platform ARM shellcode and other possible attacks will also be demonstrated during the event, which will illustrate just how easily attackers could compromise your wireless device. Alfredo Ortega and Nicolas Economou  should be added to this article, to conform with Wikipedia's Manual of Style.Please discuss this issue on the talk page. Alfredo Ortega works at Core Security Technologies as an exploit writer, OpenBSD, FreeBSD and Linux Platform Manager. He is pursuing a PhD at ITBA ITBA Instituto Tecnológico de Buenos Aires (Argentina) ITBA Irish Thoroughbred Breeders' Association ITBA Irish Tenpin Bowling Association ITBA Indo-Turkish Business Association ITBA Issue Transactions by Activity , Instituto Tecnologico de Buenos Aires Buenos Aires (bwā`nəs ī`rēz, âr`ēz, Span. bwā`nōs ī`rās), city and federal district (1991 pop. , and has been a speaker at several security and computer science conferences including Black Hat, Defcon and Ekoparty. His hobbies include FPGA (Field Programmable Gate Array) A type of gate array that is programmed in the field rather than in a semiconductor fab. Containing up to hundreds of thousands of gates, there are a variety of FPGA architectures on the market. synthesis and security research. Nicolas Economou has worked for the last 3 years as an exploit writer at Core Security Technologies creating exploits for multiple platforms Refers to two or more operating environments, which typically include the CPU family and operating system. For example, if versions of a program run on Windows and the Macintosh, the software is said to support multiple platforms. including Mac OS X, Windows, Linux and iPhone. In his free time he enjoys creating tools (including disassemblers and debuggers) to help in the reverse engineering process. Who: Anibal Sacco and Alfredo Ortega, Core Security Technologies What: "Persistent BIOS Infection" Where: CanSecWest - Sheraton Wall Centre - Vancouver, B.C. When: Thursday, March 19, 8:00 a.m. EDT Presentation Details When developing rootkits, one of the biggest problems is executing the malicious code, surviving reboots and remaining undetected. This talk will demonstrate how malicious code can be injected into commercial BIOS firmware A category of memory chips that hold their content without electrical power. Firmware includes flash, ROM, PROM, EPROM and EEPROM technologies. When holding program instructions, firmware can be thought of as "hard software." See flash memory, ROM, PROM, EPROM, EEPROM and FOTA. . Instead of utilizing other rootkit methods which make use of the ACPI (Advanced Configuration and Power Interface) A power management specification developed by Intel, Toshiba and Microsoft that makes hardware status information available to the operating system. specification, Core Security has focused on a binary generic implementation independent of the installed OS to simulate how attackers can take control of a system. Anibal Sacco Anibal Sacco is a senior exploit writer and reverse engineer at Core Security Technologies. He has been researching vulnerabilities and developing exploits for Windows, OS X and Linux for 3 years. Afterfocusing for some time on Microsoft Windows kernel-mode vulnerabilities, he has recently moved on to exploring Apple OS X vulnerabilities. For more information about these presentations or to schedule meetings with Core Security's experts at CanSecWest 2009, please contact Tim Whitman or Megan Prock at 781-684-0770 or email coresecurity@schwartz-pr.com. About CanSecWest CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking See social networking site. social networking - social network . The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. More information is available at http://cansecwest.com. About Core Security Technologies Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product A primary product of a company, which is typically why the company was founded and/or what made it well known. For example, MS-DOS, Windows and the Microsoft Office suite have been flagship products of Microsoft. CorelDRAW is a flagship product of Corel Corporation. , CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion