[Owasp-bayarea] Next Chapter Event - Thursday (8/21) in SF - RSVP for IoT Time Attacks and Cloud Security at Scale

Michael Coates michael.coates at owasp.org
Tue Aug 12 20:06:28 UTC 2014

Come hear about Attacking the Internet of Things using Time and also about
Cloud Security at Scale and What it Means for Your Application.



   - *Paul McMillan, Nebula * - Attacking the Internet of Things using Time
   - *Ben Hagen, Netflix*  - Cloud Security at Scale and What it Means for
   Your Application


   - Date: Thursday, Aug 21
   - 5:30-8pm

 WhereLookout Mobile Security <http://www.lookout.com>, 1 Front St #2700
San Francisco, CA

   - 5:30-6:15 pm : Networking with Drinks & Food
   - 6:15-6:45 : Paul McMillan, Nebula: Attacking the Internet of Things
   using Time
   - 7:00-7:30 : Ben Hagen, Netflix : Cloud Security at Scale and What it
   Means for Your Application
   - 7:30-8:00 : More food, drink, and security "hallway con"


*Bio & Talk Description*

   - * Paul McMillan* - Attacking the Internet of Things using Time
      - Internet of Things devices are often slow and resource constrained.
      This makes them the perfect target for network-based timing
attacks, which
      allow an attacker to brute-force credentials one character at a time,
      rather than guessing the entire string at once. We will discuss
how timing
      attacks work, how to optimize them, and how to handle the many factors
      which can prevent successful exploitation. We will also
demonstrate attacks
      on at least one popular device. After this presentation, you
will have the
      foundation necessary to attack your own devices, and a set of scripts to
      help you get started.
      - Paul McMillan is a security engineer at Nebula. He also works on
      the security teams for several open source projects. When he's
not building
      or breaking the internet, he enjoys, cocktails and photography.

   - * Ben Hagen* - Cloud Security at Scale and What it Means for Your
      - Cloud computing is all the rage, but few organizations have really
      thought about what security means for their applications and networks in
      cloud-centric deployments. Netflix is amongst the largest users of public
      cloud resources and consumes roughly 1/3 of all the US’s downstream
      broadband at peak. This talk will cover the processes used at Netflix to
      deploy and secure large-scale applications to the Cloud. Netflix has
      developed a suite of architectures, processes, and tools to make security
      in the Cloud as elegant as possible... most of these are, or
will soon be,
      Open Sourced. Several tools will be previewed in the talk.
      These systems include:
         - Hundreds of applications; with hundreds of production
         deployments a day ... all using an “immutable server model”
         - Crazy monkeys that roam the clouds to enforce availability
         models through random instance homicide
         - OCD fish that swim cloudy waters to make sure firewalls are sane
         and consistent across the globe
         - Inquisitive penguins automatically assess the risk of an
         application based upon its codebase and interconnections with other
         - ... and many more ...
      - Ben Hagen is likely the only security professional in the world who
      has won both a presidential election and an Emmy. He loves security and
      both building and breaking things. Ben currently leads the Security Tools
      and Operations team at Netflix. During the 2012 US Presidential
Election he
      was in charge of security for the Obama 2012 re-election campaign’s
      technology program. Prior to this role, he was a Security Consultant with
      Neohapsis, and Motorola where he had to break into, and then
help fix, the
      computer networks of lots of organizations.

Michael Coates
Chairman, OWASP Board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bayarea/attachments/20140812/0a6a325c/attachment.html>

More information about the Owasp-bayarea mailing list