[Owasp-cambridge] Next Chapter Meeting Details - 5th December2913

Adrian Winckles adrian.winckles at owasp.org
Sun Nov 24 23:27:14 UTC 2013


Please note, registration details will be confirmed on Tuesday.

OWASP UK Cambridge Chapter Leader

Begin forwarded message:



 OWASP Cambridge Chapter – Security Seminar
 
Thursday 5th December 2013 17:30 – 20:30, Lord Ashcroft Building (LAB005), Anglia Ruskin University, Cambridge.
 
Hosted by the Department of Computing & Technology, Anglia Ruskin University & OWASP (Open Web Application Security Project) Cambridge Chapter

Guest speakers:
 
Denis Edgar-Nevill FBCS CITP – was elected as founding chair of the BCS Cybercrime Forensics SG in December 2008 which now has over 1,600 members in 55 countries. He has been working in the area of Cybercrime Forensics since 2002 with police organisations responsible for specialist high tech crime training for the regional forces and Home Office in the UK. Denis Was an invited member of the ACPO Editorial Board which released the current version of the guidance for police handling digital evidence published in 2012. He also chairs the annual international Cybercrime Forensics Education and Training conferences (CFET) and is the principal researcher/project manager for the €1million EU funded ECENTRE Project.
 
Title : Those That Don’t Study History Are Condemned to Repeat it:The Need to Share Expertise and Experience in the Fight Against Cybercrime
 
Since 2009 the European Commission has been funding the creation of Centres of Excellence in Cybercrime Forensics in member states. The 2Centre project initially developed the definition and support infrastructure for national centres. Over the last three years the EU considered bids under the ISEC Programme and has to date funded the creation of 8 national centres; including ECENTRE in England. The creation of the European Cyber Crime Centre (EC3) within Europol in January 2013has also become a focus supporting the work of these centres. This presentation will briefly discuss the aims and objectives of the ECENTRE project (led by the speaker) and the types of problems it is intended to address. The importance of education cannot be understated (as indicated by the title of this presentation) but understanding the scale of the task is difficult.
 
Many examples of cybercrimes will be discussed which exploit our dependencies on technology, the weakness of our security infrastructures or just our human fallibility. Once you have heard these stories/case studies you have a degree of protection against them. If you recognise the signs of danger in certain situations you don’t need to fall into the same trap. You need to learn the vocabulary and language of cybercrime. But how do we make sure those at risk are made aware these issues?
 
In computer system security every day is a ‘zero-day’ problem day because of the richness and variety of brilliant ideas criminals have in trying to steal, corrupt or subvert you. Without a continuing process of education we go backwards into ‘zero-minus’ problem days where we find ourselves having to learn things we should already know before we can even begin to address new problems.
 
 
Andy Davis has worked in the Information Security industry for over 20 years, performing a range of security functions throughout his career. Prior to joining NCC Group, Andy held the positions of Head of Security Research at KPMG, UK and Chief Research Officer at IRM Plc. Before working in the private sector he worked for ten years performing various roles in Government. Recently, Andy has been leading security research projects into technologies such as embedded systems and hardware interface technologies and developing new techniques for software vulnerability discovery.
 
Title: Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions
 
Embedded systems are everywhere, from TVs to aircraft, printers to weapon control systems. As a security researcher when you are faced with one of these “black boxes” to test, sometime in-situ, it is difficult to know where to start. However, if there is a USB port on the device there is useful information that can be gained. This talk is about using techniques to analyse USB stack interactions to provide information such as the OS running on the embedded device, the USB drivers installed and devices supported. The talk will also cover some of the more significant challenges faced by researchers attempting to exploit USB vulnerabilities using a Windows 8 USB bug recently discovered by the presenter (MS13-027) as an example.
 
 
Background
 
OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.  
The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway.  Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement.  A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop and a local Information Security Student Society.

Agenda

17:30 – 17:45 Welcome from the OWASP Cambridge Chapter Leader,  Adrian Winckles, Course Leader in  Information Security & Forensic Computing, Anglia Ruskin University 
17:45 – 18:30 Denis Edgar Neville (Canterbury Christchurch University) - Those That Don’t Study History Are Condemned to Repeat it:The Need to Share Expertise and Experience in the Fight Against Cybercrime
18:30 – 19:15 Andy Davis (NCC) - Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions
19:15 – 19:30 Q & A
19:30 – 20:00  Refreshments & Networking (coffee, tea, juice) 

The meeting will be held in the Lord Ashcroft Building, Room LAB005 (Breakout Room LAB002 for networking & refreshments).

Please enter through the Helmore Building and ask at reception.

Anglia Ruskin University
Cambridge Campus
East Road
Cambridge
CB1 1PT
 
Adrian Winckles BEng(Hons) CEng MSc MBCS CITP FHEA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20131124/cc30bece/attachment-0001.html>


More information about the Owasp-cambridge mailing list