Tag: infosec

Day 2 – Wed June 12 2013:
1:20pm – “Detecting modern malware in your environment”, by Iain Patterson, information security officer, Trillium Health Partners

This presentation offered a high level survey of how to mitigate, detect, handle and remove malware from computer systems. The bulk of the presentation was fairly high level, discussing process, concepts and best practices.

The last couple of slides were quite valuable, as they identified the tools that are helpful in detecting and mitigating malware. Iain offered two sets of tools:

The “Security on a budget” list:

• Security Onion
• IPTables
• Splunk
• Syslog Server
• Clam AV
• EMET

Iain also offered a great list of bigger budget tools. Unfortunately, I couldn’t get the list. I’ll be watching for the slides, at which point I’ll update my list.

Ian’s final slide highlighted some great tools for malware analysis:

• Anubis
• Comodo
• Eureka
• Jotti
• Jsunpack
• ThreatExpert
• VirusTotal
• Wepawet

Very valuable resources!

Day 2 – Wed June 12 2013:
12:30pm – “Keynote: Embracing BYOD”, by Tyler Lessard, CMO, Fixmo.

This presentation offered a high level survey of the risks and best practises pertaining to Bring Your Own Device (BYOD). I didn’t take many notes at this session. There was plenty of good discussion, but nothing noteworthy.

Day 2 – Wed June 12 2013:
11:30am – “Forensics”, hosted by Ron Plesco, managing director, cyber investigations/risk consulting, KPMG

Ron provided a great presentation. He walked the audience through a few examples of malware, how they work and how to detect and clean systems that have been infected (rebuild!). I really want to get the slides for this presentation. I will link to them here if/when I obtain them.

Ron started by giving an overview of Leprechaun Lite, which is a 2 year old malware package that is used to intercept banking info. He explained how it worked and he walked through an example of the malware capturing user data.

Ron shared a fantastic Jimmy Kimmel Anonymous video from YouTube. Too funny! This video was referring to OpUSA, which was supposed to occur on May 7 2013.

Ron summarized the best approach to stopping hackers: “Think like a hacker!” We (as in government, business infosec personnel, law enforcement, etc.) need to be skilled resources who think like hackers, not like PEN testers. That’s the only way we’re going to identify and fix threats before the damage is done.

Ron walked us through the investigation steps for an information security incident. The full steps are exhaustively highlighted in the National Institute of Standards and Technology’s (NIST) Computer Security Incident Handling Guide.

Overall, this was a fantastic presentation: plenty of great material, articulate and engaging speaker and interesting topic.

Day 2 – Wed June 12 2013:
9:50am – “Keynote: Supply Chain + cyber intelligence + (insert bad country) = Risk”, hosted by Curtis Levinson, U.S. cyber defense advisor to NATO

Curtis was a great storyteller. He shared plenty of stories pertaining to the origins and history of Stuxnet and a Maryland Sorority girl who found herself ostracized after posting offensive material on Facebook.

Curtis summarized his presentation by warning us to be careful where we get our computer equipment from. Beware of the potential for manufacturers (whether foreign or domestic) to insert malware and other spying mechanisms into the supply chain, and ultimately, into your environment.

Day 2 – Wed June 12 2013:
9am – “Extending to mobility platforms”, hosted by Daniel Legault, senior IAM/security advisor and architect, IBM Canada & Mike Balneaves, director, infrastructure engineering, OMERS.

This session offered a high level policy overview of mobility deployment concerns. I found this session to be a great survey of the landscape. I was hoping for a more technical presentation, but, unfortunately, there was little in terms of in-depth technical information in this session.