RSA Conference highlighted talks – Wednesday

For the lucky ones that are able to attend the RSA Conference today, here is a selected list of talks that look very promising:

Fundamental Failures of Endpoint Security
Speaker: Stefan Frei, Research Analyst Director Secunia
Scheduled Date/Time: Wednesday, February 16 2:30 PM
Briefing Center

This session will explore the fundamental failings of endpoint security that continue to turn most Internet users (corporate and private) into easy prey for cybercriminals. Data from three million users of Secunia PSI provide a unique insight into the exposure of endpoint systems.

Attendees will be able to understand security risks posed by diverse software portfolios on endpoints, and gain awareness about the origins of vulnerability threats, learn that operating system (OS) and Microsoft products are no longer the primary attack vectors and learn how to identify and apply missing patches for *all* programs

War Stories From the Frontlines of Internet Privacy
Speaker: Lance Cottrell, Chief Scientist and Founder of Anonymizer, Inc.
Scheduled Date/Time: Wednesday, February 16 11:10 AM
Orange Room 306

This session will examine lessons learned and experience from the perspective of someone who has been in the middle of the technological privacy battle for the last 18 years, including best practices and policies and some good stories along the way. Attendees with basic Internet experience and a rudimentary understanding of the history of privacy and cryptography will find this session informative and thought provoking.

Through a real-world timeline that addresses the early consumer privacy debate – international censorship, historical developments brought on by the 9/11 attacks, and emerging profiling tactics that search engines and websites are engaging in – attendees will gain an understanding of the Internet as an evolving space, become better equipped to recognize and analyze existing threats to their own networks, and come away with a framework that allows them to make more informed choices for their own consumer and enterprise Internet privacy needs.

Rethinking Passwords
Speaker: William Cheswick, Lead Member of the Technical Staff, AT&T
Scheduled Date/Time: Wednesday, February 16 01:00 PM
Orange Room 306

Traditional password advice and rules are seldom appropriate for today’s threats, yet we labor with the password rules and servers of yesteryear. Strong passwords are weakening our security, and it is time to fix that. There are numerous proposals for new password solutions. This session will present a few half-baked ideas, but there are good solutions available now.

Cloud Investigations and Forensics
Speaker: Davi Ottenheimer, President, flyingpenguin
Scheduled Date/Time: Wednesday, February 16 01:00 PM
Orange Room 305

Cloud computing’s growth in popularity has been due to the lure of inexpensive and redundant storage, computation and services. This presentation provides an analysis of what happens when things go wrong, by looking at real-world cloud computing investigations and digital forensics. It proposes a set of technical and legal recommendations to reduce risk. Investigations will be reviewed in this presentation and attendees should be well-versed in network, system and application security skills related to incident response and forensics. Examples will include details of file formats, file systems, processes, memory registers and network packets.

Misconceptions of Security
Speaker: Paul Kocher, President, Cryptography Research, Inc.
Scheduled Date/Time: Wednesday, February 16 01:00 PM
Red Room 103

Paul Kocher explores misconceptions about security, including those he has been guilty of. Fallacies discussed include categorizing security and insecurity as binary states, assuming that additional paperwork will improve security, dismissing TSA’s screening as useless theater, and overestimating the human brain’s ability to comprehend complex systems.