Don't miss it.
Security As If Your Life Depended On It (because it might!)
With Daniel Klein, Consultant
If my computer crashes, it's not the end of the world - it just seems that way sometimes, when I lose 3+ hours of work. But computers are appearing everywhere - in our phones, cars, airplanes, medical devices and urban infrastructure in more ways that we imagine, and they are networked in more ways than we know.
Our telephone network is becoming more and more IP based. Generators and power systems are on the internet for "maintenance and diagnostic purposes", but they are also the targets of hackers (with catastrophic consequences). The new Boeing 787 will have in-flight internet access at each seat, but the same network was originlly designed to be connected to the avionics. Pacemakers can be hacked wirelessly. Suddenly a computer crash threatens more than 3 hours of work, it threatens my life! And while man-rated systems are rigorously tested for proper functioning, it is much harder to prove the negative that "you can't break in".
This talk will look at some fundamental assumptions about security that cannot be addressed with the "patch it in the next release" mentality - we have to get it right the first time. What I hope to convey is that Security (and paranoia) has to be a lifestyle choice and not just your job. And as security professionals, we need to convince everyone that there are no shortcuts - because the shortest path from 35,000 feet is straight down.
Daniel V. Klein began his life of crime in 2nd grade, when he was
caught with a pack of firecrackers. Since then his brushes with
authority have been sporadic but relentless, but have not managed
to deny him a security clearance, a job, or his well deserved
reputation as an off-the-wall maverick. His computer experience
has included simulation and process control, the internals of almost
every Unix kernel released in the past 32 years, graphical user
interface management systems, compilers, medical diagnostic systems,
the 800 year history of drawing languages, Ada runtime kernels, a
racetrack betting system, computer and physical security, and oodles
of CGI scripts.
He holds a Masters of Applied Mathematics from Carnegie Mellon University in Pittsburgh, and in his free time is a photographer, directs a professional a cappella group, and is a member of an improv comedy troupe. Dan is a frequent invited speaker and tutorial instructor at USENIX, SANS, and assorted courtrooms and classrooms around the world.