Hi all -

I figure with the recent SPI Labs whitepaper on SQL injections, some of the
talks and tools may be of interest to listmembers:
-----------------------------------------

For Immediate Release

Contacts

B.K. DeLong
pressblackhat.com
+1.617.877.3271

BLACK HAT WINDOWS SECURITY BRIEFINGS 2002 KEYNOTES INCLUDE
NSA CHIEF AND DIRECTOR OF STANFORD LAW SCHOOL TECHNOLOGY CENTER

NSA System and Network Attack Center (SNAC) Chief Tony Sager & Clinical
Director of Stanford Law School's Center for Internet and Society, Jennifer
Granick

http://www.blackhat.com/ -- Black Hat Inc. today announced the keynote
speakers for February's Black Hat Windows Security Briefings and Training
2002, the annual conference and workshop designed to help computer
professionals better understand the security risks to their Microsoft
Windows systems and information infrastructures by potential threats.
Speaker presentations will cover Protocol Attacks, Voice-over-IP, Oracle
vulnerabilities, Windows Group Policy, and NTLMv2 Authentication as well as
General Windows Exploits, Data Recovery, Incident Investigation & Response,
and Better Protection Practices. There is also a special focus on Microsoft
SQL vulnerabilities and how to both exploit and fix them. Black Hat Windows
will be held at the Radisson Hotel in the heart of New Orleans, 5 through 8
February, 2002.

Top-notch speakers will deliver to the conference's core audience of IT &
network security experts, consultants and administrators the newest
developments on the security problems and vital issues facing organizations
using Windows-centric networks.

"The intense sessions of Black Hat Briefings bring to light the Windows
security and misconfiguration problems confronting organizations and their
network administrators. It is a common problem that security gets put off
in lieu of constant network growth and upgrades," says Jeff Moss, founder
of Black Hat Inc. "Our speakers discuss the strategies involved in
correcting existing problems and inform attendees on upcoming issues,
preparing them for the future."

The keynote speakers for this year's Black Hat Windows Security Briefings
include:

          -- Tony Sager, NSA System and Network Attack Center (SNAC/C4)
Chief, part of the Information Assurance Directorate of the National
Security Agency (NSA). During his 24 years with NSA, he has served in a
variety of technical and management positions, spanning computer security,
cryptography, software analysis, and network security. His Center produces
the NSA Security Recommendation Guides to Windows 2000, the first of
several security products they have released to the public. Tony is also
actively involved with a number of community-wide public activities in
network security. He has degrees in Mathematics and Computer Science, and
dabbles as a PC hobbyist, struggling to protect his home LAN from bad guys
and three adventurous adolescent users.

          -- Jennifer Stisa Granick is a Lecturer in Law and Director of
the Litigation Clinic at Stanford Law School's Center for Internet and
Society. Ms. Granick's work focuses on the interaction of free speech,
privacy, computer security, law and technology. She is on the Board of
Directors of the Honeynet Project, a computer security research group, and
has spoken at the National Security Agency, to law enforcement officials
and to computer security professionals from the public and private sectors
in the United States and abroad. Before joining Stanford Law School, Ms.
Granick practiced criminal defense of unauthorized access, trade secret
theft and email interception cases nationally. She has published articles
on wiretap laws, workplace privacy and trademark law.

Other Black Hat Windows Security 2002 speakers include:

         -- Thomas W Shinder, M.D. trainer, writer and consultant. Shinder
is a 10-year computing industry veteran who's worked for Fortune 500
companies and has written or contributed to over 20 Windows 2000 related
books. He was a Series Editor of the Syngress/Osborne Series of Windows
2000 Certification Study Guides. He is also the author of the best selling
book "Configuring ISA Server 2000: Building Firewalls with Windows 2000".
Shinder will be giving a presentation with Microsoft's Jim Harrison on
"Deploying and Securing Microsoft Internet Security and Acceleration
Server" and will be signing some of his books after the talk.

         -- Laura Robinson, Independent Consultant and Trainer. Robison is
a Microsoft Certified Trainer and Systems Engineer on both NT and Windows
2000; a Certified Lotus Professional Systems Administrator, Application
Developer and Instructor; and an instructor for Real World Security's
ctive Defense education series. She will be speaking on "The Devil Inside:
Planning Security in Active Directory Design".

         -- Timothy Mullen, CIO and Chief Software architect, AnchorIS.Com.
AnchorIS.com is a developer of secure enterprise-based accounting
solutions. Mullen is also a columnist for Security Focus' Microsoft Focus
section, and a regular contributor of InFocus technical articles. He will
be giving a presentation about "Web Vulnerability and SQL Injection
Countermeasures: Securing Your Servers From the Most Insidious of Attacks"

         -- David Litchfield, Managing Director & Co-Founder, Next
Generation Security Software. Known as the UK's NT Guru by ZDNet, David is
a world-renowned security expert specializing in Windows NT and Internet
security. His discovery and remediation of over 100 major vulnerabilities
in products such as Microsoft's Internet Information Server and Oracle's
Application Server have lead to the tightening of sites around the world.
Litchfield will be looking into "Oracle Vulnerabilities".

         -- Halvar Flake, Reverse Engineer, Black Hat Consulting.
Originating in the fields of copy protection and digital rights management,
Flake gravitated more and more towards network security. Over time he
realized that constructive copy protection is more or less fighting
windmills. After writing his first few exploits he was hooked and realized
that reverse engineering experience is a very handy asset when dealing with
COTS software. With extensive experience in reverse engineering, network
security, penetration testing and exploit development he recently joined
BlackHat as their primary reverse engineer. Flake will be exposing "Third
Generation Exploits on NT/Win2k Platforms".

         -- JD Glaser, Security Consultant for Foundstone. Glaser
specializes in Windows NT system software development and COM/DCOM
application development. His most recent achievement was the successful
formation of NT OBJECTives, Inc., a software company exclusively centered
on building NT security tools. He will be speaking about "One-Way SQL
Hacking: Futility of Firewalls in Web Hacking".

          -- FX, leader of the German Phenoelit group and a Security
Solution Consultant at n.runs GmbH. He will be covering "Routing and
Tunneling Protocol Attacks".

         -- Eric Schultze, Senior Technologist, Microsoft Security
Strategies Group. Schultze has memorized every security hotfix ever
released by Microsoft in a security bulletin. In his spare time, he
maintains the Microsoft hotfix XML database and designs new features for
HFNetChk. Eric is a former Founder of Foundstone, co-creator of the
Extreme/Ultimate Hacking training classes, and technical editor for the
Hacking Exposed: Windows 2000 book. Schultze will tell attendees "How to
keep up with all those frickin security patches".

New tools being released at BlackHat include:

         -- White Hat Arsenal, the next generation of professional Web
security audit software from Jeremiah Grossman of WhiteHat Security, Inc.

         -- SQLPing 2.0, a tool from Chip Andrews and sqlsecurity.com that
reveals detailed server information and sends discovery packets to entire
networks for mass interrogation.

Black Hat Inc. will also conduct computer security training for several
different topics the two days prior to the briefings - 5 through 6 February.

Subjects include:

         -- Advanced Scanning with ICMP
         -- Auditing Binaries: Reverse Engineering Windows 2000
         -- Complete Windows 2000 Security
         -- NT Network and Web Intrusion Detection Workshop
         -- Secure Development of Data-Driven Web Applications
         -- NSA InfoSec Assessment Methodology Course
         -- Foundstone's Ultimate Hacking: Black Hat Edition

The instructors for the training segment of this year's Black Hat are some
of the top experts in their field and are fully active in the computer
security community. You won't find most of these speakers anywhere else and
these handpicked security gurus will train participants in understanding
the real threats to any network and how to keep them from being exploited.

Other special features of this year's Black Hat Windows Security conference
include that the dates are just after the Super Bowl XXXVI being held at
the nearby Louisiana Superdome two days before the show, and in the days
following the conference, attendees can experience New Orleans' Mardi Gras
-- where the main parade goes right past the hotel.

Attendees will also have access to a wireless network during the show.

To register for BlackHat Briefings, visit the Web site at
http://www.blackhat.com or register at the conference. Direct any
conference-related questions to infoblackhat.com.

For press registration, contact B.K. DeLong at +1.617.877.3271 or
via email at pressblackhat.com.

About Black Hat Inc.

Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the need
for computer security professionals to better understand the security risks
and potential threats to their information infrastructures and computer
systems. Black Hat accomplishes this by assembling a group of
vendor-neutral security professionals and having them speak candidly about
the problems businesses face and their solutions to those problems. Black
Hat Inc. produces 5 briefing & training events a year on 3 different
continents. Speakers and attendees travel from all over the world to meet
and share in the latest advances in computer security. For more
information, visit their Web site at
http://www.blackhat.com

###

--
B.K. DeLong
Press Coordinator
Black Hat Briefings
+1.617.877.3271
bkdelongblackhat.com
http://www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]