AusCERT2008

Day Zero: Sunday 18/05/2008
Tee-off from 11:00	Golf
15:00 - 20:00	Conference Registration
18:00 - 20:00	Welcome Cocktail evening

Day One: Monday 19/05/2008
Time
8:00 - 17:30	Registration Desk Open
8:00 - 8:25	Coffee
8:30 - 9:10	Opening Remarks: Nick Tate (AusCERT) and Graham Ingram (AusCERT)
9:10 - 10:00	Keynote: Scott Charney (Corporate Vice President, Trustworthy Computing, Microsoft) Enabling End-to-End Trust
10:00 - 10:40	Plenary: Paul Dorey (CSO, BP) Who's Device is it anyway?
10:40 - 11:10	Morning Break
	Technical Blue Room	Business Green Room	Vendor 1 Purple Room	Vendor 2 Red Room
11:10 - 11:45	James Barlow (NCSA Senior Security Engineer) - Security Challenges in Grid Environments	Brian Snow (Former Technical Director for the Information Assurance Directorate, NSA) - We Need Assurance!	Colby DeRodeff (WhiteGold Solutions) - Identity Monitoring – Know What They Did Last Night	Rick Logan (NetIQ) - Fraud, Privilege and the Insider Threat
11:50 - 12:30	Klaus Moller (DFN-CERT) - Security Lessons Learned from setting-up a Grid-CERT	Alexander Seger (Council of Europe) - The Convention on Cybercrime - meeting a global challenge	Frederik Borjesson (Check Point Software Technologies) - Demonstration of the top threats against endpoint devices	Glenn Hurn (IBM) - The New Security Mandate: Protecting the "Infinite Perimeter"
12:30 - 13:00	Lunch Break		Lunch Break
13:00 - 13:50	Lunch Break		Nathaniel Wieriks (ContentKeeper Technologies) - Providing SSL security without compromising privacy	Doug Hurd (Sourcefire) - Making peace with the IPS Monster
13:50 - 14:25	Roger A. Grimes (Microsoft) - How least privilege models, like UAC and su, will not defeat malware	Elisabeth Wentworth (Barrister & writer - Victorian Bar) - When Policies Collide: Security, privacy and 'ID-overload'	Paul Ducklin (Sophos) - Don't get <IFRAME>d for Cybercrime	Jeff Alexander and Rocky Heckman (Microsoft) - Reducing risk in an Internet World: Microsoft Security Features that matter to you!
14:30 - 15:10	Richard Perlotto (Shadow Server) - The Operational Methodology and Process of Malware Collection and Analysis	Ahmad Almulla (CIO, Dubai Aluminium Company) - The ISO 27001:2005 Journey at Dubai Aluminium Company Limited	Colin Bradley (Cisco Systems) - Data Leakage Prevention…..not another point solution?	Andrew Kelly and Guy Lupo (CA) - Making a security professionals life easier!
15:10 - 15:40	Afternoon break
15:40 - 16:15	Kimmo Kasslin (F-Secure) - Evolution of Kernel-Mode Malware	Kathryn Kerr (AusCERT) - AusCERT Home Computer Users Security Survey 2008	Hari Nair (Tumbleweed) - Identity Validation and Ad-hoc File Transfer	Morgan Marquis-Boire (Dimension Data) - Fear, Uncertainty and the Digital Armageddon
16:20 - 17:00	Paul Chamberlain (Australian Defence Signals Directorate) - Beyond bot-herders: Protecting against targeted attacks	Walter Muller (NEMMCO) - IPS for Real - Surviving active Intrusion Prevention in a mission-critical network	(b-sec/Deloittes)	Trey Tramonte and John Fatten (Fulcrum Management) - Components of the Digital Investigation Challenge
	VENDOR Cocktail evening

Day Two: Tuesday 20/05/2008
Time
7:00am - 7:45am	Education Breakfast (light breakfast provided) Venue: RPR's Opening Remarks: Peter Nicholson (Director, Research Infrastructure Branch of the Department of Innovation, Industry, Science and Research (DIISR))
7:00am - 7:45am	AISA BOF (light breakfast provided) Venue: Cypress Room
8:00 - 17:30	Registration Desk Open
8:20 - 8:50	Coffee
8:50 - 9:00	Opening Remarks: Nick Tate (AusCERT) and Graham Ingram (AusCERT)
9:00 - 9:50	Keynote: John Stewart (CSO, CISCO) - Cisco Strategic Security Approach
9:50 - 10:30	Plenary: Bill Cheswick - Rethinking Passwords
10:30 - 11:00	Morning Break
	Technical Blue Room	Business Green Room	Vendor 1 Purple Room	Vendor 2 Red Room
11:00 - 11:35	Ronald Perez (IBM Research Center) - Trusted Computing and its status in in the real-world marketplace.	Andre Dornbusch (BKA - German Federal Criminal Police office) - Recent developments in the field of High tech Crime with an emphasis to phishing and case studies	Mark Sunner (MessageLabs) - Targeted Attacks: An Evolution	Anthony James (Fortinet) - Network Security Consolidation with Fortinet
11:40 - 12:20	Bob Martin and Steve Christey (MITRE) - The Software Security Landscape - Making Security Measurable	Steve Santorelli (Team Cymru) - The future of Botnets	Timothy Dole (Tier-3) - An Executive Approach to Security	Mike Bessey (IronPort Systems) - Using Reputation to Beat Next-Gen Malware
12:20 - 12:50	Lunch Break		Lunch Break
12:50 - 13:40	Lunch Break		Adam Biviano (Trend Micro) - The Perfect Storm! - Security Today	Paul Winters, Michael Tuton (Loop Technology) - Security in SOA - Improving Identity Propagation for Web Services
13:40 - 14:15	Dave Litchfield (NGS Software) - Introducing F.E.D.S - The Forensic Examiner's Database Scalpel	Ibrahim Lamorde (Acting Executive Chairman, Economic and Financial Crimes Commission (EFCC), Nigeria) - Trends in Internet based Fraud: Nigeria's EFCC Perspective	Bryan Nairn (Firewall-WatchGuard Technologies) - Next Generation VPN – Beyond Simple Remote Access	Alan Chan (Websense) - The Path to Data Protection
14:20 - 14:35		Kimberly Zenz (iDefense) - Cyber Crime within the Russian Federation	Grant Murphy (Secure Computing Corporation) - Enabling Safe User Access to Web 2.0 Applications	Ken Low (TippingPoint) - Hacking In Australia: Prevention Is Better Than Cure
14:40 - 14:55	Peter Gutmann (University of Auckland) - Things That Make Us Dumb: Why Security User Interfaces lead to Insecure User Actions
15:00 - 15:40		Colin Whittaker (APACS) - Biometrics - are they ready for use in Banking and Payments?	Andy Solterbeck and Derek Tumulak (SafeNet) - Enterprise Encryption and Key Management	Lachlan Turner (Stratsec.net) - Unraveling the Mystery of Common Criteria Evaluation
15:40 - 16:10	Afternoon break
16:10 - 16:45	Scott McIntyre (XS4ALL) - What have you done for us lately? What your ISP can, and should do in the fight against internet abuse	Vikram Kumar (NZ State Services Commission) - Government as a privacy-protective Identity Provider: the New Zealand case	Tim Redhead (Dotsec) - SAML2: Privacy and security	Michael Sentonas (McAfee) - Data Protection: A Boardroom Issue
16:50 - 17:30	Danny McPherson (Chief Research Officer - Arbor Networks) - “Infrastructure Security and Internet Incident Response”	Professor David Weisbrot (Australian Law Reform Commission) - The ALRC's review of privacy law and practice	Jo Stewart-Rattray (Vectra Corporation Limited) - Social Engineering - Building the Human Firewall	Avi Chesla (Radware Australia) - In 18 Seconds what can you save your company...
19:00	Conference GALA Dinner at Royal Pines (pre-dinner drinks by the pool)

Day Two: Tuesday 20/05/2008
Time
	Science, Engineering, Technology, Mathematics, Policy and Education (SETMAPE) - R&D
13:40 - 14:15	Corey Schou (Idaho State University) - Improving The International Computer Security Research Agenda Using Standards
14:40 - 15:10	S Wilson - An easily validated security model for e-voting based on anonymous public key certificates
15:10 - 15:40	G Skinner - Making A CASE for PACE: Components of the Combined Authentication Scheme Encapsulation for a Privacy Augmented Collaborative Environment
15:40 - 16:05	Afternoon break
16:05 - 16:35	H Alzaid, S Abanmi, S Kanhere, Chun Tung Chou, F Alshuwair - BANAID: A Sensor Network Test-bed for Wormhole Attacks
16:35 - 17:05	J Silva, E Sithirasenan, V Muthukkumarasamy - Study of Timing Values in EAP Authenticated Wireless Hosts
17:05 - 17:35	Extended Question, Answer and Discussion Session

Day Three: Wednesday 21/05/2008
Time
7:00am - 7:45am	AusCERT-Member Breakfast (light breakfast provided) Venue: Cypress Room
8:00 - 17:30	Registration Desk Open
8:20 - 8:50	Coffee
8:50 - 9:00	Opening remarks: Nick Tate (AusCERT) and Graham Ingram (AusCERT)
9:00 - 9:50	Keynote: David Leach (Standard Chartered Bank) - Implementing Multi-factor Authentication for Internet Banking - or Why 2FA is only two small steps in the right direction
9:50 - 10:20	Morning Break
	Technical Blue Room	Business Green Room	Vendor 1 Purple Room	Vendor 2 Red Room
10:20 - 10:55	Sid Stamm (Indiana University) - Phishing and Pharming (and the Future)	Zot O'Connor (Microsoft) - Microsoft SCPcert announcement	Craig Johnston (ESET Software) - User Education In The Fight Against Cybercrime	Wade Alcorn (NGSSoftware) - Wade Alcorn explores the security interrogation technique- Fuzzing
11:00 - 11:35	Stephan Chenette (Websense) - V-Next Honeyclients : Evolving Revolvers - Discover them before they discover you	Lee Rock (US-CERT) - Flow Visualization in an Operational Environment	Wayne Neich (Blue Coat Systems) - Customer Security Disasters with Web 2.0: Open Season for Attackers	Tammy Green (Novell) - Trusted Identities
11:40 - 12:20	Ziv Mador (Microsoft) - Malware Without Borders: A Regional Look at Microsoft's Malware Telemetry Covering the APAC Region	David Campbell AND Jordana Siegel & Steven Stroud - Broad lessons from the Computer Network Vulnerability Assessment program AND Cyber Storm II - an international cyber security exercise.	Mark Winter (inTechnology Distribution) - The business leaders approach to Climate Change and Greening IT	Robert Pregnell (Symantec) - Symantec Vision and Strategy for IT Governance and Enterprise Security
12:20 - 12:50	Lunch Break		Lunch Break
12:50 - 13:40	Lunch Break
13:40 - 14:15	Dan Klein - Security As If Your Life Depended On It (because it might!)	Alana Maurushat (University of NSW) - Standing Behind Technical Promises	Andrew Clarke (Lumension Security) - Unified Protection & Control: How does Lumension Security Secure the Endpoint?	Gopala Maurer (Alphawest) - The Importance of a Security Risk Management Lifecycle
14:20 - 15:00	Charles Miller (Independent Security Evaluators) - Adventures in Disclosure: A Look at the Legal Exploit Sales Market	David Rice - Geekonomics: The Real Cost of Insecure Software		Carl Terrantroy (Oracle) - Security as a Service
15:00 - 15:30	Afternoon break
15:30 - 16:10	Plenary: Rob Redenbach (Independent security consultant) - Streetwise Leadership
16:10 - 17:00	Panel Session: Adam Spencer (Chair), Seamus Byrne, Alana Maurushat, David Rice, Colin Whittaker Alana Maurushat, Brian Snow, Graham Ingram, Dan Klein, Peter Gutmann, Ajoy Ghosh, Vikram Kumar - Privacy, the Law and Information Security
17:00 - 17:10	Conference Close: Nick Tate (AusCERT) and Graham Ingram (AusCERT)

Day Four: Thursday 22/05/2008 (Tutorials A - tracks 1, 2)
Time	Track 1	Track 2
9:00 - 10:25	Bob Martin and Steve Christey (MITRE) - Vunerabilities, Exposures, Attacks and the Enterprise [Business Tutorial]	Ajoy Ghosh (LogicaCMG) - Computer Forensics and Electronic Discovery: Lessons learnt from the largest and most complex investigations in Australia - SESSION FULL
10:30 - 10:45	Morning Break
10:50 - 12:25	Bob Martin and Steve Christey (MITRE) - Vunerabilities, Exposures, Attacks and the Enterprise [Business Tutorial]	Ajoy Ghosh (LogicaCMG) - Computer Forensics and Electronic Discovery: Lessons learnt from the largest and most complex investigations in Australia - SESSION FULL
12:30 - 13:25	Lunch Break
13:30 - 14:25	Nikola Mijatovic & Benjamin Mosse (Sec Pro) - Web 2.0 INsecurity - SESSION FULL Attendees should bring their own laptop (You will need Admin access to your machine).	Guy Peterson & Mr Grover (Booz Allen Hamilton) - Enterprise Resilience through Business Continuity Planning [Business Tutorial] OPTIONAL: Attendees may choose to bring their own laptop to contribute to the interaction of the workshop.
15:00 - 15:15	Afternoon break
15:20 - 16:55	Nikola Mijatovic & Benjamin Mosse (Sec Pro) - Web 2.0 INsecurity - SESSION FULL Attendees should bring their own laptop (You will need Admin access to your machine).	Guy Peterson & Mr Grover (Booz Allen Hamilton) - Enterprise Resilience through Business Continuity Planning [Business Tutorial] OPTIONAL: Attendees may choose to bring their own laptop to contribute to the interaction of the workshop.

Day Four: Thursday 22/05/2008 (Tutorials B - tracks 3 & 4)
Time	Track 3	Track 4
9:00 - 10:25	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Neal Wise (Assurance.com.au) - "Hands On" Wireless Service Auditing with Open Source tools - SESSION FULL Attendees should bring their own laptop (You will need Admin access to your machine).
10:30 - 10:45	Morning Break
10:50 - 12:25	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Neal Wise (Assurance.com.au) - "Hands On" Wireless Service Auditing with Open Source tools - SESSION FULL Attendees should bring their own laptop (You will need Admin access to your machine).
12:30 - 13:25	Lunch Break
13:30 - 14:55	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Neal Wise (Assurance.com.au) - "Hands On" Wireless Service Auditing with Open Source tools - SESSION FULL Attendees should bring their own laptop (You will need Admin access to your machine).
15:00 - 15:15	Afternoon break
15:20 - 16:55	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Neal Wise (Assurance.com.au) - "Hands On" Wireless Service Auditing with Open Source tools - SESSION FULL Attendees should bring their own laptop (You will need Admin access to your machine).

Day Five: Friday 23/05/2008 (Tutorials C - tracks 1 & 2)
Time	Track 1	Track 2
9:00 - 10:25	Scott McIntyre (XS4ALL) - Building a Walled Garden - Abuse and Incident Handling Tooling for Network Managers Attendees should bring their own laptop.	Chris Gatford & Ty Miller (Pure Hacking) - Pure hacking: The Tutorial - SESSION FULL
10:30 - 10:45	Morning Break
10:50 - 12:25	Scott McIntyre (XS4ALL) - Building a Walled Garden - Abuse and Incident Handling Tooling for Network Managers Attendees should bring their own laptop.	Chris Gatford & Ty Miller (Pure Hacking) - Pure hacking: The Tutorial - SESSION FULL
12:30 - 13:25	Lunch Break
13:30 - 14:55		Chris Gatford & Ty Miller (Pure Hacking) - Pure hacking: The Tutorial - SESSION FULL
15:00 - 15:15	Afternoon break
15:20 - 16:55		Chris Gatford & Ty Miller (Pure Hacking) - Pure hacking: The Tutorial - SESSION FULL

Day Five: Friday 23/05/2008 (Tutorials D - track 3 & 4)
Time	Track 3	Track 4
9:00 - 10:25	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Bill Cheswick - Defence against the dark arts; repelling the wily hacker Optional: Attendees may bring their own laptop with a spare partition to install a Unix distro.
10:30 - 10:45	Morning Break
10:50 - 12:25	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Bill Cheswick - Defence against the dark arts; repelling the wily hacker Optional: Attendees may bring their own laptop with a spare partition to install a Unix distro.
12:30 - 13:25	Lunch Break
13:30 - 14:55	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Dave Litchfield (NGS Software) - Using F.E.D.S. - The Forensic Examiner's Database Scalpel Attendees should bring their own laptop.
15:00 - 15:15	Afternoon break
15:20 - 16:55	Andreas Junestam & Scott Stender (iSEC Partners LLC) - Microsoft Defend the Flag - SESSION FULL Attendees should bring their own laptop.	Dave Litchfield (NGS Software) - Using F.E.D.S. - The Forensic Examiner's Database Scalpel Attendees should bring their own laptop.

feedback
	© AusCERT 2008
	Email: webmaster@auscert.org.au
	Web URL: http://conference.auscert.org.au
	Maintained by: ITS - University of Queensland
	Last Updated - October 2007