Adam Shostack

Adam Shostack is a principal program manager on the Usable Security team in Trustworthy Computing. As part of ongoing research into classifying and quantifying how Windows machines get compromised, he recently led the drive to change Autorun functionality on pre-Win7 machines; the update has so far improved the protection of over 500 million machines from attack via USB. Prior to Usable Security, he drove the SDL Threat Modeling Tool and the Elevation of Privilege threat modeling game as a member of the SDL core team.

Before joining Microsoft, Adam was a leader of successful information security and privacy startups, and helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association.

He is co-author of the widely acclaimed book, The New School of Information Security.

AusCERT2012 Presentation

This Technological Terror

Shostack will examine the traditional threats against which we fight and follow Lord Vader's advice to its logical conclusions, asking if the (admittedly impressive) technological terrors on which we focus so much attention are the only threat out there, and if perhaps we'd be better off asking about the force: that which flows through all living beings, and has a light side and a dark side. In particular, we'll look at software bugs, social engineering, feature abuse, and ask what we can do to effectively defend ourselves from the temptations of the dark side. The talk will include engineering tools that attendees can take back and apply immediately.