Interested in speaking?
Contact Jim Tantalo at tantalo@rubi-con.org
or Denis Baldwin at dbaldwin@rubi-con.org.

Dark Tangent (Jeff Moss) will be presenting our keynote address at 19:00 on Friday in Room A.

Jeff Moss is the founder and organizer of the Black Hat Briefings, a computer security conference and training company that deals with the technical issues of secure implementations of networks and applications. Staffed by "hackers"* of the highest skill level, this conference was created to provide hard information and a realistic assessment of technology as seen by those in the trenches. The Black Hat Briefings are held worldwide on three continents: North America, Europe and Asia. Past speakers have included the Assistant Secretary of Defense, Art Money, as well as some of the leading names in the most technical aspects of computer security worldwide.

Through this forum Mr. Moss has established global relationships in law enforcement and professional security companies, as well as with the computer underground's best hackers. This unique exposure and respect from both communities allows Mr. Moss to speak honestly and objectively on the security problems companies face when implementing technology.

In a past life Mr. Moss was a director at Secure Computing Corporation, and helped form and grow their Professional Services Department. In his capacity of developing and delivering consulting products, Mr. Moss has worked in Taipei, Tokyo, Singapore, Sydney, and Hong Kong. Prior to SCC, Mr. Moss worked for Ernst & Young, LLP as a manager in their Information System Security division.

Mr. Moss has presented at: OSS '95 Open Source Solutions, The Forbes CIO Technology Symposium, Access All Areas '96 in London, North America CACS '98, Comdex '98, The National Information System Security Convention in '98 and '00, Software Development Expo '98, PC Expo '99, CSI Net Sec '99, and Fortune Magazine's CTO Conference in '00. In addition he speaks regularly at smaller industry security seminars. Mr. Moss helps to organize "Meet the Enemy" sessions as seen at computer security gatherings worldwide including the annual Computer Security Institute conference.

Mr. Moss speaks to the media regularly about computer security, privacy and technology and has appeared in such media as CNN Fn, NPR Radio, Forbes Magazine, Fortune, Business Week, PC World, the New York Times, Wired Magazine, National Law Journal, Internet Underground Magazine, New Media Magazine, and Phrack Magazine.

Mr. Moss graduated with a BA in Criminal Justice, and halfway through law school, Mr. Moss went back to his first love, computers, and started his first IT consulting business in 1995. He is CISSP certified, and a member of the American Society of Law Enforcement Trainers.

* "Hackers" = Non-criminal computer security expert.

Currently the Chief Technology Officer for a DC-area security firm, Mr. Forno was the INTERNIC's Chief Security Officer from 1998 to 2001. Before that, he helped establish the Information Security Office for the U.S. House of Representatives, and was a consultant to elements of the Office of the Secretary of Defense where he assisted in researching and developing capabilities needed to respond to information warfare attacks against the United States.

Mr. Forno is a frequent speaker at security and intelligence community seminars and industry conferences. His 1999 co-authored book, "The Art of Information Warfare" and numerous articles (at INFOWARRIOR.ORG) have been hailed by the government, the military and the private sector. He is the co-author of an O'Reilly book on computer incident handling called, of course, Incident Response. He is an adjunct instructor at The American University and occasionally lectures at the National Defense University in Washington, DC.

Mr. Forno will be presenting "An Armchair General's Guide to Information Warfare" at 22:00 on Saturday in Room A. The presentation focuses on full-spectrum information operations, identifies REAL not perceived threats and vulnerabilities, and offers objective, rooted-in-rationality solutions, not the FUD the media and industry thrives on. It's a recurring lecture Mr. Forno gives at the National Defense University in Washington DC to senior level DoD folks.

A business consultant, writer, and professional speaker focused on the human dimension of technology and the work place.

Mr. Thieme has spoken for the Black Hat Briefings (intelligence and corporate security) since its inception in 1997 and for the annual computer hackers conventions Def Con IV (1996), Def Con V (1997), Def Con VI (1998) and Def Con VIII (2000). He has also spoken for PumpCon, Xmas Con (New Orleans 2600), Rubi Con (2000 and 2001), and SummerCon.

At Def Con VIII, he moderated a panel that included the Assistant Secretary of Defense, the Director of Information and Infrastructure Assurance for DOD, and the Director of the Federal Computer Incident Response Team, who came to "dialogue" with more than 5000 computer hackers. He was invited to moderate because, according to the National Security Agency officer who asked, "You're the only one in the room with the acceptance and respect of both the hackers and the Feds."

Mr. Thieme has been published widely and has been translated into German, Chinese, Japanese, Slovene, Danish and Indonesian. His articles are taught at the University of Leipzig and numerous universities in Ireland, England, and Canada, as well as in the United States at Rutgers, Baldwin-Wallace College, Ohio State University, University of Vermont, San Diego State University, Colorado State University, and others. His work has been frequently anthologized. His column, "Islands in the Clickstream," has been published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine (Capetown) and is distributed to subscribers in 58 countries. He has had articles published in Forbes Digital, the Village Voice, LA Weekly, Salon, LAN Magazine, Wired, Computing Japan, and CTHEORY.

Mr. Theime will be presenting the somewhat recursively titled, "The Truth About Life, Hacking and the Truth (about Life, Hacking and the Truth) ((about Life, Hacking and...))" at 10:00 on Saturday in Room A.

OK, let's face it, the older I get, the less I know, in fact, about The Things That Matter. I am totally clueless. The only thing I know is what I don't know. So this presentation will be about things I don't know. It will be about Nothing.

But Nothing has power. Nothing is the source of creativity, unconventional thinking, the capacity to see deeply, and the ability to look like... nobody... as we move through life like ghosts. Nothing, in other words, is about hacking.

In this half hour or so, plus some Q&A, I am going to tell you what I don't know. I will talk about social engineering and how it really works, the differences between information and intelligence, why hacking isn't what it used to be (and never was) and why --if you are true to The Hacker's Code-- you can do and create phenomenal things. It's about power. It's about mastery. It's as close as I can come to The Truth About Life, Hacking and the Truth about...

Dead Addict has been an active organizer and speaker at DEFCON for the last nine years. He was a founding member of the now defunct criminal conspiracy calling themselves national security anarchists. Actively appreciative of the statue of limitations, he has been involved in other underground groups using various handles. This means nothing. Not believing in the concept of authority, he implores all that listen to him to evaluate his words according to their own value, not because he has spoken them.

Dead Addict will be presenting "Sucessfully leaking evidence of corporate crime" at 21:00 on Friday in Room A, after the keynote address.

Mr. Dempsey will be presenting "The Anatomy of a Hack" at 14:00 on Friday in Room A. Nary a day goes by in the Internet Age without media squawking about an unscrupulous attack against a government, financial or commercial network or computer system. What just a few years ago was a highly publicized event is quickly becoming yesterday's news.

Although our familiarity with hacker attacks has become common, for most, understanding how a perpetrator compromises a system is still a mystery. In his Anatomy of an Attack presentation, Mr. Dempsey will detail how easy it is for hackers to break into today's networked computers. He illustrates the importance of assessing and managing the risks associated with e-business and offers solutions to companies for protection against this risk. This presentation includes real world visuals and anecdotes to detail in laymen's terms an attack on a fictional company's system.

With some 13 years of service at Lucent/Bell Labs, and 30 years of effort on operating system security, Mr. Cheswick is an internationally acclaimed "white-hat" and "greybeard." He wrote the bible for firewall management, "Firewalls and Internet Security: Repelling the Wily Hacker" in 1994. In 1997 he began mapping the Internet, producing the compelling maps that have been reprinted by Wired and The New York Times, to name but a few. Mr. Cheswick is currently chief scientist at Lumeta Corporation. At Lumeta, he turned his attention to mapping intranets and giving control back to the network managers. In his words, if it's large enough to be called an intranet "it is out of control."

Mr. Cheswick will present "Mapping the Internet and Intranets" at 20:00 on Saturday in Room A. Internet mapping has provided a rich source of information for research and infrastructure studies. The Internet Mapping Project has been providing this information since 1998. The same technologies now help enterprises discover the extent of their intranets and extranet connections. These are the first tools that scale to explore very large networks to search for perimeter leaks and monitor M&A activities.

Out of this initial concern of what had been lost came textfiles.com, which now contains over 30,000 textfiles, g-files and log files from the 1980's, and bbslist.textfiles.com, a collection of information on over 90,000 BBS's. These sites made him a bit of a focal point for the nostalgia and memories of an online generation, and he has embarked on a new project: An all-inclusive BBS Documentary. No, it never ends; worthwhile projects never do.

Mr. Scott will present "BBS: Always and Forever" at 13:00 on Saturday in Room B, wherein he discusses some of the more amazing bits of history he's discovered in his deep research for his BBS documentary. Expect reminiscing about some of the stranger aspects of dial-up Bulletin Board Systems, and the sounding out of names and events that you'll either hear for the first time or remember like it was yesterday. As online life barrels forward into issues of intellectual property, broadband availability, wireless insecurity and the eternal battles of the OS, it's healthy to take the occasional break to look back and remember where things came from, or perhaps ran from. Mr. Scott will also be soliciting interviews and memories from folks who themselves experienced the BBS, and is especially seeking artifacts from that time. Bring them along!

Prior to joining MessageOne, Chris worked as a systems and Microsoft Exchange design consultant at Simpler-Webb, where he ran client engagements focused on implementing messaging solutions for a number of high profile, multinational corporate accounts.

Mr. Scharff began his career in the trenches as the messaging and corporate email administrator at Black & Veatch a multi-national engineering firm based in Kansas City, KS. Chris holds a Bachelor of Arts from Iowa State University.

Chris spent many years working in the IS department of respectable insurance companies and financial institutions thus gaining, through observation, a very clear understanding of how to write really bad code and make really bad business decisions. It was while working in one of these suit-and-tie jobs that Chris was introduced to the IBM/Sytec/Intel/3Com (...and Microsoft) filesharing protocol, then known as Server Message Block (SMB). This was at roughly the same time that Andrew Tridgell --half a world away-- was writing the first version of what was to become Samba.

Chris augmented his IS department experiences by continuing his education and tinkering with Amiga computers. This eventually led him to his current position as a Network Design Engineer at the University of Minnesota. It also lead to a nine-month stint as a consultant working with Amiga, Inc. (they're not dead yet) where he helped to design what is now the AmigaDE OS environment (they're getting better.)

In addition to his position as a member of the Samba Team, Chris is a founding member of the jCIFS Team and has contributed to the Storage Network Industry Association's (SNIA) effort to document CIFS (the protocol formerly known as SMB).

Mr. Hertel will presenting "Crossing Proprietary Software Boundaries with Samba and its Ilk" at 10:00 on Sunday in Room A. This talk will provide an overview of the architecture and protocols of CIFS, Microsoft's filesharing system, including an introduction to tools beyond Samba available to developers wanting to write software that participates in CIFS networks. Also included will be an enumeration of the (proprietary) authentication and authorization techniques employed to protect market-share.

Colin currently runs The Ruby Cookbook and does technology consulting. He is a resident of Charlottesville, VA.

Dr. Agnew received his BASc. and Ph.D. in Electrical Engineering from the University of Waterloo in 1978 and 1982 respectively. He joined the department of Electrical and Computer Engineering at the University of Waterloo in 1982. In 1984, he was a visiting professor at the Swiss Federal Institute of Technology in Zurich where he started his work on cryptography.

His areas of expertise include cryptography, data security, protocols and protocol analysis, electronic commerce systems, high-speed networks, wireless systems and computer architecture. He has taught many university courses and industry sponsored short courses in these areas as well as having authored many articles. In 1985, he joined the Data Encryption Group at the University of Waterloo. The work of this group led to significant advances in the area of public key cryptographic systems including the development of a practical implementation of Elliptic Curve based cryptosystems.

He is a member of the Institute for Electrical and Electronics Engineers, a member of the International Association for Cryptologic Research, a Foundation Fellow of the Institute for Combinatorics and its Applications and a Registered Professional Engineer in the Province of Ontario. Dr. Agnew has provided consulting services to the banking, communications and government sectors. He is also a co-founder of CERTICOM Corp., a world leader in public key cryptosystem technologies.

Dr. Agnew will be presenting "Elliptic Curve Cryptography: What is it and Why do we Need it?" at 17:00 on Saturday in Room A. In this talk, we compare the popular public key cryptographic systems that are in use today (RSA, Discrete Exponentiation and Elliptic Curves). We look at how Elliptic Curve systems have developed and at the applications where they are particularly useful such as low power, wireless handheld devices.

A well-known figure in the anti-virus industry, he frequently contributes to various security-related magazines and conferences. He has co-authored two books, and consults various interest groups on netwarfare.

Mr. Hyppönen's research team was the first to locate, analyze and build protection against the LoveLetter virus in May 2000. He has been quoted, among others, in Wall Street Journal, New York Post, Chicago Tribune, San Jose Mercury News, PC Magazine, Wired, CNN and BBC.

Mr. Hyppönen has been a member of CARO (the Computer Anti-Virus Researchers Organization) since 1995, and a member of VAPS (Video Arcade Preservation Society) since 1998.

Apart from computer security issues, Mr. Hyppönen enjoys collecting and restoring classic arcade video games and pinball machines from past decades. He lives with his family, and a small moose community, in an island outside Espoo, near Helsinki.

Mr. Hyppönen will be presenting "Wireless Viruses: Content security on Smartphones and PDAs" at 23:00 on Friday in Room B. What kind of content threats can we except on current and future hand-held devices such as advanced PDAs and Smartphones? Possible scenarios including mobile viruses, chain letters, trojans and backdoors are discussed.

Mr. Epstein will present "Examining the Challenges Associated with Network Security Policy Implementation" at 14:00 on Saturday in Room A. This technical presentation will explore the past, present and future of policy control.

Due to the abundance of Internet security attacks, the news over the past year has been flooded with warnings and reports of numerous network vulnerabilities. Network devices are continuously being compromised to set the stage for Distributed Denial of Service attacks (DDoS), leaving no enterprise, service provider, government agency or educational institution out of harm's way. Integral to companies' efforts to ensure the integrity of their networks is the ability to keep network security policies up to date and consistent across all network devices. Towards this end, administrators need a mechanism for directly, mechanically and reliably linking technical policy statements to the implementation of that policy into network devices. Technical policy on paper, while useful as a starting point, does not seamlessly translate into implementation in the network unless there exists some sort of automation process. The automation should translate technical policy into device statements, which are then delivered to the devices for implementation. Automation should also assess the network state on an ongoing basis to ensure that the network configuration does not drift away from defined policy, either through mistake or malice.

There have been multiple efforts to create an overarching policy language that can handle every nuance of configuration for every type of network device that exists in the world. One would think that such a language would bode well for developing an automated implementation process that administrators could use universally throughout their networks. Take two well-known examples; SNMP dealt with the problem of status and exception reporting, while the more recent DEN focused on control and configuration. Although these efforts are well meaning, they still do not, and will never, solve the underlying problem. Devices need a way to implement the technical policy desired by the network operators. Efforts such as SNMP and DEN, whether intentionally or not, have traditionally squelched diversity into a sort of least-common-denominator conformity. This is anathema to device manufacturers that must differentiate in order to succeed and survive. Device manufacturers will ignore, delay or effectively nullify efforts at standardization that deny or do not advance their business goals. A least common denominator standard is also anathema to administrators because they want or require the new differentiated features from vendors that such standards inhibit or delay. This presentation will examine the need for a flexible, extensible policy creation framework while avoiding the disadvantages of a least common denominator approach.

In recent prior positions, Mr. Taramina was the CTO for Bayshore Capital (responsible for imoney.com) and the Director of Technology for a J2EE-based financial services portal joint venture with Barclays Bank. Mr. Taramina also worked as the CTO for Accredo Systems in Ottawa, which specialized in net-enabled project management and middleware solutions. He is also the author of the open source Java GPS Access Library and GPSml markup language for specification of position-based data and a key developer on the Mobile GPS Demonstration Platform (MGDP) project.

Mr. Taramina will be presenting "We're not in Kansas any more, Toto! The Mobile GPS Demonstration Platform (MGDP) Project" at 16:00 on Friday in Room B.

Which way should I go? Which way should I go?

The Mobile GPS Demonstration Platform (MGDP) project demonstrates a proof of concept for the integration of a number of emerging technologies including: embedded/realtime Java, mobile, position-based applications, GPS (Global Position System) technologies, wireless/mobile connectivity, web Services (XML, SOAP, WSDL, JAX-RPC, etc.), and server-side J2EE (including EJB and DBMS persistence.) The MGDP has been constructed using commonly available, inexpensive hardware and software (much of it open source) to illustrate that applications of this nature are very feasible using existing tools and technologies.

The MGDP project consists of three major components:

1. Nobody knows the places I've been... The MGDP Mobile Vehicle is built upon a Radio-Shack RC (Radio Controlled) truck platform, equipped with an Embedded Java Processor, GPS receiver and wireless communication to the Internet which regularly transmits its current PVT (GPS Position/VelocityTime) data using SOAP over HTTP to a back end web service over a wireless link to the Internet. The Mobile Vehicle also accepts remote commands to turn various functions on/off (siren/flasher/headlights).

2. It's a small, small world. A MGDP web service (built on a J2EE/EJB server platform) that accepts real-time PVT information from the Mobile Vehicle and persists both the current and historical information. The web service also acts as a gateway that forwards commands to turn various Mobile Vehicle functions on/off (siren/flasher/headlights).

3. X marks the spot! A MGDP client application that displays the current and historical position information for the Mobile Vehicle on a moving map display by accessing the position data from the MGDP web service. MGDP client application can use static map images (eg. .jpg) or can access USGS Aerial Satellite map images of the continental USA from the TerraServer web service (a Microsoft .NET public web service.) The client application also exposes a UI that allows a remote user to turn various Mobile Vehicle functions on/off (siren/flasher/headlights.)

The presentation will include a demonstration of the MGDP project. A detailed white paper describing the MGDP project, architecture and technologies is available (in .pdf format) at: www.chaeron.com/gps.html.

Now can someone please tell me where I am?

Mr. Hardy will be presenting "Distributed Cracking of Elliptic Curve Cryptosystems" at 15:00 on Saturday in Room B. He will talk about distributed cracking of elliptic curve cryptosystems, explaining the method and mathematics behind it and showing how it can be implemented (possibly with a working demonstration) in a manner similar to the distributed.net cracking of DES or RC5. He will discuss the feasibility of such an attack, in terms of time and computing power required, and the sort of resources needed for an independent group to set such a system up.

Mr. Piscitello will present "Debugging IPsec" at 18:00 on Saturday in Room A. Dave will be debugging IPsec as a protocol and explaining its security issues, problems with protocol design, and its many uses. In this session he hopes to debunk many of the myths of IPsec and make it user friendly enough for all to grasp like a rodeo clown holding onto the horns of the beast that could crush him senseless in a swift move of its torso.

Mr. Sugar will present "DotGNU and you, the future of free software web services" at 20:00 on Saturday in Room B. This presentation will cover what the FSF is doing to develop DotGNU, why the FSF has chosen to sponsor this work, what the results of it will be, and what the architecture will look like and mean for future development of web based services on free operating systems. Mr. Sugar will discuss this take on how to ethically provide internet wide authentication and user profile services that provide the same convenience of single signon while neither relying on a single entity or provider nor, most importantly, having to either compromising user's personal data thru a third party or the integrety of commercial entities. He will also discuss the various DotGNU working groups including groupware, bytecode runtime, and the DotGNU secure execution environment.

In his day job, Mozena is a team leader at Airfoil Public Relations, a Detroit-based public relations agency for technology companies, and has worked as a reporter and in public relations for a local ISP/CLEC. He's been involved in Internet governance and abuse issues since the mid-1990s.

Mr. Mozena will present "Why Haven't We Solved Spam Yet?" at 09:00 on Sunday in Room A. He will put together an overview of technical, social, legal and economic reasons for the current spam-drenched state of the Internet.

Jesse Lovelace has been programming communication programs since 1993 when he started his BBS, "Artificial Stupidity," in Asheville, NC. He has done professional coding under Unix, OS/2, and Windows. In 1998 Jesse started developing under the wxWindows cross-platform development framework and the Crypto++ cryptography toolkit. Jesse's current project is NNIM, an open-source, cross-platform communications platform which seamlessly accesses open and proprietary networks. Jesse is a senior in Computer Engineering and Computer Science at North Carolina State University and plans to do graduate work at NCSU in Computer Science.

Mr. Lovelace will present "Secure Real-Time Messaging" at 14:00 on Saturday in Room B. The presentation will focus on the practical aspects of cryptography in communication over insecure networks. It will cover the newer cryptographic algorithms like MARS, AES (Rijndahl), Serpent, and Twofish and how to implement them with CBC, EBC, and other modes in software. Also, how this can be done in the GNU Messenger suite, and the ssh2 encryption layer.

Dennis Salguero currently runs his own computer consulting firm, Beridney Computer Services, which specializes in Microsoft Office, Visual Basic and Internet application development. A graduate of the George Washington University, he currently resides in the suburbs of Los Angeles. He was a contributing author to Outlook 2000 Programming by Wrox Press and he is a co-author for Professional Access 2000 Programming, also by Wrox. In his free time he enjoys reading, poker and chess.

Mr. Salguero will be presenting "MySQL Administration" at 12:00 on Saturday in Room A. He will cover the different installation possibilities across various platforms including steps needed to secure the server. He will also cover some of the third-party tools that are available for day-to-day administration. In addition, examples will be presented for using MySQL for both client/server applications and Internet based applications.

Mr. O'Connor will be presenting "Everything you know about Unix Vendor Security is a Myth" at 22:00 on Saturday in Room A. Clearing up many misconceptions folks seem to have about what commercial Unix vendors do/don't do for security, giving some straight talk about how to interact with U vendors in ways that make sense. Not entirely sure about how I'll format it --I have a David Letterman-esk "Top 10" list in mind.

Mr. Marquette will present "A conceptual approach to application security" at 22:00 on Saturday in Room B. The speech will focus on security ideas and concepts that must be considered when designing a new application --be it web, network, or even local. He will cover issues such as user input and how it's validated, storage of passwords, secure network communication between applications, file access and a small handful of other issues that have yet to make it into the speech outline ;) As this is more of a talk on concepts that span multiple operating systems and languages, he will have a very limited amount of code for example purposes.

Currently Allen Numerick is the senior network security engineer for a higher-educational institution. Previously, Mr. Numerick was a corporate security/network engineer for Sprint's 5th larger bandwidth customer from 1999 to 2001. The move that jumpstarted Allen's career was joining the Cambridge Technology Partners in 1998 as a network security analyst where he provided security audits for some of the largest North American financial institutions and pharmaceutical firms on the east coast.

Mr. Numerick brings a wealth of knowledge as well as four years in the professional field (and 20+ years of hacking history,) from securing firewalls to social engineering tactics.

Allen will be presenting "Securing Your Box Beyond the Firewall Policy" at 14:00 on Sunday in Room B. This session will demonstrage how to secure your Checkpoint Firewall, as well as how to secure your box should your policy fail. This presentation is a must for all Checkpoint Firewall administrators, covering Unix and NT.

Mr. Ossmann will present "Thin Client Security: How Citrix or Tarantella Can Make or Break a Great Strategy" at 22:00 on Friday in Room A. He will discuss the advantages and disadvantages of thin client solutions as well as specific vulnerabilities of Citrix and Tarantella. Additional thin client and remote display technologies, such as Windows Terminal Services, the X Window System, and VNC, will be discussed and compared.

Mr. Mason will be presenting "802.11: Form, Function, Use and Security" at 17:00 on Friday in Room A. The session will present some vendor-neutral aspects of interaction between vendor implementations, desktop versus notebook, distance and object barriers including "shout testing," and site survey notes. Do vendor products interact equally, what is a standard, what security is offered and benefits versus vaporware. Will A really outshine B? or will the best bet still be wires?

Mr. Shoemaker will be presenting ".NET is an Elephant" at 13:00 on Friday in Room A. Wondering how .NET will change the way you develop and work? Or just wondering what an elephant has to do with it? In this session, we will examine the classes that make up these services, and we will show how you may use them in your code. We will discuss the .NET Framework, a vast sweep of new reusable services, covering everything from window processing to Internet applications and beyond. The .NET Framework is so large that it's easy to miss the forest for the trees. We will take an exploratory journey through the .NET forest, showing you some of the more interesting sights you might otherwise have missed. Learn what .NET is all about from the inside, so you can better evaluate the hype and see how .NET can help you. And as for the elephant? Check out this poem, and just substitute ".NET" for "elephant"...

CEO and co-founder of Beyond Security Ltd, a leading force in the security world. Beyond Security specializes in finding security holes in hosts, networks and products, and maintains SecuriTeam.com --one of the largest security portals on the Internet. Beyond Security provides automated security scanning services for networks and servers, using the unique Automated Scanning service.

Mr. Jenik will be presenting "Bypassing the Firewall: Application Level Attacks" at 15:00 on Friday in Room B. The lecture will be technical, and live demonstrations will be included. The lecture will discuss generic application attacks, in an attempt to show how such security holes can be found during a penetration test or a product security audit.

Today most people understand that there is no "silver bullet" for security --no single security solution that can completely protect the network. The firewall is no longer a magical solution and some may claim it never was. One of the reasons for this new approach is the widespread presence of application level attacks. Any server that provides some kind of public service may be vulnerable to such attacks, and unfortunately there is not much that can be done about it, apart from continuously checking for security problems and applying patches when those are released.

Mr. Amon will present "Building and Managing Firewall/VPN Systems with OpenBSD" at 15:00 on Saturday in Room A. The presentation will focus on the following areas: Why OpenBSD is a better firewall/VPN platform; OpenBSD firewall/VPN configuration options; OpenBSD firewall/VPN kernel configuration; Basic IP Filter (and IPF) configuration (both due to the Daren/Theo fight); Advanced IP Filter (and IPF) configuration; Untouchable (stealth) firewall configurations; Configuring and using IPSec VPNs; Adding hardware based encryption and PRNG suport; Logging, monitoring and reporting; Establishing Intrusion Detection Systems (IDS); and efficiently managing large numbers of deployed systems.

Mr. Flynt is an expert in the Tcl/Tk programming language. He writes regular articles about Tcl/Tk uses for ;login: magazine, and is working on the second edition of his book: Tcl/Tk for Real Programmers.

Mr. Flynt's company, Noumena Corporation, provides training and support for Tcl/Tk and Tcl/Tk based applications.

Mr. Flynt will present "Configuring a Linux firewall with IPChains" at 10:00 on Saturday in Room B. It will describe how to set up a Linux based firewall using IPChains. Mr. Flynt will also present "Configuring a Linux Firewall" at 11:00 on Saturday in Room B. It will cover how to monitor this system using Tcl/Tk based client/server based tools.

Prior to forming USI in 1990, Mr. Jacobson held positions in programming, systems design and management. USI was started as a custom database accounting software firm, to follow in the footsteps he'd formed earlier in his career to bring quality computer software services to a wide variety of businesses.

Based on his experience USI was started as a firm that uses SQL database accounting software that runs on UNIX. Thus in 1995 when Linux became available as a turnkey Internet server, it provided all the basic components he looked for in a software product to enter into the new Internet/Intranet arena. After six years of experience working with Linux, USI has had phenomenal success. Mr. Jacobson has many examples to relate why he feels that Linux represents the future of computing.

During the last several years he has given talks literally around the world on the use of Open PC hardware in conjunction with Open Source Linux software to build and deploy inexpensive Linux thin clients.

Mr. Jacobson will present "Thin Clients and the Future of Linux" at 11:00 on Saturday in Room A. The presentation will review how the Linux desktop of the future will use the Open Source LTSP Linux product to drive Open PC diskless workstations (ThinStations.) The amazing part of his talk is that he will tell how this combination of software and hardware has saved his clients hundreds of thousands of dollars to deploy complete Linux installations to replace Microsoft desktops and servers. Unique Systems has done this in large manufacturing, professional services and food distribution companies. Glenn will explain why he thinks that this combination will lead the way towards the Linux desktop of the future.

More information about Mr. Jacobson and Unique Systems can be obtained at their web site, www.uniqsys.com.

Mr. Hamrick works out of the Meson Group offices in Palo Alto, California and is active in many local and international professional organizations. Previously the manager of the Secure Product Development Group at Borland/Inprise; a Cryptologic Engineer at Certicom Corporation, Uptronics Incorporated, and RSA Data Security Incorporated; and a technical marketing specialist at Bell Canada International and Convex Computer Corporation.

Mr. Hamrick will be presenting "Using XML as a Transport for Secure Assertions" at 16:00 on Friday in Room A. XML is rapidly becoming the ASCII of the new Millennium and there are already at least three separate proposals for how to use XML as a certificate format. This talk examines exactly what it is we're trying to do with certificates, and propose that authenticating the contents of the certificate is less important than authenticating the secure assertion it represents. When viewed this way, systems can be made in which trusted databases are populated with relatively complicated assertions which are transported between secure execution environments via signed XML messages.

This talk will address the problems with existing certificate formats (including existing XML formats.) Presented as a replacement is the Meson XML/XSLT recommendation, a system for storing, authenticating, and keeping private assertions about keys, people, systems, and things in the real world.

And we will tell one or two jokes about Microsoft.

Mr. Kanies will be presenting "Concentrating on LDAP" at 23:00 on Friday, discussing the current and future roles LDAP can play in managing name service information, which we all spend too much time dealing with. Security, management, and coding will be included.

Mr. Glass will be presenting "Assessing and Enhancing Windows 2000 Security Using in-box Tools" at 13:00 on Friday in Room B. This class is designed for the system administrator and IS auditor who is not sure how to take advantage of the security tools provided by Micorosoft for the Windows 2000 platform.

Mr. Hayden earned a Ph.D. in Computer Science from Cornell University. As part of his Ph.D. research, he was the primary author of the Ensemble fault-tolerant communicaton toolkit. This freely-available software is used in many commercial high availability products and research projects. A derivative of the Ensemble software forms the core of North Fork Network's storage system. He has published numerous articles in the distributed systems research literature and has a patent on optimizing communication protocol performance.

Mr. Hayden will be presenting "Commodity Hardware-based Scalable Storage Systems" at 09:00 on Sunday in Room B. He will present the various approaches to building high-end, scalable, and fault-tolerant storage systems out of PC hardware, and will describe many of the issues that arise in making low and medium-end hardware to behave like enterprise-class storage systems.

Joshua Teitelbaum is a software engineer whose focus is primarily on financial workflow applications, application layer security, and pervasive cryptography to help secure the civil liberties of all. Joshua is best known for CryptoMail, an encrypted Email program developed for the World Wide Web. His work is currently hosted at www.cryptomail.org. Joshua Teitelbaum is currently working for a fortune 400 company, developing a trade order management system. He has been the lead software engineer for a number of projects and enjoys developing secure, web-based applications and protocols.

Mr. Teitelbaum will present "CryptoMail: Pervasive and Transparent Email Cryptography for all" at 16:00 on Saturday in Room B. CryptoMail is intended to be a secure, end-to-end encrypted Email solution implemented with a "zero client install" tactic. Users simply create an account from any java enabled browser, and then send and receive mail securely. The primary part of the session will address the rationale for building CryptoMail and the final part of the session will describe in detail, the application layer and network layer protocols of CryptoMail.

The first version of the CryptoMail Email System was written by Joshua Teitelbaum in the Fall of 1999, after one of the most popular web-based Email services (Hotmail.com) had major security problems. Joshua was concerned by the security issues of those web-based Email services, since Email messages had not been encrypted, neither from the client nor within the server. Time and time again, service after service, the same security issues kept arising. Can we really trust big corporations that provide web-based Email services? Are we really willing to give up our freedom to perform private communications just for free web-based Email?

The answer to Joshua's concerns is obvious: We should start an open source end-to-end secure web-based Email system project. With regard to cryptography and application security, open source allows many programmers around the world to foresee any security flops within the Email system. Furthermore, an open source format opens up the server side and allows everybody to host their own web-based Email service. Since then, Joshua has written the foundation codes for the CryptoMail Email System.

Sarah Loyd holds a B.Sc Hons. degree from Keele University and a M.A. degree from Cambridge University. She has been involved in Unix Systems administration and networking since 1978. She worked as a consultant prior to working as a Senior Systems Administrator for the Department of Applied Mathematics and Theoretical Physics at Cambridge University for four years. Since then she has worked as a Senior Consultant for ISS (Internet Security Systems) in the field of UNIX Security, as the Manager of the "Knowledge Services Research" team for ISS and is currently employed as a UNIX and security guru for Logica.

Ms. Loyd will presenting "Running and configuring BIND securely" at 19:00 on Saturday in Room B. The speech will look at the security risks in BIND, and illustrate the talk by attacking two BIND servers running on virtual machines, live. She will then go through all methods of enhancing BIND security such as chroot gaol, id_pool, DNSSEC and TSIG and show the consequences for the attacker of running these options.

Mr. McCarthy will present "Microsoft Passport and the Quest for Single Sign-On" at 13:00 on Sunday in Room A. Thanks largely to the legacy installed base of Hotmail users, Microsoft's Passport is the most widely used single sign-on (or sign-in) mechanism on the web today. We'll examine the evolving architecture of the Passport system and the nature of the published attacks on it. Stepping back, we'll discuss the goals of single sign-on and consider future directions for Passport and similar projects like the Liberty Alliance. Hopefully this will be neither a marketing nor bashing session for Microsoft. I can attest that not all Microsoft employees are evil, incidentally, having dated one....

Mr. Keeney will be presenting "Sniffing 802.11b for fun and profit" at 13:00 on Saturday in Room A. Demonstrations of traffic caught while war driving, how to find 802.11b LANs without special tools, and finding "stealthy" 802.11b LANs.

Ryan Fox is the project leader of NOLA, a GPL web based business accounting, inventory, and payroll package, and CCC, a GPL lightweight inventory and job tracking system for computer companies. Ryan has been doing web development for 10 years, including developing commercial web applications for Fortune 500 companies. He spends his 9-5 at Noguska, guiding the development of their open source and commercial software solutions.

Mr. Fox will be presenting "Secure Web Application Design" at 09:00 on Saturday in Room B. It will cover the properties of Web applications, and how that effects security. Issues regarding PHP and SQL, PHP variable setting, sanitizing input, and authentication will be covered. The server itself will be looked at, and ensuring a secure path between the client and web application. Time permitting, there will be a group activity to find a vulnerability in a given package.

Linux is his preferred operating system, but he has a variety of different boxes on the top secret coke-diet LAN. His hobbies are coding, coding, and making fun of people that don't code. Almost everything he knows is self taught, with the exception of two years of college for computer science. Currently he holds a job with the worlds largest private label credit card financing company.

plastek will present "Linux Kernel Security Basics" at 19:00 on Saturday in Room A. He will go over the basics of Linux kernel security. Memory management, process management, kernel modes, syscalls, loadable modules, and process execution are a few of the topics that will be touched upon. The idea of the speech is to give as much information about how the Linux kernel handles permission type j0nx in the time available. Expect to learn how suid files work on a hardware level.

I began in computers around 1988. I was a regular to BBS's in the local area. Later I learned about Phreaking and making a red box and stuff. I found the idea interesting of making phree calls and shit. It was cool! Now I could call long distance boards with my 1200 baud modem (later got a 9600 when they came out. I thought it was zooming then). Later chatted with Techman! Really private guys (a whiz tho'). Slowly started opening up and later I found out that he was a black guy from Detroit. We shocked each other. Most of us didn't have computers, and some really didn't know what it was at the time, or a modem, BBSing or the Internet.

I learned more (mostly hands on). I learned all the mods, tweeks, test modes, etc. of all cellulars out at the time, reading skamaticz, building cables, etc. What really got my attention was the night I finally met Techman after many missed appointments. Told me to buy a NecP300 from a pawnshop, turned the joint on right from a laptop inside his ride at the gas station. I was hooked! Later we hook one night, with the clones, and I made $1200 that night in 8 hours... most of the time he was teaching, talking shit like guys do, and cracking jokes. $1200 it was OVER for me then. The money was CRaZY! Many stories passed and escapades...

Later we learned we caused a 38% loss in cellular sales here in MI, and they were going to work on a system called pick-up-and-go to curb the cloning market! It wouldn't be long for me. Then the Bust! I had 38 counts! Including cellular cloning, conspiracy to access, possession of misc. unknown elect. devices, possession of hacking material, possession of company and personal info, frauds of different types... the list goes on. But the main thing they were after was the economics with the biggest payoff 10-29a,b Cellular Cloning. I went from 6-7 years to 2-3 years then to 12-18 months (beat the indictment) to 10 months. 5 in a halfway house and 5 on a tether. Restitution was $128,000. Then at $500,000 plus fines. All my points were from what they believed I earned and cost the companies (Ameritech and CellularOne). This was where my battle was.

Cybertr0n will be presenting "The Ins and Outs of Being Caught: A Personal Story of Celco 51" at 24:00 on Saturday in Room A.

Mr. Yuill will be presenting "Using Military Intelligence Techniques for Incident Response Investigation" at 15:00 on Friday in Room A. Military intelligence is principally concerned with estimating an adversary's disposition and courses of action, both current and future. The U.S. Army and Marine Corps have developed a process for systematically making such estimates. This process focuses on three aspects of battle: 1. A tactical model of the terrain, 2. The enemy's capabilities and intentions, 3. Estimates of the enemy's courses of action: likely, possible, and most dangerous.

Our research applies this military intelligence process to the process of investigation during a incident response. Tactical models of the network are built. Current incident response literature focuses on finding evidence of hacker activity. Following the approach of military intelligence, this evidence can be used to build models of the hacker's capabilities and intentions (C&I). Combining tactical models of the network with models of the hacker's C&I, estimates can be made of the hacker's courses of action.

Earlier versions of this research have been presented at the RAID and FIRST conferences, and published in the journal Computer Networks. The presentation at Rubi Con will be of our latest developments. This includes the application of investigation theory from jurisprudence (law,) and the development of a data-management system for investigation. Our research is a work in progress --correcting prior problems and making some advances.

Hecking received a MS Eng in Electrical Engineering/Microelectronics at Technical University of Darmstadt, Germany in 1993. Then went on to do a Ph.D. at the National Microelectronics Research Centre (NMRC) in Cork, Ireland, but didn't finish. He changed directions and went into IT, and works now as a UNIX sysadmin at NMRC.

He started hacking in the early 90s when the first gcc ports for AmigaOS were available. Contributed to Fred Fish's ADE project (Amiga Developer's Environment) which later became GeekGadgets. Became involved with GNUplot development in 1996, mainly over portability issues, took over project lead in 1998 and made the first new GNUplot release in six years in 1999. Started using AMaViS at work in 1999, and after emailing bug reports and patches, he found himself subscribed to the developer's mailing list. When Chris Mason, who rewrote AMaViS in Perl, pulled out for personal reasons, Hecking took over AMaViS-Perl maintenance. The rest is history. Contributions to other projects include mutt, mp, SCCS, and autoconf, but mainly involving portability and autoconf/automake stuff.

Mr. Hecking will present "Development and Application of AMaViS, an Email Virus Scanner" at 16:00 on Saturday in Room A. It will cover the history, implementation, and functionality of this email virus scanner.

He has been a pet wrangler, a librarian, a network engineer, and a security consultant. Somehow he persuaded the Boy Scouts to award him an Eagle.

Mr. Lucas will be presenting "SNMP-based Network Monitoring" 22:00 on Friday in Room B. The presentation will cover SNMP and data tracking tools. A sysadmin cannot define "abnormal activity" until he knows what normal is. This makes defining and tracking a system's normal behavior a vital part of computer security. You'll learn how to gather long-term system performance data using freely-available software such as net-snmp and MRTG.

Mr. Margita will present "TCSM and Security Measures" at 21:00 on Saturday in Room B. He will also set up a table with sweep equipment as a display, and to answer questions about TSCM (Technical Surveillance Counter Measures), Electronic Counter Surveillance, and Counter Espionage.

Mr. Hunsinger will be presenting, "It's About US: The Political Dimensions of Internet Security" at 09:00 on Saturday in Room A. The presentation will address the social and political implications of Internet security. Mr. Hunsinger has conducted extensive research in the area, it being one of the areas of his dissertation. He will discuss the broad range of problems and possibilities while keeping them in an understandable context.

Mr. Labelle will present "Secure Tunneling With IPSec" at 11:00 on Sunday in Room B. The session will cover VPN analysis, secure tunneling implantation, configuration and installation under most common operating systems, from the big boys to the ones you should use in the real world. It will cover some of the encryption algorithms used and how to optimize them. If time allows, there might be a special game called "Crypt This" (maybe "blowfish me") in which players will compete to write the best encryption algorithm. The best algorithm will win a special prize which could be anything from a t-shirt, some beers, a thumb screw or whatever funny... Jon Erickson is preemptively barred from this competition.

Working as a French security programmer, I often write white papers on security subjects. I like to explain to everybody how security works and my dream is to demystify computer security.

Mr. Tricaud will be presenting "Analysis of Port Scanning Methods" at 14:00 on Sunday in Room A.

Ron's work in the machine tool industry, along with his love of Linux, has come together with some of the software projects he has authored. Some of those projects include ABEL - the Allen Bradley Ethernet Library for Linux - and CELL - the CIP/Ethernet Library for Linux.

Mr. Gage will be presenting "Reverse Engineering a Proprietary Industrial Communications Protocol using Linux" at 12:00 on Sunday in Room A. The talk will give real-world examples of how Linux based tools can be used to write communications drivers to talk with various industrial machine tool controllers.

He has worked on several projects in his career including the SPOCK project at Georgia Tech, where the programming environment for a custom parallel computer is built; the RAW project that developed a simulation tool for evaluating reconfigurable computers; the MACTAC project at Clemson that developed satellite telemetry processing hardware for a desktop personal computer; the PVFS project that developed a parallel file system for Beowulf parallel computers, and the CECAAD, RCADE, CERSe, and COVEN projects which focus on programming environments for various application domains. Mr. Ligon's research has primarily been supported under grants from NASA Goddard Space Flight Center and the National Science Foundation.

Mr. Ligon will be presenting "Beowulf: Coming Out of the Underground" at 10:00 on Sunday in Room B.

Ms. Vesperman is the current co-ordinator for Linuxchix.org, a largely online forum for women (and men) who find the traditional Linux user groups to be less than friendly. "RTFM" is a forbidden answer on the Linuxchix lists --at a minimum, it must be accompanied by the name of the manual and how to find it. Jenn finds this a challenge --especially when she has no idea about the topic in question herself.

Ms. Vesperman will present "Linux PAM" at 01:00 on Saturday in Room B. Modern Linux systems have a highly flexible, highly configurable security system preinstalled --and underutilised. By default, PAM mimics traditional Unix security, but it is flexible and allows almost any program to use almost any security system. This talk will discuss some of the options PAM makes available, and some of the possible ways it can be extended.

Jose is also a founding partner in Crimelabs, a hacker collective based throughout the US. His research interests include trust relationships, widespread intrusion analysis and methods, firewall implementations (and their evasion), and, of course, bit entropy.

Mr. Nazario will be presenting "Secure Shell Session Keys: How Random is Random?" at 18:00 on Saturday in Room B. The secure shell (ssh) has been widely adopted due to its ease of use and obvious improvements in security over rsh and telnet. In this scheme, the client directs the negotiations concerning the cipher, and also generates the session key. This poses a potential problem, as some implementations may be weaker than others.

How far can we trust ssh clients to "do the right thing"? How random is random? An entropic analysis of the keys generated by several clients will be discussed.

Triax will be presenting "UPnP: Microsoft's 'holey' vision" at 24:00 on Saturday in Room B. UPnP, Micro$oft's vision of a totally plug and play network. It works for computers, wireless devices, and those fancy new smart appliances like WinCE toasters. Code is written in an XML format, allowing devices to be connected to the network with no configuration whatsoever. However, it uses UDP, and has numerous security flaws. I intend to cover the UPnP Device Architecture, and its uses in multiple situations. It will be given from the perspective of the hacker (naturally...)

Sir Ace will present "Corporate Networking: NIS, DNS, NFS, clustering, and blahness in the void" at 12:00 on Sunday in Room B. As for the session, I would like it to be a Q&A based thing. I'd first like to go over things like NIS, DNS, RPC, general networking, and NFS. Then move on to clustering, what types of clusters are most benifited from, and when to use them. If time allows and if anyone is interested, I would like to be able to do a quick and dirty howto on setting things up from scratch.

System Administrator in the Electrical Engineering and Computer Science Department at Case Western Reserve University in Cleveland, OH with a focus on Windows technologies. Holds a BA in Computer Science and is currently pursuing a Masters degree in the same area. He is interested in all areas of computer administration, with a focus on network security as well as the effects of computing on human interaction and social exchange. A veteran at giving seminars to local student groups as well as being involved with organizing computer and network security conventions, Froggy is also a founding member of The Geek Empire out of Cleveland, a computer geek co-operative that offers education to members and Internet services to its clients.

Mr. Schneider will be presenting "Computing considerations in an educational environment" at 17:00 on Saturday in Room B. Educational computing differs significantly from corporate computing. The rules that work for businesses and groups that intend to actually make money can be thrown out the window. This talk will explore the differences between the two computing paradigms, pinpoint some of the "gotchas" sysadmins entering education do not often realize and relate from first hand experience some of the decisions and situations that I have had to go through. I will also discuss reasons why Open Source software can be helpful and even essential. Finally, I will discuss why someone might want to make the trade off of a good salary to work in the education industry.

Mr. Dergachev will be presenting "Evolution of Open Source Projects" at 13:00 on Sunday in Room B. It will include a 30 minute description of how open source projects are born, live, and die, and a session for audience questions.

Mr. Mozurkewich will be presenting "The Ownership of You: Peer-to-Peer" at 12:00 on Saturday in Room B. That Mr. Mozurkewich's thesis is peer-to-peer networks, it should come as no surprise his presentation is on the same. For the past two years Karl has done "Networking 101" and "Networking 102," this year he departs from the basics of networking and attempts to convince us why p2p network models will assert their ownership upon us over the next few years, not only demonstrating why, but showing us why they have failed in the past and how they can be fixed. Beware, this presentation will not only contain violence and nudity, but will also contain technical jargon and corporate buzzwords.

Mr. Kivel has been employed as an Ameritech Authorized Distributor for the past 3 years. Prior to his training as a certified system technician and installer, he was an evil little phreak with a dark sense of humor. He has been heard to claim the title of "best field tech ever" to many Ameritech supervisors, and then amends the thought with "not that your trained chimps aren't professionals, or anything."

Mr. Kivel is one of the few certified Nortel Networks BCM installers in Michigan (the only other company certified as of this writing is Ameritech). He will discuss the weakness' and basic design flaws within the BCM, as well as the importance of being either "a hacker that phreaks" or "a phreaker that hacks."

Mr. Kivel will be presenting "Voice over IP and the Horrors of NT" at 11:00 on Sunday in Room A. Northern Telecom has its own Voice Over IP capable multi-site system (the BCM.) Kivel will discuss this system, and the ugly, scary secret it harbors: It's based on Windows NT, and requires Outlook to do most of the interesting features.

Mr. Hotelling will be presenting "War Dialing in the 21st Century" at 03:00 on Sunday in Room B. War dialing seems like something that just isn't considered anymore, by white hats or black hats. Because of this there has been a lack of research in the area in recent years. Mr. Hotelling will be presenting his findings on the current state of war dialing, including an explanation of the tools available at http://george.hotelling.net/projects/phonedump.php and an overview of his findings from wardialing in southeast Michigan.

A telco geek with too little supervision on the job, Myself likes to curl up with a good manual, frequently while sprawled out in the cable rack above an ESS machine. A background in computers and electronics, and the ability to explain almost anything to almost anyone, should make for an interesting talk. Bring your questions! Bring your t-berds! And bring the numbers you found while wardialing that you couldn't make sense of!

Myself will be presenting "Introduction to digital transmission systems and maybe other neat stuff" at 17:00 on Friday in Room B. At least the first ten minutes will be an overview of T-1, T-3, SONET, and some of those other telco words that most computer geeks don't really understand. After that, it'll probably turn into a panel Q&A session, with whatever other telco geeks manage to drop in.

Mr. Erickson will be presenting "The Password Probability Matrix: A winnowing method for brute-force password cracking using lossy compression" at 23:00 on Saturday in Room B. He will present the specifics for a newly developed password cracking method, and perform a demonstration of it. The method is a hybrid between using computational power and storage space for an exhaustive brute-force attack utilizing a compressed matrix of probabilistic values. He will demonstrate the ability to crack any 4 character password with a fixed salt in under 8 seconds (on a pIII 450), using only a 141 meg file. A normal exhaustive brute-force on the same system would take over 2 hours, and flat text storage of the plaintext/hash pairs would normally use over a gigabyte of storage. This translates to 99.9% keyspace reduction and 89% storage compression.

Admin-X- will present "New Technology File System and Alternate Data Streams" at 24:00 on Friday in Room B. The presentation is based on NTFS and Alternate Data Streams. Giveing an overview and backgroud of ADS, and demonstrating why ADS could be "danagerous." Also supplying propaganda for programs to find Alternate Data Streams, and various other tools.

Darkcube will be presenting "GOT ALL MAH' HOES ON LOCKDOWN..." at 02:00 on Saturday in Room B. It will be a three part, quick and easy guide to auditing the (in)security of a Solaris host, penetrating it, and then securing it against intrusion.

The first part of this presentation will cover remote and local discovery methods to assess the relative security of a solaris host; Vulnerability scanning, RPC services, and various network and host based techniques one can use to determine a path into the machine. The second part will cover what to do with this information; i.e., actually breaking into the machine, placing backdoors/trojans, and hiding one's self from the admins. The final part is for the admins... It covers several methods administrators can use to secure hosts running Solaris; Stack protection, filesystem permissions, system logs, and third-party software.

rious will be presenting "Physical Security and the Enterprise Network" at 02:00 on Saturday in Room A. This session is intended as a companion to the "PND Demonstration" session. rious will discuss not just how to access secure rooms in secure buildings, but what to do when inside. He will address how networks can be compromised readily and thoroughly via physical attacks, and how to go about doing just that. He will illustrate this with colorful examples and some personal stories. Audience participation is encouraged, as most everyone has a good story about "physical intrusion."

Eta will present "TCP/IP 101" at some as yet unspecified time. The session will cover the basic structure and function of TCP/IP, why TCP/IP is so important, common UNIX tools such as whois, tracerout, and ping, their functionality and how they actually work, and other basics of networking. If time allows, Eta might address some of the common exploits and weaknesses of IP, such as ICMP, Smurf, teardrop, and spoofing.

Members RijilV and rious will be releasing the Project Nexus Distribution (pnd) Linux variant. pnd fits on and boots off a credit card size CD, and reaffirms the adage that physical security is part of network security. The demonstration will show how pnd can be used to pull information off of a host computer as well as exploit trusted networks. "PND Demonstration" will be at 23:00 on Saturday in Room A.