In 2006, more than 48 million personal records were exposed according to the Data Loss Archive and Database maintained by attrition.org.
Information published by Ponemon states that data breaches have increased by 31% this year and the average cost incurred to disclosing companies is 182 dollars per compromised record.
This equates to $8.7 billion dollars in financial losses for 2006.
|
|
| |
- IOActive hosted its RSA Con party at the hip, downtown San Francisco restaurant ROE on Tuesday, April 8. The event was very well attended and we had a great time. A big thank you to everyone who joined us!
- Dan Kaminsky delivered his Black Ops of Web 2.0: DNS Rebinding Attacks at RSA Con.
At the root of web security is the same origin policy, which allows most resources to communicate with each other only if they come from the same host name. But one name can be mapped via DNS to many IP addresses, some local and others not. The effect? You come to my page, I VPN onto your LAN. And that's only the beginning.
- Jason Larsen and Michael Hamilton, CISO for the City of Seattle, delivered Protecting the Last Mile: Information Security in Local Government at RSA Con.
In local government, information security and risk reduction controls compete with putting police on the streets and filling potholes. While there is increasing incentive for local government to create efficiencies by enabling critical technologies using Internet Protocol, this is typically carried out without the oversight applied in the private sector. The result is public safety, transportation, power, and water systems supported by unsecured technoogy.
- Jason Larsen and Walter Pearce presented SCADA Defense: Protecting Critical Infrastructure training at SANS Orlando 2008
.
- Jason Larsen presented Applied SCADA Security at SANS Orlando, to the MS-ISAC, and to the AGORA Security Organization.
- IOActive attended SANS Security 2008 in Orlando, Florida.
- IOActive attended Infosecurity Europe 2008 at the Grand Hall in Olympia, London.
|
| |
|
|
| |
- Josh Schmidt speaks on the Security Development Lifecycle at (ISC)2 Risk Management in Orlando Florida.
-
- Ted Ipsen speaks to the Washington Computer Incident Response Center at their general meeting on February 21; he will be discussing security integration with the Secure Development Lifecycle.
-
- Jason Larsen and Walter Pearce deliver SCADA Defense: Protecting Critical Infrastructure training at BlackHat Federal.
|
| |
- Jason Larsen contributes to two keynote panels: How real is the threat and how is it changing? and Penetration Testing: How the attackers get through your defenses at SANS Security 2008 in New Orleans.
|
| |
- IOActive sponsors the OWASP and WASC AppSec 2007 Conference at eBay in San Jose, California
|
| |
- IOActive security consultant, Josh Schmidt, addressed the Pacific Claim Executives Association during their semi-annual meeting in San Diego on the topic of Wireless Insecurities.
|
| |
- IOCON
- Click here to see a photo
- IOActive's inaugural IOCON Speaker Symposium featured some of the security industry's brightest minds discussing Web design review, firewalls, and securing SCADA devices. The following presentations were delivered by IOActive security consultants:
- Topic: Black Ops 2007: Design Reviewing the Web
Presenter: Dan Kaminsky
DNS rebinding is an old attack that has returned after a decade to break fundamental security assertions of the web. Dan demonstrated, without the use of any fixable vulnerability, how web browsers can be coopted to expose your internal network. < Download the PowerPoint presentation >
- Topic: Firewalls Visualized
Presenter: Damon Cortesi
Firewall rulesets are difficult to locate and rarely understood. Unfortunately, these intangible lists are the basis for some of your most important network security devices and frequently grow organically with no understanding of their overall effect. Utilizing visualization, Damon showed how to effectively analyze, review, and ultimately gain a better grasp on your network security infrastructure. < Download the PowerPoint presentation >
- Topic: Securing SCADA
Presenter: Jason Larsen
Critical infrastructure are under more threat than ever before, and historic cyber attacks were only theoretical, but SCADA hacking has now gone mainstream with presentations in open conferences. Jason described the technical aspects of hacking today's industrial control systems, who's currently attacking them, and what the near future will look like. < Download the PowerPoint presentation >
- TOORCON
- IOActive Sponsors ToorCon, a rapidly growing information security convention in San Diego, California. The convention's objective is raising public awareness of information security, and demonstrating/teaching methods that bring about an enhanced level of security. IOActive sponsored both ToorCon San Diego and ToorCon Seattle (Beta) in May 2007.
|
| |
- TRAINING:
IOActive Gold Sponsor of BlackHat Vegas, Visit us at booth 19!
|
|
|
- TRAINING:
Dinis Cruz of IOActive will be delivering Advanced Security
Training For ASP.NET Developers in London UK - April 10 - 11, 2007
- TRAINING:
Dinis Cruz of IOActive will be delivering a Dojo on Advanced
Security Training For ASP.NET Developers in Vancouver Canada - April 16-17 2007
- TRADESHOW:
INTEROP Las Vegas
May 22-24
|
| |
- TRADESHOW:
IOActive Gold Sponsor of BlackHat Europe, Visit us at our booth!
TRAINING:
IOActive delivering "Advanced Asp.Net Exploits and
Countermeasures" at BlackHat Europe - March 27 - 28, 2007
TRAINING:
Dinis Cruz of IOActive Delivering Advanced Security Training
For ASP.NET Developers in Ashorne Hill UK - March 20 - 21, 2007
SPEAKING:
Chris Paget speaking at ShmooCon March 23 - 25, 2007
|
| |
- SPEAKING:
Chris Paget speaking BlackHat Federal on RFID Security
- TRADESHOW:
IOActive at RSA Con 2007, Visit us at booth #2746!
- TRADESHOW:
IOActive Gold Sponsor of BlackHat D.C, Visit us at our booth
|
| |
- TRADESHOW:
IOActive Sustaining Sponsor of BlackHat December 2006
- SPEAKING:
OWASP Seattle - Ward Spagenberg of IOActive on the topic
"Unraveling PCI".
SPEAKING:
Dan Kaminsky / Black Ops 2006 Viz Edition / Chaos Computer Club /
|
| |
- IOActive exhibits at Seattle's ITECH conference.
|
| |
- IOActive exhibits at ITEC, Seattle, WA
|
| |
- IOActive quoted in the Wharton School article: "Do you know where your identity is? Personal Data Theft Eludes Easy Remedies"
- IOActive quoted in MSNBC article: "Mississippi joins list of colleges leaking data"
- IOActive exhibits at Face2Face, Portland, OR
|
| |
- IOActive is the official Gold Sponsor of the BlackHat Windows Security conference in Seattle. Come down and see the ioactive team in action!
|
| |
- IOActive is the proud supporting sponsor of the Washington Rain's Homeland Security Summit. Come down and learn how your federal government is trying to protect you!
|
| |
- IOActive's senior consultant presents "Writing NMAP using Microsoft specific API's" to the Puget Sound's ISSA chapter.
|
| |
- IOActive presents wireless man-in-the-middle ( MIM ) attacks to the Agora. IOActive demonstrated that MIM attacks could take place from as far away as 5 miles using specially modified 802.11 gear with or without WEP security.
|
| |
- IOActive's President, Joshua Pennell, speaks in front of the Agora Security Group on the security infrastructure supplied for the Reform Parties Presidential Primary election.
|
|
EVENTS
NEWS 
CONTACT US 
APRIL 2008 