PRESS RELEASE: SPEAKER ALERT | October 1, 2013

Gunter Ollmann, Chief Technology Officer for IOActive, to present Penetration Testing with Live Malware at VB2013

London, UK ― October 1, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, announced today that Gunter Ollmann, Chief Technology Officer, will present Pentesting with live malware at VB2013.

There is a growing need to assess corporate security postures with real ’live’ malware. As malware is still the primary vehicle for breaching the perimeter defenses, organizations continue to shy away from testing the latest breed of defenses against the threat. With layered defenses and a reliance upon dynamic content inspection technologies at the perimeter, it has become critical that organizations assess those defenses from a hacker’s perspective.

In his presentation, Gunter aims to communicate the need for the inclusion of real ’live’ malware usage in penetration testing methodologies. He will also provide attendees with steps and tactics that can be used to prevent run-away malware scenarios.

Details of the presentation:

WHAT:             Pentesting with live malware
WHERE:           Maritim Hotel Berlin, Berlin, Germany
WHEN:             Thursday October 3, 2013 at 10:00am
INFO:               http://www.virusbtn.com/conference/vb2013/index

About VB2013
The VB Conference is an annual event at which the brains of IT security from around the world gather to learn, debate, pass on their knowledge and move the industry forward. The event provides three full days of learning opportunities and networking with industry experts and covers all aspects of the global threat landscape. Whether you are an IT professional charged with defending your organization’s systems and data or a vendor-based security researcher, VB2013 offers opportunities to learn from the best in the industry, discuss methods and technologies, and build contacts.

About Gunter Ollmann
As IOActive’s Chief Technology Officer Gunter Ollmann plays a key role in shaping IOActive’s services strategy as the company embarks on its next phase of growth and leadership in innovative service offerings in semiconductor security, embedded software risks and device threats. Prior to joining IOActive, Ollmann served as the vice president of research and CTO at Damballa, where he focused on inventing new crimeware mitigation technologies and the identification of criminal operators behind botnets and other advanced persistent threats. Before joining Damballa, Ollmann held several strategic positions at IBM Internet Security Systems (IBM ISS), most recently as chief security strategist. In this role, he was responsible for predicting the evolution of future threats and helping guide IBM’s overall security research and protection strategy, as well as serving as the key IBM spokesperson on evolving threats and mitigation techniques. He also held the role of director of X-Force and was former head of X-Force security assessment services for EMEA while at ISS (which was acquired by IBM in 2006).

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.

-###-

PRESS RELEASE: SPEAKER ALERT | September 26, 2013

IOActive Experts to present and host workshop at BruCON

London, UK ― September 26, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, announced today that Stephan Chenette, director of research and development for IOActive, and Eireann Leverett, senior consultant for IOActive, will present at BruCON in Belgium.

Eireann Leverett and Matt Erasmus will host Foundational Packetry: Using the Internet on God Mode, a workshop designed to teach attendees about the foundational protocols of the Internet. Eireann and Matt will help attendees become skilled with Scapy, Wireshark, and manipulating packets, in order to gain a deeper understanding of low-level network traffic. The information from this workshop will enable other skills such as constructing firewall rule sets, NetFlow analysis, and IDS/IPS deployments.

Stephan Chenette will present Building Custom Android Malware for Penetration Testing. Stephan will provide insight into today’s malware techniques and Android malware solutions. Stephan will also demonstrate the benefits of systematically breaking down the functionality of Android malware in order to better understand defensive technologies.

BruCON is a two-day, security conference held at the Aula Academica of the Ghent University in Gent, Belgium from September 26-27. IOActive is proud to be the event’s party sponsor. For more information on the event, please visit: http://2013.brucon.org/.

WORKSHOP:	Foundational Packetry: Using the Internet on God Mode
WHERE:	Aula Academica of the Ghent University, Gent, Belgium
WHEN:	Thursday September 26, 2013 at 4:30pm
INFO:	http://2013.brucon.org

PRESENTATION:	Keynote: Building Custom Android Malware for Penetration Testing
WHERE:	Aula Academica of the Ghent University, Gent, Belgium
WHEN:	Friday September 27, 2013 at 3:30pm
INFO:	http://2013.brucon.org

About BruCON
BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organised in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community. The conference tries to create bridges between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organisations, CERTs, students, law enforcement agencies, etc.

About Stephan Chenette
Stephan Chenette is the director of research and development for IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive research team. Stephan has been involved in security research for the last ten years and has presented at numerous conferences including: Black Hat, CanSecWest, RSA, RECon, AusCERT, ToorCon, SecTor, SOURCE, BruCON and PacSec.

Stephan’s specialty is the writing of research tools and investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for six years and a security software engineer for four years working in research and product development at eEye Digital Security.

About Eireann Leverett
Eireann Leverett is a senior consultant for IOActive where he focuses on Smart Grid and SCADA systems. He studied Artificial Intelligence and Software Engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in Cambridge’s computer security group. In between, he worked for GE Energy for five years and a six-month engagement with ABB in their corporate research department.

Leverett’s MP thesis at Cambridge was on the increasing connectivity of industrial systems to the public Internet. He focused on finding the cheapest way to find and visualize these exposures and associated vulnerabilities. He shared the data with ICS-CERT and other CERT teams globally and presents regularly to academic and government agencies on the security of industrial systems. In his spare time, Leverett is a circus and magic enthusiast and likes a fine wine or craft beer.

-###-

PRESS RELEASE: SPEAKER ALERT | September 25, 2013

IOActive’s Ian Amit to Deliver Red Team Presentation and Workshop at DerbyCon 3.0

Seattle, USA ― September 25, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, today announced that Ian Amit, director of services, will present Seeing Red in Your Future?, and host an accompanying workshop on red team testing starting today at DerbyCon 3.0, which starts today.

During his presentation, Ian will discuss the basics of red team (or full scope) testing and explain how to get the most out of this process based on his years of experience. Some of the topics he will cover include:

The right time for red team testing from a security maturity perspective
How to scope, procure, and manage a red team test
How an organisation should prepare for a red team
How to assure that an organisation gets the maximum benefit from red team testing
How to effectively apply the insight from the red team test to an organisation

During his accompanying two-day workshop on red team testing, Ian will teach attendees how to create a red team engagement methodology with repeatable test results, metrics and actionable findings. He will cover all of the elements of a red team test including planning and scoping, intelligence gathering, target selection, vulnerability analysis, risk analysis, exploitation and execution, resource usage and ad-hoc agent deployment, post-exploitation, documentation and recording of evidence, damage analysis, and final reporting.

IOActive offers red team testing as part of their full line of security services. A red team test is a no-holds barred, end-to-end assessment of an organisation’s security infrastructure and potential vulnerabilities.

Details of the presentation:

WHAT:             Keynote: ’Seeing Red In Your future?
WHERE:           Hyatt Regency, Louisville, Kentucky, US
WHEN:             Friday September 27, 2013
INFO:               http://www.derbycon.com/

Details of the workshop:

WHAT:             Red Team Testing
WHERE:           Hyatt Regency, Louisville, Kentucky, US
WHEN:             Wednesday and Thursday September 25-26, 2013
INFO:               http://www.derbycon.com/

About DerbyCon
DerbyCon is a security conference and training workshop where security professionals from all over the world come to hang out. DerbyCon 3.0 will be held September 25-29th, 2013. Its goal is to keep the event around the same size and maintain a close-knit conference where all can come together to learn and share ideas.

About Ian Amit
Ian Amit is the Director of Services at the leading global security consulting company IOActive. Ian oversees the northeast US services practice including the financial and healthcare sectors, as well as leading the red team division. Ian brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is also a regular speaker at leading security conferences around the world (including BlackHat, DefCon, OWASP, and InfoSecurity), and has published numerous articles and research material in print, online, and through broadcast media. Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew. Ian holds a Bachelor’s Degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.

-###-

PRESS RELEASE: SPEAKER ALERT | September 17, 2013

Ian Amit of IOActive to deliver Keynote Address and Workshop at Colombia’s Largest Information Security Conference

Seattle, USA ― September 17, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, today announced Ian Amit, director of services, will be presenting the keynote presentation – Cyber’ security – all good, no need to worry? – at Security Zone taking place this week in Colombia.

In his keynote address, Ian will address the current state of security that organisations are finding themselves at and have been for the past few years. He will tackle the issue of stagnation that is caused by siloing security into product-based solutions rather than addressing the security issue from a risk management perspective.

He will also talk about how organisations can break out of this paradigm, by creating more overlap between silos and improving the risk management practice from the top down, rather than focusing on “easy to solve” technical issues which end up creating bigger vulnerabilities around them. As part of his talk, Ian will show examples of organisations where the use siloing has been proven not to hold its own as security incidents kept causing loss of reputation and money.

In addition to his keynote presentation at Security Zone, Ian will present a one-day workshop on Red Team Testing with Chris Nickerson. In this workshop they aim to provide attendees with the fundamentals needed to start working on a red team and building one, whether it is on the execution side or at the tested organisation side. They will help attendees understand what the main goals of a red team engagement are, as well as the benefits that an organisation being tested would get from such a test.

As part of its full service delivery capability, IOActive offers Red Team Testing to its customers. A red team test is a no-holds barred, end-to-end assessment of an organisation’s security infrastructure and potential vulnerabilities. All elements of the organisation’s infrastructure are potential targets.

Details of the presentation:

WHAT:             Keynote: ’Cyber’ security – all good, no need to worry?
WHERE:           Pacific Valley Event Center, Cali, Valle del Cauca, Colombia
WHEN:             Thursday September 19, 2013 at 15:00pm

Details of the workshop:

WHAT:             Red Team Testing
WHERE:           Pacific Valley Event Center, Cali, Valle del Cauca, Colombia
WHEN:             Wednesday September 18, 2013

About Security Zone
Security Zone is a world-class event with local and foreign speakers that takes place in the city of Cali, Colombia. The event, which has taken place since 2011, is based on the single objective of ’Respect for diversity of knowledge and development of actions that allow the community to interact with the technologies of computer security world, contributing to the management of ICT.’ Security Zone is recognised as the best information security event in Colombia, Latin America and one of the best in the world.

About Ian Amit
Ian Amit is the Director of Services at leading boutique security consulting company IOActive, where he leads the northeast US services practice looking after the financial and healthcare sectors, as well as leading the red team practice. He brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is also a frequent speaker at leading security conferences around the world (including BlackHat, DefCon, OWASP, InfoSecurity, etc…), and has published numerous articles and research material in leading print, online and broadcast media. Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew. He holds a Bachelor’s degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.

About IOActive

IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.

-###-

PRESS RELEASE: SPEAKER ALERT | September 13, 2013

IOActive’s ICS Experts Lucas Apa and Carlos Penagos to demonstrate new research at EnergySec Security Summit

Seattle, USA ― September 13, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, today announced that Lucas Apa and Carlos Penagos, world authorities on Industrial Control Systems (ICS), will be presenting their acclaimed research titled ’Compromising Industrial Facilities From 40 Miles Away’. For the first time to a public audience, the researchers will be demonstrating the vulnerabilities and attack vectors they uncovered. The presentation will be given at the 9th annual EnergySec Security Summit, being held in Denver, Colorado.

Having uncovered multiple critical vulnerabilities in wireless technologies used extensively in the ICS world and had recent experience assessing the security of next generation deep sea oil platforms, in their presentation, Lucas and Carlos will reveal the dangers of employing poorly implemented and vulnerable communication technologies in facilities that include inherently high profile targets for terrorists; where the price of an attack can be catastrophic. Utilities and Asset managers attending the event will be able to understand and appreciate what they can do to mitigate and protect against this new class of threat.

While moderate technological advancements have been made to ICS in order to improve plant efficiencies, reduce operating costs and increase remote functionality, the security risks presented by these systems has increased exponentially.

Many ICS and Supervisory Control and Data Acquisition (SCADA) systems used in industrial facilities were designed and installed when cyber-attacks were not a prevalent threat, so unsecured network protocols did not present the same dangers as they do today. While most manufacturers and government entities now understand the vulnerabilities of these systems, they are extremely difficult and expensive to repair. There is no convenient or cost-effective means for the widespread distribution and installation of these critical security fixes.

IOActive has one of the largest professional teams of information security researchers working with ICS-CERT in the world. In addition to identifying critical vulnerabilities and threats to power system facilities, the company is working with control system manufacturers and businesses with industrial facilities directly – proactively detecting weaknesses and anticipating exploits in order to improve the safety and operational integrity of technologies that have the potential for massive economic and sociological impact when compromised.

Details of the presentation:

WHAT:             Compromising Industrial Facilities From 40 Miles Away
WHERE:           Magnolia Hotel, Denver, Colorado, USA
WHEN:             Wednesday September 18, 2013 at 09:30am

About EnergySec Security Summit
For more than eight years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on cyber security. Professionals from the energy/utility sector, regulatory and policy, government security, information security solutions firms, technology and standards organizations, AMI suppliers, communication & networking suppliers and more – all attend this conference.

About Lucas Apa
Lucas Apa is a security researcher and consultant at IOActive. His main interests are vulnerability exploitation techniques, embedded reverse engineering, kernel vulnerability research and cryptography. Focused on offensive security he publicly discovered critical vulnerabilities in Windows, Siemens access controls and Apache projects. His work has been presented at world-renowned conferences including Black Hat, Black Hat Europe, Ekoparty and SecTor. He provides comprehensive security services working with the majority of Global 500 companies including power and utility, game, hardware, financial, media, retail, aerospace, healthcare, high-tech, social networking, and software development organizations. Lucas is also currently finishing a degree in Computer Engineering.

About Carlos Mario Penagos
Carlos Penagos is a senior security researcher and consultant for IOActive. He has worked around the world doing consulting and security trainings. His main areas of expertise are exploitation, reverse engineering, bug hunting and cryptography. Carlos holds a Bachelor’s degree in Computer Science and has been awarded with science merit honours for his graduation thesis. In his free time he has disclosed several vulnerability advisories to US-CERT, ICS-CERT and CN-CERT for the world’s most used SCADA/HMI. He also likes coding theory, number theory and ECC.

-###-

PRESS RELEASE: SPEAKER ALERT | August 28, 2013

IOActive’s Chris Valasek to present on Internet Explorer 9 at Nordic Security Conference 2013

London, UK – August 28, 2013 – IOActive, Inc., the leading global provider of specialist information security services, today announced that Chris Valasek, director of security intelligence for the company, will be presenting his findings of string allocations for Microsoft’s IE9 web browser.

The presentation will take place during the Briefings section of the Nordic Security Conference, which takes place this week – 29 to 30 August – in Reykjavik, Iceland.

Valasek’s presentation will focus on how the allocation of memory, specifically user-controlled strings, has played a major role in browser exploitation, especially with regards to heap spraying. The underlying knowledge of JavaScript string allocations was widespread for Internet Explorer 6 through 7. However, while heap spray attacks adapted to changes in Internet Explorer 8 through 9, public foundational knowledge did not keep pace.

Finally, the presentation will cover the brief history of string allocations from Internet Explorer 6 to Internet Explorer 8 and explore current memory management methods for Internet Explorer 9. It will conclude with a look at how newly acquired knowledge can be useful for browser exploitation.

Details of the presentation:
WHAT:          An Examination of String Allocations: IE-9 Edition
WHERE:       Hilton Reykjavik Nordica, Reykjavik, Iceland
WHEN:         Thursday August 29, 2013 at 17:20pm

About Nordic Security Conference 2013
The Nordic Security Conference (NSC) is the most technically-focused computer security conference in Scandinavia. The purpose of NSC is to foster a sense of community in and enhance the knowledge of the computer security communities in Scandinavian countries by hosting the best ideas and training from around the world.

About Christopher Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive. At IOActive Valasek specialises in attack methodologies, reverse engineering and exploitation techniques. While widely regarded for his research on Windows heap exploitation, Valasek also regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM/ISS. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. Chris holds a B.S. in Computer Science from the University of Pittsburgh.

-###-

PRESS RELEASE: SPEAKER ALERT | August 12, 2013

IOActive’s Reid Wightman to present vulnerabilities in Embedded Industrial Controllers at EDSC

Seattle, USA – August 12, 2013 – The leading global provider of specialist information security services, today announced that Reid Wightman, a security consultant for the company, will present at Seattle’s embedded device security conference (EDSC) on industrial controller design issues that compromise the security of these devices and threaten the function and safety of the respective facilities where they are used.

Wightman will focus on embedded controllers used in industrial process control and SCADA systems, calling out specific design flaws and detailing new classes of attack that render them highly vulnerable.

The session will include detailing the “Insecure-By-Design” methodology largely ignored by Programmable Logic Controller (PLC) and Remote Terminal Unit (RTU) vendors to date and what must be done to better protect these critical devices going forward.

Details of the presentation:
WHAT: Hacking your Control Systems at Level 2
WHERE: Golden Gardens Park Bathhouse, Seattle, Washington, USA
WHEN: Wednesday August 14, 2013 at 13:30

Wightman is part of a team of leading SCADA security experts at IOActive that provide customized security services for SCADA vendors and asset owners, including reverse engineering, advanced control logic threat modeling, and in-depth control protocol analysis to detect weaknesses and anticipate exploits quickly. IOActive helps advance the security of SCADA vendors’ products by performing white- and black-box assessments on both software and hardware infrastructure to help improve safety and operational integrity at industrial facilities.

About Reid Wightman
As Security Consultant for IOActive, Reid Wightman is a security researcher who is passionate about security at the lowest levels of industrial control systems networks. He was the project leader of Project Basecamp, which showed that many PLCs and RTUs responsible for controlling critical infrastructure lack basic security. He previously worked for an automation system manufacturer as a hardware and firmware security researcher, and in a former life engaged in offensive security research for the US Government.

About Embedded Device Security Conference
EDSC is a new security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.

-###-

PRESS RELEASE: SPEAKER ALERT | June 14, 2013

IOActive’s Eireann Leverett to present on publicly accessible Industrial Control Systems at FIRST Conference

London, UK ― June 14, 2013 ― IOActive, Inc., a leading provider of application security, compliance and smart grid security services, today announced that security consultant Eireann Leverett, will be presenting national and global case studies highlighting the mitigation of publicly accessible industrial control systems at the FIRST Conference in Bangkok next week.

In his presentation, Eireann will address the importance of engaging with incident response teams of those companies using ICS systems. He will show his analysis from the past two years whether the problems these organisations are faced with are getting better or worse over time.

IOActive regularly performs penetration testing and security assessments to help organisations identify areas of weakness and high risk in their network. In doing so, these companies have the knowledge and the ability to reduce the scope and vectors an attacker could use to breach the corporate network. The company has a large team that works closely with the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) when any control-system vulnerabilities are discovered.

IOActive has a firm belief in knowledge transfer and sees the FIRST Conference as an important event to attend as it aims to help attendees learn from security practitioners on how they are collaborating and sharing threat intelligence to tackle security incidents.

WHAT: Industrial Owners Manual: case studies in publicly accessible ICS
WHERE: Conrad Hotel, Bangkok, Thailand
WHEN: Monday June 17, 2013 at 14:25

You can also listen to a podcast interview from conference organisers – FIRST and their host Chris John Riley as he chats with Eireann on SCADA and ICS: http://media.first.org/podcasts/FIRST2013_ELeverett_final.mp3

About Forum of Incident Response and Security Teams (FIRST)
The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organisation dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.

About Eireann Leverett
Eireann Leverett studied Artificial Intelligence and Software Engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in Cambridge’s computer security group. In between, he worked for GE Energy for five years and has just finished a six-month engagement with ABB in their corporate research department. At IOActive, he focuses on Smart Grid and SCADA systems.

Leverett’s MP thesis at Cambridge was on the increasing connectivity of industrial systems to the public Internet. He focused on finding the cheapest way to find and visualize these exposures and associated vulnerabilities. He shared the data with ICS-CERT and other CERT teams globally, and presents regularly to academic and government agencies on the security of industrial systems.

In his spare time, Leverett is a circus and magic enthusiast, likes a fine wine or craft beer.

About IOActive
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specialisations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, hardware, retail, financial, media, aerospace, healthcare, high-tech, and software development organizations. As a home for highly skilled and experienced professionals, IOActive attracts talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat, Ruxcon, Defcon, BlueHat, CanSec, and WhatTheHack. For more information, visit www.ioactive.comor call +1 (206) 784 4313 (US) or +44 (0) 203 287 3421 (UK).

-###-

PRESS RELEASE: SPEAKER ALERT | May 3, 2013

IOActive’s David Balcar to present on breaches and mitigation at BSides San Antonio

Seattle, WA ― May 3, 2013 ― IOActive, Inc., a leading provider of application security, compliance and smart grid security services, today announced that David Balcar, its director of services who is also heading up the company’s growth in Texas and the southeast, will present at BSides San Antonio.

In his presentation – You’ve been Breached, Now What? – to be given at this grass roots, DIY, open security conference Balcar will discuss the various published security breaches, ranging from financial services through to mobile, that have taken place over the past year and what the outcomes were.

As an 18-year veteran security professional, David can provide a unique insight into these breaches and what repercussions can come from them. Additionally, as part of his presentation, he will outline the anatomy of an attack and provide guidance to help lower risks from future breaches.

WHAT: You’ve been Breached, Now What?
WHERE: Geekdom, 112 E Pecan Street, San Antonio, Texas, USA
WHEN: Track 2 – May 4, 2013 at 11:00
INFO: http://www.securitybsides.com/w/page/62049224/BSidesSATX

IOActive actively participates in and supports BSides events to help foster growth and mutual collaboration.

About BSides Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

About David Balcar David Balcar is director of services for IOActive. He is a veteran security professional with over 18 years of experience in conducting network penetration testing, web application security and wireless testing. David has extensive experience in security testing, computer forensics of multiple operating systems, policy review and compliance assessments for HIPAA and PCI DSS. He is a member of the HTCIA (High Technology Crime Investigation Association), FBI’s InfraGard & ISSA (Information Systems Security Association) and speaks regularly at IT Security forums.

About IOActive
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, hardware, retail, financial, media, aerospace, healthcare, high-tech, and software development organizations. As a home for highly skilled and experienced professionals, IOActive attracts talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat, Ruxcon, Defcon, BlueHat, CanSec, and WhatTheHack. For more information, visit www.ioactive.com or call +1.866.760.0222.

-###-

PRESS RELEASE: SPEAKER ALERT | April 18, 2013

Christopher Tarnovsky to present at DESIGN West on Advanced Techniques to Hack Hardware Chips

IOActive’s VP of semiconductor security services to show how to reverse engineer low level chips

Seattle, WA ― April 18, 2013. – IOActive, Inc., a leading provider of application security, compliance and smart grid security services, today announced Christopher Tarnovsky, vice president of semiconductor security services at the company, will present at DESIGN West’s Black Hat Embedded Security Summit on the topic of Low level chip reverse engineering.

“Product designers and manufacturers are moving more of their products secrets down to the silicon level in an attempt to thwart hackers. They understand the tools and methodologies for breaking software, and often QA their products against a variety of automated security testing scripts. But they simply don’t understand the state of the art in semiconductor reverse engineering. They’re making poor design choices and are exposing sensitive information to hardware hackers without knowing or appreciating the dangers,” said Christopher Tarnovsky, vice president of semiconductor security services for IOActive.

Christopher Tarnovsky is the foremost expert in hardware hacking techniques concerning smart card technologies. He is in a unique position where advanced technical skills are combined with access to state-of-the art equipment. He will brief attendees to the Summit on advanced techniques to hack hardware chips and expose the vulnerabilities and insecurities of ’secure’ devices.

WHAT: Low level chip reverse engineering
WHERE: DESIGN West, McEnery Convention Centre, San Jose, CA, USA
WHEN: April 23, 2013

About DESIGN West Held in key strategic technology development locations worldwide, UBM Tech’s DESIGN events are the global electronics industry’s leading gatherings. With cutting edge product demonstrations, visionary speeches and hundreds of essential technical training classes and accreditation opportunities, DESIGN is the ideal venue for the electronics engineering community to learn, collaborate and recognize excellence. UBM Tech’s DESIGN events cater to the extremely technical, higher-learning needs of the world’s top engineers while providing an unprecedented forum for the examination of the industry’s pressing business challenges. In addition, DESIGN West celebrates decades of unique local electronics industry culture, innovation and Silicon Valley’s significant contributions to the global technology industry.

About Christopher Tarnovsky Christopher Tarnovsky, vice president of Semiconductor Security Services at IOActive, is the premier expert in the area of semiconductor security. Tarnovsky enjoys a reputation for executing high-quality semiconductor assessments. Not only does he have an uncanny knack for unearthing potential weaknesses, but he also provides meticulous reports, illustrating substrate attacks and expanding on the dimensions of these exploits. He draws from years of experience during his founder role at Flylogic, a leading device security company and his tenure at IOActive, where he spearheads cutting edge semiconductor research.

-###-