Today’s transportation sector is a complex ecosystem of connected technologies. With media attention on the recent security vulnerabilities that triggered the recall of more than 1.4 million Jeeps, the need for co-operation across industries takes on urgency. Join Matt Rahman and other industry experts from IOActive at the Global Cybersecurity Innovation Summit as they discuss connected vehicle security with original equipment manufacturers, component makers, and security innovators. Summit speakers and attendees will discuss risks and propose security improvements.

About Matt Rahman
As IOActive’s Chief Strategy Officer and Executive Vice President of Field Operations, Matt Rahman teams with IOActive’s Research and Services teams to expand IOActive’s international footprint while positioning the company as the premier high-end security services company.

A veteran of the industry, Rahman has spent the last 19 years in various executive roles in security software and services firms, helping companies grow from less than $10 million to over $120 million. Rahman also serves as an officer on several boards, including Aunigma, InfraGard, and SEERN, and is a contributing member of the Cloud Security Alliance (CSA), ISSA, and HTCIA. In his spare time, Rahman is an Information Security adjunct professor at ITT Tech.

About SINET presents The Global Cybersecurity Innovation Summit
SINET presents The Global Cybersecurity Innovation Summit focuses on providing thought leadership and building international public- private partnerships that will improve the protection of our respective homeland’s critical infrastructures, national security, and economic interests.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Testing methodology is often a sore subject for pentesters. Everyone tends to have their own approach, so it’s not uncommon for three people testing the same thing to end up with different results—especially when constrained for time.

In this presentation, Daniel will elaborate further on the OWASP Adaptive Stack Testing Methodology (ASTM) project and its two goals: 1) allow security testers to consistently find the best vulnerabilities in the shortest amount of time, and 2) provide a framework for community improvement of the methodologies.

Daniel will explain that the ASTM combines a time constraint with a quick technology detection step to build a custom testing methodology for a specific website. The custom methodology allows the security tester to find the most vulnerabilities within the time limit, and generally within the same time limits that another tester would find with that methodology.

About Daniel Miessler
Daniel Miessler is a Director of Client Advisory Services with IOActive, based out of San Francisco, California. Daniel has 15 years of experience in information security with a focus on web, mobile, and IoT, and is a project leader for the OWASP IoT and OWASP Mobile Top Ten projects. In his spare time, he enjoys reading, writing, programming, and table tennis.

About OWASP AppSec California
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, Santa Barbara, and San Diego OWASP chapters to bring you the third annual AppSec California. The event is a one-of-a-kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

As part of a push to nurture proactive safety cultures, the National Highway Traffic Safety Administration (NHTSA) is hosting a day of roundtable discussions with industry experts. The goal is to facilitate the industry’s development and adoption of vehicle cybersecurity standards and best practices.

IOActive’s John Sheehy will participate in a panel intended to provide expert guidance on a variety of special interest topics for vehicle cybersecurity, including:

• Cloud connectivity for automotive services
• Aftermarket devices (e.g., insurance dongles)
• Vehicle supply chain
• Dealer and maintenance networks
• Impacts on serviceability of vehicles and right to repair act

The panel is intended to identify actionable steps for relevant stakeholder groups that will enable the vehicle manufacturing, component and related product/services industries to better address vehicle cybersecurity challenges effectively and expeditiously.

About John Sheehy
John is the Director of Strategic Security Services at IOActive. He has over 20 years of system architecture, systems integration, and information security experience working in the Enterprise Architecture, Identity & Access Management, Vulnerability & Threat Management, Operations Technology, Security Strategy, Systems Architecture, and Hardware/Application Security domains.

John works with clients in the Embedded Systems practice focusing on securing vehicles, industrial control systems, medical devices, semiconductors, and smart cities. In addition, John leads IOActive’s Advisory Services practice, which helps clients take a strategic, programmatic approach to securing their assets, environments, and customers.

John has overseen multiple projects delivering identity management, threat modeling, industrial control systems security, risk assessment, security policy, secure device design, and incident & breach simulation and response services.

John holds over 30 technical certifications in various disciplines.

About NHTSA
NHTSA was established by the Highway Safety Act of 1970 and is dedicated to achieving the highest standards of excellence in motor vehicle and highway safety. It works daily to help prevent crashes and their attendant costs, both human and financial.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Satellite Communications (SATCOM) play a vital role in safety and critical operations across many sectors. In this talk, Ruben and Florence will analyse the threats facing the Space domain as a result of the security vulnerabilities present in SATCOM equipment that is accessible from the ground.

About Ruben Santamarta
Ruben Santamarta is a Principal Security Consultant at IOActive where he performs penetration testing, identifies system vulnerabilities, and designs custom security solutions for clients in software development, telecommunications, financial services, and non-profit organizations.

Ruben has over 10 years of experience in the security industry, including malware analysis and exploit development. He has found dozens of vulnerabilities in products from leading IT and ICS vendors, which are his current focus. He has also presented at multiple international security conferences, such as Ekoparty, RootedCon, Black Hat USA, and AppSec DC.

About Florence Mottay
As IOActive’s General Manager for Europe, Middle East, and Africa (EMEA), Florence Mottay is responsible for setting the strategy and spearheading all delivery requirements for the company in the region. Mottay is an experienced senior technology executive with proven skills in information security, practice initiation and growth, and leadership. She has worked with all levels of client management up to senior executive management.

For the past 10 years, Mottay has built successful multi-functional global teams delivering information security governance, risk management, and security services to customers across multiple industry sectors. She has led numerous complex information security programs, including building information security initiatives and teams from the ground up and helping organisations mature their software security models.

About Satellite Communications Catapult
The Satellite Applications Catapult is an independent innovation and technology company, created to foster growth across the economy through the exploitation of space. We help organisations make use of and benefit from satellite technologies, and bring together multi-disciplinary teams to generate ideas and solutions in an open innovation environment. Based in Harwell, near Didcot, the Catapult was established in May 2013 by Innovate UK (formerly known as the Technology Strategy Board) as one of a network of centres to accelerate the take-up of emerging technologies and drive economic growth. We are a not-for-profit research organisation, which is registered as a private company limited by guarantee and controlled by its Board.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Steganography is a centuries-old science, existing essentially for as long as humans have had secrets in need of protecting. But it has been somewhat of an elitist discipline, largely linked primarily to the political and military worlds. Many researchers view steganography as an antiquated technique that does not have significant impact on the security of more contemporary digital communications or computer systems. Alfonso Munoz begs to differ.

In this master class, Alfonso Munoz will present the most significant steganographic techniques for different media, such as linguistic steganography, network steganography, image steganography, and stego malware. His demonstration will include showing how steganography can protect data from mass interception systems, as well as evade effective protection mechanisms in telecommunications networks and operating systems.

About Alfonso Munoz
As a Senior Security Consultant for IOActive, Alfonso is responsible for security architecture design, penetration testing, forensic analysis, assessing mobile and wireless environments, and information security research. Munoz has been a senior security researcher for more than ten years and has published over 50 academic publications (IEEE, ACM, JCR, etc.), books, and computer security tools. He has also worked in advanced projects with European organizations, public bodies, and multinational companies.

Munoz frequently speaks at hacking conferences around the world. He is a Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEHv8), and Computer Hacking Forensic Investigator (CHFIv8). He is co-editor of the Spanish Thematic Network of Information Security and Cryptography (CRIPTORED), where he develops and coordinates several projects involving cyber security and advanced training, with great impact in Spain and Latin America (LATAM).

Munoz has a PhD in Telecommunications Engineering by Technical University of Madrid (UPM) and is a postdoc researcher in network security at the Universidad Carlos III de Madrid (UC3M).

About Master in Cybersecurity – Universidad Carlos III de Madrid
Carlos III University of Madrid aims to improve of society through teaching of the highest quality and cutting-edge research in line with international standards. As such, the School of Graduate Studies provides strategic leadership for all graduate programs, master and long-life learning courses.

The Master’s Degree curriculum aims to provide students with advanced scientific and technological knowledge about cybersecurity. Its main objective is to teach students skills, abilities and knowledge in advanced cybersecurity, in a solid yet flexible manner, to facilitate their adaptation to an environment as rapidly changing as this one.

The curriculum is structured around three main blocks:

• Cyber-Attack Techniques
• Cyber-Defense Techniques and Secure Communications
• Cyber security Management

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Most modern microcontrollers incorporate security features intended to prevent firmware extraction and make reverse engineering more difficult. These features vary widely in effectiveness and some can be defeated in a matter of hours at minimal cost. During this talk and live demo, Dr. Andrew Zonenberg will describe a known, low-cost attack against a popular microcontroller family. He will also discuss countermeasures from both the silicon and board designer’s perspective.

Andrew Zonenberg 
Dr. Andrew Zonenberg is a senior security consultant at IOActive and works in the company’s hardware lab researching Integrated Circuit (IC) security, IC reverse engineering, and embedded/hardware security.

Andrew received a PhD in computer science from the Rensselaer Polytechnic Institute earlier this year, where his studies focused on System on Chip (SoC) and Operating System security. During this time, he designed and taught a one-semester course on hardware reverse engineering. He is an active contributor to siliconpr0n.org. He also holds a Bachelor of Science in Computer Science from Rensselaer.

About S4x16
S4 is the premier technical ICS security conference. It is the one place where you can present in technical depth and don’t need to explain SCADASEC 101. The attendees represent the top researchers and thought leaders from the around the world. They will understand and appreciate your work. S4 is also the place where your research will get noticed. We invite a select set of press that cover the ICS security beat and are widely read. In the last two years we have had the NY Times, Washington Post, Wired, Dark Reading, ThreatPost, 60 Minutes and other important press and cover S4 research in detail.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

While the concept of stale data attacks has been presented before, the mechanics still aren’t widely understood. In this presentation, Jason Larsen will compromise an industrial switch, giving himself access to the associated network and systems, by manipulating the timing of encrypted packets flowing between two devices to take advantage of the difference between the physical and logical state of the process. Demonstrating a full working exploit chain, Jason will provide the audience with a vivid and deeper understanding of the threat stale data presents.

Not all pieces of a process operate in lock step with each other. Data often arrives at irregular intervals. This is most noticeable in protocols that support report-by-exception, where the data is only updated when there is a significant change in the measurement. It is not uncommon to find a part of the process that will continue doing what it was already doing in the absence of new data. So if an attacker manipulates not the data, but when the data arrives, the process can often be driven to an arbitrary state within its normal bounds.

About Jason Larsen
Jason Larsen is Principal Security Consultant for IOActive, focusing primarily on SCADA systems and the security of critical infrastructure. Jason joined IOActive from Idaho National Labs (INL) where he performed security assessments of the software and hardware that runs the planet’s critical infrastructure. During his tenure at INL, he conducted full-scope assessments of all major power control system vendors. In addition to laboratory tests, he has performed live power grid penetrations in multiple countries, allowing him to gain control of electric power for a short period of time. Jason has worked in other sectors including chemical manufacturing, pharmaceutical, petroleum, and water.

Before his career in SCADA security, Jason explored numerous other fields, including modelling neutron beams for use in treating brain tumors and writing software to analyze nerve impulses. He has also acted as the analyst of last resort for critical infrastructure malware and served on the Windows 7 penetration testing team.

About S4
S4 is the premier technical ICS security conference. It is the one place where you can present in technical depth and don’t need to explain SCADASEC 101. The attendees represent the top researchers and thought leaders from the around the world. They will understand and appreciate your work. S4 is also the place where your research will get noticed. We invite a select set of press that cover the ICS security beat and are widely read. In the last two years we have had the NY Times, Washington Post, Wired, Dark Reading, ThreatPost, 60 Minutes and other important press and cover S4 research in detail.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

London, UK — December 22, 2014 – IOActive, Inc., the leading global provider of hardware, software, and wetware security services, announced today that Eireann Leverett, Senior Security Consultant, and Joseph Tartaro, Senior Security Consultant for IOActive, will present their ground-breaking research at the Chaos Communication Congress Security Conference. (more…)

Driven by recent hacking stunts and cybersecurity hype, the hacker culture of public exploits and full disclosure is colliding with the notorious secrecy that cloaks automakers’ security strategies. Is this creating misplaced consumer fears that could kill the infotainment industry in its prime? Never before have both attackers and defenders appeared on the same stage to have a candid and open discussion on the state of today’s automotive cybersecurity, what’s really at risk, and how the industry can overcome the challenges to create a truly secure vehicle.

About Chris Valasek
Chris Valasek is the Director of Vehicle Security Research at IOActive. In this role, Valasek is responsible for overseeing the automobile services business unit within IOActive, while also investigating current attack methodologies and trends. In addition to this, he leads a variety of research and development projects.

Valasek specializes in offensive research methodologies with a focus on reverse engineering and exploitation. Known for his extensive research in the automotive field, Valasek was one of the first researchers to publicly discuss automotive security issues in detail. His release of code, data, and tools allowing vehicles to be physically controlled through the CAN bus garnered worldwide media attention.

Valasek is also known for his exploitation and reverse engineering of Windows. As a Windows heap subject matter expert, Valasek has been quoted in several technology publications and has given presentations on the subject at a number of conferences. He is also the Chairman of SummerCon, the nation’s oldest hacker conference.

About Connected Car Expo (CCE)
Recognizing that new technologies are fueling rapid change in the automotive industry, LA Auto Show organizers produce the Connected Car Expo (CCE), a one-day conference and three-day expo with a dual mission – to showcase innovative companies designing the future of the connected car space, while serving as an open forum for attendees to connect with top media and key players shaping the identity and ability of mobility. In 2014, show organizers announced the addition of CCE at Super Mobility Week; in partnership with CTIA, CCE can now offer its exhibitors/sponsors the opportunity to connect with two unique audiences – CCE at LA Auto Show (Nov. 18-20) and CCE at Super Mobility Week (Sep. 9-11).

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Security people recommend patching regularly, but safety people have to recertify systems every time a new patch is applied. This produces a natural tension between the two teams, but one that essentially is a false dichotomy. Both teams ultimately have the same goals, to protect the people, the process, and the business. The crux of this division is essentially the technology we use, and we should be demanding better solutions. In his presentation, Eireann will highlight these tensions through a number of amusing examples; discuss methods of diffusing them and bringing the teams together.

About Eireann Leverett
Eireann Leverett is a Senior Security Consultant at IOActive where he focuses on Smart Grid and SCADA systems. He studied Artificial Intelligence (AI) and Software Engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in Cambridge’s computer security group. In between, he worked for five years at GE Energy and did a six-month engagement with ABB in their corporate research department.

About IRISSCERT
The 6^th IRISSCERT Cyber Crime Conference will be held this year on Thursday the 20^th of November 2014 in the D4Berkley Court Hotel, in Ballsbridge Dublin.  This is an all-day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and throughout the world and what they can do to help deal with those threats. Experts on various aspects of cyber crime and cyber security share their thoughts and experiences with attendees, while a number of panel sessions will provide the opportunity to discuss the issues that matter most. The conference is open to anyone with responsibility for securing their business information assets.

The IRISSCERT Annual Conference is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github