Hacking Like in the Movies shows you how reality is catching up with Hollywood, where hacking is often depicted as some mysterious act that instantly produces amazing results. Various types of attacks will be discussed, including some that are difficult or complex to implement. Cesar will show you how they are technically feasible. For example, how to make things explode, how a person can be harmed as the result of a malicious hack, how an attack can cause widespread panic in a large city, and so on.

In this discussion, the panel will discuss cyber security, cyber espionage, and cyber risks affecting consumers and businesses across the globe.

About Cesar Cerrudo
Cesar Cerrudo is CTO at IOActive Labs, where he leads the team in producing ongoing, cutting-edge research in the areas of SCADA, mobile device, and application security, to name a few. Formerly the founder and CEO of Argeniss Consulting−which was acquired by IOActive−Cesar is a world-renowned security researcher and specialist in application security.

Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft® SQL Server®, Oracle® Database Server, IBM® DB2®, Microsoft® BizTalk® Server, Microsoft® Commerce Server®, Microsoft® Windows®, and Yahoo! Messenger®. Cesar also has authored several white papers on database and application security, and attacks and exploitation techniques. He has been invited to present at a variety of companies and conferences including Black Hat, CanSecWest, EuSecWest, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, and Defcon. Cesar collaborates with, and is regularly quoted in, print and online publications.

About SEGURINFO
Information Security is one of the most important concerns in today’s business world and is one of the most contentious aspects of the use of information technology. Its influence directly affects the activities of any environment. The growth of information on businesses and the variety of ways in which you can share, create new challenges for experts who need to identify best practices to assist the user in managing information.

SEGURINFO brings together CEOs, CIOs, CISOs, CTOs of companies, managers and users of technology in general, where they can discuss problems related to information security, share experiences and find appropriate solutions.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

As automobiles become more connected, security experts naturally begin to think about their vulnerability to attack. During his talk, Chris Valasek will discuss how automotive networks operate and their inherent insecurities. He will outline the various attacks that researchers have performed against automobiles and present ways to secure modern vehicles.

About Chris Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive. He specialises in attack methodologies, reverse engineering, and exploitation techniques. Valasek is widely regarded for his research on Windows heap exploitation. He regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM Internet Security Systems. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. Chris holds a B.S. in Computer Science from the University of Pittsburgh.

About CODE BLUE 
CODE BLUE is an international information security conference. It was created in response to the lack of vendor-neutral information security conferences where world-class security experts can come together to discuss and present their daily research. This conference will aggregate a wide range of innovative and creative research topics and presentations covering all aspects of information security.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

As automobiles become more connected, security experts naturally begin to think about their vulnerability to attack. During their talk, Chris Valasek and Charlie Miller will discuss how automotive networks operate and their inherent insecurities. Together, they will outline the various attacks that researchers have performed against automobiles and present ways to secure modern vehicles.

About Chris Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive. He specialises in attack methodologies, reverse engineering, and exploitation techniques. Valasek is widely regarded for his research on Windows heap exploitation. He regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM Internet Security Systems. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. Chris holds a B.S. in Computer Science from the University of Pittsburgh.

About Charlie Miller
Charles Miller is a computer security researcher with Twitter. Prior to his current employment, he spent five years working for the National Security Agency. Miller has demonstrated his hacks publicly on products manufactured by Apple. In 2008, he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver, British Columbia, Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009, he demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011, he found a security hole in the iPhone’s/iPad’s security, whereby an application could contact a remote computer to download new, unapproved software. The software could execute any command and steal data (personal or other) using iOS applications’ functions for malicious purposes. As a proof of concept, Miller created an application called Instastock that was approved by Apple’s App Store. He then informed Apple about the security hole and was promptly expelled from the App Store by Apple.

About Kaspersky Security Analyst Summit 
The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime. The event provides two full days of learning opportunities and networking with industry experts and covers all aspects of the global threat landscape.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

Come watch a live Red Team vs. Blue Team exercise. Eireann Leverett will select, in advance, a skilled attacker (Red Team) and defender (Blue Team) from the S4 attendees. Based on vulnerabilities he recently discovered, Eireann will provide the Red Team with proof of concept exploits and an actual vendor notice. After an hour with the target ICS product, both teams will be connected to the device and run a Red Team vs. Blue Team exercise live on stage.  Eireann will explain the vulnerabilities and describe what the teams are trying to accomplish, while monitoring and commenting on the activities and results.

As the teams work, Eireann will discuss incident response, patching, and vulnerability reporting. He will focus on the quality of information given to the defender. The session will close by revealing which team is in control the device and talking to them about this experience.

About Eireann Leverett
Eireann Leverett is a Senior Security Consultant for IOActive where he focuses on Smart Grid and SCADA systems. He studied artificial intelligence (AI) and software engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in the Cambridge computer security group. He worked for GE Energy for five years as well as a six-month engagement with ABB in their corporate research department.

About S4
S4 is the premier technical ICS security conference. It is the one place where you can present in technical depth and don’t need to explain SCADASEC 101. The attendees represent the top researchers and thought leaders from the around the world. They will understand and appreciate your work. S4 is also the place where your research will get noticed. We invite a select set of press that cover the ICS security beat and are widely read. In the last two years we have had the NY Times, Washington Post, Wired, Dark Reading, ThreatPost, 60 Minutes and other important press and cover S4 research in detail.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

Automotive computers, or Electronic Control Units (ECUs), were originally introduced to help solve the fuel efficiency and emissions problems of the 1970s. They have since evolved to become integral parts of in-car entertainment, safety controls, and enhanced functionality. In his presentation, Mr. Valasek will examine ECUs in two modern automobiles from a security researcher’s point of view. Mr. Valasek will begin by covering the tools and software required to analyze a Controller Area Network (CAN) bus and demonstrate to read and write data to the CAN bus. He will then show how a device can perform critical car functions, such as braking and steering, and replay certain proprietary messages through the On-Board Diagnostics (OBD-II) connector. Finally, Mr. Valasek will discuss how an ECU’s firmware can be read and modified.

About Chris Valasek
Chris Valasek is the Director of Security Intelligence at IOActive, where he specializes in attack methodologies, reverse engineering, and exploitation techniques. While widely regarded for his research on Windows heap exploitation, Valasek also regularly speaks on the security industry conference circuit. His previous tenures include Coverity, Accuvant LABS, and IBM/ISS. He is also the Chairman of SummerCon, the nation’s oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.

About Duo Tech Talks
Duo Tech Talks is a monthly gathering of engineers and technologists in Ann Arbor and southeast Michigan. Talks are held at Duo Security’s Ann Arbor office. They cover a variety of topics of strong interest to the local technology community. Topics range across the spectrum of computer science and technology, including software engineering, hardware hacking, user experience design, cloud computing, programming languages, computer security and more!

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

Researching duo highlighted for their contribution to IT and Information Security

Seattle, US ― December 10, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, today announced that car-hacking research duo, Chris Valasek and Charlie Miller, have both been honoured by leading information security industry publication – SC Magazine.

Every year, SC Magazine selects five ‘luminaries’ for its December issue to highlight their contributions to the field of IT and information security. This year, both Valasek and Miller have been honoured as part of the ‘Top 6 Influential IT Security Thinkers’ for their cutting-edge car hacking research.

“Our editorial team here at SC Magazine is really fortunate in that every year for our annual Reboot edition we get to touch base with and recognise passionate, thought-leading information security professionals who are making some astoundingly beneficial impacts to the industry. This year was no different. We congratulate every one of SC Magazine’s 2013 luminaries,” said Illena Armstrong, vice president of editorial for SC Magazine.

“It’s tremendous to see the ground breaking research we conduct at IOActive being recognised by the information security industry,” said Jennifer Steffens, chief executive officer for IOActive. “Chris and Charlie earned this acknowledgement as they put months of research into this project, motivated solely by their desire to encourage the automobile industry to start developing more secure vehicles.”

In early August, the pair presented their car hacking research, ‘Adventures in Automotive Networks and Control Units’ at DEF CON. Following this event they continued to travel around the world to present their findings.

Chris Valasek is the director of security intelligence for IOActive and Charlie Miller is a security researcher for Twitter.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

‘Compelling events’ kick start and drive incident response. Today’s advanced malware and outsourced delivery services – with their money-back guarantees and performance SLA’s – ensure that the layers of protection they implement and their defense-in-depth strategies will be evaded and defeated. The trick to optimizing an incident response plan lies in early detection and rapid classification. The sooner an organization can detect compelling events, the more quickly they can respond, reducing the amount of harm an infiltrator can cause.

Over the last three years a number of network-based approaches have been developed. These approaches are capable of detecting breaches as they occur – independent of the injection vector – and can help differentiate between insider threats, industrial espionage, cyber-crime, and state-sponsored attacks. In this keynote address Gunter will discuss what role big data analytics, machine learning, and automated attribution systems play in the future of incident response.

About Gunter Ollmann
IOActive’s Chief Technology Officer, Gunter Ollmann plays a key role in shaping IOActive’s services strategy as the company embarks on its next phase of growth and leadership in offering innovative services in semiconductor security, embedded software risks, and device threats. Prior to joining IOActive, Ollmann served as the Vice President of Research at Damballa, where he focused on inventing new crimeware mitigation technologies and identifying the criminal operators behind botnets and other advanced persistent threats. Before joining Damballa, Ollmann held several strategic positions at IBM Internet Security Systems (IBM ISS), most recently as Chief Security Strategist. In this role, he was responsible for predicting the evolution of future threats and helping guide IBM’s overall security research and protection strategy, as well as serving as the key IBM spokesperson on evolving threats and mitigation techniques. He also held the position of Director of X-Force and was the former Head of X-Force Security Assessment Services for EMEA while at ISS (which was acquired by IBM in 2006). Ollmann has been a contributor to multiple leading international IT and security focused magazines and journals. He has authored, developed, and delivered a number of highly technical courses on Web application security. He is a well-known industry speaker worldwide and is often invited to present at international security conferences. Ollmann is highly regarded by the press as an expert source on security threats and is frequently consulted by the international media.

About Metro-Atlanta ISSA Conference
The Metro-Atlanta ISSA chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro-Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.

-###-

One of the most effective tools developers can implement in their security development lifecycle programs is threat modeling. Robert and David will discuss how effective threat modeling techniques enable developers to uncover security vulnerabilities before code is even written. Together they will reveal how threat modeling also applies to cloud environments. Whether building a hybrid model, purely commodity cloud, or Virtual Private Cloud (VPC) environment, threat modeling helps identify the attack surface area and likely threat vectors. Finally, they will explain to attendees that threat modeling allows developers and operations personnel to address vulnerabilities as enterprises migrate to the cloud.

About Robert Zigweid
As IOActive’s Director of Services, Robert Zigweid has extensive experience working with multinational ecommerce companies and online retailers helping them with PCI and PA-DSS engagements. Zigweid’s field work uniquely positions him to discover and solve compliance, network, and application problems that threaten companies’ business goals and assets. In addition, he also excels at threat modeling architecture systems assessment.

About David Baker
David Baker is the Chief Security Officer at Okta. As CSO, David is responsible for the security of Okta’s service, helping the company focus on customer success by solving the security challenges enterprises face as they evolve operations into the cloud. He brings to the company more than 20 years of information and security architecture experience. Before joining the company, he served as vice president of services at IOActive, where he managed the technical staff, provided consulting services to the company’s Fortune Global 500 customers and was responsible for ensuring complete customer satisfaction. Prior to IOActive, Baker held a variety of engineering and security leadership roles at VANTOS, WebEx, LoudCloud and NASA’s Ames Research Center.

About Cloud Security Alliance Congress
The CSA Congress is the industry’s premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.

-###-

The current debate about China’s role in international hacking incidents and corporate espionage has largely been framed in a US-centric narrative. This fails to account for the fact that China was familiar with innovation, economic, and societal (im)balances long before Christopher Columbus accidentally landed in the New World. Wim will take the audience on a rollercoaster ride spanning more than 5,000 years of China’s history and cultural heritage. Attendees will understand the reality of advanced persistent threats (APT) and state-sponsored hacking as seen through the lens of China’s culture. This will enable attendees to better assess and protect against a variety of high-risk security threats of which they and their organizations may be a target.

About Wim Remes 
As a Managing Consultant at IOActive, Wim Remes leverages his 15 years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and building resiliency into their organizations. Wim delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation. Wim has deep expertise in network security, identity management, policy design, risk assessment, and penetration testing. Before joining the IOActive team, Wim was a Manager of Information Security for Ernst and Young and a Security Consultant for Bull, where he gained valuable experience building security programs for enterprise-class clients.

About DeepSec IDSC
The DeepSec IDSC is an annual European two-day in-depth conference on computer, network, and application security. DeepSec IDSC 2013 aims to bring together the leading security experts from all over the world. DeepSec IDSC is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields’ leading experts.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.

-###-

Eireann Leverett will deliver an academic paper that illustrates how over 200 types of PLCs and EWSs share a common runtime library. This commonality makes them susceptible to authentication bypass vulnerabilities discovered by Reid Wightman, Senior Security Consultant at IOActive, over a year ago. Using this flaw, an unauthenticated attacker could upload ladder logic to the PLCs or halt programs that were running. Eireann and Reid scanned the Internet to see just how many are vulnerable and then shared the data with 30 countries. The paper Eireann is presenting provides a detailed description of the problem, and the number and distribution of vulnerable devices they found exposed to the internet a year after the vulnerability was announced.

About Eireann Leverett
Eireann Leverett is a Senior Security Consultant at IOActive where he focuses on Smart Grid and SCADA systems. He studied artificial intelligence (AI) and software engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in the Cambridge computer security group. He worked for GE Energy for five years as well as a six-month engagement with ABB in their corporate research department.

About GREhack
The 2nd International Symposium on Research in Grey-Hat Hacking – aka GreHack – will be held in Grenoble, France on November 15, 2013. It will gather researchers and practitioners from academia, industry, and government to discuss new advances in research related to any area of computer and information security.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.

-###-