Black Hat //Webcast 38
The State of Security Vulnerabilities in 2011
// Tom Cross, Chris Valasek
This webcast will go over some of the more interesting security vulnerabilities that have been disclosed in 2011. We'll look at these vulnerabilities from a technical standpoint and talk about who found them, why they are interesting, how they were exploited (or why they were hard to exploit) and what kinds of lessons they teach us about where vulnerability research is going in the future.
We'll frame this discussion with quantitative data on vulnerability disclosures, exploit releases, and patching from the IBM X-Force trend report, including a preview of some of the full year vulnerability statistics from 2011 that X-Force will publish in their next trend report in the new year. Listeners will come away with an indepth technical understanding of the state of security vulnerabilities and exploitation at the end of the 2011.
Tom Cross manages Threat Intelligence and Strategy for IBM Internet Security System's X-Force team. X-Force is research group in IBM who study security threats and vulnerabilities in order to better understand how to protect computer networks. Tom is credited with discovering a number of critical security vulnerabilities in enterprise class software. He has written papers on security issues in internet routers, securing wireless LANs, and protecting Wikipedia from vandalism. He frequently speaks on security issues at conferences around the world.
Chris Valasek is currently a Sr. Security Research Scientist at Accuvant. He specializes in vulnerability discovery, exploitation techniques (specifically for the Windows heap), and long term reverse engineering projects. He is also the current playboy/organizer for SummerCon, America's oldest hacker convention.
Taylor Ettema is the product manager for threat prevention technologies for Palo Alto Networks, the California-based network security company that pioneered the next-generation firewall. Before joining Palo Alto Networks, Taylor was a principal software engineer and program manager for electronic warfare research and development programs for Raytheon Company, a large defense contractor headquartered in Waltham, Ma.
Taylor holds a B.S. in physics from University of California at Los Angeles, and an M.S. in computer science from University of California at Santa Barbara, and has been published in the Journal of the IEEE/ACM International Conference on Automated Software Engineering.
Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFireTM service.
For more information, please visit www.paloaltonetworks.com.