UF Group Sends Representative to National IT Security Conference

During the first week of April, Jordan Wiens, UF IT senior security engineer, attended the seventh annual CanSecWest/core06 conference in Vancouver, BC.

The CanSecWest conference is organized every year to bring together leading security professionals to discuss the most current and anticipated IT security trends. This is the second time Wiens has attended.

"CanSecWest is one of the premier security conferences in the world," said Wiens. "It's a great place to see the current direction of security research, and how it will affect both the attackers and the defenders."

Wiens was very busy, managing to attend the following talks: Protecting the Infrastructure, An Hour of Rap and Comedy About SAP, Magstripe Madness, Metasplotation (and a dash of ISP), multiple Lighting Talks sessions, Slipfest HIPS evaluation toolkit, a Panel discussion on Vulnerability Commercialization, and Web Services Security.

Wiens said Protecting the Infrastructure was a good presentation on router security and how abused features can be protected.

The SAP rap and comedy covered the audits of SAP employments. SAP is just one enterprise resource planning (ERP) system in a group of others such as, BaaN, Oracle and, UF's current system, PeopleSoft. Wiens said that SAP sounded like a nightmare.

Magstripe Madness covered how thieves and criminals get access to personal information on magstripes, such as keycards and hotel keys, and alter the data to their delight.

Wiens said he was very eager to play with the technology discussed in the Metasplotation presentation and in the same breath he said that, "it's really scary stuff." Future exploits could contain better cross-language support, addresses for all versions and languages possible, and reusable web servers.

Lightening Talk were quick, 5 minutes discussion, which covered a variety of topics. Wiens said he enjoyed because he was saturated with lots of important information in such a little time.

The Slipfest presentation discussed the program's ability to test host intrusion detection system (IDS) products. "It's a fun way to see how robust a product is," said Wiens.

The panel discussion was a great way for Wiens to hear opposing points about the commercialization and buying/selling of exploits.

For more information on CanSecWest, please visit: http://cansecwest.com/.

	The UF Office of Information Technology Newsletter
	UF Group Sends Representative to National IT Security Conference