June 22-27, 2008
Hyatt Regency Vancouver
British Columbia, Canada
News, chats, interviews and releases will be broadcasted by this channel.
iPad Book Store To Get 30,000 Free eBooks From Gutenberg Project
Apple's soon to be release iPad device is set to get more than 30,000 out-of-copyright books courtesy of the Gutenberg project which digitizes paper copies with the help of thousand of volunteers.
Wales To Become Digital UK Nation On 31st Of March
At an event at the Wales Millennium Centre, the nation's First Minister Carwyn Jones unveiled a countdown clock to indicate when Wales will be switching off its last analogue system, therefore completing the country's transition into a digital powerhouse.
That?s All Folks : A Last Post from FIRST 2008
Well that’s your lot for now, podcast and blog wise. I’ll occasionally be checking in and perhaps if the guys at ITProportal let me, even publish a few more rants and podcasts here.
Japan Cert technical director discusses FIRST 2009
In this short podcast, FIRST steering committee member and Director of Technical Operations for Japan Cert, Yurie Ito gives us the inside information on the 2009 FIRST Conference in Kyoto.
Recovery when disaster strikes
In this year’s 2008 FIRST conference, keynote speaker, Microsoft's George Stathakpolous showed us some statistics which indicated that Japan had the least amount of malware infections in the world by a huge order of magnitude. In addition Japan is a country that has had to cope with a large amount of natural disasters and yet they are still one of the most feared economies in the world.
Whilst working at the FIRST 2008 Conference, I got to share an office with the 2008 and 2009 program chairs, who would share with me some pretty interesting and useful aspects of how members can influence the FIRST security conference program structure. So I couldn't resist having a podcast with them.
In this podcast 2008 and 2009 FIRST Program Chairs, Reneaue Raulton and Mick Creane share their thoughts on the conference programs and how you can incluence the direction of the program as well as win a prize for coming up with a great theme for a conference.
Establishing End to End Trust Summary
This is my last blog on Microsoft's End to End Trust vision. It looks at a different way of viewing security and summarises my thoughts after the disucssions I had with keynote speakers, Microsoft's George Stathakopolous, Ivan Krsti? and Cisco's John Stewart. Do go to the links for Microsoft and add your comments, good or bad.
There are some who would want to remove the anoymity of the internet to help protect against cyber crime. This is in itself a noble idea but as security people we should be ever mindful that we are here to enable people. I think the following really expresses the opposing view.
Microsoft Trusted Stack: The Software Stack
In this blog we look a the difficulties of software trust which is the third component of the Microsoft Trust Stack.
Trust in People
Trust in Data
Trust in Software
Trust in O/S
Trust in Hardware
Microsoft Trusted Stack: Hardware and O/S
In this blog we look a the difficulties of hardware and O/S trust which are the forth and fifth elements of the Microsoft Trust Stack.
Trust in DataTrust in Software Trust in O/S Trust in HardwareInternationality of FIRST Podcast
As we've mentioned over and over again, FIRST is a truly international conference aimed at enabling delegates worldwide to network and swap stories and tips to better defend their environments and systems. In this podcast, Uri, a delegate from Estonia, talks about why he enjoys being at FIRST over other conferences.
Ben begins a series on perceived issues with the Microsoft Trusted Stack model
Continuing a series of blogs on the Microsoft Trusted Stack model, Ben Chai looks at whether we can ever really trust data.
Can we ever trust any kind of identity module? What if everyone had a chip to identify them and this chip was required to logon to a computer, network or the internet? Would this be failsafe? We think not. Here's why.
What is it like being a Chairman and a Vice Chair. Long time steering committee member, Kennneth R Van Wyk has given his time to work in several of these positions. In this short podcast he tells us what they do and why they are important to the smooth running of the FIRST organisation.
What is the trusted stack and how can it help improve your overal security posture?
In this podcast, Peter Allor of IBM tells Ben Chai what it’s like being the FIRST 2008 Conference Liaison and the importance of this role for the FIRST membership.
Microsoft and FIRST Security Podcast
In this three minute podcast, Ben Chai finds out why George Stathakopolous, general manager of security at Microsoft enjoys being at FIRST.
End to End Trust ? The Next Security Era?
End to End Trust - a new framework for secure business transactions. What is it and how does it work? This blog is based on George Stathakopolous, general manager of security engineering and communications at Microsoft Keynotes talk at FIRST 2008.
Back in 2001, Microsoft's security strategy was originally the 3Ds
Secure by DesignSecure by Default and Secure in Deployment
Since then they have had evolved this strategy to cope with the modern day threat landscape.
One recurring theme from this year’s set of talks was that no matter whether speakers agreed or disagreed with each other about the problems or solutions, each of them called for greater collaboration on how the industry is going to tackle the problem of cyber crime
Spend Your Security Budget Differently
The point being made here was that fifteen years ago, we had several security issues such as:-
• Employees forgetting their passwords
• The odd virus getting through
• Employees accidentally accessing inappropriate websites and downloading malware
Who Control?s Your Control Systems Podcast
Many countries can be instantly crippled if one of their national infrastructural services is taken down, be it water, electricity, transport or many other different critical services
A new two day event at the FIRST 2008 conference was a training event entitled Defend the Flag. This seminar is all about helping security professionals to become more adept at protecting corporate assets from both a theoretical and a practical perspective
Applied Security Visualisation Podcast
A picture can save reading a thousand lines of a security log file. Raffael Marty of Splunk discusses his book and talk on Applied Security Visualisation with Peter Wood of First Base
Blended Attacks using Social Engineering Podcast
In this podcast, Peter Wood of First Base and Raffael Marty of Splunk discuss the key points from Peter’s talk at the FIRST 2008 conference on how many attacks are a combination of technological and social engineering and the lack of defences to a combined attack
Podcast : The Dark Future of the Desktop
Ivan Krstic, the second keynote speaker, at the FIRST 2008 conference talks about how each component within a system from the CPU, motherboard, graphics card, coolant system up to the hard disk and network card could be hacked or have malware inserted.
Recorded at First 2008
Malware has mushroomed and evolved. No longer is malware an attack all problem. It has become focused on countries and industries
Application Security and Defend the Flag : The Podcast
Many security conferences focus on the attack and the attacker but how much attention is spent on defending your systems.
Recorded at FIRST2008
Blacklisting Technology Cannot Cope With Today?s Threat Landscape
In some ways this builds on the Podcast I had with keynote speaker, Ivan Krstic’s. Blacklists were effective when we had relatively few threats
Patching Is Not Effective As A First-Line Of Defence
The problems of patching are enormous. Let’s say a vendor discovers a vulnerability in their software and releases a patch to prevent a potential exploit. So why don’t we all rush to patch our servers
As we have seen from previous blogs, blacklists are becoming more and more ineffective against an ever increasing malware and increasingly innovative criminal minds
Where are You in the Security Ecosystems Podcast
In this podcast, Stephen Adegbite and Zot O’Connor from Microsoft examine the various security eco-systems in companies operate today and how these eco-systems can strengthen their defence systems by better communication and co-operation
Security, Out Source or DIY: The Podcast
Let’s face it. Corporate security is a pain. Managing and updating firewalls, access control lists, encryption, confidentiality, and other components in multi-layered defence system can be overwhelming
Anti-Virus is No Longer Effective as a First-Line Defence
Now please note that the title says as a First Line of Defence - ie you still need these technologies but they aren’t working as effectively as they used to
IT Security Affects Critical Infrastructure
Who would want to be a podcaster! Unfortunately I lost my Podcast with John Stewart Vice President and Chief Security Officer for Cisco who gave the keynote talk on Critical Infrastructure Security
George Stathakopolous, general manager of security at Microsoft (22:42 GMT+01)
George Stathakopolous, general manager of security at Microsoft talks about why he enjoys being at FIRST.
Kenneth R. van Wyk talk about of FIRST 2008 committee member (22:35 GMT+01)
In this Podcast, veteran first member, previous chair and current vice chair, Kenneth R. van Wyk tells you what it’s like being a FIRST 2008 committee member.
Peter Allor of IBM talk about the FIRST 2008 Conference Liaison and how it helps the membership. (22:31 GMT+01)
In this Podcast, Peter Allor of IBM tells you what it’s like being the FIRST 2008 Conference Liaison and how it helps the membership.
2008 and 2009 Program Chairs (22:26 GMT+01)
2008 Program Chair Reneaue Railton and 2009 Program Chair Mick Creane talk about the position and how you can get the best speakers, the best topics and the best networking events at the FIRST conference and how you can win a special prize for coming up with the theme for the conference.
Uri, delegate from Estonia at FIRST conference (21:16 GMT+01)
Uri, delegate from Estonia, talks about why he enjoys being at FIRST over other conferences.
Where are You in the Security Ecosystems (09:41 GMT+01)
In this podcast, Stephen Adegbite and Zot O’Connor from Microsoft examine the various security eco-systems in companies operate today and how these eco-systems can strengthen their defence systems by better communication and co-operation.
Defend The Flag (09:38 GMT+01)
A new two day event at the FIRST 2008 conference was a training event entitled Defend the Flag. This seminar is all about helping security professionals to become more adept at protecting corporate assets from both a theoretical and a practical perspective. In this podcast, Stephen Adegbite and Zot O'Connor from Microsoft explain the objectives and background of this innovative training event.
Applied Security Visualisation (09:34 GMT+01)
A picture can save reading a thousand lines of a security log file. Raffael Marty of Splunk discusses his book and talk on Applied Security Visualisation with Peter Wood of First Base. This Podcast was recorded at the First 2008 Vancouver Conference.
Blended Attacks using Social Engineering (09:32 GMT+01)
In this podcast, Peter Wood of First Base and Raffael Marty of Splunk discuss the key points from Peter’s talk at the FIRST 2008 conference on how many attacks are a combination of technological and social engineering and the lack of defences to a combined attack. You can find out more about Peter Wood on www.firstbase.co.uk
Who Control’s Your Control Systems (09:25 GMT+01)
Many countries can be instantly crippled if one of their national infrastructural services is taken down, be it water, electricity, transport or many other different critical services. This podcast gives the key issues from Peter Allor’s talk at the FIRST 2008 conference on who control’s our control systems and the potential security threats that can now affect the various control systems that could impact on our lives.
Security – Out Source or DIY? (09:22 GMT+01)
Let’s face it. Corporate security is a pain. Managing and updating firewalls, access control lists, encryption, confidentiality, and other components in multi-layered defence system can be overwhelming. In this Podcast recorded at the FIRST 2008 conference, Toby Weir from British Telecom looks at when and what aspects of your security services you should think about outsourcing and when to keep them within the confines of your business.
Moving Beyond Penetration Testing (09:03 GMT+01)
Over the last few years more and more companies have grown used to the concept of penetration testing to help detect security holes in their applications, networks and operating systems. In this podcast, Kenneth Van Wyk of KRvW associates gives an excerpt from his Friday talk on taking the concept of penetration one step further.
Botnets have been known to be a significant threat to corporations and governments alike. Many companies have only just been able to create adequate defences by co-operating with the Computer Emergency Response Teams. However the botnet evolution has grown to be far more deadly.
Recorded at First2008
End to End Trust and collaboration is one methodology for defeating the global multinational, multivendor attacks that have begun to appear.
Recorded at First2008
Moving Beyond Penetration Testing Blog
Over the last few years more and more companies have grown used to the concept of penetration testing to help detect security holes in their applications, networks and operating systems.
Recorded at FIRST2008
Best Practices to Protect Against Social Engineering
The winner of the FIRST Best Practices competition was from members of the Taiwanese CERT team, Pei-Wen Liu, Jia-Chyi Wu, Pei-Ching Liu. Between them they produced a 13 page document on how to best protect against social engineering attacks in email form.
FIRST, CERT Coordination Centre launch free 'net protection
New methods that organisations and individuals can adopt for free to protect themselves from malicious internet attacks were unveiled today at the 20th annual conference of first, the forum of internet response and security teams.
You've Been Hacked: Lessons to be learnt
Well actually it was me. Just before coming to FIRST, I was backing up different parts of my computer and so created some shares and opened up my guest account so that I didn’t have to bother about user names and passwords
The Dark Future of Your Desktop
I just attended a seminar with the Harvard educated and chief security architect of the one laptop per child initiative. Wow was that presentation scary. Ivan Krstic the second keynote speaker delivered a real wake up call of a presentation on the weaknesses of today's operating system and hardware.
The First Best Security Practices Competition
An exciting new component introduced at this year's FIRST conference in Vancouver was the Best Practices competition with a first prize of $5000.
Many of us, myself included, tend to be quite insular in the way in which we view security. By insular I mean that we tend to focus predominantly on our company security and our home security which in our positions is the right thing to do
Defend The Flag A New Concept in Security
Something new at FIRST is a two day session analysing how well you can protect your systems. The sponsors of this two day session are Microsoft and one of their partners ISEC
This year’s goodie bag itself was for me the most exciting of all the components; black folder, pen, USB stick for notes, some great T-shorts from the sponsors and the bag itself. Why is the bag so exciting?
Every year prior to the actual FIRST conference is a one and a half day FIRST Education event. This can take the form of training or discussion on various educational topics
First Moves To Bring Cyber Crime Fighters Together
A new initiative to ease tensions between law enforcers and internet security experts was launched here today at the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams.
The number of innocent individuals in China whose personal computers were hijacked by criminals rose by a staggering 2125 per cent between 2006 and 2007, delegates were told here today at the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams.
Over and over again, I hear this phrase from delegates at FIRST. I met XYZ at one of the FIRST conferences and they’ve really helped me out with XYZ problem
The FIRST Security Conference what is it?
Last year I wrote the following blog on the FIRST Security conference. FIRST is essentially a non-profit making organisation
This year’s annual FIRST conference is set in Vancouver, Canada. As cities go, many people have told me that it is in the top five cities that people would like to emigrate to
World's Top 'Net Crime Fighters Meet In Vancouver
More than 400 of the world's top internet crime fighters are in Vancouver this week for the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams.
20th Annual FIRST Conference Podcasts (16:00 GMT+01)
Follow-up with what's happening at FIRST Annual FIRST Conference, in Vancouver. Chats, interviews and news will be broadcasted daily by this podcast. The 20th Annual FIRST Conference Podcasts are sponsored by Incoming Thoughts.
Diamond Sponsor
Platinum Best Practices
Platinum / Geek Lounge
Gold
Network
Podcast
Polo Shirt
T-Shirt
Folder
Lanyard/Badge
Beer 'n Gear Sponsor
