FIRST Annual Conference 2008

The Cisco CSIRT team provided the network connectivity for the 20th annual FIRST conference in Vancouver, BC Canada in June 2008. Through the deployment of their "mobile monitoring rack", the CSIRT built and managed a secure and fast conference network. Many security technologies were put in place to protect the attendees from malicious websites and malware throughout the span of the event resulting in hundreds of blocked connections to "bad" sites and banner ads as well as protection from Internet attacks towards the conference network.

Well that's your lot for now, podcast and blog wise. I'll occasionally be checking in and perhaps if the guys at ITProportal let me, even publish a few more rants and podcasts here.

In this short podcast, FIRST steering committee member and Director of Technical Operations for Japan Cert, Yurie Ito gives us the inside information on the 2009 FIRST Conference in Kyoto.

In this year’s 2008 FIRST conference, keynote speaker, Microsoft's George Stathakpolous showed us some statistics which indicated that Japan had the least amount of malware infections in the world by a huge order of magnitude. In addition Japan is a country that has had to cope with a large amount of natural disasters and yet they are still one of the most feared economies in the world. 

Whilst working at the FIRST 2008 Conference, I got to share an office with the 2008 and 2009 program chairs, who would share with me some pretty interesting and useful aspects of how members can influence the FIRST security conference program structure.  So I couldn't resist having a podcast with them. 

In this podcast 2008 and 2009 FIRST Program Chairs, Reneaue Raulton and Mick Creane share their thoughts on the conference programs and how you can incluence the direction of the program as well as win a prize for coming up with a great theme for a conference.

This is my last blog on Microsoft's End to End Trust vision.  It looks at a different way of viewing security and summarises my thoughts after the disucssions I had with keynote speakers, Microsoft's George Stathakopolous, Ivan Krsti? and Cisco's John Stewart.  Do go to the links for Microsoft and add your comments, good or bad.

There are some who would want to remove the anoymity of the internet to help protect against cyber crime.  This is in itself a noble idea but as security people we should be ever mindful that we are here to enable people.  I think the following really expresses the opposing view.

The Common Vulnerability Scoring System Special Interest Group (CVSS- SIG) had a very busy and successful working meeting during the 20th annual FIRST conference in Vancouver. We covered many of the CVSS use cases post v2 deployment - namely PCI and S-CAP - thanks for all the great participation.

In this blog we look a the difficulties of hardware and O/S trust which are the forth and fifth elements of the Microsoft Trust Stack.  

As we've mentioned over and over again, FIRST is a truly international conference aimed at enabling delegates worldwide to network and swap stories and tips to better defend their environments and systems.   In this podcast, Uri, a delegate from Estonia, talks about why he enjoys being at FIRST over other conferences.

In this blog we look a the difficulties of software trust which is the third component of the Microsoft Trust Stack. 

Trust in People

Trust in Data

Trust in Software

Trust in O/S

Trust in Hardware


Ben begins a series on perceived issues with the Microsoft Trusted Stack model

Continuing a series of blogs on the Microsoft Trusted Stack model, Ben Chai looks at whether we can ever really trust data.

Can we ever trust any kind of identity module?  What if everyone had a chip to identify them and this chip was required to logon to a computer, network or the internet?  Would this be failsafe?  We think not.  Here's why.

What is it like being a Chairman and a Vice Chair.  Long time steering committee member, Kennneth R Van Wyk has given his time to work in several of these positions. In this short podcast he tells us what they do and why they are important to the smooth running of the FIRST organisation.

In this three minute podcast, Ben Chai finds out why George Stathakopolous, general manager of security at Microsoft enjoys being at FIRST.

What is the trusted stack and how can it help improve your overal security posture?

In this podcast, Peter Allor of IBM tells Ben Chai what it’s like being the FIRST 2008 Conference Liaison and the importance of this role for the FIRST membership.

End to End Trust - a new framework for secure business transactions.  What is it and how does it work?  This blog is based on George Stathakopolous, general manager of security engineering and communications at Microsoft Keynotes talk at FIRST 2008.

Back in 2001, Microsoft's security strategy was originally the 3Ds

  • Secure by Design
  • Secure by Default and
  • Secure in Deployment

Since then they have had evolved this strategy to cope with the modern day threat landscape.

One recurring theme from this year’s set of talks was that no matter whether speakers agreed or disagreed with each other about the problems or solutions, each of them called for greater collaboration on how the industry is going to tackle the problem of cyber crime

The point being made here was that fifteen years ago, we had several security issues such as:-
•    Employees forgetting their passwords
•    The odd virus getting through
•    Employees accidentally accessing inappropriate websites and downloading malware

Many countries can be instantly crippled if one of their national infrastructural services is taken down, be it water, electricity, transport or many other different critical services

A new two day event at the FIRST 2008 conference was a training event entitled Defend the Flag. This seminar is all about helping security professionals to become more adept at protecting corporate assets from both a theoretical and a practical perspective

A picture can save reading a thousand lines of a security log file. Raffael Marty of Splunk discusses his book and talk on Applied Security Visualisation with Peter Wood of First Base

In this podcast, Peter Wood of First Base and Raffael Marty of Splunk discuss the key points from Peter’s talk at the FIRST 2008 conference on how many attacks are a combination of technological and social engineering and the lack of defences to a combined attack

Ivan Krstic, the second keynote speaker, at the FIRST 2008 conference talks about how each component within a system from the CPU, motherboard, graphics card, coolant system up to the hard disk and network card could be hacked or have malware inserted.

Malware has mushroomed and evolved.  No longer is malware an attack all problem.  It has become focused on countries and industries

In this podcast, Stephen Adegbite and Zot O’Connor from Microsoft examine the various security eco-systems in companies operate today and how these eco-systems can strengthen their defence systems by better communication and co-operation

Let’s face it. Corporate security is a pain. Managing and updating firewalls, access control lists, encryption, confidentiality, and other components in multi-layered defence system can be overwhelming

The problems of patching are enormous.  Let’s say a vendor discovers a vulnerability in their software and releases a patch to prevent a potential exploit. So why don’t we all rush to patch our servers

As we have seen from previous blogs, blacklists are becoming more and more ineffective against an ever increasing malware and increasingly innovative criminal minds

Who would want to be a podcaster!  Unfortunately I lost my Podcast with John Stewart Vice President and Chief Security Officer for Cisco who gave the keynote talk on Critical Infrastructure Security

CERT/CC and FIRST jointly held the first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks. The 2008 contest focused on: prevention and mitigation, under the banner "Protect". The winner best practice papers are available for download.

Botnets have been known to be a significant threat to corporations and governments alike. Many companies have only just been able to create adequate defences by co-operating with the Computer Emergency Response Teams.  However the botnet evolution has grown to be far more deadly.

End to End Trust and collaboration is one methodology for defeating the global multinational, multivendor attacks that have begun to appear.

Over the last few years more and more companies have grown used to the concept of penetration testing to help detect security holes in their applications, networks and operating systems.

The winner of the FIRST Best Practices competition was from members of the Taiwanese CERT team, Pei-Wen Liu, Jia-Chyi Wu, Pei-Ching Liu. Between them they produced a 13 page document on how to best protect against social engineering attacks in email form.

New methods that organisations and individuals can adopt for free to protect themselves from malicious internet attacks were unveiled today at the 20th annual conference of first, the forum of internet response and security teams.

Well actually it was me.  Just before coming to FIRST, I was backing up different parts of my computer and so created some shares and opened up my guest account so that I didn’t have to bother about user names and passwords

I just attended a seminar with the Harvard educated and chief security architect of the one laptop per child initiative. Wow was that presentation scary.  Ivan Krstic the second keynote speaker delivered a real wake up call of a presentation on the weaknesses of today's operating system and hardware. 

A new initiative to ease tensions between law enforcers and internet security experts was launched here today at the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams.

The number of innocent individuals in China whose personal computers were hijacked by criminals rose by a staggering 2125 per cent between 2006 and 2007, delegates were told here today at the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams.

Something new at FIRST is a two day session analysing how well you can protect your systems. The sponsors of this two day session are Microsoft and one of their partners ISEC

Every year prior to the actual FIRST conference is a one and a half day FIRST Education event.  This can take the form of training or discussion on various educational topics

This year’s goodie bag itself was for me the most exciting of all the components; black folder, pen, USB stick for notes, some great T-shorts from the sponsors and the bag itself. Why is the bag so exciting?

Many of us, myself included, tend to be quite insular in the way in which we view security. By insular I mean that we tend to focus predominantly on our company security and our home security which in our positions is the right thing to do

Over and over again, I hear this phrase from delegates at FIRST. I met XYZ at one of the FIRST conferences and they’ve really helped me out with XYZ problem

This year’s annual FIRST conference is set in Vancouver, Canada. As cities go, many people have told me that it is in the top five cities that people would like to emigrate to

More than 400 of the world's top internet crime fighters are in Vancouver this week for the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams.

A sponsor and loyal supporter since 1999, British Telecom returns as a member of the FIRST Sponsorship Team this year. Helping FIRST to celebrate 20 years of conferences, BT is back as the Diamond Sponsor in Vancouver. BT supports Tom Mullen as a member of the FIRST Steering Committee and Mick Creane as the 2009 Conference Program Chair. FIRST gratefully acknowledges BT for its support over the years.

The CERT(R) Coordination Center, the world's first computer security incident response team, is celebrating its 20th anniversary in 2008. While the CERT/CC continues to respond to major security incidents and analyze software vulnerabilities and malicious code, it has evolved in response to the changing internet environment. The CERT/CC is now part of the larger CERT Program, which takes a comprehensive approach to resisting and limiting the impact of network attacks. FIRST gratefully acknowledges the support of CERT/CC and all of its sponsors.