Pumpcon 2018 Speakers:
InfoSuck: The Art of Falling Forward.
There are hundreds of blogs, papers, tweets, etc that give the lowdown on "How to break into Infosec." There aren't any that help to guide these poor sheep past the offer letter. We're not allowed to talk about getting laid off or fired. We're told to not discuss our salaries with each other because its "impolite". We're discouraged from discussing these things for fear of being blacklisted or being thought of as "unprofessional", damaged goods. Well, fuck all that.
Why do you want to hear about this stuff from me? I've been through all of it. I've been RIF'd (Reduced in Force) 3 times, fired once, managed out, re-org'd, etc and still figured out how to feed my family. You want to hear me talk about it because someone needs to let these poor n00bs know how to navigate an industry that preaches loyalty & attachment with one hand, then slaps you with the other when the balance sheets don't shake out. These are war stories about all the stuff we're not allowed to talk about in polite company. Do I have a little chip on my shoulder? Damn right. Will I name names? You betcha. Will I be sober during the talk? Probably not.
Missed Connection: When Information and Physical Security Try to Mate
Bleep goes on a magical adventure through the land of connected physical security devices, brought on by a life-long interest in lock picking. The things Bleep finds are so bad it feels like 1995 all over again, and he's in his parents' basement listening to Music for the Jilted Generation. If it weren't for the fact that people are using these to lock their homes and their gun safes, this might even be funny. Consumers seem to think jamming everything into their smart phone is convenient, and the world of venture capital loves products that consumers will buy without thinking too hard about it. By piling on features like fingerprint-based unlocking, sharing your lock with guests and proximity-based control, these devices are very convenient. But who else is this convenient for? Of course, while consumer convenience increases, the effort put into securing these products decreases. You know the rest of this story. This talk will be a review of how many of these locks work, from a variety of vendors, large and small. Some topics covered include the ways that factories manage enrolling locks for later use with an app, how terrible these apps are universally, and some amazing API failures that allow you to unlock a padlock's shackle just by virtue of being nearby. As we review the various failures, suggested best practices will also be a part of the discussion. Hopefully somebody in the audience will take heed and try to make the world a slightly better place by not repeating these mistakes. Maybe there's an app for that.
Bleep J. Blorpenburg
Browser as Botnet
As for why a group of hackers would care about this subject: I've collected a ton of useful statistics from this research... Including 11,000 unique user-agent strings from over 250,000 IP addresses. I was able to seed 3.5 terrabytes of data *entirely* between unsuspected user's web browsers in 24 hours using webtorrents embedded in banner advertisements .
Disinformation from an information security perspective
This presentation seeks to examine disinformation from an information security perspective. This presentation will define what disinformation is, and engage in an attack surface analysis of information content systems and examine how disinformation attacks fit into that analysis. Then the presentation will look at disinformation attacks through the lens of the confidentiality, integrity, and availability triad, and analyze how disinformation challenges that triad. The presentation will examine how disinformation attacks and more broadly attacks on information systems challenge an user’s relationship to information systems. Lastly, what are the possible solutions, mitigations, or are we just fucked?
Why do you think a bunch of hackers will care: How many shells to political power? How many zero days to shift beliefs on scientifically validated and accepted ideas? The merger and inseparability of information systems with social and political systems has created a distinct problem with no clear solution. How do we as hackers, engineers, and analysts build defenses for attacks on information content systems like Facebook, Twitter, et al? We can’t build defenses if we haven’t properly conceptualized and analyzed what attacks, and possibly defenses look like.
Bio: Just a malware analyst interested in the intersection of political influence and technology.
PLUS Special Surprise Guests!!!