Security Summer 2014

This summer is shaping up to be rather action packed.

Conferences:

  • BSides Pittsburgh is June 6th.  I’m organizing this one, so hopefully it is good.
  • BSides Cleveland is in July.  I had attended the last one in 2012.  I’m a little concerned about it being in a bar.  I’ve heard negative things about ThotCon primarily being a drinking event rather than a learning event.  In any case, I will be attending.
  • BSides Las Vegas is in August.
  • DEFCON is in August.

Local News:

Pittsburgh should be interesting this summer.  First is the report that Alcoa, ATI, U. S. Steel, USW, and Westinghouse were all breached in 2010. Now is a report that UPMC was breached.   The banks were poaching talent and buying technology last year during Operation Ababil.

Major Tech News:

I’m not convinced Heartbleed is as big of a deal as the rest of the community is making it.  Everything internet accessible that matters should have already been patched by this point.  There will be vulnerable internal systems, but that is just another easy pivot for attackers to use.  Most networks already have plenty of easy pivot points, adding some more doesn’t seem to significantly change the landscape.

I think Windows XP will be the big issue.  Sure, Microsoft has patched some vulnerabilities, but I predict more this summer.  Dropping malware on Windows XP systems this summer is going to be the big thing.  This gets you in to the network.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s