Thomas Dullien is a security researcher and ex-entrepreneur well-known for his contributions to the theory and practice of vulnerability development and software reverse engineering.
It is fashionable to speak about a "digital transformation"- but what are the factors that drive this transformation? One is Moore's law - the clockwork-like regularity with which transistors are shrunk further and further -- and one is universal computing. Universal computing implies (among other things) that one can easily specialize an existing complicated device (a CPU) to simulate a much simpler device.
Moore's law means one can build an ever-more complicated device, ever-more cheaply. Both factors have led to an exponential increase in complexity - which is generally regarded as bad for security: It is often cheaper to use a very complicated device to simulate a simple device than to build the simple device - and the code to simulate this simple device needs to be written only once, and can be re-used at essentially zero cost.
Adding more software complexity does not impact unit costs - but adds to the security burden.
This keynote discusses how these two underlying factors drive many of the problems in security:
The takeaway will be better understanding of the magnitude of the complexity we are facing, how the same factors that drive digitization drive this complexity, and how much of security is a (somewhat desperate) attempt to contain complexity.
Thomas Dullien is a security researcher and ex-entrepreneur well-known for his contributions to the theory and practice of vulnerability development and software reverse engineering. While studying for his MSc in mathematics, his research on graph-based code similarity won the Horst-Goertz Prize in 2006 - then Germany's biggest privately financed research prize in the natural sciences.
He commercialized this research in a company called zynamics which got acquired by Google, leading to him aborting his PhD studies. He has worked on topics from the very practical (turning security patches into attacks) and concrete (turning physics-induced DRAM bitflips into useful attacks) to the theoretical (attempting to clarify the theoretical foundations of exploitation).
After 7 years of Google - 5 in their threat analysis department, and two years at Google Project Zero, he recently left to start a new venture focused on efficient computation in the cloud, Optimyze
Per Thorsheim, password expert.
We have more passwords than ever, and they are not going away anytime soon. What can we do to make them easier to handle, while improving the security they provide?
Per Thorsheim is the CSO of Nordic Choice Hotels, and the founder of PasswordsCon, the worlds first & only conference all about passwords and digital authentication. He claims to know your next password.
Keld Norman, sikkerhedskonsulent hos Dubex
Hvad kan gå galt på 45 min med stort set kun live hacker demoer, heriblandt KonBoot, Rubberduck, Mousejack, Wifi Keyloggers, Apple Bleee, Evil ninja og mange flere.
Han vil også vise en lidt speciel måde at åbne en hængelås på som de fleste nok ikke har set før..
Er der tid til overs fortæller Keld hvad der skal til for at tømme en dankortautomat for penge.
Keld er IT-sikkerhedskonsulent hos firmaet Dubex. Han er SANS GIAC-certificeret som Forensics Examiner, Certificeret Etisk hacker og en del af Dubex Incident Response team (DIRT), som rykker ud og hjælper kunder, der er blevet kompromitteret. Keld har bl.a. en fortid i IBM, hvor han har arbejdet med både Mainframe, AIX og Linux.
Udover det daglige arbejde med opsætning af firewalls, red team-øvelser (hvor man leger hacker - lovligt) og incident response-udkald, er han tit ude og holde foredrag og visualisere, hvordan hackerne arbejder.
Som frivillig underviser han også børn i alderen 7-10 år i den lokale Coding Pirates-forening i Allerød.
Download præsentation her.