A Soft Introduction to Advanced Persistent Threats
Marco Ramilli
Founder & CEO
Yoroi, https://yoroi.company
09/29/2021
Cybersecurity became the 5th battlefield space in which many threat actors play. In this talk we will address some basic concepts about Advanced Persistent Threats (APT) with special focus on threats against the financial and energy sectors.
Detecting Phishing Messages
Rick Wash
Associate Professor
Michigan State University
10/06/2021
Phishing messages are communications, such as emails, where someone sends a message pretending to be something or someone they are not in order to get you to do something you normally wouldn’t be willing to do. Phishing is one of the leading methods of attack by cybercriminals and in information warfare, is commonly used to install ransomware, and was previously used to disrupt elections. Phishing is fundamentally a human problem, but it most commonly occurs when sending messages through computers. Humans and computers need to work together to detect when a message if phishing and to deal with it appropriately. I will describe how IT experts detect phishing emails, will compare that with how non-experts detect phishing, and discuss how this human work integrates with and complements the ways that computers detect phishing.
Deep Dive into Authentication and Authorization using OAuth and OpenID Connect
Catherine Meyer ('19)
.NET Software Engineer
Radiant Logic
10/13/2021
Authentication (AuthN) is ensuring a user is who one says he or she is. Authorization (AuthZ) is ensuring that a properly authenticated user is accessing only those resources he or she is allowed. But how do businesses ensure that users are being properly authenticated? Identity Providers (IdPs) are services that businesses rely on to securely store and manage users digital data.
These IdPs are responsible for implementing the proper mechanisms for authenticating and verifying users. But what procedures do these IdPs follow to ensure such measures? There are several protocols and frameworks used by IdPs such as SAML, OAuth (and subsequently OIDC), Kerberos, and WsFed. Today, however, more services are relying on OAuth and OIDC to securely and correctly authenticate users. In this talk, Catherine will discuss how an IdP works, introduce the most common types of authentication protocols, and provide an in-depth explanation of OAuth and OIDC.
Account compromise: notes from the trenches
Juan Lang
Tech Lead / Manager
Google
10/20/2021
Find out what tricks attackers use to compromise Google accounts, and what you can do to keep yourself safe online. That, and some stories from the field.
Tales from the Trenches: Deriving Production Requirements for Secure Computing Machines
Alric Althoff
Senior Hardware Security Engineer
Tortuga Logic
10/27/2021
Today we find ourselves on the cusp of a revolution in computer hardware security. Semiconductor companies are creating chips as fast as possible to meet increasing global demand using development approaches that effectively address functionality but leave security out in the cold.
We will present this problem, and solutions, through stories and history. These stories incorporate humor, adventure, and survival in the midst of the war-torn wilderness known as: The Semiconductor Production Pipeline. Few have returned to tell the tale.
This talk, rescued, smuggled out from behind enemy lines, and authenticated by titans of industry, presents hardware security from a perspective rarely discussed in academic circles: deriving engineering requirements from customer security needs.