GRAND RAPIDS – GRRCon began Day 2 last week with a keynote from Georgia Weidman who presented on “Burning the Enterprise with BYOD,” which expanded into the multiple threats introduced with an increase of mobile devices. In a survey from more than 50 attendees at this year?s conference, Bring Your Own Device was listed as one of the biggest trends in security today.
Weidman, in her presentation, went into detail to expose the great number of security risks that lay within the beloved mobile devices and spoke to a Smartphone Pentest Framework. With the trend of BYOD, comes a true responsibility of security organizations to understand and protect against the wide variety of mobile devices, applications, network access methods, and new traffic patterns that spring from the mobile proliferation.
Throughout the two-day event, MITechNews Reporter Nicole Johnson asked four questions that ranged from vulnerabilities to opinions on Snowden’s choice to expose the NSA. This led to great round table conversations about the topics among attendees.
During the first few days, people would answer and talk more freely about the survey, but as the event wrapped people gave more left field answers. Finally, they asked more about the reporter?s credentials. Proof that the event was changing the way people viewed security. Aggregated results from the survey are available here
During one conversation, respondents said they believed that regular security awareness for the general public would help organizations. That is one reason why events like GRRCon are so successful because they help the experts gain more information on trends and tips that they can share to help educate their friends, families, and co-workers.
The hope is that smarter home users would lead to smarter users in the work place. Not just adults because children are desperately in need of security education. “Kids are having their identities stolen before they are even adults ” said one attendee. In this age, it is third parties, such as schools and sports events, which may expose private information about children, survey respondents said. With more and more children using the Internet, it is increasingly important that they understand how to protect themselves and the implications of their Internet presence, which lives forever digitally.
Joel Cardella gave tips on how to educate your end users about security issues. Aaron Finnon is an IDS expert, so he expanded on why it is important to not just have the data, but a context to the data set. The Open Source Intelligence (OSINT) presentation by Thomas Richards and Justin Hohner discussed how to leverage this program as a defensive tool to better understand and protect your vulnerabilities.
J. Wolfgang Goerlich from VioPoint presented on “Beautiful models” which discussed the changing trends in threat modeling, a critical component to a security strategy. Goerlich believes that “defense in depth is dead because you can’t defend properly unless you think like an attacker.” Using this idea, he suggests a more targeted defense system where the protection is engineered specifically to the attack path based on the use case. With this approach, businesses minimize the impact of an attack. He calls this “the no impact breach,” where security incidents are contained without affecting the business.
Goerlich was also a target of one of the friendly pranks this year as fake “Moar Coffee” cards were spread among the venue with a matching fake website and social media accounts. During Hacker Family Feud, balls were playfully launched towards him and other well coordinated events happened throughout the two days. This type of fun approach to social engineering and attacks are part of what makes GRRCon memorable.
In “Pwnage from the Skies,” Philip Polstra details how he used the BeagleBoard technology to create a flying RC Controlled hacking machine called the Air Deck. This would allow the penetration tester to literally fly an attack device He also carried around a penetration testing lunch box that served up much more than sandwiches. It’s not just appealing to the eye, but Polstra really used his creativity into this “maker” style security devices.
GRRCon would not be complete without a closing presentations from Duncan Manuts and Mike Kemp. Duncan Manuts wore a fake beard and glasses to hide his identity while reviewing the history of hacking. He would show great old school pictures of hackers and try to have people guess who they are. His message – you have to understand where you have been to know where you are going. Although the event leaves you questioning the cyber safety of your surroundings, one thing became clear. The security community works together to solve the security issues of today and the future.
And remember…..The internet is cake.
If you have a story idea for Nicole Johnson, email [email protected]
