15 Members of Trustwave's SpiderLabs Selected to Present at DEF CON

Cyber Security Experts Talk About Mobile Security, Disaster Preparedness and Unlikeliest Attacks Ever Seen

CHICAGO (July 26, 2011) -Trustwave, a leading provider of information security and compliance solutions, today announced that fifteen cyber security experts will deliver talks, training sessions and a kids demonstration at DEF CON 19, the world's largest hacker gathering, in Las Vegas, August 4 through 7. The presentations will be delivered by members of Trustwave's SpiderLabs, the team of ethical hackers responsible for application security, incident response and forensics, penetration testing and security research.

Thomas Wilhelm, senior security consultant, will present Staying Connected during a Revolution or Disaster, in response to the wake of recent revolutions in the Middle East and Africa where telecommunications services were diminished in response to organized demonstrations. The discussion will examine the breakdowns in telecommunication channels - intentional and otherwise - that can occur during crucial moments, including revolutions, protests, and natural disasters. Wilhelm's talk will conclude with the introduction of a new open source tool that will have the capabilities to generate spontaneous networks in times of crisis using current cellular phone technology.

Rob Havelt, director of penetration testing, and Wendel Henrique, security consultant, will present Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests, which will review a massive collection of the weirdest, freakiest, rarest, and most bizarre hacks ever seen in the wild. Trustwave's SpiderLabs has performed thousands of penetration tests and has a large collection of first-hand accounts of these unlikely hacks. The presentation will also discuss how systems employed by companies can also be leveraged by an attacker to harm the very network they are protecting.

For a second year, Nicholas J. Percoco, senior vice president and head of Trustwave's SpiderLabs, and Sean Schulte, software engineer, will present This is REALLY Not the Droid You're Looking For, which focuses on the User Interface (UI) of the Android OS. After a successful talk on the implication of malware and rootkits on mobile devices during DEF CON 18, this year's presentation will look at potential flaws in the Android OS. Using legitimate and documented APIs, they will demonstrate vulnerabilities around credentials and other user information from the most popular applications in the Android market.

Andrew Wilson, security consultant, will deliver Traps of Gold, a study which examines the offenses and defenses of web application security and introduces "maneuverability" - a new strategy for fighting back. This style of fighting aims to make hackers expend their resources while strategically positioning the potential victim organization to better prevent hacks. Real world examples of this technique will be demonstrated.

"We are delighted to be increasing our presence and involvement at one of the most respected gatherings of cyber security experts," said Robert J. McCullen, chairman, CEO and president of Trustwave. "Additionally, we're honored that two of our speakers have been asked to run newly created training sessions at DEF CON, which we feel is an important step towards further educating the public about cyber security."

Other talks that Trustwave's SpiderLabs will present include:

• Steve Ocepek will deliver Blinkie Lights: Network Monitoring with Arduino, which will introduce new concepts around network visibility, offering insight on how typical users can help to secure the network.
• David Bryan and Luiz Eduardo, along with other panelists, will present Building the DEF CON Network, Making a Sandbox for 10,000 Hackers, which will cover how the DEF CON network team builds a network from scratch, in three days with very little budget, to support several thousand users concurrently.
•  
• Nicholas J. Percoco and Paul Kehrer will deliver Getting SSLizzard, a discussion and demonstration of flaws at both the application and OS layer that need to be addressed by both the mobile application developers, as well as the mobile device manufacturers. The talk will include the discovery of a recent iOS vulnerability and include a live audience participation to discover similar flaws in other mobile devices.
•  
• Grayson Lenik will present I'm your MAC(b) Daddy, which will cover the use of file system timelines to crack data breach cases and illustrate how to defeat common anti-forensics techniques. He will also review the tools and techniques available to perform these tasks and demonstrate how quickly this data can be obtained and parsed.
• Nicholas J. Percoco and Jibran Ilyas will deliver Malware Freakshow 3, for a third year. In this installment, Percoco and Ilyas will highlight four new pieces of malware where the victims are you and people you know. These pieces of malware can be found at work, at the grocery store, mobile phone, and even a local watering hole.
• Ryan Linn will present PIG: Finding Truffles Without Leaving a Trace, which will review and dissect traffic emitted from computers connected to networks. This simple connection produces a fair amount of information about the computer and its user, which can then be used to profile corporate users and computers without a malicious attack.
• Dan Crowley will deliver Speaking with Cryptographic Oracles, a discussion of methods for finding and exploiting encryption, decryption, and padding oracles.
•