Confidence - (25-26.05 2010 Krakow)
Language: polski | engish

Jesse Burns

Jesse Burns is a computer security consultant, living in San Francisco, California, USA – although he is a Canadian citizen (and US permanent resident). Jesse is a co-founder and principal partner at iSEC Partners, a security consulting company. At iSEC he works as a security researcher, helping find and resolve security issues for our clients. He spoke last year at a number of prestigious security venues, including for large companies like Microsoft and at conferences including Black Hat USA and Confidence. This year Jesse has been invited to speak on Android security in early April at the Korean government sponsored CODEGATE conference, and iscontinuing my research work on Mobile, Application, and Cloud Security. A book containing a chapter he wrote on Android was just published, it is called Mobile Application Security (http://www.amazon.com/Mobile-Application-Security-Himanshu-Dwivedi/dp/0071633561/ref=sr_1_1?ie=UTF8&s=books&qid=1268265838&sr=8-1).

Topic of Presentation: Aurora attacks

Language: English

Abstract: iSEC Partners just published some recommendations (https://www.isecpartners.com/files/iSEC_Aurora_Response_Recommendations.pdf) on responding to these attacks, and they include some of the most detailed information about the attacks and how to mitigate them yet shown. My co-worker Alex Stamos recently presented this at a number of large US companies, and a summary version at RSA. I would be happy to present some of our recommendations, and give a talk about the incident and responding to it. Some of the strategies are quite technical and rather interesting. While we talk a bit about using some commercial tools, we don’t have a sales relationship with those companies, and I assure you that there won’t be any sales pitches.

Topic of Workshop: Android Reverse Engineering – 120 minutes

Language: English

Description of Workshop: It is a follow up on my work last year with Android security, where I show how to explore the closed, and/or binary only parts of Android platforms. This includes discussions of how android distributions can be hardened, examining the hardening that has been done, and new Android security features that have been introduced since the Cupcake release of Android (version 1.5). I would also talk a bit about some of the Android devices on the market, including information gleaned from reverse engineering the devices, focusing on some of the most interesting new directions that have appeared like the first Android e-Reader and how the security of these devices is being handled.