Setting an example is not the main means of influencing another, it is the only means.
– Albert Einstein

Scott Adams made this observation: If you were talking to Albert Einstein, and he got struck by lightning and became twice as smart, would you be able to tell? Many folks do not understand detailed technological talk. Like the manager, Jen, who in “The IT Crowd” tries but can only hear static when Moss talks computer jargon. As IT professionals, we have to learn to communicate effectively. If we do not, many folks simply cannot tell the difference between the IT professional who may be right but cannot communicate his thoughts and the guy who is just making stuff up but saying it in a smart confident manner.

This page initially started as a post. I kept coming back to edit and add various presentations posted from the RSS feeds. I decided to give the information its own page. Slides and videos done by experts in the field are a great source of information not only on the subject matter but also on ways to present the information. Not all the presentations available at each of the conferences are included. Please visit the conference sites and look at all the presentations. This area is to provide a starting point and provide an idea of what is available.

Conferences

Conference sites provide a great source for ideas and material that might be of interest. Since these topics were presented this year, they are topics of concern to folks in the IT world. There are many presentations available at the conference sites. Please visit the sites for additional presentations.

Google I/O (May 28-29, 2008)

A World Beyond AJAX: Accessing Google’s APIs from Flash and Non-JavaScript Environments	APIs & Tools
Advanced Gadget and UI Development Using Google’s AJAX APIs	AJAX & JavaScript
Advanced KML	Maps & Geo
Advanced Ruby Scripting for SketchUp	Maps & Geo
An Introduction to Android	Mobile
Anatomy & Physiology of an Android	Mobile
Apache Shindig: Make your Social Site an OpenSocial Container	Social
Authenticating to Google Data Services	APIs & Tools
Becoming a Google Apps Small Business Solution Provider	APIs & Tools
Best Practices - Building a Production Quality Application on Google App Engine	APIs & Tools
Best Practices for Spreading Your App without Ruining the User Experience	Social
Building an Android Application 101	Mobile
Building on the Promise of OpenSocial	Social
Building Scalable Web Applications with Google App Engine	APIs & Tools
Can We Get There From Here?	AJAX & JavaScript
Creating a Client-Side Search Engine with Gears	AJAX & JavaScript
Creating a Google Data API Client	APIs & Tools
Dalvik VM Internals	Mobile
Design Patterns in an Expressive Language	AJAX & JavaScript
Design Your Own YouTube Player	APIs & Tools
Effective Java Reloaded	Tech Talk
Engaging User Experiences with Google App Engine	APIs & Tools
Even Faster Web Sites	AJAX & JavaScript
Extend the Reach of your Google Apps Environment with Google APIs	APIs & Tools
Faster-than-Possible Code: Deferred Binding with GWT	APIs & Tools
Flash API for Google Maps	Maps & Geo
From Mashups to Mapplets	Maps & Geo
Gears Case Studies: Zoho offline on Gears, Buxfer secure and offline finance with Gears	AJAX & JavaScript
Google Gears and MySpace - an Exploration of Powering Search on the Client	AJAX & JavaScript
Google Gears for Mobile: Power Up your Mobile Web App	Mobile
Google Guice 101	APIs & Tools
GWT and Client-Server Communication	APIs & Tools
Harnessing StreetView, Static Maps, and other new additions to the Google Maps API	Maps & Geo
Hosting your Geo Data, an Overview of Design Options	Maps & Geo
How Open Source Projects Survive Poisonous People	Tech Talk
How to Index your Geo data	Maps & Geo
HTML5, Brought to You by Gears	AJAX & JavaScript
Improving Browsers in New Ways: Gears++	AJAX & JavaScript
Inside the Android Application Framework	Mobile
Introduction to Google DocType: an Encyclopedia of the Open Web	Tech Talk
Introduction to Project Hosting on Google Code	APIs & Tools
Keynote: Client, Connectivity, and the Cloud	AJAX & JavaScript
Keynote: Imagination, Immediacy, and Innovation… and a little glimpse under the hood at Google	AJAX & JavaScript
Leveraging Web 2.0 Design Patterns For Enhanced Accessibility	AJAX & JavaScript
Meet the OpenSocial Containers	Social
Mobile Mashups	Mobile
Monetizing Application Traffic On Social Networks	Social
My Maps Editing API	Maps & Geo
Open Source is Magic	Tech Talk
OpenSocial - Scaling and Analytics, Nuts & Bolts	Social
OpenSocial Across Containers	Social
OpenSocial at MySpace: Creating Popular Apps on MySpace	Social
OpenSocial Specification: What’s Next for OpenSocial	Social
OpenSocial, OpenID, and OAuth: Oh, My!	Social
OpenSocial: A Standard for the Social Web	Social
Parsing and Generating KML with Google’s KML Library	Maps & Geo
Rapid Development with Python, Django, and Google App Engine	APIs & Tools
Resource Bundles and Linkers in Google Web Toolkit	APIs & Tools
Reusing Google APIs with Google Web Toolkit	APIs & Tools
Search Friendly Development	APIs & Tools
Secure Collaboration - How Web Applications can Share and Still Be Paranoid	AJAX & JavaScript
Server-side JavaScript on the Java Virtual Machine	AJAX & JavaScript
Sitemaps: Exposing Interactive and Hidden Content in Web Applications	APIs & Tools
Spice up Your Web Apps with Google AJAX APIs	AJAX & JavaScript
State of Ajax: The Universe is Expanding	AJAX & JavaScript
Surprisingly Rockin’ JavaScript and DOM Programming in GWT	APIs & Tools
Taking Large-Scale Applications Offline - Lessons Learned from Google Docs	AJAX & JavaScript
The World’s Information in Context	Maps & Geo
Under the Covers of the Google App Engine Datastore	APIs & Tools
Underneath the Covers at Google: Current Systems and Future Directions	Tech Talk
URLs are People Too - Using the Social Graph API to Build a Social Web	Social
Using GWT to Build a High Performance Collaborative Diagramming Tool	APIs & Tools
Working with Google App Engine Models	APIs & Tools
YouTube on Your Site	APIs & Tools
GWT Extreme!	APIs & Tools
Painless Python for Proficient Programmers	Tech Talk
Visualize your Data: Google Visualization API	AJAX & JavaScript

Shmoocon 2008 (February 15-17, 2008)

• Opening Remarks (video)
• Intercepting Mobile Phone/GSM Traffic by H1kari (video)
• Forensic Image Analysis to Recover Password by David Smith (presentation and video)
• Baked not Fried: Performing an Unauthorized Phishing Awareness Exercise by Syn Phishus (presentation and video)
• Web Portals: Gateway to Information or a Hole in our Perimeter Defenses? by Deral Heiland (presentation and video)
• Hacking the Samurai Spirit by Isaac Mathis (presentation and video)
• New Countermeasures to the Bump Key Attack by Deviant Ollam (presentation)
• Keynote Address: Ed Felten (Presented by:Alex Halberman) (video)
• Active 802.11 Fingerprinting: Gibberish and “Secret Handshakes” to Know Your AP by Sergey Bratus, Cory Cornelius and Daniel Peebles (presentation and video)
• SIPing Your Network by Radu State, Humberto Abdelnur, and Olivier Festor (presentation and video)
• They’re Hacking Our Clients! Why are We Focusing Only on the Servers by They’re Hacking Our Clients! Why are We Focusing Only on the Servers by Jay Beale (presentation and video)
• Passive Host Characterization by Matthew Wollenweber (presentation and video)
• Practical Hacker Crypto by Simple Nomad (video)
• Using Aspect Oriented Programming to Prevent Application Attacks by Rohit Sethi and Nish Bhalla (presentation and video)
• Flash Drives & Solid State Drives Data Recovery Comparison to Hard Drives: Animated by Scott Moulton (video)
• Virtual Worlds - Real Exploits by Charlie Miller and Dino Dai Zovi (presentation and video)
• Smarter Password Cracking by Matt Weir (presentation and video)
• 21st Century Shellcode for Solaris by Tim Vidas (presentation and video)
• Why are Databases so Hard to Secure by Sheeri Cabral (presentation and video)
• VoIP Penetration Testing: Lessons Learned by John Kindervag and Jason Ostrom (presentation and video)
• Got Citrix? Hack It! by Shanit Gupta (presentation and video)
• Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to “SPIKE Land” by Enno Rey and Daniel Mende (video)
• Forced Internet Condom by Aaron Higbee and Jaime Fuentes (presentation and video)
• A Hacker Looks Past 50 by G. Mark Hardy (presentation and video)
• TL1 Device Security by Rachel Bicknell (video)
• I Will Be Your Eyes and Hands: Colossal Cave, Adventure and Reality by Jason Scott (presentation and video)
• You Must Be This Tall to Ride the Security Ride by Joel Wilbanks and Pete Caro (presentation and video)
• Legal Issues for Bot-net Researchers and Mitigators by Alexander Muentz (presentation and video)
• Hacking Windows Vista Security by Dan Griffin (presentation and video)
• Vulncatcher: Fun with Vtrace and Programmatic Debugging by atlas (presentation and video)
• Path X: Explosive Security Testing Tools using XPath byAndre Gironda, Marcin Wielgoszewski and Tom Stracener (presentation and video)
• Malware Software Armoring Circumvention by Danny Quist (presentation and video)
• 0wn the Con by The Shmoo Group (video)
• PEAP: Pwned Extensible Authentication Protocol by Josh Wright and Brad Antoniewicz (presentation and video)
• PEAP: Pwned Extensible Authentication Protocol by Josh Wright and Brad Antoniewicz (presentation and video)
• When Lawyers Attack! Dealing with the New Rules of Electronic Discovery by (presentation and video)
• The Geek and the Gumshoe or Can Mathematics and Computers Really Solve Crimes? by (video)
• How do I Pwn Thee? Let Me Count the Ways by RenderMan (presentation and video)
• On the Social Responsibility of Hackers Panel: Bruce Potter (moderator), Simple Nomad, Johnny Long, Rick Dakan, TBD (video)
• Closing Remarks (presentation and video)

3rd European Telecommunications Standards Institute (ETSI) Security Workshop (Jan 15-16, 2008)

• Keynote speech from the European Commission by Achilleas Kemos
• ETSI Security Activities Overview by Charles Brookson and Adrian Scrase
• ENISA Activities in Security by Elisabetta Carrara
• 3GPP Security hot topics: LTE/SAE and Common IMS by Valtteri Niemi
• Update on Security, Fraud thefts and Operators’ initiatives in GSM and 3G by James Moran
• IETF Security standardization activities by Hannes Tschofenig
• SECURITY INITIATIVES WITHIN CEN and CENELEC by John Ketchell
• Cost-effective authentication and integrity of electronic invoices by Nick Pope
• ESCoRTS: A European network for the Security of Control and Real-Time Systems by Alberto Stefanini
• CEN Anti-Counterfeiting Workshop by Nadine Ruhle-Niestroy
• Lawful Interception and Data Retention standardization activities by Scott Cadzow
• by Elena de la Calle Vian
• Lawful Interception of VoIP in Highly Decentralised Systems by Jan Seedorf
• Trusted Computing and Trusted Computing Group (TCG):
  Technology and Standardization Work by Claire Vishik
• Producing and maintaining Standards for Emergency Communications by Jean-Pierre Henninot
• ETSI TC related activities: STF 318 (REM) and XAdES interoperability event by Riccardo Genghini
• Developments within the ETSI Smart Card Platform Group by Klaus Vedder
• Secure Internet Connectivity with the Internet Smart Card by Walter Hinz, Giesecke & Devrient GmbH
• ETSI Smart Card Platform Requirements Work Group: USSM, Secure Channel and Confidential Applications by lario Macchi
• Secure UICC Hardware Platforms by Gerd Dirscherl
• ICT Security Standards Roadmap: an Update by Mike Harrop
• Global Cybersecurity: the role of International Standards by Solange Ghernaouti
• Global Standards Initiative on Identity Management (IdM-GSI) by Scott Cadzow
• Architecture and Privacy Issues for Biometric-Based Identity by Jean-Paul Lemaire
• NGN Security standards for Fixed-Mobile Convergence by Judith E. Y. Rossebø
• VoIP, NGN and DoS: Attack Scenarios, Detection and Prevention by Dr. Dorgham Sisalem
• PSTN/ISDN Emulation Subsystem (PES) within a NGN by Steve Covey
• Comparison of the work of different SDOs regarding UC/SPIT with a demonstrator by Thilo Ewald
• Standardization of Quantum Technologies and Quantum Cryptography: FP6 Integrated Project SECOQC by Thomas Langer
• A Compact and High-Speed Cipher Suitable for Limited Resource Environment by Taizo Shirai

CERIAS

• Provable Data Possession at Untrusted Stores
• The Effect of Rootkits on the Corporate Environment
• Protecting Data Privacy: A Practical Guide to Managing Risk
• Security issues within embedded software development
• Applying Recreational Mathematics to Secure Multiparty Computation
• Towards Effective and Efficient Behavior-based Trust Models
• Role Discovery
• Towards Secure and Re-usable Multiple Password Mnemonics
• Advances in Natural Language Watermarking
• Dumb Ideas in Computer Security
• How the Criminal Law Must Adapt to the Networked World
• Automatic Debugging and Verification of RTL-Specified Real-Time Systems via Incremental Satisfiability Counting and On-Time and Scalable Intrusion Detection in Embedded Systems
• Intrusion Detection Event Correlation: Approaches, Benefits and Pitfalls
• Assured Information Sharing between Trustworthy, Semi-trustworthy and Untrustworthy Coalition Partners
• Cyber Security and the “NEW” world enterprise
• Scenario-Driven Construction of Enterprise Information Policy
• Mathematically Defining Privacy
• WHAT IS INFORMATION?
• Research Challenges in Assured Information Sharing
• Computer-Related Incidents: Factors Related to Cause and Prevention

OCEG

• Information & Communications Privacy
• Evaluating Governance, Risk & Compliance Performance (part of the OCEG Illustrated Series)
• Evaluating Governance, Risk & Compliance Effectiveness (part of the OCEG Illustrated Series)
• Operational Controls (part of the OCEG Illustrated Series)
• Proving the Value of Governance, Risk & Compliance (part of the OCEG Benchmark Series)
• Managing Personal Information: Compliance Practices Throughout the Information Life-Cycle
• Improve the Efficiency and Effectiveness of Your Program (Part of the OCEG Illustrated Series)
• Reduce Complexity, Increase Efficacy (part of the OCEG Illustrated Series)
• Using Technology to Enable Governance, Risk & Compliance Processes (part of OCEG Illustrated Series)
• Managing Information Privacy - Are you Ready for Scrutiny?
• OCEG Illustrated Series: Seeing the Big Picture and Making the Business Case for Governance, Risk & Compliance

NIST

• An Overview of Emerging Standards, Guidelines, and Implementation Activities
• Security Controls for Industrial Control Systems
• NIST Special Publication 800-53 for Industrial Control Systems
• NIST Special Publication 800-37: An Introductory Tutorial with a videocast
• FISMA Implementation: The Strategy, Challenges, and Roadmap Ahead
• Importance of Security Configuration Recommendation Guides
• Hardcopy Security: An Open Door

OWASP

• The OWASP Testing Guide
• The OWASP Application Security Metrics Project
• Advanced Web Hacking
• Advanced Web Services Security & Hacking
• Web Services Hacking and Hardening
• XML Security Gateway Evaluation Criteria
• Securing Web Services using XML Security Gateways
• Metics- What can we measure
• Testing Flash Applications
• Finding Vulnerabilities in Flash Applications by Stefano Di Paola
• Overtaking Google Desktop
• Overtaking Google Desktop, Leveraging XSS to Raise Havoc
• XSS Worms
• Protecting Web applications from universal PDF XSS
• Software Security
• Web Application Firewalls:When Are They Useful?
• Evaluating and Tuning Web Application Firewalls
• Application Denial of Service
• HTTP Message Splitting, Smuggling and Other Animals
• Web Application Incident Response & Forensics: A Whole New Ball Game!
• Can (Automated) Testing Tools Really Find the OWASP Top 10?
• Security Testing through Automated Software Tests
• Testing for common security flaws
• RequestRodeo: Client Side Protection against Session Riding
• Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) by Dave Wichers
• Ajax Security
• Ajax Security Concerns by Rohini Sulatycki
• Identity Management Basics
• Advanced SQL Injection
• Advanced Topics on SQL Injection Protection
• Fuzzing in Microsoft and FuzzGuru framework
• Application Security, not just development
• Positive Security Model for Web Applications, Challenges and Promise
• Legal Aspects of (Web) Application Security
• Analyzing Threats

Black Hat

• Fuzzing Sucks! (or Fuzz it Like you Mean it!)
• Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing
• Sphinx: An Anomaly-based Web Intrusion Detection System
• Intranet Invasion With Anti-DNS Pinning
• Traffic Analysis: The Most Powerful and Least Understood Attack Methods
• Reverse Engineering Automation with Python
• Defeating Web Browser Heap Spray Attacks
• Unforgivable Vulnerabilities
• Computer and Internet Security Law: A Year in Review 2006 & 2007
• Building an Effective Application Security Practice on a Shoestring Budget
• Side Channel Attacks (DPA) and Countermeasures for Embedded Systems
• The Security Analytics Project: Alternatives in Analysis
• PISA: Protocol Identification via Statistical Analysis
• Hacking Capitalism
• Hacking Intranet Websites from the Outside (Take 2) “Fun With and Without JavaScript Malware”
• Disclosure and Intellectual Property Law: Case Studies
• A Dynamic Technique for Enhancing the Security and Privacy of Web Applications
• Stealth Secrets of the Malware Ninjas
• Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity
• Active Reversing: The Next Generation of Reverse Engineering
• Anonymous Authentication: Preserving Your Privacy Online
• Database Forensics
• Simple Solutions to Complex Problems from the Lazy Hacker’s Handbook
• Hacking Leopard: Tools and techniques for attacking the newest Mac OS X
• A Picture’s Worth: Image analysis and forensics
• Other Wireless: New ways of being Pwned
• Defeating Information Leak Prevention
• Social Network Site Data Mining
• NACATTACK
• OpenID: Single Sign-On for the Internet
• Timing Attacks for Recovering Private Entries From Database Engines
• Static Detection of Application Backdoors

Defcon

• Bridging the Gap Between Technology and the Law
• Analyzing Intrusions & Intruders
• Virtualization: Enough holes to work Vegas
• Computer and Internet Security Law - A Year in Review 2006 - 2007
• Securing Linux Applications With AppArmor
• Hacking Social Lives: MySpace.com
• Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing
• Unraveling SCADA Protocols: Using Sulley Fuzzer
• Boomstick Fu: The Fundamentals of Physical Security at its Most Basic Level
• Trojans: A Reality Check
• Real-time Steganography with RTP
• Everything you ever wanted to know about Police Procedure in 50 minutes
• The Hacker Society around the (corporate) world
• Estonia: Information Warfare and Strategic Lessons
• Security by Politics - Why it will never work
• Hardware Hacking for Software Geeks
• INTERSTATE: A Stateful Protocol Fuzzer for SIP
• HoneyJax (AKA Web Security Monitoring and Intelligence 2.0)
• SQL injection and out-of-band channeling
• Functional Fuzzing with Funk
• Comparing Application Security Tools
• IPv6 is Bad for Your Privacy
• Social Attacks on Anonymity Networks
• How smart is Intelligent Fuzzing - or - How stupid is Dumb Fuzzing?
• Protecting your IT infrastructure from legal attacks- Subpoenas, Warrants and Transitive Trust
• Windows Vista Log Forensics
• Creating and Managing Your Security Career
• The Science of Social Engineering: NLP, Hypnosis and the science of persuasion
• Greater than 1: Defeating “strong” Authentication in Web Applications
• The SOA/XML Threat Model and New XML/SOA/Web 2.0 Attacks & Threats
• OpenBSD remote Exploit and another IPv6 vulnerabilities
• Pen-testing Wi-Fi
• Stealing Identity Management Systems
• Dirty Secrets of the Security Industry
• The Executable Image Exploit
• How I Learned to Stop Fuzzing and Find More Bugs

HITB 2007

Video from the conference is available.

• Hacking SCADA: How to 0wn Critical National Infrastructure
• Exploiting the Intranet With a Webpage - Is JavaScript the New Shellcode?
• Advanced Web Application and Database Threat Analysis with MatriXay
• Meta Anti Forensics: The HASH Hacking Harness
• High Security Locks - Illusion or Reality?
• Insider Threat Visualization
• 360° Anomaly Based Intrusion Detection
• Hacking the Bluetooth Stack for Fun, Fame and Profit
• Hacking Hardened and Secured Oracle Servers
• Slipping Past The Firewall
• Attack Surface of Modern Applications
• Hacking Ajax and Web Services: Next Generation Web Attacks on the Rise by Shreeraj Shah
• Protocol Fuzzing
• Enterprise Hacking: Who Needs Exploit Codes?
• An End-to-End Analysis of Securing Networked CCTV Systems
• Googling for Malware and Bugs
• The Computer Forensics Challenge and Anti-Forensics Techniques

Microsoft Bluehat

• Microsoft’s Circle of Life: Patch to Exploit
• Black Ops 2007: DNS Rebinding Attacks< /li>
• Fuzzing Sucks!
• Security Trade-Offs and Pitfalls in Virtualized Platforms
• Subverting Windows CE Kernel for Fun and Profit
• Mobile and Embedded Security - The Elephant Under the Carpet
• WABISABILABI: The Exploit Marketplace Project
• Malware, Isolation and Security Boundaries: It’s Harder Than It Looks
• An External Perspective to Extending Microsoft’s Phoenix Framework
• Automated Application Security Testing Models with Cool WPF Visualizations
• Structural Classification of Malware

Web2Summit

• David Recordon and Brad Fitzpatrick: Opening Up the Social Graph

Bro Intrusion Detection System Hands-On Workshop

• Bro Design & major features: Vern Paxson
• Bro installation and configuration: Brian Tierney
• Basic Bro Configuration and Tuning: Robin Sommer
• Scripting Language Overview: Vern Paxson
• Bro used as an IPS at LBL: Brian Tierney
• Advanced Bro Scripting: Robin Sommer
• Bro communication: Robin Sommer
• Bro Shell: Scott Campbell
• Custom Bro analysis at OSU: Seth Hall
• Time Machine: Overview and Introduction: Fabian Schneider
• Conclusion and Outlook: Robin Sommer

ZDnet

• Simplify Compliance with Auditing
• The PCI Half-dozen: Six Recommendations for PCI Compliance
• TechRepublic Roadshow: Handling Internal Security Threats
• Assess Your Business’s Unique Security Risks and How to Mitigate Them
• Vulnerability Management and Policy Compliance Overview
• Identity Management and the Sarbanes-Oxley Act
• Three Ways to Optimize Your Security Spending
• Addressing Platform Vulnerabilities With Innovative Security Research
• Introduction to Federated Identity Management
• An Identity-Capable Platform
• SOA Security Overview: SOA the ‘Perfect Storm’ of Security

Special Interest Topics

These are topics that are of special interest to me. The topics may or may not have been presented at the conferences. The presentations have been pulled from bloggers who I respect.

Blogging

• Ethics and law firm blogging for the ABA Lawyers Professional Liability Fall Conference, Scottsdale, Arizona.
• Powerpoint on the Nuts and Bolts of Law Firm Blogs

Security Metrics

• Dan Geer A Quant Look at the Future Extrapolation via Tren Analysis
• Gunnar Peterson Security Metrics Automation
• Measuring Network Security Using Attack Graphs
• Security Meta Metrics–Measuring Agility, Learning, and Unintended Consequence
• Security Metrics in Practice: Development of a Security Metric System to Rate Enterprise Software
• A Software Security Risk Classification System
• Web Application Security Metrics
• Operational Security Risk Metrics: Definitions, Calculations, and Visualiztions
• Metrics for Network Security Using Attack Graphs: A Position Paper

Fuzzing

• Fuzzing - Brute Force Vulnerability Discovery

Identity Management

• Digital Identity Tutorial
• Digital Identity Tutorial for WWW2007
• A Framework for Building Reputation Systems
• Information is …Social …People …Practical

Logging, E-Records, and E-evidence

• E-Records and E-Evidence
• Logging Web Proxy Logs: Best Practices, Big Tips & Meeting Compliance Mandates
• NIST 800-92 Log Management Guide in the Real World by Dr Anton Chuvakin

Social engineering

• Teach your users to recognize and resist social engineering ploys
• 10 common social engineering ploys

Forensics

• Windows Memory Analysis

Bluetooth Eavesdropping

• I Can Hear You Now: Eavesdropping on Bluetooth Headsets

IDS abnormal detection

• IDS abnormal detection
• Visual Security Event Analysis
• Aanval

Phishing

• Test Your Anti-Phishing Knowledge with Anti-Phishing Phil

Virus

• The WildList is Dead, Long Live the WildList!
• The Trojan Money Spinner
• Exposing Stormworm by Brandon Enright

Visualization

• Insider Threat Visualization
• Automated Application Security Testing Models with Cool WPF Visualizations
• Visual Security Event Analysis
• Malware Cinema: A Picture is Worth a Thousand Packets
• High Bandwidth Visual Analysis of Security Data Flows
• Network Attack Visualization
• Tamara Munzner Presentation on InfoVis at UBC CS

Web Application

• How to take your Web Application Offline with Google Gears
• Web Application Security: Keeping Your Application Safe by Joe Walker
• Future of Web Apps: Google Gears by Dion Almaer
• The Future of Firefox and JavaScript by John Resig
• Architecture Behind WordPress.com by Matt Mullenweg
• Preparing for Enterprise Adoption by Suw Charman
• Coding on the Shoulders of Giants by Matt Biddulph
• Making Your App Social by Rashmi Sinha
• Slipping Past the Firewall by Billy K Rios (BK) and Nate McFeters
• For my next trick…hacking Web 2.0 (lite) by Petro D. Petkov

Immersive Environments

• NASA’ Use of Immersive Environments by Daniel Laughlin

Videos

There are videos presentations available online.

• Dark Reading TV
• Virus Bulletin Presentation - Excerpt
• Berkman.TV
• Google Open Source Speaker Series
• Google Tech Talks
• What Every Engineer Needs to Know About Security and Where to Learn It
• Reverse engineering techniques to find security bugs: A case study of the ANI Vulnerability
• Crime: The Real Internet Security Problem
• Security is Broken
• How the FreeBSD Project Works
• Introduction To Digital Identity
• Searching For Evil
• Towards HardLANs: Building intrusion detection to 1 Gbps and beyond
• Reducing the Risk of Shallow Information Analysis
• How To Break Web Software - A look at security vulnerabilities in web-based software
• Internet Scale Identity, Collaboration, and Higher Education
• Anomaly-Based Unsupervised Intrusion Detection
• SOX Television

covering “every aspect of the Sarbanes-Oxley Act and the related areas of governance, risk and compliance.”

• Risk Television

is “devoted exclusively to risk management research.”

Hacking Simulations and Challenges

These sites provide nice demonstrations on hacking techniques. Plus, the sites are just plain fun.

• NTO Hackme Test Site (part of the Mighty Seek Podcast - Hands On Series)
• Hack-Test
• Ed Skoudis’ CounterHack
• Test Your Anti-Phishing Knowledge with Anti-Phishing Phil