RSA Conference 2017 Highlights

Posted on March 20th, 2017 by Joshua Long

RSA Conference (RSAC) is an event focused on information security, comprised of keynotes, panel discussions, speaker sessions, trainings, and an expo floor filled with vendor booths. The annual RSA Conference (USA) took place from February 13–17, 2017 in San Francisco, California, at the Moscone Center and the nearby Marriott Marquis.

One of the common themes discussed this year was ransomware (a term which typically refers to malicious software that holds a user’s computer or files hostage, often encrypting documents so they cannot be opened, and demands a ransom be paid before returning access to the user—if they’re lucky). Ransomware was a focus due to the increasingly common occurrence of major ransomware attacks in 2016 and early 2017.

Other hot topics at RSAC 2017 included the lack of security of many “Internet of Things” (IoT) devices (more on that below), as well as how artificial intelligence (AI) and machine learning technologies could potentially benefit the information security space (and a pinch of concern about the potential dangers; who can forget the Terminator movie series and many other science fiction examples of AI going rogue and fighting against humanity?).

Over the past four weeks, RSAC has posted videos of keynotes, short “RSAC TV” interviews, and a handful of speaker sessions on the conference’s official YouTube channel.

Many of the speakers from the sessions I attended gave me permission to record the audio from their sessions. RSAC and individual speakers have also published slides from several sessions and keynotes.

Following is a brief selection of RSAC official videos and my authorized audio recordings that may be of particular interest to our readers. I’ve also included a brief synopsis and official descriptions of the sessions or keynotes, and links to download the slides if they’ve been made available.

Meet and Greet with the macOS Malware Class of 2016

Brief synopsis: Patrick Wardle gives an excellent overview of the Mac malware of 2016.

Official description: “Say hello to KeRanger, Eleanor, Keydnap and more! 2016 was a busy year for Mac malware authors who released a variety of new macOS malware creations. The talk will provide a technical overview of this malware, by discussing their infection vectors, persistence mechanisms and features. The talk will conclude by discussing various generic detections and best security practices to secure Macs.”

MP3 Audio (48 minutes; recorded with the speaker’s permission)
Slides; see also Patrick’s blog post that aligns with this talk
Related Intego article: The Year in Mac Security 2016

OSX Pirrit: Why You Should Care about Malicious Mac Adware

Brief synopsis: Amit Serper walks through an analysis of Pirrit, malicious Mac adware from last year.

Official description: “Adware isn’t taken seriously, especially threats targeting Macs. But OSX Pirrit, which can obtain root access and has components found in malware, shows that adware can become a huge security issue. Amit Serper will explain how OSX Pirrit works, why security professionals may want to rethink how commodity threats are handled and why Macs aren’t as secure as people think.”

MP3 Audio (53 minutes; recorded with the speaker’s permission)
Slides (PDF)

Lessons from a Billion Breached Records

Brief synopsis: Troy Hunt talks about some interesting things he has learned while operating his popular haveibeenpwned.com site.

Official description: “What motivates attackers to dump data publicly? How is it sold, traded and redistributed? These are questions the presenter dealt with while running the ethical data breach search service ‘Have I been pwned.’ This talk will share the lessons from working with more than a billion publicly dumped records and provide a unique inside look at security from a very real-world and very actionable perspective.”

Video (46 minutes)

Mirai and IoT Botnet Analysis

Brief synopsis: Robert Graham shares his personal experience with buying an Internet-connected security camera and allowing it to get infected by Mirai so he could analyze it.

Official description: “This presentation will examine the Mirai botnet, technical details on how it operates and the technical details about the cameras it infects. It will also discuss other IoT botnet issues, such as an ‘IoT threat model,’ and how such devices will be infected in the future.”

MP3 Audio (44 minutes; recorded with the speaker’s permission) — Note: the “Josh” to whom he refers toward the end is Josh Corman, not me.
Slides (PDF)

Reversing the Year: Let’s Hack IoT, Ransomware and Evasive Payloads

Brief synopsis: James Lyne shares some fun things about IoT devices’ terrible security, shows ransomware in action, and reveals a Dark Web site that takes you step by step through customizing and distributing ransomware.

Official description: “Join @jameslyne for a talk with few slides and more demos than are sensible or reasonable. We will hack IoT devices, deconstruct funny ransomware fails/wins, bypass security controls and more!”

Video (45 minutes)

Gamification Using “Science of Habit Cycle” to Transform User Behavior

Brief synopsis: Bikash Barai explains the psychology behind habits, explaining how one can train oneself to replace bad habits (for example, not paying close attention to URLs and getting phished) with good habits.

Official description: “Forty percent of our daily activities are automated routines or habits which are not under conscious control. Learn how to use gamification beyond awareness program in the context of the science of habits.”

Video (40 minutes)
Slides PDF, from 2016 version (note that the 2017 version’s slides are shown in the video)

IoT End of Days (Car Hacking… Without Any Hacking)

Brief synopsis: Charles Henderson talks about how he can still remotely control functionality of a car he owned years ago, and how the car manufacturer and dealer aren’t doing much about it.

Official description: “In the mad rush to sling electronics into the hands of consumers, developers and manufacturers are making it easier than ever to get enrolled into their IoT ecosystems. The time from sale to access is shorter than ever. The question is: Where do we go from there? This talk will analyze responsibly disclosed vulnerabilities in the next steps of identity management and access control in IoT.”

Video (35 minutes)
Slides (PDF)

Hello False Flags! The Art of Deception in Targeted Attack Attribution

Brief synopsis: Brian Bartholomew and Juan Andrés Guerrero-Saade explain the challenges of attempting to attribute an attack or malware to a particular country of origin or government sponsorship.

Official description: “False flags are planted by threat actors to derail attribution—do they succeed? This talk will present real-world examples from unpublished research to answer this question and more.”

Video (42 minutes)
Slides (PDF)

Lessons Learned from Responding to Disruptive Breaches

Brief synopsis: Charles Carmakal and Robert Wallace shared some things that IT administrators and small business owners can learn from recent destructive attacks regarding how to protect their systems.

Official description: “Learn how Mandiant has responded to incidents where attackers destroyed critical business systems, leaked confidential data, held companies for ransom and taunted executives.”

Video (45 minutes)
Slides (PDF)

The Cryptographers’ Panel

Brief synopsis: Panel discussion featuring Drs. Ron Rivest and Adi Shamir (the R and S of the RSA crypto graphic algorithm), Whitfield Diffie (co-inventor of public key cryptography), and Susan Landau (a professor with expertise in security, privacy, and policy).

Official description: “Join the founders and leaders of the field for an engaging discussion about the latest advances and revelations in cryptography, including research areas to watch in 2017 and new threats facing the field of cryptography.”

Video (38 minutes)

Regulating the Internet of Things

Brief synopsis: Keynote featuring noted cryptographer Bruce Schneier, wherein (among other things) he shares his perspective about government regulation of Internet security—which, he suggests, is becoming “everything security.”

Official description: “IoT security will change our industry, because failure will affect the world in a direct physical manner. Schneier discusses how.”

Video (47 minutes)

Seminar on Ransomware

Brief synopsis: This is a series of sessions on the topic of ransomware; see the agenda and list of presenters here.

Official description: “Explosive growth demands focused understanding, so we’ve developed this new seminar to give attendees a full day all about ransomware, and its multifaceted implications across technical, policy, compliance and financial response. Sessions will discuss innovative research, present case studies on response and recovery to ransomware, explore combatting ransomware and debate if—and when—you should pay the ransom.”

Notes (PDF)

Innovation Sandbox: Most Innovative Startup – Live Competition

Brief synopsis: Startup companies pitch new security-focused products and technologies (a live event, somewhat similar in nature to “Shark Tank”).

Videos (totaling about 34 minutes)

An Astrophysicist Reads the Newspaper: Dr. Neil deGrasse Tyson Explores Our World

Brief synopsis: Keynote featuring astrophysicist and TV personality Neil deGrasse Tyson, wherein he talks about… science (not security)—but it’s a very fun and entertaining keynote.

Official description: “As a passionate astrophysicist Dr. Tyson will forever change the way we look at the beauty and grandeur of the universe. The world looks different when you are scientifically literate. Explore with Dr. Tyson all that is funny, illuminating and alarming about what appears in the world’s current events as seen through the lens of an astrophysicist.”

Sadly, RSAC has not posted the whole keynote, but here are some clips:

Space Travel and the Elements (6 minutes) — Official description: “Neil DeGrasse Tyson dazzles RSAC attendees with space travel, element discovery, and reducing the cost of exploration: ‘Let the goal guide the ingenuity.'”
New Horizons and Pluto (1 minute) — Official description: “Discussing the findings of the new horizons mission, Neil DeGrasse Tyson shows breathtaking footage of Pluto—along with an image ‘you won’t be able to unsee.'”
’Murica’s Eclipse (1 minute) — Official description: “In a total solar eclipse, the moon completely covers the sun. See how rockstar astrophyiscist and director of the Hayden Planetarium, Neil DeGrasse Tyson explains ‘’Mmmmurica’s eclipse’ happening on August 21, 2017 in his presentation at RSAC.”

This is only a small sampling of the great content at RSAC. More videos are still being uploaded to the RSAC YouTube channel; check them out here.

Don’t forget to subscribe to The Mac Security Blog for the latest Mac and iOS tips and security news!

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →

Share