Another RSA Conference has ended, and as usual, there were a lot of great things at the event.
RSA Conference USA 2019 was held at the Moscone Center and the Marriott Marquis in San Francisco, California.
Although Apple doesn't exhibit or participate in trade show events in any official capacity, whenever I attend, I look for the Apple-relevant content, and often find some great hidden gems. In this article, I'll point out some of the keynotes that were of general interest to anyone interested in digital security and privacy, and then I'll cover a couple of Mac-focused things from the event.
The Cryptographers' Panel
Every year, a panel of notable cryptographers gathers on stage to cryptography topics du jour. Ron Rivest (the R in RSA) and several others were on the panel this year, but one of the usual panelists, Adi Shamir (the S in RSA), was unfortunately unable to attend because he was unable to obtain a visa.
RSAC's official YouTube channel has a video of the panel discussion (embedded above for your convenience). Here are a few notable sections of the discussion:
- (12:24 to 16:33) Australia's Telecommunications and Other Legislation Amendment (Assistance and Access) Act of 2018—which has some terribly chilling implications for local as well as global information security—is discussed
- we also discussed this topic on episode 67 of the Intego Mac Podcast).
- (16:44 to 20:00) The EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act of 2018 (which will take effect January 1, 2020) are discussed
- (24:03 to 28:21) Voting system security is discussed, including whether it's better to use paper ballots than try to secure digital voting systems
Bruce Schneier on The Role of Security Technologies in Public Policy
Bruce Schneier is something of an information security rockstar, so it's always interesting to hear him speak on a topic about which he is passionate. You can watch his session above; its description is as follows:
"Computer security is now a public policy issue. But while an understanding of the technology involved is fundamental to crafting good policy, there is little involvement of technologists in policy discussions. We need public-interest technologists: people from our fields helping craft policy. This is increasingly critical to both public safety and overall social organization. The defining policy question of the Internet age is this: How much of our lives should be governed by technology, and under what terms? We need to be involved in that discussion."
Schneier suggests that knowledgeable information security specialists should volunteer time to help shape public policy regarding security and privacy topics.
The Five Most Dangerous New Attack Techniques and How to Counter Them
Another panel discussion that I look forward to every year is the "most dangerous attacks" panel hosted by experts from the SANS Technology Institute. You can watch the video above.
- Ed Skoudis discussed the increase in "DNS mischief" and domain fronting
- Heather Mahalik discussed targeted, individualized attacks, including "someone in your cloud"
- Johannes Ullrich discussed more DNS attacks as well as CPU flaws and other hardware exploits
Kyla Guru, Tales of a Teenage Security Supergirl
One of the most impressive keynotes at the conference was that of Kyla Guru, a 16-year-old high school student who started her own cybersecurity education company.
Guru pointed out that our schools emphasize physical safety, but are generally doing a poor job of teaching digital and online safety and security. You can watch her thought-provoking keynote above.
New Mac software (for geeks only)
A few pieces of interesting Mac software were announced or released at the conference last week, but each is highly specialized and only of interest to the information security community.
- AutoMacTC, developed by CrowdStrike, is a Python-based framework for digital forensics on macOS
- Ghidra, developed by the NSA (yep, the U.S. National Security Agency), is a cross-platform (Java-based) reverse engineering tool that works on Macs, and is a free alternative to popular but typically expensive tools such as IDA Pro
- MonitorKit, developed by Digita Security, is a behavior-based malware detection framework that utilizes Apple's GameKit engine
How can I learn more?
RSA Conference typically releases additional videos in the weeks following the conference on the RSAC YouTube channel. (Also subscribe to Intego's YouTube channel for great videos on Apple security topics!)
Every week, Intego's experts discuss Apple security on the Intego Mac Podcast, so be sure to subscribe to make sure you don't miss the latest episode. You'll also want to subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.
Was there anything else of interest to Apple users at RSA Conference that we missed? Let us know in the comments below.