Sidejacking Web Applications in WiFi Network - A Live Demo

Overview of Firesheep, web sessions hijacking and unsecured wireless connections compromising by Dana Epp, Scorpion Software. Live demonstration of MITM and sidejacking web applications.

DATE: December 10, 2010 (Friday)

TIME: 2:00 pm - 4:00 pm

VENUE: Sierra Systems, 1177 West Hastings Street, Suite 2500, Vancouver, BC V6E 2K3

TOPIC: Sidejacking Web Applications in WiFi Network - A Live Demo

ABSTRACT: Firesheep was just the tip of the iceberg. That's a childish toy that only scratches the surface on the insecurities of wireless connections and exposes poorly written applications to interesting attacks. Join "Microsoft Enterprise Security MVP" Dana Epp as he conducts a live demonstration of a deeper, more targeted man in the middle (MITM) attack and then further compromise a user's session through sidejacking on some of the more popular web applications on the Internet. Learn just how insecure wireless connections can really be and listen as Dana talks about how to compromise wireless connections that have security enabled. In the end, attendees will have a good understanding of how MITM attacks work, and how wireless connections only help to make it easier

PRESENTER: Dana Epp, Scorpion Software.
Dana Epp, Scorpion Software's founder and CEO, researches software security and sets the corporate vision in the convergence of information security principles and practices with digital information asset protection. As a computer security software architect, Dana has spent the last 15 years focusing on software development with a particular emphasis on security engineering. His latest research has been on risk-based authentication, focusing on strong two-factor authentication for small business.
Dana has been twice awarded the Community Spirit Award for Business in recognition of his ongoing initiatives in promoting high technology industries in his community, and won the 2001 Chamber of Commerce "Young Entrepreneur of the Year" award. For the past five years Mr. Epp has been honored with the award and distinction of "Microsoft Enterprise Security MVP" for his work and expertise in Windows security. Mr. Epp is the author of "Computer Security Concepts: Managing Business Threats in a Wired World", a book written to explain at an executive level how to handle the threats of online risk as companies move to the new digital economy, and is the author of the popular security blog "Dana Epp's Rambling at the Sanctuary". A past instructor at BCIT and UFV, he enjoys teaching hungry minds on all aspects of secure software development and the principles and practices of information security.

COST: Free

AGENDA

2:05pm - 3:15pm: Overview of Firesheep, web sessions hijacking and unsecured wireless connections compromising. Live demonstration of MITM and sidejacking web applications

3:15pm - 3:20pm: Bio-Break

3:20pm - 4:00pm: Continue

NB: The CIPS Vancouver Security Special Interest Group (Security SIG) is a group of information system security professionals dedicated to promoting awareness of issues and to furthering professional development in information systems. We are all volunteers and there's no membership fee and no cost to attend the meeting.

Information discussed at CIPS Vancouver Security SIG meetings is confidential and is shared for the purpose of education and professional development. Please make sure you sign the Attendance / Confidentiality Agreement sheet for our records and to claim your professional development credit hours.

As a courtesy, please be punctual for the meeting, and please turn your cell phone to vibrate during the meeting.