Monday, February 21, 2011
Speaking & writing schedule
I am sorry for not doing any blog posts about my password research for a long time. I'll try to do something about that in the near future. I'm running my cpu's and gpu's at 100% most of the time, at least when I'm not doing analysis and charting and whatever... Anyway; here's a short update of what I've done and plan to do in the very near future.
I've talked about mobile security issues at one of my employers events here in Bergen. I spoke about GSM security at the DND "hackers Pub" on January 31st, and then about (the lack of) security in social media in front of some 350+ people at First Tuesday Bergen on February 8th. In between there, at work, I've done .. 3? 1,5 hour sessions on CISSP preparations for colleagues in and Ukraine (Hooray to video conferencing systems!).
On Tuesday 15th I had the pleasure of attending the opening of the biometrics lab at Gjøvik university college, as well as being part of a panel discussion on biometric authentication. A big THANK YOU to Professor Christoph Busch for asking me to participate (and play the role of the Devil's advocate). Not exactly "Minority report" biometrics, but very interesting to hear that most ATMs in Japan have been equipped with biometric vein authenticaiton for some 5 years now. German banks are considering the technology, while it haven't even been discussed between Norwegian banks so far. Got to get hold of one of those vein scanners to play with.... Also check out PhD student Mohammad Derawi, his work which includes a prototype app for Android that will recognize and authenticate you based on your movement/walking pattern. Cool idea, cool guy! :-)
On March 3 I will be speaking at the University of Stavanger, trying to provoke them a little on openness of a university vs the need for information protection. My title: "Does the University have something to hide?". Hint; they are situated right in the middle of our major Oil & Gas industry.
ISACA Norway Chapter is hosting this years Scandinavian conference on April 4-5. I will be speaking about security issues specifically related to organisational "Codes of Conduct" and their applicability to members of the board. This is an area I've been looking into for the last 2+ years, a long with a nice group of good friends here in Bergen. Yes, our very own little "Think Tank". Truly incredible what a diverse group of security people can come up with over dinner and a few beers. :-) Personally I'm looking forward to hear the CSO of eBay, as well as many others on the current agenda.
I would also like to give a pointer to my colleague Gleb Paharenko (Infopulse, Ukraine). He passed his CISSP exam in Moscow in December, currently waiting for endorsement approval. He's part of the Ukraine Information Security Group, organizing events to improve knowledge in this important area. I will probably bring along more links to work they're doing there in the future.
By far the coolest thing so far this year for me personally: participating and speaking at the NISNET winter school at Finse, May 22-27. Yes, NISNET provided the funding for the Passwords^10 conference, and will probably do so for yet another conference on passwords only. Joan Daemen on hash functions (he's 50% of Rijndael, maybe better known now as AES), Ed Dawson on access control, Peter Ryan on electronic voting, Patrick Bours on authentication, Katrine Franke on digital forensics and Chunming Rong on cloud computing security. And me. on passwords. For 3-4 hours. *shivers* That is NOT an audience made up of idiots, on the contrary. Can't sleep, can't eat, can't breathe... Got to prepare for this with all I've got.
Well, that was the self bragging blog post of today. Something more useful will probably appear soon. :-) Good night from Bergen, Norway.
Posted by securitynirvana