BSides Canberra 2018 Panel

Saturday 2.30pm - 4.00pm




Welcome to the BSides Canberra 2018 panel discussion! Ask the panelists questions as we go. Make it interactive!

The past year has been busy for cyber security. But it's been a busy every year for at least the past 15! We do, however, live in a post-snowden world where James Bond style cyber attacks are in the arsenals of nation states. It's a rebirth of the cold war with cyber being the medium of the choice for countries looking to maintain, rebuild, or develop power and capability.

Switch over to the home user and their personal information may or may not be in the posession of criminals. There details may or may not be released in a database leak. Most users won't know either way. Their passwords are probably already in a database dump while they think they are watching youtube and reading secure email because no-one knows the name of their dog Benji and no-one will certainly be able to gain access via that secret security question.

The BSides Panel will look at the big topics. Well, at least we think they are big. Isn't exploit mitigation a big topic? Or mandatory data breach notification. Please god, can we go one year without discussing the shadowbrokers or Russia? Unfortunately, that year isn't this year.


What’s the story and who's to blame? Fact is certainly stranger than fiction. The NSA developed an exploit against Windows machines known as Eternal Blue. This exploit was stolen from the NSA and then released by the Shadow Brokers group believed to be Russian state sponsored actors. It’s claimed North Korea turned Eternal Blue into Ransomware which subsequently infected a high number of machines. To top it off, a kill switch was found by a researcher, who was then later arrested under the charges of writing malware. What’s the story we are missing? Who’s to blame? The NSA? The Russians? North Korea? End users? Microsoft?

Mandatory data breach notification

The laws have come into effect in Australia this year – How will it affect us?

Hardware and microarchitecture attacks

Spectre, meltdown, rowhammer. What else is out there? What are we going to find out about Intel ME?

Kaspersky a Russian plant?

What about Huawei? The supply chain? TAO group in the NSA? Is there anything we can do to trust our software and systems?

Is attacking and exploitation getting harder?

Are OS mitigations working? Is it easier to attack the hardware? Is newly developed code more secure? Are IOT devices going to take us back to zero? What about ipv6? Has offense moved entirely into web app testing?

Hosted By:

Silvio Cesare