23 April 1998

Date: Wed, 22 Apr 1998 20:26:33 -0500
To: cypherpunks@toad.com
From: Bruce Schneier <schneier@counterpane.com>
Subject: Network Security Solutions Conference Announcement

         Network Security Solutions Conference Announcement

                July 29th and 30th, Las Vegas Nevada

******************  Call For Papers Announcement ***************************

Network Security Solutions is now accepting papers for its 1998
event. Papers and requests to speak will be received and reviewed from
March 24th until June 1st.  Please submit an outline on a self selected
topic covering either the problems or solutions surrounding network

security.  Topics of interest include Intrusion Detection Systems (IDS),
distributed languages, network design, authentication systems, perimeter
protection, and more.  Talks will be an hour with a half hour for Q&A.
There will be LCD projectors, overhead, and slide projectors.

Updated announcements will be posted to newsgroups, security mailing lists,
email, or visit the website at http://www.blackhat.com/

Current speakers include:

Marcus Ranum, Network Flight Recorder CEO.
Bruce Schneier, Counterpane Systems CEO.
Ira Winkler, president of the Information Security Advisory Group.
Theo DeRaadt, OpenBSD Lead Developer.
Tom Ptacek, Secure Networks Inc.
Scott Waddell, Cisco-Wheelgroup corporation.
Dominique Brezinski, Network Security Professional at Secure Computing Corp.
Peter Shipley, Independent Security consultant.
Richard Thieme, Thiemeworks, Inc.
Winn Schwartau, Interpact Inc.
Dr. Mudge, L0pht Heavy Industries administrator.
Ray Kaplan, Meet the Enemy panel discussion, Q&A.
Jennifer Granick, Attorney at law.


It's late. You're in the office alone, catching up on database
administration.  Behind you, your network servers hum along quietly,
reliably.  Life is good.  No one can get to your data or disrupt your WAN.
The network is secure.  Or is it?

The Network Security Solutions conference has been organized to put an end
to concerns like these.  While many conferences focus on information and
network security, only Network Security Solutions will put your engineers
and software programmers face-to-face with today's cutting edge computer
security experts and "underground" security specialists.

Only the Network Security Solutions conference will provide your people
with the tools and understanding they need to thwart those lurking in the
shadows of your firewall.

The reality is, they are out there.  The choice is yours.  You can live in
fear of them.  Or, you can learn from them.

                          Conference Overview

The Network Security Solutions Summer '98 conference (Formerly known as The
Black Hat Briefings) was created to fill the need of computer professionals
to better understand the security risks to their computer and information
infrastructures by potential threats.  To do this we assemble a group of
vendor-neutral security professionals in the same room and let them talk
candidly about the problems businesses face, and the solutions they see to
those problems.  No gimmicks, just straight talk by people who make it
their business to explore the ever changing security space.

Spanning two days with two separate tracks, Network Security Solutions will
focus on the vital security issues facing organizations with large
Enterprise networks and mixed network operating systems.  Topics will
include Intrusion Detection Systems (IDS), denial of service attacks and
responses, secure programming techniques and tool selection for creating
and effectively monitoring secure networks.

NSS's intense sessions will bring to light the security and
misconfiguration problems confronting organizations and network
administrators, most of which go unnoticed by today's preoccupied system
admins where security gets put off in lieu of constant network growth and
upgrades.  Our experts will discuss the strategies involved in correcting
existing problems and any problems on the horizon.

Current Intrusion Detection Systems and strategies will be covered so that
attendees may learn how to stop these problems before they occur.  CIO's
are welcome, but they should bring the people implementing their network
strategies and building their applications, because this conference is
for them.


There will be 18-20 speakers covering two tracks speaking over two days.
Speeches will be more technically oriented and last 1 1/2 hours each.  The
goal of the talks are to inform the audience with quality current state
system vulnerabilities and fixes.  Because of our unique speakers NSS will
offer the audience a deep insight into the real security issues facing your
network with no vendor pitches.

                            Wednesday, July 29th

08:30 - 09:00   Breakfast

09:00 - 09:45   Keynote Address: Marcus Ranum - How to REALLY secure the

10:00 - 11:30   Track A  Richard Thieme - Convergence -- Every Man (and
                         Woman) a Spy. 

                Track B  Dominique Brezinski - Penetrating NT Networks
                         Through Information Leaks and Policy Weaknesses.

11:40 - 13:10   Track A  Ira Winkler - Information Security: Beyond the

                Track B  Theo DeRaadt - A discussion of secure coding
                         issues, problems with maintaining OS source trees,
                         and secure program design philosophies.

13:20 - 14:20   Lunch

14:25 - 15:20   Ray Kaplan: Meet the Enemy Session.

15:30 - 17:00   Track A  [Empty]

                Track B  Scott Waddell - 

                            Thursday, July 10th

09:00 - 09:45   Keynote Address: Bruce Schneier - Mistakes and Blunders:
                                 A Hacker Looks at Cryptography.

10:00 - 11:30   Track A	[Empty]

                Track B  Dr. Mudge - Real world VPN implementation

11:40 - 13:10   Track A  Jennifer Granick - 

                Track B  Peter Shipley - An overview of a 2 year effort
                         in massive multi-modem wardialing.

13:20 - 14:20   Lunch 

14:25 - 15:20   Panel 1  The benefits and problems of commercial security
                         software.  This panel of 5 people and moderator
                         will explore what products work, and what doesn't
                         in specific applications. Q&A.

                Panel 2  The Merits of Intrusion Testing - What is the
                         benefit of having people break into your network.
                         A panel 5 people.

15:30 - 17:00   Track A  Winn Schwartau - 

                Track B  Tom Ptacek - Problems with Intrusion Detection

                     Speaker Topics and Biographies

- - MARCUS RANUM, President and CEO of Network Flight Recorder, Inc.
How to REALLY secure the Internet. Is it possible to really secure the
Internet? With current technology and methods, the answer would appear
to be a resounding "no." We've tried security through stepwise refinement
and security through consensus - the best remaining solutions are
totalitarian and draconian.  Marcus will present an outline for how the
Internet could be secured through some simple, cost effective methods.
He'll also explain why it won't happen.

Marcus Ranum is CEO of Network Flight Recorder, Inc., and has been
specializing in Internet security since he built the first commercial
firewall product in 1989. He has acted as chief architect and implementor
of several other notable security systems including the TIS firewall
toolkit, TIS Gauntlet firewall, whitehouse.gov, and the Network Flight
Recorder. Marcus frequently lectures on Internet security issues, and
is co-author of the "Web Site Security Sourcebook" with Avi Rubin and
Dan Geer, published by John Wiley and Sons. 
- - BRUCE SCHNEIER, President of Counterpane Systems and author of Applied
Cryptography.  Mistakes and Blunders: A Hacker Looks at Cryptography.
- From encryption to digital signatures to electronic commerce to secure
voting--cryptography has become the enabling technology that allows us
to take existing business and social constructs and move them to computer
networks.  But a lot of cryptography is bad, and the problem with bad
cryptography is that it looks just like good cryptography; most people
cannot tell the difference.  Security is a chain: only as strong as the
weakest link.  In this talk I'll examine some of the common mistakes
companies make implementing cryptography, and give tips on how to avoid

Bruce Schneier is President of Counterpane Systems, the author of
Applied Cryptography, and the inventor the Blowfish algorithm.  He
serves on the board of the International Association for Cryptologic
Research and the Electronic Privacy Information Center.  He is a
contributing editor to Dr. Dobb's Journal, and a frequent writer and
lecturer on cryptography.
- - THEO DERAADT, Lead developer of OpenBSD. 
A discussion of secure coding issues, problems with maintaining OS
source trees, and secure program design philosophies.  Regular systems
software has many security problems.  A number of approaches at auditing
and repairing these problems have been developed as a result of the
OpenBSD project.

Theo de Raadt heads the OpenBSD project.  This 4.4BSD derived operating
system project has increasingly placed its focus on discovery and
repair of security issues.  Due to a 2 year auditing process by a
10-member team, OpenBSD is probably the most secure operating system
in common use today.  For more information, see

- - IRA WINKLER, President of the Information Security Advisory Group. 
Information Security: Beyond the Hype If you read the headlines today,
you would think that no matter what people are doing to secure themselves,
they will never be secure.  The reason this idea comes across is
that the media focuses on the threats and stories about unstoppable
geniuses that can compromise even the Pentagon. The truth is that you
can protect yourself from even the most diabolical genius.  This
presentation discusses Information Security from a Risk based perspective.
The threats to your systems are discussed, but more important the
vulnerabilities that actually allow the threats to compromise your
systems are discussed.  Using that information, you can then choose the
countermeasures you need to protect yourself and your organization.  This
presentation will show you that while there is no such thing as perfect
security, you can protect yourself from almost all of the most serious
threats.  Probably what is most valuable to attendees is guidance on how
to spend limited funding in the most efficient manner. 

Ira Winkler, CISSP is considered one of the world’s leading experts on
Information Security, Information Warfare, investigating information
related crimes, and Industrial Espionage.  He is author of the book,
Corporate Espionage, and President of the Information Security Advisors
Group.  His clients include some of the largest companies and banks in
the world.  He is also a columnist for ZDTV with his column titled
SpyFiles.  He also functions as the network's security expert.  Previously,
Mr. Winkler was with the National Security Agency and was the Director of
Technology with the National Computer Security Association.  He has also
performed studies on Information Warfare for the Joint Chiefs of Staff. 

- - DOMINIQUE BREZINSKI, Network Security Professional at Secure Computing
Corporation. Penetrating NT Networks Through Information Leaks and Policy
Weaknesses.  The focus of this presentation will be a demonstration of how
Windows NT hosts can be queried for information and how the information
can be correlated to provide an attacker with a path of least resistance.
Even though many Windows NT networks have few remotely exploitable
technical vulnerabilities (buffer over-runs, flawed CGI scripts, address
based authentication etc.), most NT networks give away too much
information.  By analyzing the information it is easy to find policy
weaknesses that can be exploited to gain access to the NT hosts.  Custom
tools will be demonstrated on a small network. 

Dominique Brezinski is a Network Security Professional at Secure
Computing Corporation and has been concentrating on Windows NT and
TCP/IP network security issues for four years. Prior to working for
Secure Computing, Mr. Brezinski worked as a Research Engineer at
Internet Security Systems where he was responsible for finding new
vulnerabilities and security assessment techniques for Windows NT.  In
1996 Mr. Brezinski published a white paper entitled "A Weakness in
CIFS Authentication" which revealed a serious flaw in the
authentication protocol used in Windows NT (NT LM Security). It was
shown for the first time that an attacker could completely subvert
the network authentication in Windows NT to gain unauthorized access
to Windows NT servers. Mr. Brezinski has continued to demonstrate
advanced techniques for assessing the risks present in Windows NT

- - RICHARD THIEME, Thiemeworks, Inc.  Convergence -- Every Man (and Woman)
a Spy.  Arbitrary digital interfaces - television, PCs, PDAs - are
converging, but that's only part of the story. The roles people play
in work and life are converging too. Intelligence agents, knowledge
managers for global corporations, competitive business intelligence
agents, sysadmins, hackers,  journalists, and CIOs are becoming
indistinguishable. Why does that matter? Because the ability to
synthesize and integrate information, manage complexity and ambiguity,
morph continually into roles appropriate to a shifting work context, and
somehow remember who you are - that's what matters most. Our
presentations of ourselves are the powerful levers that move mountains
in the digital world. Richard Thieme discusses why and how to do it.

Richard Thieme is a business consultant, writer, and professional speaker
focused on the human dimension of technology and the workplace. His
creative use of the Internet to reach global markets has earned accolades
around the world.  "Thieme knows whereof he speaks," wrote the Honolulu
Advertiser. He is "a prominent American techno-philosopher" according to
LAN Magazine (Australia), "a keen observer of hacker attitudes and 
behaviors" according to Le Monde (Paris), "one of the most creative minds
of the digital generation" according to the editors of Digital Delirium,
and "an online pundit of hacker culture" according to the L A Times.

Thieme's articles are published around the world and translated into
German, Chinese, Japanese and Indonesian. His weekly column, "Islands
in the Clickstream," is published by the Business Times of Singapore,
Convergence (Toronto), and South Africa Computer Magazine as well as
distributed to subscribers in 52 countries.

Recent clients include:  Arthur Andersen; Strong Capital Management;
System Planning Corporation; UOP; Wisconsin Power and Light; Firstar
Bank; Northwestern Mutual Life Insurance Co.; W. H. Brady Company;
Allstate Insurance; Intelligent Marketing; and the FBI.

- - RAY KAPLAN. Generally, "hackers" are regarded as criminals by the
"legitimate community."  Who are these "hackers" that seem to keep
whacking on our systems and networks? Are they merely scumbag reprobates
that should be purged from the society?  Is there anything to learn from
them?  This session is intended to introduce the two sides of the security
equation to one another in a forum which fosters open, detailed, honest
communication.  Bring your questions.

Who are the enemies of computer and network security?  What techniques do
they employ against us?  Are those that attack our  systems all just a
bunch of slime balls that are devoid of morals,  ethics, and common sense?
While in the minority of reported  computer crime statistics, the skilled
outsider still represents a  significant threat.  

This session explores who they are, their attitudes, their techniques, their
successes and their failures from the perspective of what we have to learn
from them to better protect your systems and networks.  This classic session
allows you to interact directly with members of the computer underground.
Join us for some stimulating conversation with those who computer security
professionals consider to be their enemies.  

Mr. Kaplan has been actively involved with system and network security as
a consultant for over half of his more than 20 years in the industry.
There is no question that he hacks.  However, he is not a criminal.  His
clients have included the world's largest financial institution, smallest
commodities broker and a wide variety of organizations, including
multinational and Fortune 100 companies from all segments of the economy,
and public institutions all over the world.  

Mr. Kaplan is a very prolific lecturer, instructor and writer.  He
consults, lectures and teaches technical system and network-related topics
all over the world.  His articles are frequently published in major computer
journals and magazines.  In over ten years of public speaking and
audio/video conference production, he has given over 2,000 technical,
tutorial-style presentations and lectures in forums such as professional
societies, seminars and his consulting.  As a frustrated inventor, he is
forever trying to rid the  world of inefficiency, frustration and waste by
pursuing new paradigms in the delivery of training, education and technical

- - PETER SHIPLEY - An overview of a 2 year effort in massive multi-modem
wardialing.  Security problems occur when obvious security problems are
overlooked.  One commonly overlooked problem is alternative access methods
to a corporate Intranet from an external machine. Many if not most
companies are overlooking their secondary vulnerabilities surrounding
alternate methods of  network access.

Mr. Shipley will present research covering an overview of a 2 year effort
in massive multi-modem wardialing.  His findings will include some personal
observations and the results obtained from scanning the San Francisco Bay
area.  When Mr. Shipley started this project he noted that there were no
published research references to wardialing or documented statistical
results of the types of equipment and computer networks commonly found
on the POTS (Plain old telephone system) network.  Mr. Shipley decided to
change that through his research.

Mr. Shipley Is an independent consultant in the San Francisco Bay Area with
nearly thirteen years experience in the Computer Security field.

Mr. Shipley is one of the few individuals who is well known and respected
in the professional world as well as the underground and hacker community.
He has extensive experience in system and network security as well as
programming and project design. Past and current clients include TRW, DHL,
Claris, USPS, Wells Fargo, and KPMG.  In the past Mr. Shipley has designed
Intranet banking applications for Wells Fargo, Firewall design and testing
for and, WWW server configuration and design for DHL.  Mr. Shipley's
specialties are third party penetration testing and firewall review,
computer risk assessment, and security training.  Mr. Shipley also performs
post intrusion analysis as well as expert witness testimony.   Mr. Shipley
is currently concentrating his efforts on completing several research

- - Thomas Ptacek, Network Security Professional at Secure Networks, Inc.
Defeating Network Intrusion Detection.

Network intrusion detection (ID), a technology that attempts to identify
attackers by monitoring network traffic, is fast becoming one of the hottest
products in the security market. Beneath the hype, however, lie some serious
concerns about the reliability of currently available ID systems, as well as
the fundamental techniques they use to collect information.  This talk will
explain why the most popular ID systems on the market can't be trusted,
demonstrate how to avoid detection by them, and, in the process, eliminate
some very widespread misunderstandings about the capabilities of sniffers
and intrusion detection systems. 

Thomas Ptacek is a developer at Secure Networks, Inc. His work focuses on
vulnerability assessment, which involves researching and testing network
systems for exploitable design and implementation flaws. In the course of
this work, his team has discovered some of the Internet's most serious
security problems, including vulnerabilities in Windows NT, Checkpoint
Firewall-1, and Solaris, as well as core Internet software such as the
BIND, INN, and Apache.
- - DR. MUDGE, Administrator of the Boston L0pht Heavy Industries.
Real world VPN implementation security issues.

As one of the prominent members of the hacker group 'The L0pht', mudge has
been responsible for numerous advisories and tools in use in both the black
hat and white hat communities. L0phtcrack, the Windows NT password
decryptor - monkey, the S/Key password cracker, Solaris getopt() root
vulnerability, sendmail 8.7.5 root vulnerability, Kerberos 4 cracker,
and SecurID vulnerabilities are some of the recent offerings that mudge
has contributed to the security community. Mudge recently finished
cryptanalysis work with some of the top US cryptographers - papers
will be published within the next several months. The BBC, Wired
Magazine, Byte Magazine, and the Washington Post have all recently covered
mudge and the L0pht's ongoing projects.

- - SCOTT WADDELL, Cisco-Wheelgroup corporation.
                           Fees and Registration

Registration fees before July 10th are $995, after the 10th are $1195 US.

To register please use the online registration page at


Current payment methods include American Express, Master Card, Visa, and
company checks and money orders.  You will receive a confirmation letter
in the mail informing you of a successful registration.

                             Hotel Information

Network Security Solutions '98 will take place July 29th and 30th at the
Plaza Hotel & Casino in Las Vegas, Nevada. To take advantage of conference
rates, reservations must be made prior to June 9. When making arrangements,
please reference Network Security Solutions.

The Plaza Hotel and Casino, 
Number One Main Street
Las Vegas, NV
Phone: 1-800-634-6575 

              Network Security Solutions Summer '98 Sponsors

Aventail Corporation


Aventail (tm) Corporation is the pioneer of policy-based Virtual Private
Network (VPN) software solutions.  Its award winning product, Aventail VPN
(tm) , enables corporations to privately communicate, share applications,
and securely exchange business-critical information over the Internet with
their business partners, customers, suppliers, and remote/mobile employees.
Aventail’s adherence to open security standards simplifies VPN deployment,
enables interoperability, and leverages corporations’ existing network

Network Flight Recorder


Network Flight Recorder builds traffic analysis and monitoring tools that
help you see how your network is being used.  Nobody's network is
shrinking or getting less complicated - and networking is becoming the
lifeblood of many modern businesses.  In other words, your job is getting
harder and more important.  Network Flight Recorder's monitoring package
gives you a flexible, user-programmable system that lets you: Recover or
monitor online transaction records, keep historical statistics about how
your network grows, generate detailed breakdowns of how your network
services are being used and by whom, watch for patterns of abuse of
network resources and identify the culprit in real-time, set burglar
alarms that alert you to security violations or unexpected changes in
your network, log and monitor who went where on your network, and
replay attackers' sessions and learn what they did.

Knowledge is power, and knowing what's going on within your network is
the key to keeping it operating smoothly. Like our namesake, the aircraft
flight recorder, our system records the information you want about what
happened when, where, and how. If you need to go back and look at a
reliable record of events, your Network Flight Recorder is the first
place to check. 

We are dedicated to providing the best possible tools for understanding
your network traffic, so you can maintain it and secure it. 

Counterpane Systems


Counterpane Systems is a cryptography and computer security consulting
firm. We are a virtual company based in Minneapolis, with three full-time
employees and six part-time contractors.  Counterpane provides expert
consulting on Design and Analysis.  This is the majority of
Counterpane's work: making and breaking commercial cryptographic systems
and system designs.  We can analyze all aspects of a security system,
from the threat model to the cryptographic algorithms, and from the
protocols to the implementation and procedures.  Our detailed reports
provide clients with information on security problems as well as
suggested fixes.
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN  55419       Fax: 612-823-1590