seminar: Inside Theft of Intellectual Property in Organizations
 |
Monday, May 11, 2009 |
 |
Inside Theft of Intellectual Property in Organizations: A Preliminary Model |
 |
Andrew Moore, CERT |
 |
12:00pm |
Talk Abstract
This talk will introduce a class of vulnerabilities which focuses on attacking the bridge between HTTP and HTTPS. Specifically, this talk will detail some new tools and techniques that allow attackers to silently strip SSL from traffic intended for HTTPS in common web applications such as online banking and webmail logins. In practice, these tricks prove deadly for allowing attackers to silently alter, inject, and log traffic that should otherwise be secure. Real-world field testing data will be provided.
Speaker Bio
Andrew P. Moore is a senior member of the CERT technical staff. Moore explores ways to improve the security, survivability, and 
resiliency of enterprise systems through insider threat and defense modeling, incident processing and analysis, and architecture engineering and analysis. Before joining the SEI in 2000, he worked for the Naval Research Laboratory (NRL) investigating high-assurance system development methods for the Navy. He has over twenty years’ experience developing and applying mission-critical system analysis methods and tools, leading to the transfer of critical technology to both industry and the military. Moore received his BA in Mathematics from the College of Wooster and MA in Computer Science from Duke University.
While at the NRL, Moore served as member of the U.S. Defense Science and Technology review (Information Technology TARA) panel on Information Assurance; the International Technical Cooperation Program, Joint Systems and Analysis Group on Safety-Critical Systems, (TTCP JSA-AG-4); and the Assurance Working Group of DARPA’s Information Assurance Program. He has served as principal investigator on numerous projects sponsored by NSA and DARPA. He has also served on numerous computer assurance and security conference program committees and working groups. Moore has published two book chapters and a wide variety of technical journal and conference papers. His research interests include computer and network attack modeling and analysis, IT management control analysis, survivable systems engineering, formal assurance techniques, and security risk management.