RSA in Retrospect from Afar

20 Apr 2018 - Around the Web

I didn’t make it to the RSA Conference this year, but, if you were paying any attention whatsoever to infosec twitter this week, then it was impossible to miss all of the news that came pouring out of the world’s largest security conference.

What follows is a round-up of some of the biggest stories to emerge out of the conference:

OUR SECURITY ADVOCATES

Sometimes cultural events intercede. In 2014, reacting to sweeping revelations about the scope and invasiveness of government surveillance and the security industry’s complicity in that surveillance, digital rights advocates from the Electronic Frontier Foundation (EFF) and elsewhere organized a counter-conference called TrustyCon. This year, upon the release of the RSA Keynote agenda, it was glaringly obvious that the conference lacked minority and, in particular, female voices. In reaction, a group of influential security practitioners organized a counter-conference dubbed “OURSA“—a play on “RSA” that was shorthand for Our Security Advocates.

The one-day, live-streamed conference was, by all outward appearances, a hit. Panel discussion included some of the brightest minds in security, including (but certainly not limited to) Google’s Adrien Porter Felt, the EFF’s Eva Galperin, Jessy Irwin of Tendermint, Jennifer Grannick of the ACLU, Windows Snyder of Fastly, and Jeanette Manfry of the National Protection and Programs Directorate, to name a handful of the speakers.

Luckily for everyone who missed the event, the live-stream has been immortalized on Youtube.

THE CYBERSECURITY DIVERSITY FOUNDATION

Similarly, the Cybersecurity Diversity Foundation held a reception celebrating diversity in cybersecurity and awarding a pair of scholarships along with Western Governors University to Daisy Fullmer and Benito Garcia, both master’s degree students in WGU’s Cybersecurity and Information Assurance program. The scholarship is worth two years of full tuition.

ANNOUNCING THE CYBERSECURITY TECH ACCORD

Microsoft President Brad Smith announced the formation of the Cybersecurity Tech Accord in his RSA keynote, describing the coalition of 34 security companies, including Microsoft, Facebook, and HPE, as a sort of digital Geneva Convention. Smith has been hammering-home this idea of a digital Geneva Convention for at least two years, speaking about the idea at length in his 2017 RSA keynote. Gaining steam in response to a pair of supposed nation-state-sponsored cyber attacks that caused significant collateral damage this year, the WannaCry and NotPetya ransomware outbreaks, Smith said that the group of companies will stand in opposition to all cyberattacks carried out by any country. It wasn’t all agreement on the Tech Accord, however, with RSA’s own president stepping out to say that the accord statement is too broad, and that offensive capabilities need to be better defined.

AVAST’S CCLEANER POST MORTEM 

In a year dominated by supply chain attacks, the breach of Piriform—and the attempted use of its Windows clean-up utility CCleaner as a trojan to infect the networks of some of the world’s most prominent tech firms—was one of the most important stories of the year. Avast, which would acquire Piriform a mere four months after the breach, has published a slew of great research since the incident, elucidating exactly how more than two million CCleaner users were served a malicious version of the software. The research it presented at RSA reveals that the attack platform deployed against Piriform, which is called “ShadowPad,” had been used in attacks in South Korea and Russia, both before and after the Piriform incident.

TRUSTJACKING IOS DEVICES

Symantec’s “iOS Trustjacking” research may have been the most talked-about technical topic at this year’s RSA. Researchers Adi Sharabani and Roy Iarchy revealed the details of an iOS vulnerability that could enable an attacker to gain persistent access to, and control over, iOS devices. The vulnerability, and the exploitation of it, rely on a feature called “iTunes Wi-Fi sync,” which enables iOS users to sync their iOS devices with their iTunes account without connecting physically to a computer. While the research is no-doubt interesting, attack applications are somewhat limited. An attacker would need a good amount of help from his victim in order to carry out a trustjacking attack. Most importantly, the victim would have to willingly trust a malicious computer—the Symantec researchers posit a scenario where the vicim plugs into a charging kiosk and follows a pair of prompts: one to trust the malicious computer and another to enable iTunes Wi-Fi sync. From there on, an attacker could only control the device so long as it’s on the same Wi-Fi network as the malicious computer.

IN CONCLUSION

With a conference as big as RSA, many great talks take place in the absence of media coverage, and, as such, this is an admittedly incomplete list. Ping us on Twitter to let us know about any good talks you attended that didn’t get their fair share of media coverage.

Transform Your Siloed Security Operations into a Holistic Security Operations Program

Get in Touch Group