July 20–24, 2015
Portland, OR

Protect conference sessions

Identity, privacy, and security are emerging and nuanced facets in the digital age and an exciting cross-functional track at OSCON 2015 in Amsterdam.

9:00am–12:30pm Tuesday, 07/21/2015
SOLD OUT
E145/146
Jarret Raim (Rackspace), Andrew Hartnett (Rackspace)
Attendees will learn general best practices for cryptography and key management, be able to generate, store, and verify passwords, protect data at rest with encryption, protect data from modification with signing and verification techniques, and generate, store, and use keys securely. Read more.
1:30pm–5:00pm Tuesday, 07/21/2015
Portland 251
Eli White (php[architect])
This session will expose you to a broad range of web security vulnerabilities and their solutions. We'll cover the basics such as XSS, CSRF, SQL Injection, and clickjacking. We will also go into depth on issues of session management, password security, two-factor authentication, and much much more! Read more.
10:40am–11:20am Wednesday, 07/22/2015
E146
Constanza Heath (Intel)
2014 was a hard year for open source software when it comes to security vulnerabilities. There were great amounts of attention focused on Heartbleed, ShellShock, BERserk, etc. Was that attention well founded? This presentation intends to find out. Read more.
11:30am–12:10pm Wednesday, 07/22/2015
Portland 255
Federico Lucifredi (Red Hat)
This is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a covert Raspberry Pi-class computer under your complete control -- running Linux. There will be a discussion of similar attacks against ARM processors embedded in current HDD drive controllers. Read more.
1:40pm–2:20pm Wednesday, 07/22/2015
Portland 251
Jonathan LeBlanc (PayPal / Braintree)
We are now in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices as they’re roaming around unsecured locations, especially when we want to pay for something. Read more.
2:30pm–3:10pm Wednesday, 07/22/2015
D139/140
Josh Deprez (Google Australia)
What can be learned about a person's internet habits if every packet in and out was logged by a transparent man-in-the-middle? Here's what I discovered from a few months of self-experimentation. Read more.
4:10pm–4:50pm Wednesday, 07/22/2015
Portland 256
Beth Tucker Long (Treeline Design)
Investigate a hacked WordPress website, and learn what the hacker has left behind, which tools will help find the vulnerability and point of entrance, how to seal up the most common problem areas, and how to set up notifications to help you spot a hack more quickly in the future. Even though we will be going through a WordPress website, most of the tools discussed are applicable to any website. Read more.
5:00pm–5:40pm Wednesday, 07/22/2015
Portland 255
John Feminella (Pivotal)
There's a war on open standards and software brewing, and it's happening in a surprising location: under the hood of your car. In this talk, we discuss the storied history of OBD, a suite of related diagnostic protocols that's used by virtually every car sold in the US, EU, and China -- and how your ability to own and examine your vehicle's data might be threatened if some people have their way. Read more.
10:40am–11:20am Thursday, 07/23/2015
D135/136
Jeremy Stanley (OpenStack Foundation)
The vulnerability management team for the OpenStack project handles hundreds of incoming reports of potential security vulnerabilities, and publishes dozens of advisories every year. Find out how we reconcile vulnerability reporting with our public design and open community development ideals, and learn about the free tooling and published processes we employ to make it easier. Read more.
11:30am–12:10pm Thursday, 07/23/2015
E145
Nova Patch (Shutterstock)
Our personal identity is core to how we perceive ourselves and wish to be seen. All too often, however, applications, databases, and user interfaces are not designed to fully support the worldwide diversity of our most basic personal information like names and genders. This session will demonstrate ways to build applications that respect users’ identities instead of limiting them. Read more.
1:40pm–2:20pm Thursday, 07/23/2015
E145
Tags: Featured
Laura Bell (SafeStack Limited)
Are we responsible for what code is used for once released? Security tools are a fascinating grey area. In order to protect our organisations, systems, and people, we must attack them in controlled ways and measure the results. The line between beneficial defensive tools and weapon of choice is unclear. So how do you safely open source a security tool like this? Let me share my story. Read more.
2:30pm–3:10pm Thursday, 07/23/2015
E147/148
Manfred Moser (simpligility technologies inc.)
Results of a five-year study on open source development and security practices form the basis for introducing supply chain management to your development practice. We rely on the usage of third-party components, and take on the responsibility for them and their licensing terms or security vulnerabilities. New tools for managing these components in your software development efforts are demoed. Read more.
4:10pm–4:50pm Thursday, 07/23/2015
D139/140
Alan Robertson (Assimilation Systems Limited)
The cybersecurity community has difficulty working together around breaches, out of legal and public relations concerns, but can share best practices. The open source Assimilation Project compares system configurations against best practices in near-real-time. This talk outlines our efforts to include more security experts in our community, and translate the results into open source code. Read more.
5:00pm–5:40pm Thursday, 07/23/2015
E147/148
Randi Harper (Literally Blue, LLC)
This talk aims to discuss the current state of online harassment, and the way that the open source community can create new tools to mitigate abuse until policy and law enforcement catch up. Read more.
10:00am–10:40am Friday, 07/24/2015
Portland 251
Bryan Smith (Tacit Labs Inc)
Botnets can take down virtually any site or service on the internet, including an entire country's internet backbone. Oftentimes your hear about a botnet's path of destruction, but you never hear about how they work. This talk will introduce you to the concepts behind botnets, and also show a live demonstration of a botnet on a sandboxed network. Read more.
11:10am–11:50am Friday, 07/24/2015
D139/140
Matthew Garrett (CoreOS)
As we become more and more reliant on our computers, attackers become more and more sophisticated. How can we build a computer that's resilient to some of the more subtle attacks such as firmware modification? Read more.