PORTLAND, Ore.--(BUSINESS WIRE)--Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced that Ken Westin and Craig Young, security researchers at Tripwire, will each be presenting at BSides San Francisco (BSidesSF) 2014, taking place February 23-24, 2014, at the DNA Lounge in San Francisco, California.
Westin has spent the past year analyzing security vulnerabilities in Telmex’s Prodigy email system, a free online Internet access service with more than 90 percent market share in Mexico. In this presentation he will discuss a vulnerability that allowed anyone to access Telmex email accounts – many of which were indexed by Google. Despite alerting a local Mexican newspaper, his discovery was not widely publicized in Mexico but did reach online audiences. Join Westin as he discusses the details of the vulnerability, how he discovered it and why the finding was not made available to Mexican consumers.
Details of Westin’s Presentation:
Session Title: “Telmex Email Security Hole - My Email Was Indexed
by Google!”
When: February 23, 2014, 11:00 a.m. - 12:00 p.m.
Where: BSides
SF 2014, DNA Lounge, 375 Eleventh Street, San Francisco, CA.
In 2013, Young’s security research resulted in the assignment of four to six Common Vulnerabilities and Exposures (CVE) each month. Young’s research included web vulnerabilities, such as command-injection and SQLi, and he also discovered multiple application vulnerabilities, including memory corruption and logic errors. Join him as he discusses the tips and tricks that participants can use to locate unknown vulnerabilities without the use of commercial analysis tools. Young will also discuss his experiences working with vendors and developers to harden their products.
Details of Young’s Presentation:
Session Title: “A Day in the Life (Of a Security Researcher)”
When:
February 23, 2014, 2:00 p.m. - 3:00 p.m.
Where: BSides
SF 2014, DNA Lounge, 375 Eleventh Street, San Francisco, CA.
About Security BSides
Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
About Tripwire, Inc.
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.
