IOActive

EVENTS
NEWS
MEDIA MENTIONS
PRESS RELEASES

CONTACT US	+
For more information about our services: SEND US AN EMAIL >> CALL TOLL FREE (866) 760-0222

REALITY

In 2006, more than 48 million personal records were exposed according to the Data Loss Archive and Database maintained by attrition.org.

Information published by Ponemon states that data breaches have increased by 31% this year and the average cost incurred to disclosing companies is 182 dollars per compromised record.

This equates to $8.7 billion dollars in financial losses for 2006.

EVENTS

APRIL 2008

IOActive hosted its RSA Con party at the hip, downtown San Francisco restaurant ROE on Tuesday, April 8. The event was very well attended and we had a great time. A big thank you to everyone who joined us!

Dan Kaminsky delivered his Black Ops of Web 2.0: DNS Rebinding Attacks at RSA Con.

At the root of web security is the same origin policy, which allows most resources to communicate with each other only if they come from the same host name. But one name can be mapped via DNS to many IP addresses, some local and others not. The effect? You come to my page, I VPN onto your LAN. And that's only the beginning.

Jason Larsen and Michael Hamilton, CISO for the City of Seattle, delivered Protecting the Last Mile: Information Security in Local Government at RSA Con.

In local government, information security and risk reduction controls compete with putting police on the streets and filling potholes. While there is increasing incentive for local government to create efficiencies by enabling critical technologies using Internet Protocol, this is typically carried out without the oversight applied in the private sector. The result is public safety, transportation, power, and water systems supported by unsecured technoogy.

MARCH 2008

IOActive attends Source Boston 2008, where Josh Pennel participated on the CEO panel.

Josh Pennell and Robert M. Zigweid spoke on the Web 2.0 panel for eBay's Red Team event. More information here >>

IOActive attends Black Hat Europe in Amsterdam as a Gold Sponsor.

FEBRUARY 2008

Josh Schmidt speaks on the Security Development Lifecycle at (ISC)² Risk Management in Orlando Florida.
Ted Ipsen speaks to the Washington Computer Incident Response Center at their general meeting on February 21; he will be discussing security integration with the Secure Development Lifecycle.
Jason Larsen and Walter Pearce deliver SCADA Defense: Protecting Critical Infrastructure training at BlackHat Federal.

JANUARY 2008

Jason Larsen contributes to two keynote panels: How real is the threat and how is it changing? and Penetration Testing: How the attackers get through your defenses at SANS Security 2008 in New Orleans.

NOVEMBER 2007

IOActive sponsors the OWASP and WASC AppSec 2007 Conference at eBay in San Jose, California

OCTOBER 2007

IOActive security consultant, Josh Schmidt, addressed the Pacific Claim Executives Association during their semi-annual meeting in San Diego on the topic of Wireless Insecurities.

SEPTEMBER 2007

IOCON
Click here to see a photo
IOActive's inaugural IOCON Speaker Symposium featured some of the security industry's brightest minds discussing Web design review, firewalls, and securing SCADA devices. The following presentations were delivered by IOActive security consultants:

Topic: Black Ops 2007: Design Reviewing the Web
Presenter: Dan Kaminsky
DNS rebinding is an old attack that has returned after a decade to break fundamental security assertions of the web. Dan demonstrated, without the use of any fixable vulnerability, how web browsers can be coopted to expose your internal network. < Download the PowerPoint presentation >

Topic: Firewalls Visualized
Presenter: Damon Cortesi
Firewall rulesets are difficult to locate and rarely understood. Unfortunately, these intangible lists are the basis for some of your most important network security devices and frequently grow organically with no understanding of their overall effect. Utilizing visualization, Damon showed how to effectively analyze, review, and ultimately gain a better grasp on your network security infrastructure. < Download the PowerPoint presentation >

Topic: Securing SCADA
Presenter: Jason Larsen
Critical infrastructure are under more threat than ever before, and historic cyber attacks were only theoretical, but SCADA hacking has now gone mainstream with presentations in open conferences. Jason described the technical aspects of hacking today's industrial control systems, who's currently attacking them, and what the near future will look like. < Download the PowerPoint presentation >

TOORCON
IOActive Sponsors ToorCon, a rapidly growing information security convention in San Diego, California. The convention's objective is raising public awareness of information security, and demonstrating/teaching methods that bring about an enhanced level of security. IOActive sponsored both ToorCon San Diego and ToorCon Seattle (Beta) in May 2007.

AUGUST 2007

TRAINING:
IOActive Gold Sponsor of BlackHat Vegas, Visit us at booth 19!

APRIL 2007

TRAINING:
Dinis Cruz of IOActive will be delivering Advanced Security
Training For ASP.NET Developers in London UK - April 10 - 11, 2007

TRAINING:
Dinis Cruz of IOActive will be delivering a Dojo on Advanced
Security Training For ASP.NET Developers in Vancouver Canada - April 16-17 2007

TRADESHOW:
INTEROP Las Vegas
May 22-24

MARCH 2007

TRADESHOW:
IOActive Gold Sponsor of BlackHat Europe, Visit us at our booth!

TRAINING:
IOActive delivering "Advanced Asp.Net Exploits and
Countermeasures" at BlackHat Europe - March 27 - 28, 2007

TRAINING:
Dinis Cruz of IOActive Delivering Advanced Security Training
For ASP.NET Developers in Ashorne Hill UK - March 20 - 21, 2007

SPEAKING:
Chris Paget speaking at ShmooCon March 23 - 25, 2007

FEBRUARY 2007

SPEAKING:
Chris Paget speaking BlackHat Federal on RFID Security

TRADESHOW:
IOActive at RSA Con 2007, Visit us at booth #2746!

TRADESHOW:
IOActive Gold Sponsor of BlackHat D.C, Visit us at our booth

JANUARY 2007

SPEAKING:
Josh Pennell and Ted Ipsen deliver a thought provoking presentation on the impact of RFID to the WSA. More Information on the presentation.

DECEMBER 2006

TRADESHOW:
IOActive Sustaining Sponsor of BlackHat December 2006

SPEAKING:
OWASP Seattle - Ward Spagenberg of IOActive on the topic
"Unraveling PCI".

SPEAKING:
Dan Kaminsky / Black Ops 2006 Viz Edition / Chaos Computer Club /

OCTOBER 2006

SPEAKING:
OWASP Seattle Chapter Meeting Dan Kaminsky Presents: "Black
Ops 2006: Pattern Recognition"

SPEAKING:
Microsoft BlueHat Security Briefings

SPEAKING:
Putting on the Blue Hat

SPEAKING:
Unraveling PCI Ward Spangenberg, Secure World Expo, IOActive
SPEAKING:
Josh Pennell // Secure World Expo // Tools & Techniques // For Securing The Wireless
Enterprise //
SPEAKING:
Josh Pennell // Secure World Expo // Getting To The Root of Security Evil:
Software Security Flaws /

SPEAKING:
Walter Pearce // The role of frameworks (e.g., .Net, Java,
Enterprise Library, Struts, JaCorb) in 'forcing' developers to create
and deploy 'secure' applications //

SEPTEMBER 2006

SPEAKING:
Ward Spangenberg - One Size Fits All - Unraveling PCI

AUGUST 2006

SPEAKING:
Chris Paget RFID Talk / Defcon /
SPEAKING:
Black ops by Dan Kaminsky / Defcon /

IOActive's famed R&D Director, Chris Paget will be delivering an eyes-wide-open presentation on the security considerations of US-VISIT at DC14.

FEBRUARY 2006

IOActive is invited to present our talk "Ensuring Application Security Through Threat Modeling" at the Washington Software Association's Security Sig.

DECEMBER 2005

IOActive exhibits at Seattle's ITECH conference.

JUNE 2005

IOActive exhibits at ITEC, Seattle, WA

APRIL 2005

IOActive quoted in the Wharton School article: "Do you know where your identity is? Personal Data Theft Eludes Easy Remedies"

IOActive quoted in MSNBC article: "Mississippi joins list of colleges leaking data"

IOActive exhibits at Face2Face, Portland, OR

APRIL 2004

IOActive is the official Sponsor of the CanSecWest (Core04) conference in Vancouver Canada.

JANUARY 2004

IOActive is the official Gold Sponsor of the BlackHat Windows Security conference in Seattle. Come down and see the ioactive team in action!

MAY 2003

IOActive is the proud supporting sponsor of the Washington Rain's Homeland Security Summit. Come down and learn how your federal government is trying to protect you!

APRIL 2003

IOActive's senior consultant presents "Writing NMAP using Microsoft specific API's" to the Puget Sound's ISSA chapter.

MARCH 2002

IOActive presents wireless man-in-the-middle ( MIM ) attacks to the Agora. IOActive demonstrated that MIM attacks could take place from as far away as 5 miles using specially modified 802.11 gear with or without WEP security.

MARCH 2001

IOActive's President, Joshua Pennell, speaks in front of the Agora Security Group on the security infrastructure supplied for the Reform Parties Presidential Primary election.