IOACTIVE TO PRESENT AT PRESTIGIOUS AGORA MEETING

Team presents on Smart Meter security research and their efforts assembling a super computer capable of cracking WPA2 keys

Seattle, Wash—September 3, 2009. IOActive, a leading provider of software assurance, compliance and Smart Grid security services, today announced that its Director of Services, David Baker, and a Senior Security Consultant, Robert Zigweid, will present on two of IOActive's recent research projects at the Agora meeting on Sept. 11, 2009. The Agora is a successful strategic association that meets quarterly to bring together the Northwest's top information systems security professionals and technical experts, as well as officers from the private sector, public agencies, local, state and federal government and law enforcement.

Baker will discuss the extensive research IOActive has performed on Smart Meter platforms, uncovering significant security vulnerabilities and developing proof-of-concept malicious code. Remaining vendor-neutral, Baker will present IOActive's findings, simulate the worm attack they developed, as well as discuss strategies for improving the security of the Smart Grid moving forward.

"We're very excited to present our Smart Grid research at Agora. Always drawing a great blend of local professionals, Agora is an excellent platform to share our research and continue to educate people, hopefully motivating vendors to mitigate these vulnerabilities and improve future security protocols," said Baker.

Following the Smart Grid presentation, Zigweid will unveil IOActive's ongoing project to assemble a super computer (referred to as "Crackathon") that can exhaust the entire ASCII password set in 30 minutes and brute force five-character WPA2 keys in under four minutes.

According to Zigweid, "This is the first time IOActive will discuss Crackathon at a public event, as it is still in development. It currently boasts 24 teraflops of crypto crunching power, unofficially ranking it in the top 50 percent of the world's 500 fastest super computers."

About IOActive
IOActive is an industry leader that offers comprehensive security services including software assurance, smart grid security, infrastructure audits, training, incident response, PCI compliance, and risk management. IOActive has attracted many well-known security experts including Dan Kaminsky, Jason Larsen, Steve Wozniak, Mike Davis, and Ilja van Sprundel. More information is available at www.ioactive.com.

About David Baker
David Baker is a subject matter expert on information security and incident response. As Director of Services, he drives the creation and direction of IOActive's services. He also functions in the capacity of Engagement Manager, directly managing all consultant resources to ensure successful client delivery and overseeing the quality assurance of IOActive engagements. He oversees all executive account management and business development efforts.

Prior to joining IOActive, Baker was the Director of Security Architecture at Vantos and part of the A-round executive team. He was recruited directly by the CEO to develop industry essential practices for investigation and incident response management, in addition to aiding customers with investigations to promote partnerships and develop case studies. Baker worked with Fortune 1000 companies to drive security requirements and coordinate penetration tests.

About Robert Zigweid
Robert Zigweid is an accomplished developer and application tester, with advanced skills in the creation and analysis of systems architecture and threat modeling. As a security consultant at IOActive, he works with clients to discover and solve network and application problems that threaten their business goals and assets. In addition to his direct efforts on penetration tests, security reviews, and network and application audits, Zigweid contributes to the advancement of more stable, secure systems through his research and development. He was a co-founder of OSJava, is working on a JDBC driver and more robust Java class loader, and has conducted groundbreaking research that will further the formal understanding of application and network security for audiences at varying levels of technical fluency.

Zigweid recently created a secure coding training course for a key IOActive client and is now engaged in a project for a major shipping company, helping them develop their new online banking product using SDL guidelines.

-###-