The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Jeremy Rasmussen - Sypris Electronics

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

The Best Defense is Information

Mar 04, 2009

Download: Video Icon MP4 Video Size: 559.2MB  
Watch on Youtube Watch on YouTube

Abstract

In the course of doing security vulnerability testing for government and commercial clients over the past 10 years, our Information Security Solutions team at Sypris Electronics has seen a lot of interesting things—perhaps none more so than a recent attack witnessed on a client's network targeted by a buffer overflow on a popular application. The attack launched a trojan horse, which then dropped in another piece of malware that stealthily connected out to several sites to receive command and control. We will go down the rabbit hole with the attack (as much as I can publicly divulge), talk about our approach to the forensic investigation, and how the client was advised to implement countermeasures to provide an overall framework of security against future attacks.

It is possible people may have known about this particular exploit for more than six months before it was publicly disclosed, and the vendor still has not published a patch for it. Therefore, in this talk, we will also explore the concept of responsible disclosure, information sharing (minus attribution), and how all of this possibly fits into the Presidential Comprehensive National Cybersecurity Initiative (CNCI).

About the Speaker

Jeremy Rasmussen is manager of the Information Security Solutions (ISS) group at Sypris Electronics, LLC in Tampa Florida. Sypris is an industry leader with more than 40 years of success in complex electronics manufacturing and engineering products and services for defense and aerospace. Mr. Rasmussen earned a B.S. in Computer Science (1991) and M.S. in Engineering Management (1994) from the University of South Florida (USF). He had experience as a software and systems engineer at Honeywell, Raytheon, and Sypris Electronics before founding the ISS group in 1999. The ISS group specializes in system vulnerability assessments, penetration testing, policy and procedure development, and security training. The ISS group has performed assessments on more than 200 different systems ranging from a small, tactical unit in the back of a Humvee to a 350,000-user WAN spanning 54 states and territories. The team continues to grow in areas targeting penetration testing, automated compliance scanning tools, and products/technologies related to the Presidential Comprehensive National Cybersecurity Initiative (CNCI).

Mr. Rasmussen is an adjunct professor in the Department of Computer Science and Engineering and Department of Information Technology at USF, teaching courses in cryptography and network security, digital forensics, and ethical hacking. He also serves as chairman of the CS&E External Advisory Board. He founded the Whitehatters Computer Security Club at USF, and the team has done very well in organized Capture the Flag events, even reaching the 2007 finals of the Defcon CtF—considered the world championship of hacking.

In his spare time, Mr. Rasmussen enjoys family activities, soccer, taekwondo, teaching Sunday School, traveling, and writing. He has written several articles on "Password Security", including those for the Encyclopedia of the Internet and the Handbook of Information Security. Mr. Rasmussen was also a Jeopardy! champion in 2007.

Email: Jeremy_dot_Rasmussen_at_Sypris_dot_com


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!