Calendar Home
Event Details
Event Name: Technology Over Bagels with PCI - Virtual Event
Website Visit Event Website
Event Date: 05/12/2020
Event Time: 12:00 - 1:00PM
Event Organizer: Central Maryland Chapter
Description: About Technology Over Bagels:
TOB is a free monthly technical presentation that takes place on the second Tuesday of every month (excluding July and August). Bagels and coffee are available starting at 7:30, and the presentation runs from 8:00-9:00. Typical audience size is 40+. Speakers and attendees range from highly niche technical on-site engineers, consultants, company owners, and business development. TOB is run by Central Maryland's Young AFCEANs, and AFCEA membership is NOT necessary in order to attend.
Event Subject: CNO Windows Vulnerability
Event Speaker: Jon Desi, PCI CNO SME In the tech community, the second Tuesday of every month is referred to as ¿Patch Tuesday.¿ It is the day that Microsoft releases patches and updates for its flagship product, the Windows operating system. These patches include everything including minor bug fixes, added features, product enhancements, and critical bug fixes. However, Tuesday, January 14th, 2020 was not a normal Patch Tuesday. Microsoft released a patch for a very critical vulnerability in the Windows CryptoAPI library which was discovered by the National Security Agency (NSA). NSA issued its own advisory stating it was ¿a serious vulnerability because it can be exploited to undermine Public Key Infrastructure trust, ... permit[ing] an attacker to spoof trusted identifies, such as individuals, web sites, software companies, service providers, or others. [T]he attacker can ¿ gain the trust of users or services on vulnerable systems, and leverage that trust to compromise them.¿ The vulnerability is commonly referred to as ¿Curveball¿ due to the underlying bug residing in Microsoft¿s implementation of Elliptic Curve Cryptography. The disclosure of Curveball created quite a bit of talk in the cyber security community with a proof of concept exploiting the vulnerability being released within 24 hours. This talk will explore the Curveball vulnerability, looking into its root cause, impact, and mitigation. Additionally, it will demonstrate how this vulnerability can be exploited.
Event Category: Online/Broadcast
Event Theme: Windows CryptoAPI Spoofing Vulnerability
Location: Virtual
MD
Event Contact E-Mail: tob@centralmd.afceachapters.org
Calendar Home