))
Tom Cross aka Decius & Collin Anderson - Do Export Controls on “Intrusion Software” Threaten Vulnerability Research?
Archived series ("Inactive feed" status)
When?
This feed was archived on August 14, 2018 01:58 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 200383206 series 2122215
Content provided by DEF CON. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by DEF CON or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Collin-Anderson-Tom-Cross-Export-Controls-on-Intrusion-Software.pdf
Do Export Controls on “Intrusion Software” Threaten Vulnerability Research?
Tom Cross aka Decius CTO, Drawbridge Networks
Collin Anderson Independent Researcher
At the end of 2013, an international export control regime known as the Wassenaar Arrangement was updated to include controls on technology related to “Intrusion Software" and “IP Network Surveillance Systems." Earlier this year, the US Government announced a draft interpretation of these new controls, which has kicked off a firestorm of controversy within the information security community. Questions abound regarding what the exact scope of the proposed rules is, and what impact the rules might have on security researchers. Is it now illegal to share exploit code across borders, or to disclose a vulnerability to a software vendor in another country? Can export controls really keep surveillance technology developed in the west out of the hands of repressive regimes? This presentation will provide a deep dive on the text of the new controls and discuss what they are meant to cover, how the US Government has indicated that it may interpret them, and what those interpretations potentially mean for computer security researchers, and for the Internet as a whole.
Tom Cross is the CTO of Drawbridge Networks. He is credited with discovering a number of critical security vulnerabilities in enterprise class software and has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. Tom was previously Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has spoken at numerous security conferences, including DEF CON, Blackhat Briefings, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides.
Twitter: @_decius_
Collin Anderson is a Washington D.C.-based researcher focused on measurement and control of the Internet, including network ownership and access restrictions, with an emphasis on countries that restrict the free flow of information. Through open research and cross-organizational collaboration, these efforts have included monitoring the international sale of surveillance equipment, identifying consumer harm in disputes between core network operators, exploring alternative means of communications that bypass normal channels of control, and applying big data to shed new light on increasingly sophisticated restrictions by repressive governments. These involvements extend into the role of public policy toward promoting online expression and accountability, including regulation of the sale of surveillance technologies and reduction of online barriers to the public of countries under sanctions restrictions.
Twitter: @cda
133 episodes
Share
