There was recently a private meeting of security professionals hosted by Microsoft. This private meeting, complete with a public website has been called a "secret" meeting by some. Hmmm, secret meeting with a published agenda (http://isotf.org/isoi2.html) complete with date, time, location, and speakers. Some secret huh?
Who was there and why did they meet? That is pretty easy. There were about 200 security professionals from large companies, small companies (like ESET), and medium sized companies. There were people for a wide range of law enforcement agencies and also people from academia. There were multiple purposes for the meeting. One of the main purposes was to get a bunch of people who work to try to secure the internet together to enhance working relationships. None of us can do the job alone. It is easier to work together when there is trust, and no matter how long you work together online there is something about meeting face to face that is required by people to further develop trust relationships. Mission accomplished!
Another goal was to share information and resources. We wanted to get to know what people have tried, what works, what doesn't, and who might be able to help. Trying to secure the internet takes a lot of cooperation and information sharing. None of us have the entire picture. By meeting and discussing what we know we are better able to learn how to be more effective in the future. Mission accomplished. No, we didn't solve the problems of internet security, but we did share a lot of information and learned who we can help and who can help us. We also learned what obstacles a variety of people face and are ready to work on removing the obstacles and trying new approaches.
Since some of the information dealt with criminal investigations and techniques to track down and shut down spammers, phishers, and other criminals, not everything can or should be public, but I can share one presentation with you.
The Washington Post obtained a copy of the slides that Paul Laudanski of CastleCops presented at the meeting. http://blog.washingtonpost.com/securityfix/ccslides.ppt
For more information about CastleCops and how you can help fight Phish, check out Brian Kreb's excellent article "In Praise of the Phish Fighter" at http://blog.washingtonpost.com/securityfix/2007/01/in_praise_of_the_phish_fighter.html
CastleCops is giving away a ton of prizes to celebrate their 5 year anniversary. ESET is proud to have provided several copies of NOD32 for this event. Those of us from ESET that attended the meeting in Redmond are honored to work with such outstanding people as Paul and the other security professionals at the meeting who are dedicated to making the internet a safer place to work and play.
Randy Abrams
Director of Technical Education