Your stack is smash-proof. Your dumpster is fully alarmed. And your firewall is so secure that it has former Soviet officials green with envy. So why are the developers finding their undocumented features in competitors’ products, or company executives on a constant hunt for leaks and traitors? There’s a whole lot more to doing an end-run around network security than calling up and pretending to be the help desk or hoping someone chucks a service manual in the trash Professional attackers with specific targets have a whole rash of techniques — from using targeted employees to hiding microphones — adopted from the world of espionage, and this talk is all about how they do what they do. Eric Schmiedl has spoken on access control systems at BlackHat 2007 and safecracking at DEFCON 14. He is a member of the TOOOL.US Board of Directors, maintains a semblance of an undergraduate career at the Massachusetts Institute of Technology, and has been picking locks all his life. For copies of the slides and additional materials please see the DEF CON 16 Archive here: http://ift.tt/1mDLlZ8

Speakers: Marc Weber Tobias, Investigative Law Offices, Security.org Matt Fiddler, Security Consultant – Security.org Although there has been a significant amount of attention paid to the topic of late, there are complexities that must be understood to accurately gauge the impact of “Bumping Locks” on physical security. This talk will explore the vulnerabilities and exposures of virtually all pin-tumbler locks, highlighting the legal issues surrounding the possession and use of bump-keys and bumping implements. Case examples and demonstrations detailing a major security flaw and vulnerability in locks used by the federal government and a private sector corporation that affect millions of users will be presented. For more information visit: http://bit.ly/defcon14_information To download the video visit: http://bit.ly/defcon14_videos