New Zealand Information Security Forum (NZISF) cordially invites you
and your friends to the August breakfast meeting:

Venue:    The Auckland Club, 34 Shortland St, CBD, Auckland 

Date:     Thursday, 11 August 2005 

Time:     7:30 am 

Cost: NZISF, NZSA and NZCS members and students - $20, all others -
$25, Cash or cheques, no credit cards

Registration: E-mail your name, first name, business affiliation, and
phone number to: vpetranovic@bravurasolutions.co.nz, you will receive
confirmation via email.


Topic: Forensic Results from 236 Used Hard Drives

What could you do with 236 used hard drives?  Simson Garfinkel found
credit card numbers, medical records, pornography, and lots of
personal email. But he also found proof that a long-recognized
security vulnerability has the potential to seriously compromise the
privacy and the security of more than a billion computer users.

This talk will examine the results-to-date of Simson Garfinkel's
five-year research program involving the recovery of data from used
hard drives. He shows how the analysis of the drives can reveal
significant information about the drive's former owner --- as well as
those who sold the drive on the used market.  He'll show how common
failures in computer operating systems make these problems
worse. These patterns and techniques of poor data sanitization also
show up elsewhere in computer systems, including web browsers,
Microsoft Word, and Adobe Acrobat.

Next, Simson Garfinkel will discuss his current area of research --- a
set of exciting new forensic techniques called "hot drive discovery"
and "cross-drive forensics." These statistical tools, based on his
research, have the ability to redefine computer forensics as we know
it by greatly increasing the amount of information that a forensics
specialist can analyse at a given time.

Finally, Garfinkel will discuss attempts in the US and private
industry to deal with the data sanitization issue. He'll explore
whether these new regulations and business practices are likely to
help or hinder both business and law enforcement.

Presenter: Dr Simson Garfinkel, Harvard University

Simson L. Garfinkel is a researcher in the field of computer security
and award-winning commentator on information technology. Currently at
MIT's Computer Science and Artificial Intelligence Laboratory,
Garfinkel's research interests include computer security, the
usability of secure systems, and information policy. He writes a
monthly column for CSO Magazine, for which he was awarded both the
2004 and the 2005 Jesse H. Neal National Business Journalism Award for
Best Regularly Featured Department or Column. Prior to joining CSAIL,
Garfinkel founded Sandstorm Enterprises, a computer security firm that
develops offensive information warfare tools used by businesses and
governments to audit their systems.

Garfinkel founded Vineyard.NET, the Internet Service Provider (ISP)
for Martha's Vineyard, in 1995. In 2000 he successfully negotiated the
sale of Vineyard.NET to Broadband2Wireless (BB2W), a venture-funded
broadband wireless ISP. When BB2W failed, Garfinkel negotiated the
repurchase of Vineyard.NET from BB2W's bankruptcy court.

Besides his activities as a computer scientist and entrepreneur,
Garfinkel has had an active career as popularizer of technology. After
receiving his masters degree from Columbia University in 1988,
Garfinkel spent 14 years writing for some of the nation's leading
publications, including The Boston Globe, The San Jose Mercury News
and The Christian Science Monitor. He was a founding contributor to
Wired Magazine, and still writes for Wired on a regular
basis. Garfinkel's popular articles have appeared in more than 70
publications including ComputerWorld, Forbes, The Nation, The New York
Times, Omni and Discover.

Garfinkel is the author or co-author of twelve books on computing,
published by O'Reilly and Associates, MIT Press, Springer-Verlag, and
IDG Books. He is perhaps best known for his book Database Nation: The
Death of Privacy in the 21st Century. Consumer advocate Ralph Nader
called this book "A graphic and blistering indictment" of the
techniques used by businesses to invade our privacy and our
lives. Garfinkel's most successful book, Practical UNIX and Internet
Security, has sold more than 250,000 copies in a dozen languages since
the first edition was published in 1991.

Garfinkel holds three degrees from the Massachusetts Institute of
Technology and a masters of science degree from Columbia
University. He is a member of the Association for Computing Machinery
(ACM), Computer Professionals for Social Responsibility (CPSR), and
has a certification in computer security (CISSP) from International
Information Systems Security Certifications Consortium. He has been a
fellow at the Berkman Center for Internet Law and Society, and remains
a Berkman affiliate. He is also an FAA licensed pilot, although he
doesn't get to fly much these days.

For more information about Simson, please visit http://simson.net

Regards,
Vladimir Petranovic
NZISF 

http://www.yellow.co.nz/site/security/NZISF.html