October 27, 2022
Casino Bern
The Swiss Web Security Day is a one day event organized by SWITCH , the Swiss Internet Security Alliance SISA and the Swiss ICT Industry Association Swico. This one day event will cover current security issues for Swiss registrars and webhosters. There will be talks about current technical, legal and regulatory issues and also plenty of time to network with your colleagues.
Talks will be given in English, German and French.
Casino Bern
Casinoplatz 1, Bern
3011 Bern
Conference Room: Burgerratssaal
The security of websites depends on its owner. Small website owners (individuals, clubs, freelancer, SME) provide the bulk of websites on the Internet, but often neglect the security aspect of ther sites. The goal of the INSPECTION project is to crawl the German-speaking Internet and identify hacked websites through methods of artificial intelligence in an automated fashion. Additionally, measures will be developed that allow informing owners of affected websites, mitigate the damage to the websites, and reduce the risk of further successful attacks.
As the registry for .ch and .li domain names, SWITCH carries out various activities to improve the stability and security of .ch&.li domain names and to combat domain name abuse. This presentation gives an overview of the various activities and their results.
ModSecurity brings a lot of security, but you pay with a lot of sweat. But the introduction can be simplified with a few techniques that remove a lot of the pain when making your first steps. The little known sampling mode is such a technique that allows you to get your feet wet without jumping into the bathtub. Other tricks facilitate existing log files for faster insight etc.
The Internet was founded and run based on a collaborative model -- people working together to further the goal of global real-time communications. This model isn't gone in the commercial Internet of today, it is simply underutilized.
This talk presents one tried and true model of collaboration between network operators being a successful method of mitigating DDoS attacks. We'll talk about the way this system functions and will present a new system as well that will take the collaborative model solution approach and apply it to the problem of fraud.
Dark patterns or deceptive design are user interfaces carefully crafted to trick users into doing things that they may not normally do. In this talk we are going to look at how websites use design patterns to get your attention and guide you to make a choice that is generally not in your advantage.
More success thanks to cooperation: The Swiss Internet Security Alliance introduces itself. Abstracts:
The Swiss Internet Security Alliance (SISA) is an initiative of stakeholders of the Swiss economy with the vision of making Switzerland the safest internet country worldwide. Find out more from president Daniel Nussbaumer and some fellow SISA members, for instance, who is behind the initiative and how they will achieve "more success thanks to cooperation".
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against botnets, malware, spam, viruses, DoS attacks and other online exploitation. We are the largest global industry association, with more than 200 members worldwide, bringing together all the stakeholders in the online community in a confidential, open forum. We develop cooperative approaches for fighting online abuse. We develop and publish best practices papers, position statements, training and educational videos, and other materials to help the online community fight abuse with a focus on operational practices. Our public policy advocacy (which is not lobbying) provides technical and operational guidance to governments, Internet and public policy agencies developing new Internet policies and legislation.
Our talk will explain how M3AAWG provides a trusted forum and a framework for open discussion among the professional online community about abuse issues in an atmosphere of confidentiality and cooperation.
"Die Verordnungen zum Büpf werden zur Zeit aktualisiert. Sie sollen dem Umstand Rechnung tragen, dass immer mehr OTT Dienste (auch) für rechtswidrige Zwecke missbraucht werden. Deren Regulierung ist im Schweizer Recht lückenhaft, was auch das Bundesgericht in seinen Urteilen zu Threema und Proton festgestellt hat. Ob es reicht, die möglichen Überwachungsmassnahmen auszuweiten und gleichzeitig offenzulassen, welche Anbieter zur Mitwirkung verpflichtet sind wird sich weisen. Das Panel geht der Frage nach, ob die laufenden Revisionen der Verordnungen zum Büpf zielführend sind. Ausserdem: was würde es brauchen, um die Strafverfolgung im Internet zu erleichtern, ohne die Provider über Gebühr zu belasten."
Es diskutieren am Panel:
Dennis Dayman, CIPP/US, CIPP/E, CIPT, FIP
Dennis Dayman is a Resident CISO for Proofpoint with more than 30 years of experience as a leader in security and privacy with a focus on information security and data privacy, data governance issues, protecting and improving data through industry policy, regulatory policy relations, and technical solutions. He is the co-author of Startup CXO: A Field Guide to Scaling Up Your Company’s Critical Functions and Teams at StartupCXO.com. He has also held leadership roles in privacy and security at several other organizations, including Maropost, Return Path, and Eloqua.
Dennis was appointed Advisor to the Data Privacy and Integrity Committee by the Department of Homeland Security (DHS) Secretary. He was also appointed as a U.S. Delegate for the U.S. Technical Advisory Group (TAG) within International Organization for Standardization (ISO) and American National Standards Institute (ANSI).
He serves as a longstanding member of several boards and advisory committees within the advertising and messaging industry, including: the Messaging Anti-Abuse Working Group (M3AAWG), where he helped found and served on the Board of Directors as the vicechair, Coalition Against Unsolicited Commercial Email (CAUCE) board, International Association of Privacy Professional (IAPP) advisory boards, and Email Sender and Provider Coalition (ESPC).
Dennis holds a Bachelor of Arts degree in Criminal Justice from Stephen F. Austin State University in Texas.
Dr. Christian Folini is a Swiss security engineer and open source enthusiast. He brings 15 years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the 2nd edition of the ModSecurity Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the “Swiss Cyber Storm” conference.
Rolf Auf der Maur ist Partner des Anwaltsbüros VISCHER mit Büros in Zürich, Basel und Genf. Er leitet den Bereich Technologie- Telecom und Medienrecht. Seit Beginn seiner Anwaltstätigkeit befasst er sich vorwiegend mit rechtlichen Aspekten des Internet. Dabei kann er sein Interesse für neue Kommunikationstechnologien mit seiner anwaltlichen Erfahrung in idealer Weise kombinieren. Zu seinen Klienten zählen führende Unternehmen aus den Bereichen der Medien, der Unterhaltungsindustrie, Telekommunikation und der Informationstechnologie. Gemäss den internationalen Legal Directories 'Chambers and Partners' und 'Legal 500' zählt er zu den führenden Anwälten in diesen Bereichen in der Schweiz. In seiner Freizeit bestreitet Rolf Auf der Maur Segelregattas auf dem Mittelmeer.
Ivette Djonova war mehrere Jahre tätig in Wirtschaftskanzleien, danach bei Wirtschaftsdachverband economiesuise als Verantwortliche Konsumentenpolitik (Datenschutz, Digitalisierung, Werbung, Immaterialgüterrecht).
Seit 2 Jahren ist sie Head Legal & Public Affairs bei Swico. Swico ist der Verband der Digitalisierungsanbieter in der Schweiz und vertritt rund 700 Firmen (Grossunternehmen, KMU und Start-up). Swico setzt sich für die Interessen der digitalen Wirtschaft ein.
Michael is the lead at SWITCH for ccTLD registry for .ch & .li. He is interested in all aspects of DNS to make the internet more secure.
Anne Hennig is a research assistant in the SECUSO Research Group of Prof. Dr. Melanie Volkamer since January 2021. She graduated from the Karlsruhe Instituteof Technology (KIT) with a Master’s degree in Science Communication in 2020. In her research, she focuses on how to communicate security and privacy issues to the public. Currently, Anne Hennig is leading the INSPECTION project together with Dr. Peter Mayer.
Urs Eppenberger has a degree in electronics from ETH Zurich. He has worked for the SWITCH foundation since he graduated, helping to build the Swiss Internet. Today, Urs Eppenberger is in charge of SWITCH’s registry for the top-level domains .ch and .li. He is responsible for the stable operation of the related services, focusing on safeguarding the DNS as a critical infrastructure and protecting users in collaboration with the Federal Administration and the Internet industry.
Andrei has been working more than ten years in the IT department of an International Organization, and in recent years has been the department's data privacy protection coordinator, following up on the implementation of the Organization's data privacy framework, with a focus on information technology and communication services. Andrei thinks privacy is a fundamental right that cannot exist today without computer security, therefore he is always looking to find a balance between both and see how privacy can be embedded into technology. He is is particularly interested in privacy by design and always curious to see how privacy in integrated (or not) in current products and services.
James Shank has been with Team Cymru for more than ten years, contributing to several different efforts in a variety of ways. He is involved in several community orientated efforts to combat online threats, and notably was part of a collaborative effort to take down Emotet. He served on the Institute for Security and Technology's Ransomware Task Force, contributing to two of four primary lines of effort and chairing the Worst Case Scenario subgroup. This effort created a guiding document primarily for the Biden administration to suggest ways to reduce the impact of ransomware, with global coordination of efforts being central to the offered suggestions. As Chief Architect of Community Services for Team Cymru, he works with community members to architect solutions to thorny issues that are hard to solve by individual operators or companies. Lately, he's been thinking about new ways to collaborate with global partners to solve big picture problems, new tools and techniques that are of value to information security professionals worldwide, and new ways to make life harder for malicious actors.
Giancarlo is Head of Association Services and Member of the Board at Swico - the Association of Digitisers - since 2014.
Ausbildung und Arbeit als Applikationsentwickler
Jus-Studium
seit 2010 Staatsanwalt im Kanton Zürich
seit 2018 bei der Staatsanwaltschaft II des Kantons Zürich (Cybercrime)
Nicolas Sacroug is Legal Counsel at Proton AG, Swiss provider of end-to-end encrypted services such as Proton Mail and Proton VPN. He is mostly in charge of data protection, law enforcement and Swiss government and regulatory affairs.
After a Bachelor's degree in Forensic science at Lausanne University, Nicolas Sacroug pursued a Master's degree in Law, more specifically in Judicial careers.
Daniel Nussbaumer is the president of the Swiss Internet Security Alliance which was created in 2014 by well-known representatives of the business realm.
