The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) packed the schedule with plenty of technical and training sessions for the 58th General Meeting in Dublin, June 5-8, 2023. Here's a sampling of some of the best practices and updates that industry experts will share at the upcoming general meeting.
Keynote - CSAM: The Insider Attack You Have Not Seen Coming
Keynote Speaker, Mick Moran (UCD/AGS), will present information on the continued fight against Child Sexual Abuse Material. This presentation will outline why this is a threat to all of our networks and how implementing security measures for CSAM should be as common as other threats such as viruses, botnets, and malware.
AI/ML Security and Privacy Impacts
Artificial Intelligence (AI) and Machine Learning (ML) are dominating the headlines this year and Ken Simpson (MailChannels), Brian Scriber (CableLabs), and Kyle Haefner (CableLabs) will update members on the potential and risks associated with generative AI, including its use in cybercrime, the impact on privacy, and erosion of trust at The Security and Privacy Impacts of AI/ML session.
Threat Modeling Workshop
Members of the Threat Modeling Workshop Initiative, Laurin Weissinger (FDT, Tufts, Yale/M3AAWG Expert Advisor), Stephen Farrell (Trinity College Dublin/M3AAWG Expert Advisor), Alex Brotman (Comcast), and Joe St Sauver (DomainTools, M3AAWG Expert Advisor) will bring members a two-part session on Threat Modeling. This interactive training workshop will cover identifying, understanding, and addressing threats and associated mitigations when protecting systems, assets, or anything else of value. The capstone event is a case study exercise provided by Apostolos Giannakidis (Microsoft) followed by real-world training exercises. Attendees can register to attend Monday’s training during meeting registration.
Email Address Internationalization
John Levine (M3AAWG Expert Advisor) will conduct a training session on the Benefits and Challenges of Email Address Internationalization (EAI). The session focuses on how EAI mail differs from ASCII (legacy) mail, what the transition is like, security challenges (spam, phishing, etc.), and actual user experience.
Preparing DNSSEC for Quantum Computing
Peter Thomassen (SSE Secure Systems Engineering) will make a presentation on finding a suitable quantum-safe algorithm that works with the specific requirements of Domain Name System Security Extensions (DNSSEC), such as fast validation, short signatures, and short public keys.
Modern User Authentication for Email: Why Is It Needed, and What Could It Look Like?
Jesse Thompson (Amazon) and Michael Slusarz (Open-Xchange, Inc.) will discuss Modern User Authentication for Email: Why is it Needed, and What could it Look Like? Email remains mostly restricted to the archaic paradigm of static username/password authentication. Modern, secure authentication features (such as two-factor authentication/multi-factor authentication [2FA/MFA], tokens, auto-configuration, and interactive login screens) are commonly used in today's Internet applications and M3AAWG's newly formed MFA/2FA Initiative seeks to change the Email paradigm and adopt these authentication features.
FIRST's DNS Abuse Technique Matrix
Domain Name System (DNS) Abuse Policy Ambassador, Peter Lowe, will present the DNS Abuse Special Interest Group (SIG) of the Forum of Incident Response and Security Teams (FIRST) DNS Abuse Techniques Matrix, which provides advice to incident responders, policymakers, and anyone interested in learning more about the abuse of the DNS.
Success of Commercial Messaging Management in the US
Stefan Heller (The Campaign Registry),John Bruner (Aegis Mobile), Alex Bobotek (AT&T), and Michael Blum (Proofpoint), will present Success of Commercial Messaging Management in the US to discuss the successful implementation of campaign registration for commercial messaging, which allows carriers validation and visibility of campaigns.
The Art of Smishing Defense
Ian Matthews (WMC Global), Alex Bobotek (AT&T), and Michael Blum (Proofpoint), will discuss collaborative efforts to fight smishing at The Art of Smishing Defense. These efforts include a highly developed defense ecosystem with extensive collaboration and numerous data cross-feeds.
40+ Sessions at the 58th General Meeting
Over 40 technical, training, and industry update sessions are planned, including multiple opportunities for members to roll up their sleeves to collaborate and contribute their expertise at committee working sessions and open roundtable discussions. The meeting will also highlight our continued partnership with UCENet (read more).
M3AAWG members are invited to join the global trusted forum that brings the industry together to help fight and prevent online abuse at our 58th meeting in Dublin!
Members can find the entire agenda and registration link on the M3AAWG Upcoming Meeting page. Registration closes Wednesday May 31, 2023 at 5pm PT.
Members and non-members are invited to submit topics for future meetings at https://www.m3aawg.org/submissions.
*While meeting agendas are confidential to M3AAWG members, permission to promote these particular sessions was provided.