Archive for the ‘Opinion’ Category
I have not posted recently to my blog, sorry about that. Though there were a lot of interesting things happing recently which I wanted to write about, but kept me really busy.
Last week I went to London to see InfoSec 2010 exhibition. It was like last year as I only visited for a day. Never the less I could look around and even talk with some logging vendor to see what they are doing. As always it was pretty crowded with only limited new stuff for me. Anyhow it was worthwhile to go and I think I will go next year as well. Luckily no volcanic ash stopped me from flying back…
Also last week I was giving a presentation at this year’s Ethical Hacking conference organized by NetAcademia. Like last year the conference was very well organized and the presentations were really interesting. I was giving my presentation with gyp on web-related attacks such as SQL-injection/XSS/code-injection with some live demonstration. I think the demos went well, though the topic seemed to be a bit out-of-date, especially compared to some real low-level, bit hacking, all-assembly presentations on egg-hunting, patch-analysis. Anyhow it was good to see that the quality of the presentations and conferences are dramatically improving in Hungary. I am really proud to be part of it. I think the video from our presentation will be available online soon. (Though only in Hungarian…)
Today I was giving a presentation at the Ethical Hacking workshop of the Electrical Engineering Students’ Hungarian Association’s annual workshop series. The presentation was in English and I mainly presented my previous Ethical Hacking conference presentation again. It was pretty much OK and almost all of my life demo did work. (It was even surprise for me!)
You can get the slides from here.
I just arrived back to my hotel after my talk at Libre Software Meeting, the slides are available on the conference website. The meeting is well organized though speaking some French definitely helps. There are desks of open-source projects and at least 10 parallel session on various topics. As most of the talks are in French, I joined the System & Security topic which was all English today (I was also talking there).
I missed the presentation on XtreamOS which according to the others was just perfect. The talk on FWBuilder and ulogd2 were interesting as well, especially because I did not know much about this projects.
As I wrote about the Ethical Hacking conference earlier I had a presentation on firewalls and encryption topic. Generally I showed how encrypted traffic can be inspected and controlled on firewalls and IDS/IPS systems. The main idea was to show that the MITM technology could be used for a “good” purpose and not only for black-hat duties. I had small live demos doing MITM on SSL and SSH streams, like doing simple URL filtering, content modification, double authentication using certificates and replaying back recorded SSH session. I was using our good old Zorp firewall for the demos. I was a bit nervous before the show, but everything went very well, without any trouble.
The conference was full with around 370 participants and I must admit that everybody stayed till the end of the day which is a very rare at conferences in Hungary. Overall this was the best conference I have attended so far. It was very well organized and the overall quality of the presentations was very good. We ought to have more conferences like this.
I have just returned from InfoSec 2009 at London. (I was a bit worried because of the swine flu issue, especially to go to a small place packed with people from all over the world. No to mention the tube which was more crowded than ever. Some people even had masks on them, I was also thinking about buying one myself.) This year the exhibition moved to a new venue at Earls’ Court. The exhibition seemed a bit smaller to me, at least I missed the small exhibitor at the balcony also it was not that much crowded as in last year. Generally it was all the usual vendors promoting the usual stuff with minor enhancements, even the anti-virus part was smaller and less noisier. The focus was on risk/asset management, compliance, end-point security, DLP, and there were the usual life hacking/pentesting demos in every half an hour. (Hack the firewall by easy-to-guess passwords or send an email with fake sender…) I have just had one day so I did not have the chance to check out the seminars, perhaps those were better.
All in all it is still the best focused trade show on IT security I have been to. I think we definitely need to go next year.