There are so many security conferences around the world… Some people already debated about this: Is it better to restrict the annual agenda to well-known events or let people start their own? IMHO, we need initiatives like this. It’s good to have a broad agenda with local conferences where local people can attend without spending huge amounts of money for travels and lodging (If you can go to conferences, let’s bring the conferences to you!) So, let’s welcome the newly born conference called “NoSuchCon“. The first edition was just organized in Paris across the last three days. Unfortunately, I was only able to attend the last day… If only I could expand my holidays like a filesystem! 
I joined Paris early the morning to attend the first keynote. Here is a quick review of the day.
FIM or “File Integrity Monitoring” can be defined as the process of validating the integrity of operating system and applications files with a verification method using a hashing algorythm like MD5 or SHA1 and then comparing the current file state with a baseline. A hash will allow the detection of files content modification but other information can be checked too: owner, permissions, modification time. Implemeting file integrity monitoring is a very good way to detect compromized servers. Not only operating system files can be monitored (/etc on UNIX, registry on Windows, share libraries, etc) but also applications (monitoring your index.php or index.html can reveal a defaced website).
During its implementation, a file integrity monitoring project may face two common issues:
There are plenty of tools which implement FIM, commercial as well as free. My choice went to OSSEC for a while. My regular followers know that I already posted lot of articles about it. I also contributed to the project with a patch to add Geolocatization to alerts. This time, I wrote another patch to improve the file integraty monitoring feature of OSSEC.
Everybody already faced the same situation: Children like to compare with each others! Put kids in the same room and let them play. Comparisons will start soon: “My dad has a bigger car than yours“, “My plane flies better than yours“, “I can run faster than you“, etc. Sometimes, I’m feeling exactly the same during conversations about infosec products and I’m pissed of this. My opinion is that infosec people also tend to be proud of their security solutions and compare them to others. Like in a kindergarten…
It’s a fact, humans don’t like to assume their errors. It’s not easy to concede a bad choice and say that your security solution does not fullfill its job. But why pretend to have the top-notch-killer-device on the other side? Remember, years ago, the flame war between Linux and Windows users? (Honestly, I took part of this game when I was young)
Sometimes, colleagues or customers ask me what’s the best choice between “x” or “y“. It’s always difficult for me to answer such questions in a cold start situation. First of all because most of the time, I don’t have enough background to compare them. Of course, the market is full of studies and analyses like the well-known Gartner magic-quadrant. Those can help you to make a first selection. Some vendors ask research firms to make a comparison of their product with direct competitors. If they “asked“, it means they also “paid” for these researches. In a customer – supplier relation, the customer must be happy. May we be certain that the results of the study are fully independent? I’m in doubt…
Personally, the best solution is the one which will solve YOUR issue and match YOUR requirements in terms of:
Keep in mind that your information security is a big market place where all vendors would like their share of the cake… Select two or three solutions, ask for live demos, setup a PoC (“Proof of Concept“). This could cost time and money but you will have all keys in your hand to make the right decision. Don’t buy a brand, buy a solution!
This was already the third edition of BSidesLondon today! Time flies! Being busy yesterday, I just reached London in the morning and arrived just in time for the administrative tasks (registration, pick-up a t-shirt, goodies), grabbing some coffee and shaking some hands. BSidesLondon is definitively growing in size and quality: A huge number of attendees, two tracks, a rookie track, a job fair, workshops and lightning talks. Even the sun was present over London, no fog at all! Two tracks means you have to make choices! Here is the brief overview of my schedule.
The last weekend, an ethical hacking event was organised in Belgium. The Hacknowledge Contest joined Charleroi and was hosted at the CPEHN. This event was previously organised only in France thanks to the initiative of the ACISSI. Last year, they decided to open their challenges to other countries. The current list of participating countries is: Côte d’Ivoire, Maroc, Benelux, Espagne and France. The organisers are already looking to extend their list with other countries. If you are interested, maybe contact them.
Initally, I registered a small team with a colleague and finally we were five ethical hackers/friends to participate as “UID(0)“. So, we joined Charleroi Saturday afternoon to attend a bunch of small talks around information security. Small event and a relaxed atmosphere. The covered topics were:
After a break and the registration of all teams, the challenges started for a period of 12 hours (Saturday 10PM to Sunday 10AM). No CTF, no blue team nor read team but a list of challenges to solve similar to the SANS Netwars. Each challenge solved gives you points. Seventy challenges were categories were split in the categories like:
It was very friendly with good times, music. We finished at the third position but very close to the second team… Only the first two teams won, too bad! The final contest will be organised in France and the winning team will receive a very nice price: a trip all-inclusive to Las Vegas to attend the DefCON security conference!
I don’t often participate to events like this one. I liked the limited number of teams (5) and the friendly atmosphere between the team. Not too small, not too big, well organized. The event was also covered by some Belgian media.
The contest is closed. All tickets have been assigned.
Dear readers, I’ve some gifts for you! I’m very proud (and surprised!) to have been nominated to the European Security Bloggers Awards in two categories: “Best Personal Security Blog” and “Best Security EU Twitter“. To thank you for these nominiations (and first of all for reading/following me), I’ve some tickets to distribute for two nice security events in Paris (DisneyLand Convention Center).
The first one is Hack In Paris which will be held from 17th to 21st of June. Then, La Nuit du Hack will follow during the weekend. Both are very good events with renowned international speakers. To give you an idea, have a look at my 2012 wrap-ups (day 1 and day 2). A first version of schedule has already been published. The organizers provided me 2 x 10 tickets for both conferences. It won’t be fair to simply distribute them to the first comers so here is a small contest! Answer the following question: (tip: the answer is on my blog)
“After the last edition of BlackHat Europe in Barcelona, I waited my flight back to home with a good friend of mine. Who is it?”
Send your answer by email only to xavier[at]rootshell[dot]be. The following information must be provided in the mail:
Good luck! Some rules:
This year, I won’t be able to attend the conference during the week. But I will join Paris for the weekend, see you there!
PS: Don’t forget to vote!
“I’m not a number, I’m a free man” said Number 6 in the serie called “The Prisoner” (for the oldest amongst us). The serie was broadcasted in the Sixties but we have to admit that, still today, we are only numbers! And this will be worse in the coming years.
Personally, I’m not against being a number if controls are properly implemented. Numbers are easy to be indexed, to be sorted and searched. Numbers are a good way to identify things or people but they can easily be spoofed. As Wikipedia says:
“In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data (in this case the number) and thereby gaining an illegitimate advantage.“
And we are back for a second day full of fun and pwnage! It was a rainy day on Amsterdam today but water will not prevent hackers to meet again! I joined the hotel for the breakfast in time.
I back in Amsterdam for the third time this month. Today, it is to participate to the Hack In The Box conference. This is already the 4th one, time flies! Like the previous editions, the event is organised at the Okura hotel, a very nice place. Thanks to the Easter break, roads were clear to Amsterdam and I arrived in time to register and grab some coffee.
SecurityFocus Vulnerabilities