RSA Conference Europe Day 3

Edgard Allan Poe

The third day and the conference are now over! I first followed the track about attacking and defending the virtual infrastructure. Dennis Moreau explained the weakest point of a virtual infrastructure then reviewed the different types of attacks. Some of then may affect the global performance of the system (ex: paging or HBA cache issues). He also insisted on the patching process issue with virtual machines. This track was tagged as “intermediate” but was quite technical.

Then I listened Ira Winkler, the author of the book “Zen and the Art of Information Security“. Ira explained in details what is the information warfare. In fact, there is no secret weapons behind the information warfare. The same attacks are used but to achieve a political goal. He also defined the “cyber intelligence” which can help to prepare the battlefield (like stealing or changed critical data for the enemy). After giving its own version of the “Estonia” case, he also gave a few words about the terrorism (goal is more visual than damageable and tries to install fears). Ira’s track was great. Nice speaker. He won the QOTD contest with this sentence: “The politicians are the best terrorists!“.

The next track was also interesting. Christopher Novak explained how bad guys use anti-forensic techniques to make further investigations difficult or impossible. Some live demonstrations were performed like dumping credit card numbers from memory or creating files with fake names using different caracter sets encoding.He also gave some references of tools used by bad guys like DBAN. What we can remember from this track? “Know your enemy!”.

After the lunch, Kevin Riggins explained how to create an USB key with BackTrack4, Nessus, TrueCrypt. It was a live demo. All the stuff is already online. Good job!

The last presentation was performed by Colin Robbins about the architecture to deploy against DLP (“Data Loss Prevention“). Today’s business has requirements to share data across entities but it must be controlled. Colin explained the different ways to protect the data: Using inline marking, using wrappers (metadata) or dedicated databases. Interesting but too theoretical.

Finally the conference was closed with a keynote presented by Nick Leeson also known as “the infamous trader”. He explained his story and, based on his own experience, why it happened. There was clearly a lack of safeguards. A long Q&A sessions followed.

It’s done for this year! It was the first edition for me and the conference was great. Good balance between technical and business talks. I learned a lot and had good time with online friends and make a lot of new ones. Please note the date for the 2010 conference: 19-21 October 2010.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.