This week promises to be a busy one. I woke up early to catch my plane to Barcelona! The flight was delayed due to a strike in France but I arrived not too late and just missed the keynote. Barcelona is a very beautiful city and the place where is organized the conference is amazing with a nice view on the city (more pictures to come).
This is the second edition of SOURCE in Barcelona. From the organizers, the number of registrations grew from fifty to eighty. Not bad! I found back a lot of friends. After all, that’s why conferences are also organized:Â To keep your network up-to-date! I like the SOURCE atmosphere, not too much participants is a good point. Two separate rooms with business talks on one side and technical talks on the other one. The rooms are nice and small enough to allow interaction s with the speakers (no need to use microphones), I like that! The ambiance is very relaxing and everybody feels like home. Interesting discussions with interesting guys!
What about the talks? This first day proposed good various topics:
- First talk was about a new threat modeling by Allison Miller and Alex Hutton. Basically, they presented how to perform risks assessments based on threat modeling. Traditional risks assessments are based on a process like “find, fix and cross your fingers”. The presented model tries to close the gap between assessment and defense. Very interesting!
- Then, Brian Honan gave a presentation about the Irish CERT and how it was set up. I liked the funny reference to the “Estonia Effect“. After the attack against Estonia a few years ago, people started to realize that “the same story” can happen to them.
- After a good lunch, Alexander Polyakov and Ilya Medvedovskiy talked about the ERP security and their myths. Example of myths: Business applications are only available internally, ERP security is vendor problem, Business application internals are not known for hackers. Clearly, ERP systems are a nice target to attacks. Interesting but too much focused on SAP (IMHO).
- Then, an excellent presentation by Jayson E Street about social engineering. Nice slides, excellent examples. Jayson reviewed the history of the social engineering attacks which are not recent! Nothing new but always true, the new ISO model has an extra 8th layer. This is the one you have to attack! (and the most difficult to protect)
- To close the first day, Barnaby Jack presented his famous talk about “Jackpotting ATM’s“. Funny, he did not take his ATM with him to Barcelona (we can easily understand why) but organized a live demo broadcasted from his home in San Jose.
One of the presentation I expected (Wim Remes about SIEM) was postponed to tomorrow due to a last minute planning change. If you would like to follow the conference via Twitter, follow the #SourceBCN hashtag, we are a few to post updates. That’s done for today. Now, let’s perform some social networking at the Socko restaurant not far from the beach 😉