The second day of SOURCE Barcelona is already over. I’m at the airport waiting for my early flight and crossing my fingers due to the announced French air controllers strike. BruCON is now at our doors and we need to build everything tonight.
What about the second day? Well, it started with difficulty due to the short night. The “business” room was reserved for a round-table with some anti-virus developers about the product testing. This session was broadcasted live.
I first attended the talk of Josh Pennell (from IOActive) about the smart grid security. The talk could be resumed in one sentence: “It’s time to act without delay“. Huge investments have already been realized by lot of countries but (can we say “as usual”) with a lack of investments regarding the security of those devices. Josh reviewed the different types of hardware used, the software and the different applications. Some attention to the specific ones: its could be potentially possible to detect personal behavior patterns (privacy) and some smart-grid devices are used to sell electricity to producers (like photovoltaic systems). An interesting reading about smart-grid security: the NIST-7628 document.
The next talk was performed by Val Smith. He reviewed the China’s hacking community. How Chinese hackers bad guys evolved and which tools and methodology they use today. Lot of tools were reviewed.
The third talk was really interesting and directly in the scope of the SOURCE conference philosophy: “Forcing hackers and business to ‘hug it out’“. Andrew Hay and Chris Nickerson gave some pistes to increase the communication between the two worlds. In fact, security is critical for both of them but based on different views. Great talk because almost everybody can identify itself on one of the groups.
After the lunch, Bruno Oliveira and Jibran Ilyas came back on the different types of players in the security field: the black hats (who perform malicious activities), the pentesters (which evaluate security) and forensics analysis (who search for evidences). For each of them, Bruno & Jibran tried to demystify some facts. A good idea to remember: “root/administrator is not everything. It’s just a start! Data are valuable“. Bad guys are humans and make mistakes. That’s what they can often by catched!
Then I switched back to the “business” room to follow the Nick Copeland’s track. Nick is working for Fidelis and the talk was really oriented to their products. Too much commercial. I did not attend the whole track and join the major part of the audience to follow Iftach’s talk about cyber-crime. A better choice.
Wim Remes performed his presentation about SIEM environments and ten things what we are doing wrong. Wim gave nice advices for who has to start a SIEM project (and the word “project” is very important). Finally, Vincente Diaz & David Barroso presented their research about the well know forum carders.cc. If you are looking for illegal stuffs to buy, it’s the place to be. I liked the presentation of a regular user profile based on statistics.
Like said yesterday, SOURCE is a small conference and that’s what makes it unique. After the talks, Stacy (who organize the event) hold a quick Q&A session. Everybody was invited to give some feedback and some expectations for the next editions. That’s less impersonal (compared to a classic form) and help to build better events. Congratulation Stacy! Do I have to say that the social aspect was at the highest level? Lot of beers, cocktails, nice food (Barcelona is an amazing city for this) but, even more, good discussions between infosec professionals.