Author Archives: admin

Internet weekly highlight #1

Starting new category called “Internet weekly highlights“, which is basically writings/blogs posts/stories from the internet that are a good read in short. Usually thin{k|g}s that I have “stared” in my (Google Reader) RSS aggregator, twitter ..

 

 

 

 

 

Security BSidesLondon 2013

bsides_logo–croppedYet another great BSidesLondon, yet another great Security BSides event! I think Xavier has written great wrap-up on his blog about whole event, so I will not be wasting words how great everything was.

 

 

My top talk picks from main two tracks:

Besides workshops (sadly was to late to join any of them), there was also rookie track. Managed to see only one (Talking in a foreign land by Anne Wood), but heard they were all great if not even better than main ones 😉

If I need to stress out one thing that was really big #fail, was connectivity to internet (outside world). There was no open (or secured) wireless connectivity at event. Venue provided one “open” SSID with captive portal and registration, that was actually totally closed (closed even for ICMP traffic) and opened only for DNS/HTTP(s) traffic. If you wanted VPN yourself to $HOME networks, the only way was {whatever-protocol}overDNS that gave you max. throughput ~ about 20kb/s 🙁

But still kudos to (@GeekChickUK) and the rest of BSides crew for another great BSides event!

Next on calendar Hack in Paris (2013) and Nuit du Hack 2013.

Hek.si – local security event wrap-up

bg_headerThere isn’t any happening much on Slovene local scene when it comes to security and conferences. Hek.si (subtitled Conference for Ethical hackers about Ethical hacking) is nice try of this kind events, but still far far far from events/conferences like HITB (that as also happening in the same week in Amsterdam), Defcon, Blackhat, BruCON, DeepSec, CCC related events ..

In this short review of the event I will try to focus on its content (highlights), and will leave besides maybe all organization and other failures.

  • The keynote to open the event was presented by Milan Gabor (@MilanGabor), CEO and owner of Viris d.o.o.. Presentation had interesting title “Why your kind won’t be hackers” and can be summarized as today’s youth (the next generation of security researchers / hackers) is lacking persistence and drive in “hacking” (ethical hacking).
  • IPv6 definitely is next big thing that is already happening to internet (hey, on internet side it works!) and Enterprise IT businesses and it opens a lot of security issues/challenges involving protocol itself and security threats when wrongly deployed in current networks. Security issues in setting up IPv6 via tunnel brokers and firewalling was presented by non-other than Jan Žorž (Zavod Go6 / ISOC). I could almost say – “There is no IPv6 without Jan Žorz“. Summarized in one sentence – when diving into IPv6 try using SI6 Networks’ IPv6 Toolkit, for security assessment and troubleshooting IPv6 protocols, highly recommended even from my side.
  • Second round table titled “Responsible Disclosure” opened interesting debate; too bad it was not recorded. Maybe I will put some of its insights in one of futures blog posts.

Generally speaking I was expecting even bigger failure and thank for some individuals and several talks that really were above minimum you would have expected on events like this elsewhere. There were still too many talks (including from people who supposed to be professional pentesters) with screenshots of hacking tools with no technical background, no methodology, no insights why “system” is exploitable and how presented tool actually exploits vulnerability. Something Script-kiddies would pass on to newbies (becoming new Script-kiddies).

As mentioned above, in the same time HITB Amsterdam was happening and Xavier (@xme) put together two posts about its happening. See Day 1 & Day 2.

While writing this I am already packing for Security BSidesLondon 2013. \o/

OWASP Slovenia Meetup

Open Web Application Security Project (OWASP) Slovenian chapter had annual meet-up last month in Cyberpipe (Ljubljana’s hackerspace). Besides regular member gathering there were two security talks in agenda.

Both talks (video and slides) are below.

OWASP TOP 10 (Jure Skofic, Acrossecurity)


Blended world of embedded, web and mobile (in)security (Tadej Vodopivec, Comtrade)

Links of the week

A+ Certification

A+ Certification (Photo credit: Gadget Virtuoso)

Here are some links with notes for what was spotted on Internet in last week

Saying almost goodbye to freelancing and getting almost hired …

IBM Cloud Computing

IBM Cloud Computing (Photo credit: IvanWalsh.com)

It is not big secret (well at least not anymore) that I’ve been recruited by one of the biggest leading cloud service provides last year. But at the end I guess they figured it out that relocating me to other side of Europe would be quite challenging or something and after several phone interviews (judging from my point of view and feedback I got from all examiners, all interviews went quite well), they thanked me with words that “this proceeding will not go any further for this particular role“.

Oh, well .. not the end of the world, maybe I really wasn’t showing enough enthusiasm that I really want to relocate myself for this particular role. Besides that, I think it was great experience going through all phone interviews, most of them were 100% technical, testing my knowledge of Linux and networking. The last one was more soft skills orientated with a lot of hypothetical real scenarios and “problems” involving organizing people, delegating tasks and reporting. Things I have already done successfully in past, just not on that large scale. That was challenge why I was motivated for this particular role. Everything, just on bigger scale 🙂

Till something better comes along, I’ll be sticking to freelancing.

 

 

Worth reading

Some good content from Internet from last two weeks, definitively worth reading ..

Hello blog

Year 2013! This is attempt to actually write something (sort of a blog, sort of a things I am willing to share on internet, thoughts, rethinks .. ). I have been asked to do so many times before, but never got time to actually start it. Was on my “Things to do in year 2012” list ..

Thanks @lowk3y for hosting; and I hope I will find time to drop here things (reThinks) longer than 140 characters 🙂