Category Archives: Event

Slovenian IPv6 summit – 8th edition

IPv6-IPv4 by Abode of Chaos - DDC_5855

IPv6-IPv4 by Abode of Chaos – DDC_5855 (Photo credit: Abode of Chaos)

Yet another successful IPv6 summit passed by, the 8th in a row since 2008. As summits before, this one was also packed with great content and great speakers. If I say, from the network / ISP / operator perspective, we’re just a “push of a button” away from IPv6 at large and IPv6-only core networking is becoming reality and IPv4 will soon be offered only as a service. (great new buzz term by the way – IPv4 as a service / IPv4aaS ).

If for some reason you have missed the event here are some of videos worth watching

Terrastream, Deutche Telekom next generation IPv6 only access network (Ian Farrer, Deutsche Telekom). More on pilot project that was realized in very short time in Croatian can be read on Cisco blog.

Post IPv4 depletion observations from RIPE-NCC (Massimiliano Stucchi, RIPE-NCC)

Live demo of MAP address sharing transition technology, (Andrew Yourtchenko, Cisco)

Yet another way to connect IPv6-only “users” to old internet / only IPv4 based via MAP transition technology. See Cisco MAP Simulation tool.

Something you can already test, without having Cisco box with latest and greatest IOS (all those neat IPv6 features are almost always available only on really bleeding and latest IOS software)  that supports this kind of mapping. There are some open source implementations already out there, almost out-of-the-box ready to be run on OpenWRT linux builds. See:

.. to be continued.

Security BSidesLondon 2013

bsides_logo–croppedYet another great BSidesLondon, yet another great Security BSides event! I think Xavier has written great wrap-up on his blog about whole event, so I will not be wasting words how great everything was.

 

 

My top talk picks from main two tracks:

Besides workshops (sadly was to late to join any of them), there was also rookie track. Managed to see only one (Talking in a foreign land by Anne Wood), but heard they were all great if not even better than main ones 😉

If I need to stress out one thing that was really big #fail, was connectivity to internet (outside world). There was no open (or secured) wireless connectivity at event. Venue provided one “open” SSID with captive portal and registration, that was actually totally closed (closed even for ICMP traffic) and opened only for DNS/HTTP(s) traffic. If you wanted VPN yourself to $HOME networks, the only way was {whatever-protocol}overDNS that gave you max. throughput ~ about 20kb/s 🙁

But still kudos to (@GeekChickUK) and the rest of BSides crew for another great BSides event!

Next on calendar Hack in Paris (2013) and Nuit du Hack 2013.

Hek.si – local security event wrap-up

bg_headerThere isn’t any happening much on Slovene local scene when it comes to security and conferences. Hek.si (subtitled Conference for Ethical hackers about Ethical hacking) is nice try of this kind events, but still far far far from events/conferences like HITB (that as also happening in the same week in Amsterdam), Defcon, Blackhat, BruCON, DeepSec, CCC related events ..

In this short review of the event I will try to focus on its content (highlights), and will leave besides maybe all organization and other failures.

  • The keynote to open the event was presented by Milan Gabor (@MilanGabor), CEO and owner of Viris d.o.o.. Presentation had interesting title “Why your kind won’t be hackers” and can be summarized as today’s youth (the next generation of security researchers / hackers) is lacking persistence and drive in “hacking” (ethical hacking).
  • IPv6 definitely is next big thing that is already happening to internet (hey, on internet side it works!) and Enterprise IT businesses and it opens a lot of security issues/challenges involving protocol itself and security threats when wrongly deployed in current networks. Security issues in setting up IPv6 via tunnel brokers and firewalling was presented by non-other than Jan Žorž (Zavod Go6 / ISOC). I could almost say – “There is no IPv6 without Jan Žorz“. Summarized in one sentence – when diving into IPv6 try using SI6 Networks’ IPv6 Toolkit, for security assessment and troubleshooting IPv6 protocols, highly recommended even from my side.
  • Second round table titled “Responsible Disclosure” opened interesting debate; too bad it was not recorded. Maybe I will put some of its insights in one of futures blog posts.

Generally speaking I was expecting even bigger failure and thank for some individuals and several talks that really were above minimum you would have expected on events like this elsewhere. There were still too many talks (including from people who supposed to be professional pentesters) with screenshots of hacking tools with no technical background, no methodology, no insights why “system” is exploitable and how presented tool actually exploits vulnerability. Something Script-kiddies would pass on to newbies (becoming new Script-kiddies).

As mentioned above, in the same time HITB Amsterdam was happening and Xavier (@xme) put together two posts about its happening. See Day 1 & Day 2.

While writing this I am already packing for Security BSidesLondon 2013. \o/