Category Archives: Security

Security BSidesLondon 2013

bsides_logo–croppedYet another great BSidesLondon, yet another great Security BSides event! I think Xavier has written great wrap-up on his blog about whole event, so I will not be wasting words how great everything was.

 

 

My top talk picks from main two tracks:

Besides workshops (sadly was to late to join any of them), there was also rookie track. Managed to see only one (Talking in a foreign land by Anne Wood), but heard they were all great if not even better than main ones 😉

If I need to stress out one thing that was really big #fail, was connectivity to internet (outside world). There was no open (or secured) wireless connectivity at event. Venue provided one “open” SSID with captive portal and registration, that was actually totally closed (closed even for ICMP traffic) and opened only for DNS/HTTP(s) traffic. If you wanted VPN yourself to $HOME networks, the only way was {whatever-protocol}overDNS that gave you max. throughput ~ about 20kb/s 🙁

But still kudos to (@GeekChickUK) and the rest of BSides crew for another great BSides event!

Next on calendar Hack in Paris (2013) and Nuit du Hack 2013.

Hek.si – local security event wrap-up

bg_headerThere isn’t any happening much on Slovene local scene when it comes to security and conferences. Hek.si (subtitled Conference for Ethical hackers about Ethical hacking) is nice try of this kind events, but still far far far from events/conferences like HITB (that as also happening in the same week in Amsterdam), Defcon, Blackhat, BruCON, DeepSec, CCC related events ..

In this short review of the event I will try to focus on its content (highlights), and will leave besides maybe all organization and other failures.

  • The keynote to open the event was presented by Milan Gabor (@MilanGabor), CEO and owner of Viris d.o.o.. Presentation had interesting title “Why your kind won’t be hackers” and can be summarized as today’s youth (the next generation of security researchers / hackers) is lacking persistence and drive in “hacking” (ethical hacking).
  • IPv6 definitely is next big thing that is already happening to internet (hey, on internet side it works!) and Enterprise IT businesses and it opens a lot of security issues/challenges involving protocol itself and security threats when wrongly deployed in current networks. Security issues in setting up IPv6 via tunnel brokers and firewalling was presented by non-other than Jan Žorž (Zavod Go6 / ISOC). I could almost say – “There is no IPv6 without Jan Žorz“. Summarized in one sentence – when diving into IPv6 try using SI6 Networks’ IPv6 Toolkit, for security assessment and troubleshooting IPv6 protocols, highly recommended even from my side.
  • Second round table titled “Responsible Disclosure” opened interesting debate; too bad it was not recorded. Maybe I will put some of its insights in one of futures blog posts.

Generally speaking I was expecting even bigger failure and thank for some individuals and several talks that really were above minimum you would have expected on events like this elsewhere. There were still too many talks (including from people who supposed to be professional pentesters) with screenshots of hacking tools with no technical background, no methodology, no insights why “system” is exploitable and how presented tool actually exploits vulnerability. Something Script-kiddies would pass on to newbies (becoming new Script-kiddies).

As mentioned above, in the same time HITB Amsterdam was happening and Xavier (@xme) put together two posts about its happening. See Day 1 & Day 2.

While writing this I am already packing for Security BSidesLondon 2013. \o/

OWASP Slovenia Meetup

Open Web Application Security Project (OWASP) Slovenian chapter had annual meet-up last month in Cyberpipe (Ljubljana’s hackerspace). Besides regular member gathering there were two security talks in agenda.

Both talks (video and slides) are below.

OWASP TOP 10 (Jure Skofic, Acrossecurity)


Blended world of embedded, web and mobile (in)security (Tadej Vodopivec, Comtrade)