Ma petite parcelle d'Internet...

usecwest/core06 is now closed. It's been a very good conference, top of the list. Rendez-vous is taken for next year, targetting an even better event. Here's my thoughts for today's talks...

Lire la suite...

usecwest/core06 being the first european opus for Cansecwest/Pacsec organizers, everything went surprisingly smoothly. Good reception, good food (what can almost be considered as an achievement in UK) and, most importantly, nice presentations. Here's the first day talks.

Lire la suite...

e're on the middle of Eusecwest/core06. After dojos, we'll have two days of conference starting on monday with very appealling talks.

I'm currently preparing a lightning talk for tuesday. I'm planing to have a fully working demonstration of NoCatSplash bypass, usurpating an authorized client. I've shown this before, but there was always something wrong and it was not really complete. If everything goes as planed, I will try to spot and fix that small bug that is preventing me from demonstrate this will station isolation activated. I'll then have 10 mn to perform that properly and smoothly. Hope Murphy will feel like not bothering me on this one.

ended my last post on SecureCon at Chris talk on heap overflows, thursday morning. The presentation was very technical, maybe too much for me, but the results are definitly very interesting, especially the part on working around XP SP2 and 2003 SP1 protections.

After lunch, we had a very good talk detailing lawful interceptions from both legal and technical point of vues. Then came MacOSX security, in which I'm not very interested at the time. Sorry :) Finally, I closed thursday session with a talk on WiFi traffic injection. Being the last one, I had the opportunity to go beyond the expected deadline, speaking for nearly one hour and a half, and the audience stayed for the whole talk and demos. \o/

Friday started with two short sponsors presentations, and a longer talk on identity driven networks by a guy from another sponsor. I must have missed something important because I couldn't grab his point, probably lost by a whole bunch of buzz words. The Wietse had a wonderful talk about Postfix MTA. This guy is very nice and all the more impressive, it was a real pleasure and honor for me to meet him. The last morning presentation was about hardening Apache configuration.

The afternoon was targeted upon copyright, with two excellent talks on DRM and Kazaa trial in Australia. Then came a panel discussion on DRM. One very good point was that question on the fact that DRM does not allow (yet ?) copyrighted stuff to fall in public domain for their protection don't expire in time, thus breaking most laws on copyright.

In the end, SecureCon 2006 was an excellent conference, and a success as more than 300 attendees registred. Photos are now online.

landed in Melbourne for SecureCon 2006 yesterday morning at 6:25 after a 23 hours journey via Singapour. It's so good to reach destination, especially when it implies shifting season from winter in France to full summer here in Australia, with nearly 25°C temperature delta and +10h jet lag.

SecureCon began yesterday with two excellent workshops. Tas Dionisakos presented SSH basic capabilities, fully covering static and dynamic port redirection, then Nick Savvides launched a Hackathon, using lately announced Backtrack live distro. Then I finally could get some rest. This morning, we had a wonderful keynote talk from Wietse Venema, TCP wrappers, SATAN and Postfix author, about lessons learn from opensource development in IT security field, just followed by an Oracle full marketing/commercial "security matters to us" blablabla. Then Chris Spencer from Ruxcon exposed MS Windows heap allocation strategies and reviewed exploitation technics.

There's still more to come before I close this first day with my (yet again) "Traffic injection in WiFi networks" talk, and there's a bunch of nifty presentations for tomorrow.