Wednesday, August 06, 2003

Recent Security Conference Thoughts

Over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last three weeks, I've attended and/or spoken at events held by SANS, Black Hat, and USENIX. I was struck today by my perceptions of each group of attendees, which don't necessarily reflect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attendees of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past:



  • SANS is less of a "conference" and more a source of weekly classes, populated mainly by newbies. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instructors, like Ed Skoudis and Eric Cole, rock. The SANS archive begins with SANS Network Security 99, which I attended. Back in 1998 and 1999, SANS was known for its "SANS" conference held in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spring, and its "Network Security" conference in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fall. The audience was much different cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n; people I only saw once a year met me at SANS. Now I confine myself to invited talks where I present my own material or niche courses lasting one or two evenings.

  • Black Hat was strictly an annual event from 1997 to 1999. In 2000 Black Hat branched out to Singapore and Amsterdam, and now 3-4 "conferences" are held each year. Still, Black Hat (at least in Las Vegas) has retained its "hacker image," with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 audience consisting of assessment-minded white hats, brave gray hats, and lots of feds. This is now my favorite conference and I see most of my "once-a-year" colleagues here.

  • This week is my first USENIX Security symposium. What can I say -- it's all researchers. I'm surrounded by college kids with grants from DARPA, NSF, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r agencies! USENIX has quite an international flavor too, and acts more academic. For example, while SANS sells thick books of slides, and Black Hat provides all its slides on CD-ROM (smart), USENIX publishes "proceedings," complete with ISBN. Eventually cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will be online, but I found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se to be interesting:


    • Two by Niels Provos, who wins cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "most-blacked-out-entries-on-a-web-site award" with "Preventing Privilege Escalation (.pdf) (think OpenSSH) and "Improving Host Security with System Call Policies" (.pdf) (think systrace)

    • "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions" (.pdf.gz) -- props must go out to Mike Schiffman's libradiate, since he paved cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way last year!

    • Andy Ellis of Akamai gave an awesome talk of administering 14,000 servers, but his slides aren't online. He described cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet as being composed of "10,000 economic entities," NOT "dominated by seven or eight ISPs," and said "most traffic reaches users via small access networks," like T-1s and T-3s. He also said "BGP is all about screwing your neighbor," because ISPs want to get traffic off cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir pipes if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 endpoint isn't on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir network! So, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y advertise high metrics and as a result BGP offers neicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r performance nor reliability. He related how Level 3 had a problem a few years ago, when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y attracted all Internet traffic by mistakenly advertising a "negative metric." Andy described how Akamai maps out 50,000 "core points," where only two core points are used in every Internet session, every 12 hours via ping and traceroute. Akamai routes requests for content over an "overlay network," and maps users to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 closest content based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DNS server cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y used to resolve hostnames.



I'm interested in attending CanSecWest next spring. It's a small annual event which features interesting speakers, similar to Black Hat.

No comments: