Wednesday, May 17, 2006

CONFidence 2006 - trip report

I've just come back from a small conference in Krakow, CONFidence 2006. It was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second edition of this security conference, which is organized by a non-profit organization, PROIDEA, whose primary goal is to promote education in computer science. Apart from CONFidence, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y also organize conferences focused on BSD systems and various training courses.

Below I describe some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talks that I found particularly interesting among those which I managed to see...

Pawel Pokrywka gave a very interesting talk about security issues with DSL infrastructure as used by one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 biggest polish ISP. He discovered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 auto-configuration protocol which is used to setup every single DSL modem of that company. He cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n prepared modem-emulator script which allowed him to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 configuration data (including username and password) for any modem in Poland he wanted. This could allowed an attacker to actually 0wn all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DSL modems belonging to this operator! It was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best presentation in my opinion, not only it was technically interesting, but also was very well presented.

Lukasz Bromirski is a system engineer in Cisco Poland and is a very popular speaker at polish conferences. He gave three (!) lectures cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re, about BGP Blackholing, Dynamic Routing Protocols (OSPF and BGP) and one more about network attacks on L2 and L3 levels. Lukasz turned out as a very knowledgeable and experienced network engineer who is also a good presenter.

Przemyslaw Frasunek is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r frequent speaker at Polish conferences. He is a well known BSD expert, but his talk was about Bluetooth security. Although it wasn't kind of an '0day talk', I think it was a good introduction to Blootooth stack and several basic attacks and was very professionally presented.

I also liked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two talks presented by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 members of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security Team of Supercomputer-Network Center in Poznan. Blazej Miga talked very deeply about Apache architecture and internals, while Jaroslaw Sajko demoed how to write extension modules for IPTables. This team got lots of media attention in Poland last year, after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y found several critical bugs in Gadu-Gadu, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most popular Polish IM communicator.

Overall, level of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talks was pretty good. Similarly like on ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r small conferences, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 atmosphere was very cozy and friendly. Organizers took very good care of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 speakers, taking us to various nice restaurants and entertaining all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time (even cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference). Krakow is actually a very nice city, probably one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nicest in Poland. It is a little bit like Prague - it has a very large old town, with lots of nicely decorated restaurants (in an 'old polish' style) serving very tasty food :)

It was also very positive to see how enthusiastic those people are and it was clear to me that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y really do this conference for fun and not for profit. I wish cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m success with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next edition in 2007!

Friday, May 12, 2006

SVV Source Code Made Public!

I decided to publish cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 full source code of my System Virginity Verifier. The license grants you to do anything with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 code, including using it in a commercial product.

Unfortunately I don't have time to furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r develop SVV, but I still believe that this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right approach for system compromise detection (which still requires lots of work to be put into it though). It's actually very surprising for me to see only one anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r product which uses similar idea for detecting system compromises, that is Microsoft's Patch Guard.

I hope that publishing SVV source code might be useful in two situations:

First, it should help to reduce implementation specific attacks, as used by malware against rootkit detectors (remember holly_facá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r's shop?). Having cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sources allows anybody to compile his or her own private detector, a little bit different from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one which is targeted by malware's anti-detection engine. This might include changing I/O interface between usermode and kernel mode component of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 detector, changing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 order of certain actions, etc...

The above statement applies actually not only to SVV, but to any ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r rootkit/malware detector with open sources.

Second, I hope that having SVV sources opened can encourage people to extend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subset of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sensitive OS elements which are verified by SVV, thus minimizing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "hooking space" which can be used by malware. This should consequently eliminate simple, yet annoying malware from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market...

SVV sources and some presentations about its design can be found here.