Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Oct 16, 2010

Some highlights from the RSA Euro conference '10

I just got back from London and the RSA Europe conference, I've had a great week! In addition to a solid program, the conference is a hotspot of highly skilled professionals. I ended up in a lengthy discussion at the Microsoft stand on the possibilities of the new Forefront Threat Management Gateway (TMG), and the Unified Access Gateway (UAG). One chat with a Microsoft professional, and I learned that the UAG is much more versatile than the official webpages indicate. Of course, I had many more interesting conversations with both sponsors and visitors to the conference. I have to mention that I was fortunate enough to bump into Steve Lipner from Microsoft while I was on my way from one session to another. I happened to be carrying around my SDL-book, he was kind enough to sign it. Good stuff!

I'll summarize some of my favorite sessions from the conference:



Schneier's keynote
Bruce Schneier's keynote on "Security, privacy, and the generation gap" was great. He touched upon many interesting aspects of privacy, like how we do our privacy decisions (how we give it up), or the social challenges we face when spending time on social networks. He referred some very interesting research, here's one of the examples: In group A each person is given an anonymous value coupon worth $8 with the option of exchanging it in a coupon worth $10 — but the $10 coupon would include the person's name and address. In group B the setting is reversed, each person receives a $10 coupon with their name and address on it, and gets the option of switching it for an anonymous $8 coupon. One would expect to find the same pattern in both groups. However, the group who received their anonymous coupons first were more reluctant to give up their privacy! I've tried to find an article on the study, without success. I'll add the link here if I can find it, it's thought provoking stuff.

My metric of a good keynote is to which extent it makes you think. After Schneier's talk, I had a lot to think about!

Application level DoS
Bryan Sullivan from Microsoft's SDL team gave an important talk: "When a billion laughs are not so funny: application-level denial of service". He discussed a class of very potent attacks, where a carefully crafted attack will consume server side resources to the point where the server resources are depleted. The interesting aspect of these attacks is the assymetry. By sending a request which is only a couple of hundred bytes, the server can be triggered to consume all of its memory and/or cpu. Sullivan made a point of the assymetry, and also the difficulties in detecting or preventing these attacks — other than writing secure code in the first place of course.

Sullivan gave two important examples, one for regex and another for XML parsers. To aid in the detection of vulnerable regex statements, the SDL team has released a Regex Fuzzer.  On that link, you'll also find references to how the vulnerability works. There's also an MSDN article on the challenges with XML parsing, check it out — especially if you're consuming untrusted XML!

Attacking mobile messaging
Another great session was the "Attacking mobile phone messaging" by Lackey and Miras. It was no surprise that the telephone system had major vulnerabilities. However, Lackey and Miras had set up an attack showing just how flawed the design of the administrative part of the mobile phone system is. Great presentation, a great demo, and they were both excellent speakers. And yeah, the mobile messaging system has major issues.


Flash security
Adobe's Peleus Uhley gave a great talk on the security model for flash content and how to develop more secure flash applications. I haven't been working on flash content security before, so this was a brave new world for me. Uhley gave a great overview on how the whole Flash-model worked and what the challenges are as a Flash designer/developer. In short, treat your Flash animations with as much care as your do with your web applications! Check out the Owasp Flash Security Project to get up to speed, it's run by Uhley and contains all the important references you need.

And the other stuff
There were a lot of other interesting sessions but — like always at a conference — you once in a while realize that you went to the wrong session. That's how it goes! Apart from the sessions mentioned above I attended the sessions that where either SDL oriented, or targeting more technical security.

There was of course a vibrant social life after the formal program ended, I had great fun. I'm not outing anyone here, so: Thanks guys, you know who you are! :)

30 comments:

  1. Thanks for sharing this text. Virtually satisfied to look at this newsletter and I will refer this website online to my buddies. custom dissertation writing service Extraordinary submit, loads interesting. Thanks for your submit. Keep up the coolest work. I surely appreciate your paintings and I wish in future I’m able to move returned for extra data. Like this one.

    ReplyDelete
    Replies
    1. یکی از بهترین سایت های موزیک برای دانلود آهنگ سایته: دانلود آهنگ جدید
      می باشد که دارای ارشیو کامل از

      Delete
  2. you should be given your freshly-cooked educational cardstock inside the twinkling connected with an eyeball!
    https://eliteessaywriters.com/

    ReplyDelete
  3. So you know that we can have free jigsaw puzzles online in a random websites.

    ReplyDelete
  4. The free roblox robux is very awesome game with lots of new adventures and thrill.

    ReplyDelete
  5. thanks a lot for the perfect information you have shared with us. I wish you the best.
    فروش اقساطی فاو 6 تن

    ReplyDelete
  6. I strongly appreciate you for sharing such a good information and I wish you the best wishes.
    ساندویچ پانل سقفی

    ReplyDelete
  7. the design and the content of your website is perfect and can not be ignored.
    کامیونت کاویانK1051

    ReplyDelete
  8. thanks a lot for sharing such a wonderful information wit us.
    کشنده کاویان

    ReplyDelete
  9. RSA conferences in any part of the world; be it Europe or the United States have always proved to be quite advantageous especially for the attendees. I once attended an RSA conference and utilized the information about IT that I got from it in the Assignment Writing Service that I provide and that student got a direct A+ on his assignment.

    ReplyDelete
  10. Thanks for sharing such an informative blog about highlights from the RSA Euro conference '10. Keep sharing your good work. Now repair your mobile in Baltimore from vfixphonesandtech.com check out for more information.

    ReplyDelete
  11. What an excellent article you have shared. Keep it up!
    Hire the best MBA assignment provider who assists you with MBA Assignment Help online. Assignmenttask.com delivers top-notch assignment solutions to your challenging homework. Our subject area experts provide 100% plagiarism free content at the minimum price.

    ReplyDelete
  12. Thank you for this valuable article
    Get the Professional Experts Assignment Helper at Case Study Help Singapore.
    We have 1000+ Singapore assignment expert writers alone for almost all subjects. Students are you stuck on your assignment writing, and do you have no time to complete it? Here is the best solution for you. We are Singapore's top assignment help service providers and offer the best price.

    ReplyDelete
  13. Get Answers to Questions from Experts at Assignmenttask.com. The Assignment Task provides assessment answers to all questions for students. We offer Plagiarism Free Assignment Writing Services. Our coursework writers always provide plagiarism-free content that ensures 100% original writing by providing Turnitin reports to every student.

    ReplyDelete
  14. Get UK Assignment Help Services for Students from Experts. Case Study Help UK is 100% Affordable, and get ready for your assignment in just a few hours. Students, you can hire British Experts for online Assessments & Homework help. We have many projects, including Dissertation help, Professional Essay Writing, Law, Nursing, and Business. So students, if you need any assignment writing help, you can meet us on the Internet.

    ReplyDelete
  15. Case Study Help South Korea
    Be sure to get the best writing assignment helper services in South Korea for your assignments and achieve the top grades in all your assignment writing solutions by Case Study Help South Korea. We provide professional Assignment Help services in any subject from Korean Experts. We are all time available on the Internet.

    ReplyDelete
  16. Get Answers to Questions
    Are you searching for Get Answers to Questions? Meet us online at Assignmenttask.com. Hire academic Experts for your assessment projects. Our group of experts has work experience, and they know better how students can get high scores on their homework. Do you want a better score on your assignment so you can contact us?

    ReplyDelete
  17. Thanks for sharing this wonderful post!

    Assignmenttask.com is a one-stop solution for your Assignment Help UAE. We have academic writers who assist you with plagiarism free work. You get all academic assistance under one roof.
    We are offering custom assignment writing services in UAE at affordable prices.

    ReplyDelete
  18. Are you looking for Organizational Culture Assignment Help in UK at low price? Choose Case Study Help in UK we provide 100% unique and plagiarism free work at affordable price for college and university students. Visit Us now!

    ReplyDelete
  19. Do you want MBA Case Study Help Australia from top subject matter experts? Choose Case Study Help Australia for any kinds of Assignments. We have a team of professional qualified dedicated experts who provide 100% unique and plagiarism free work to every student. Visit us now!

    ReplyDelete
  20. Cosmetic dentistry in Dubai has become increasingly popular in recent years, with many people seeking to improve the appearance of their teeth and smile. From teeth whitening to veneers, there are a variety of treatments available to enhance the aesthetics of your teeth. With world-class facilities and experienced dental professionals, Dubai has become a hub for cosmetic dentistry in the Middle East.

    ReplyDelete
  21. Struggling with the complexities of your dissertation? Feeling overwhelmed by extensive research and critical analysis? Ease your burden by entrusting us with the task. "Do My Dissertation For Me
    " is not just a keyword – it's a lifeline for students seeking expert assistance. Our seasoned professionals are adept at delivering comprehensive dissertations aligned with your research goals. From formulating research questions to refining writing styles, we tailor our services to your needs. Rest assured, your originality and academic integrity will always be preserved. Partner with us to transform this daunting journey into a rewarding academic accomplishment. With our support, your dissertation will stand as a testament to your dedication and contribute significantly to your field. Don't let the weight of your dissertation hold you back – let us help you succeed.

    ReplyDelete
  22. Excellent and informative blog! Thanks for sharing.
    Elevate your expertise with our ISO 9001 Lead Auditor Training. Master the skills needed for effective quality management systems.

    ReplyDelete

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts