I just got back from London and the RSA Europe conference, I've had a great week! In addition to a solid program, the conference is a hotspot of highly skilled professionals. I ended up in a lengthy discussion at the Microsoft stand on the possibilities of the new Forefront Threat Management Gateway (TMG), and the Unified Access Gateway (UAG). One chat with a Microsoft professional, and I learned that the UAG is much more versatile than the official webpages indicate. Of course, I had many more interesting conversations with both sponsors and visitors to the conference. I have to mention that I was fortunate enough to bump into Steve Lipner from Microsoft while I was on my way from one session to another. I happened to be carrying around my SDL-book, he was kind enough to sign it. Good stuff!
I'll summarize some of my favorite sessions from the conference:
Schneier's keynote
Bruce Schneier's keynote on "Security, privacy, and the generation gap" was great. He touched upon many interesting aspects of privacy, like how we do our privacy decisions (how we give it up), or the social challenges we face when spending time on social networks. He referred some very interesting research, here's one of the examples: In group A each person is given an anonymous value coupon worth $8 with the option of exchanging it in a coupon worth $10 — but the $10 coupon would include the person's name and address. In group B the setting is reversed, each person receives a $10 coupon with their name and address on it, and gets the option of switching it for an anonymous $8 coupon. One would expect to find the same pattern in both groups. However, the group who received their anonymous coupons first were more reluctant to give up their privacy! I've tried to find an article on the study, without success. I'll add the link here if I can find it, it's thought provoking stuff.
My metric of a good keynote is to which extent it makes you think. After Schneier's talk, I had a lot to think about!
Application level DoS
Bryan Sullivan from Microsoft's SDL team gave an important talk: "When a billion laughs are not so funny: application-level denial of service". He discussed a class of very potent attacks, where a carefully crafted attack will consume server side resources to the point where the server resources are depleted. The interesting aspect of these attacks is the assymetry. By sending a request which is only a couple of hundred bytes, the server can be triggered to consume all of its memory and/or cpu. Sullivan made a point of the assymetry, and also the difficulties in detecting or preventing these attacks — other than writing secure code in the first place of course.
Sullivan gave two important examples, one for regex and another for XML parsers. To aid in the detection of vulnerable regex statements, the SDL team has released a Regex Fuzzer. On that link, you'll also find references to how the vulnerability works. There's also an MSDN article on the challenges with XML parsing, check it out — especially if you're consuming untrusted XML!
Attacking mobile messaging
Another great session was the "Attacking mobile phone messaging" by Lackey and Miras. It was no surprise that the telephone system had major vulnerabilities. However, Lackey and Miras had set up an attack showing just how flawed the design of the administrative part of the mobile phone system is. Great presentation, a great demo, and they were both excellent speakers. And yeah, the mobile messaging system has major issues.
Flash security
Adobe's Peleus Uhley gave a great talk on the security model for flash content and how to develop more secure flash applications. I haven't been working on flash content security before, so this was a brave new world for me. Uhley gave a great overview on how the whole Flash-model worked and what the challenges are as a Flash designer/developer. In short, treat your Flash animations with as much care as your do with your web applications! Check out the Owasp Flash Security Project to get up to speed, it's run by Uhley and contains all the important references you need.
And the other stuff
There were a lot of other interesting sessions but — like always at a conference — you once in a while realize that you went to the wrong session. That's how it goes! Apart from the sessions mentioned above I attended the sessions that where either SDL oriented, or targeting more technical security.
There was of course a vibrant social life after the formal program ended, I had great fun. I'm not outing anyone here, so: Thanks guys, you know who you are! :)
Subscribe to:
Post Comments (Atom)
Read other popular posts
-
Security headers in an HTTP response There are many things to consider when securing a web application but a definite "quick win&qu... -
I just found out that Terminal services manager does not exist in Windows 7. But fear not, the Remote Desktop Services Manager will do the ... -
The release of Firesheep a week ago brought a lot of attention to a problem that has been known for many, many years: cookies sent over both...
-
Early this year Google started rolling out their new two-factor authentication procedure, which they refer to as 2-step verification. On t...
-
OWASP recently released their Top Ten 2013 list of web application vulnerabilities. If you compare the list to the 2010 version you’ll see t... -
A couple of weeks ago I was remotely involved in a discussion on password hashing in .NET with @thorsheim , @skradel , and @troyhunt . (Foll...
-
I guess it was long overdue for me to follow up on my Hardening Windows Server 2003 SSL/TLS configuration and Windows server 2003 vs 20... -
Visual Studio Online looks pretty cool so I’ve decided that I'll use it for the next NWebsec release. The project setup was relatively... -
The .NET 4.5 framework was released a couple of months ago and it included several improvements in the security area. To benefit from these ...
-
Just a quick note on an error I often run into when I'm working on my Azure applications. I usually create Azure packages and upload the...
Thanks for sharing this text. Virtually satisfied to look at this newsletter and I will refer this website online to my buddies. custom dissertation writing service Extraordinary submit, loads interesting. Thanks for your submit. Keep up the coolest work. I surely appreciate your paintings and I wish in future I’m able to move returned for extra data. Like this one.
ReplyDeletenehru place call girls
Deletenehru place russian call girls
andheri escorts
aerocity call girls
anjuna beach call girls
mcleodganj call girls
bandra call girls
یکی از بهترین سایت های موزیک برای دانلود آهنگ سایته: دانلود آهنگ جدید
Deleteمی باشد که دارای ارشیو کامل از
you should be given your freshly-cooked educational cardstock inside the twinkling connected with an eyeball!
ReplyDeletehttps://eliteessaywriters.com/
So you know that we can have free jigsaw puzzles online in a random websites.
ReplyDeleteVery good informative article. Thanks for sharing such nice article, keep on up dating such good articles.
ReplyDeleteNO.1 SYSTEM INTEGRATION SERVICES | SYSTEM INTEGRATION MIDDLEWARE | MASSIL TECHNOLOGIES
The free roblox robux is very awesome game with lots of new adventures and thrill.
ReplyDeleteVery good informative blog, Thanks for sharing.
ReplyDeleteBest Paper Products Manufacturer Company | Thoran Paper Products
Mostly solution
ReplyDeleteMostly solution
Mostly Solution
Mostly Solution
Mostly Solution
Mostly Solution
There are Nursing Papers for Sale that are harder to complete than others. Thesis, dissertations, and research papers are some of them. Even if you are enthusiastic and capable student, you might need Thesis Proofreading Services in coping with your difficulties.
ReplyDeleteIt is understandable that one is more confident when their task is in the hands of the Research Writing Help than a novice; thus, one hires Custom Dissertation Writing Service who delivers the ideal Custom Term Paper Writing.
ReplyDeleteAre you looking to hire the best Custom College Papers Writing Services? It is helpful to note that the content of Legitimate Custom College Paper are unique and non-plagiarized and each Custom College Paper should be verified meticulously by editors before it can be sent to you.
ReplyDeletePlease refer below if you are looking for Online Job Support and Proxy support from India
ReplyDeleteJava Online Job Support and Proxy support from India | AWS Online Job Support and Proxy Support From India | Python Online Job Support and Proxy Support From India | Angular Online Job Support from India | Android Online Job Support and Proxy Support from India
Thank you for excellent article.
Please refer below if you are looking for Online Job Support and Proxy support from India
ReplyDeleteJava Online Job Support and Proxy support from India | AWS Online Job Support and Proxy Support From India | Python Online Job Support and Proxy Support From India | Angular Online Job Support from India | Android Online Job Support and Proxy Support from India| SAP MM Online Job Support and Proxy support from India | ETL Testing Online Job Support and Proxy Support From India | SAP SD Online Job Support and Proxy Support From India
Thank you for excellent article.
Please refer below if you are looking for Online Job Support and Proxy support from India
ReplyDeleteHadoop Online Job Support and Proxy support from India | Informatica Online Job Support and Proxy Support From India | PHP Online Job Support and Proxy Support From India | DevOps Online Job Support from India | Selenium Online Job Support and Proxy Support from India| Manual Testing Online Job Support and Proxy Support From India | DotNet Online Job Support and Proxy Support from India
Thank you for excellent article.
Please refer below if you are looking for best Training in coimbatore
ReplyDeleteHadoop Training in Coimbatore | CCNA Training in Coimbatore | AWS Training in Coimbatore | AngularJS Training in Coimbatore | Dotnet Training In Coimbatore | SAS Training In Coimbatore | R-Programming Training In Coimbatore
Thank you for excellent article.
nice blog
ReplyDeleteshimla escorts
call girls in baddi
jammu escorts
escorts manali
amritsar call girls
ambala call girls
roorkee escorts
nice blog
ReplyDeletedehradun escort
manali escorts
manali escort
escorts manali
chandigarh call girls
mussoorie escorts
haridwar escorts
rishikesh escorts
surat escort
thanks a lot for the perfect information you have shared with us. I wish you the best.
ReplyDeleteفروش اقساطی فاو 6 تن
I strongly appreciate you for sharing such a good information and I wish you the best wishes.
ReplyDeleteساندویچ پانل سقفی
the design and the content of your website is perfect and can not be ignored.
ReplyDeleteکامیونت کاویانK1051
This was nice and amazing and the given contents were very useful and the precision has given here is good.
ReplyDeleteApache Spark Training in Pune
Spark Training Institute in Pune
thanks a lot for sharing such a wonderful information wit us.
ReplyDeleteکشنده کاویان
The charming and attractive youthful Udaipur escort will be available to both the in call and the outcall. Seductive, you can definitely lose your control on my sex body Call / What's App, the time you see me. I'm on board and my hips are certified plane. My relationship organizations are slowly being searched in the city. There are a handful of people you might spot regularly coming to the town of Udaipur to contribute an incredible amount of time to Escort's mind in Udaipur.
ReplyDeleteUdaipur escort service
udaipur female escorts
call girls service in udaipur
escort service in udaipur
udaipur call girls
udaipur escorts
escorts in udaipur
udaipur russian escorts
udaipur housewife escorts
As soon as I noticed this internet site I went on reddit to share some of the love with them. 먹튀
ReplyDeleteRSA conferences in any part of the world; be it Europe or the United States have always proved to be quite advantageous especially for the attendees. I once attended an RSA conference and utilized the information about IT that I got from it in the Assignment Writing Service that I provide and that student got a direct A+ on his assignment.
ReplyDeleteAmazing website, Love it. Great work done. Nice website. Love it. This is really nice.
ReplyDeletelocast.org/activate
hbomax/tvsignin
disneyplus.com/begin
showtimeanytime.com/activate
Many of the Fba sellers on the amazon platform struggles to make money due to hiring a wrong agency. In rder to make a profitable FBA Business, you need help of an amazing marketing co amazon ppc agency which can help to grow your brand sales to the next level. An expert agency will have lot of case studies where they have grown the other brands to million dollar sales making them the best among the Industry.
ReplyDeleteWhile most of the agencies won’t have any casestudy or else will come up with fake screenshot where they show that they have reduced ACOS and improved the ROAS. To makesure, you are working with a real agency, a real ppc agency will have case studies with video proof from the brand owners where they tell that certain agency has helped them to achieve their results successful and are happy to work with them.
You can always ask certain queries about the agency before you hiring them. First things are the real casestudies and the proofs, second thing is their contract agreement length and terms and conditions of it. Many of the big agencies will lock-in the brands more than 6 months which is not a wise advice and it is always advised to work with on-month or three-month contract agencies which will help to get better data about them within this time period.
Also a good amazon ppc agency will clear explain their strategy and compared your product to those of the competitors and provide tips on how they are going to increase the sales, optimize the listing, budget required and all kind of necessary information which is required to succeed. Thus you can choose wisely an amazon agency which will help your brand to grow its sales.
While looking for playing outdoors these days, it was very difficult as most of the children are addicted to smartphones. Addiction to smartphones has come like a big headache for the parents, they need to find a way to grab the childrens attention away from phones and have a healthy habits which benefits their physical and mental health. This is where kids ride on cars has become one of the popular toys among the kids to play and have fun.
ReplyDeleteThe kids electric cars will help to come out and play outdoors due to their look alike real cars making the children more enthusiastic and fascinated to play with those toys. The parents can operate the electric rideons with the help of a remote control and hence the children can enjoy the ride while they are thinking like a real riders sitting in the car and having lots of joy and happiness. However, these toys comes in a bit pricy compared to normal toys which are under a 30 dollars price, while these toys costs close to 100 to 200 pounds in general based on the model and specifications of the car. Check here for best rideons.
While there are high end models like off-road electric cars which are for big kids and come with a battery of 24V making them more powerful and fits perfectly to ride for the age above 8 years old. Thus these kinds of cars are helping the children to move away from the phones and enjoy the outdoors which will help for physical exercise and improve their health as well.
Also there are Licensed kids electric cars in the segments where the big brands like BMW, Ford, Audi, Lamborghini, Mercedes etc type real world cars are being made in a tiny cars which attracts children so much towards these little rideons. Especially girl child can prefer pink color lamborghini cars if they are fascinated about the sports cars and the boys can choose whatever car model they have interest in. Thus you can purchase a good rideon car for your kid and improve their Joy further.
에볼루션게임 먹튀검증 안전노리터 go
ReplyDeleteشراء اثاث مستعمل
ReplyDeleteشركة شراء اثاث مستعمل
صيانة افران بمكة
ReplyDeleteشركة صيانة افران بمكة
Thanks for sharing such an informative blog about highlights from the RSA Euro conference '10. Keep sharing your good work. Now repair your mobile in Baltimore from vfixphonesandtech.com check out for more information.
ReplyDeletedswt
ReplyDeleteWhat an excellent article you have shared. Keep it up!
ReplyDeleteHire the best MBA assignment provider who assists you with MBA Assignment Help online. Assignmenttask.com delivers top-notch assignment solutions to your challenging homework. Our subject area experts provide 100% plagiarism free content at the minimum price.
Thank you for this valuable article
ReplyDeleteGet the Professional Experts Assignment Helper at Case Study Help Singapore.
We have 1000+ Singapore assignment expert writers alone for almost all subjects. Students are you stuck on your assignment writing, and do you have no time to complete it? Here is the best solution for you. We are Singapore's top assignment help service providers and offer the best price.
Get Answers to Questions from Experts at Assignmenttask.com. The Assignment Task provides assessment answers to all questions for students. We offer Plagiarism Free Assignment Writing Services. Our coursework writers always provide plagiarism-free content that ensures 100% original writing by providing Turnitin reports to every student.
ReplyDeleteGet UK Assignment Help Services for Students from Experts. Case Study Help UK is 100% Affordable, and get ready for your assignment in just a few hours. Students, you can hire British Experts for online Assessments & Homework help. We have many projects, including Dissertation help, Professional Essay Writing, Law, Nursing, and Business. So students, if you need any assignment writing help, you can meet us on the Internet.
ReplyDeleteCase Study Help South Korea
ReplyDeleteBe sure to get the best writing assignment helper services in South Korea for your assignments and achieve the top grades in all your assignment writing solutions by Case Study Help South Korea. We provide professional Assignment Help services in any subject from Korean Experts. We are all time available on the Internet.
Get Answers to Questions
ReplyDeleteAre you searching for Get Answers to Questions? Meet us online at Assignmenttask.com. Hire academic Experts for your assessment projects. Our group of experts has work experience, and they know better how students can get high scores on their homework. Do you want a better score on your assignment so you can contact us?
Thanks for sharing beautiful content. I got information from your blog. keep sharing
ReplyDeleteabogado de lesiones personales del norte de virginia
Thank you for providing this information. Visit us for Getting Best Online Tuition for Cambridge International Board at Affordable prices.
ReplyDeleteThanks for sharing this wonderful post!
ReplyDeleteAssignmenttask.com is a one-stop solution for your Assignment Help UAE. We have academic writers who assist you with plagiarism free work. You get all academic assistance under one roof.
We are offering custom assignment writing services in UAE at affordable prices.