Stockholm Sec-T Conference Roundup

However, what often gets lost is that it is the speakers and the content that make a conference not just the surroundings. So when considering this important fact the inaugural Sec-T conference in Stockholm was a very exciting prospect for anybody interested in cutting edge security research.

No matter what your role is in the Information Security industry there was a talk that would be of interest. Here is a flavour of what you would have heard if you were an attendee.

Virtualisation is secure, isn’t it? As we have learnt ourselves through John Fitzpatrick’s research project the answer as we might have predicted new technologies have new threats. Oded Horowitz works for VMWare and talked about how rather than having to accept new threats you can use Hypervisor technology to catch malicious behaviour within your virtual machines in real-time.

Hacking is all done by misguided teenagers in their bedrooms! That semi-romantic picture is still held to be true by many but in reality is far from the truth. Today’s enemy is highly organised, well funded and interested in making lots of money. Mikko Hyponen from F-Secure gave lots of practical examples of this and why we should all be wary.

After hearing about the prevalence of IT related crime around the world it is comforting to hear that there are people trying to bring the to justice. People working in criminal justice still need educating and Bosse Norgren talked about the efforts being made to achieve this in Sweden.

The guys from Outpost 24 demoed their new SockStress framework and at the same time gave a warning about a new class of DoS attacks that are just around the corner. They didn’t reveal any details, but using techniques such as client side “SYN cookies” appears to be a fundamental cornerstone of lots of new methods for causing havoc inside IP stacks.

Christer Oberg, Claes Nyberg and James Tusini talked about how even the most venerable Operating Systems are at risk if the assumption is made that they are secure. They presented their talk on OpenVMS hacking that was given at Defcon 16 this year but included further details about some of the previously disclosed vulnerabilities and some new ones.

If you run SAP on your network you should be very concerned, that is the conclusion you will reach if you watch any of Mariano Nunez di Croce’s presentations on the subject. He outlined the new improvements to his SAP testing framework (sapyto) and also demonstrated the plugin that can be used to tunnel connections through a SAP router.

The special guest speaker was the worst kept secret at the conference, especially when you are talking to him at breakfast! As usual Felix ‘FX’ Lindner spoke eloquently and passionately about the crucial role of Cisco security in the majority of network environments including the Internet. It is good to know that the work being done on Cisco forensics includes an understanding of how developments in exploitation techniques and rootkits are progressing and how they can be countered as they evolve.

The other talks that aren’t described in detail were also very interesting and covered topics such as how to practically develop a Mac OSX rootkit, how global politics and Information Warfare are now intrinsically linked and of course the best talk was obviously about IBM Websphere MQ security. Or maybe that’s just because I haven’t got an unbiased opinion! In reality this was a very well organised and run conference and I am just one of many looking forward to a return trip next year.