Wednesday, April 22, 2009

RSA so far

So, trying to do a quick review of the first day:

Nothing really special from the keynotes. Funny to see that some people complained about Scott Charney, from Microsoft, doing a "vendor presentation". Actually I found his presentation better than the others (RSA, Symantec), as he didn't try to hide the fact he was talking about the roadmap of his products. I really don't like those vendor presentations where they show the current challenges exactly in the way that their last product is the perfect fit. Charney at least was honest about what he was showing.

The best session, as usual, was the Cryptographers panel. I was happy to hear their concerns about "Black Swans".  Bruce Schneier also mentioned his studies on Security Psychology. What I'd want to see now is how these things affect our current risk management methodologies.

After that, I watched some technical presentations, one of those about the new edition of "Hacking Exposed". Nothing really new there.

Stephan Chenette, from Websense, talked about script fragmentation attacks. Basically, javascript code being transfered in very small chunks through AJAX to evade detection, mostly by Web filters. The attack relies on code that will pull those small chunks and reassembly the exploit in order to execute it, what he called the "decoder". I think that one of the challenges of this attack is to avoid the detection of the decoder. Even if code from "non-malicious" libraries is used, I think there's still room for detection based on "decoder behaviour". An interesting part was when he mentioned cross-domain transfers to get the exploit, there are endless possibilities to explore in that direction. Decored could find (and grab)  the exploit pieces through Google searches, and those pieces could be inserted in apparently innocent comments on blogs and social networks. A lot of room to explore here.

After that I went to see some of my favorite security bloggers on the "security groundhog day panel", hosted by Mike Rothman. Some good discussions about PCI, cloud computing and compliance. It gave some ideas to write about these subjects, I'll try do it after the conference. Best quote from the conference until now was from Rich Mogull, "you need to know your own business". Dead right.

After that, Jeremiah Grossman presenting the "top 10" attacks. Nice, but I could have just read the paper and used that slot for another presentation.

And day one was over. To be honest, nothing really special until now. Let's see if I can see something nice on the expo booths.


No comments:

Post a Comment