Search

Subscribe

Enter your email address below to subscribe to our privacy and security newsletter.

Menu

• Home
• Business/Corporate
• Computer Security
• Digital Signatures
• Encryption
• Firewalls
• Intrusion Detection
• Just Plain Silly
• Personal Security
• Privacy
• Residential Security
• Security Blogs
• Security Consultants
• Spam/Anti-Spam
• Training
• Uncategorized
• Viruses
• Wireless Security

CanSecWest Conference - Day One Review

By Ian Scott

Although this was the fifth CanSecWest annual conference, it was my first time attending the event in the beautiful city of Vancouver, British Columbia.

I arrived the day before and had an opportunity to check into the hotel, go for a walk, and have a nap to adjust to the three hour time change.

The event itself started in the afternoon on Wednesday May 4. The morning hours were for registration which seemed a bit disorganized but I took advantage of the long line by acquainting myself with others queuing for the registration table. Upon finally reaching the registration table, I was handed my badge, a shirt, and a very nice knife made by Grohman Knives with the CanSecWest 05 logo on the blade.

I did not take advantage of the “DoJo” sessions that were offered on Tuesday morning - for one thing, 8AM is an ungodly hour to get up at when one has just flown three thousand miles. Considering that many of the attendees flew in from Europe for the conference, CanSecWest organizers may want to re-think the time for these sessions for future conferences.

Wednesday afternoon saw the conference open with Cedric Blancher’s discussion on “Mobile Workstations, mitigating the crawling trojans.” Unfortunately I missed this presentation as I misread the time 13:00 as 3:00. Although I’ve worked with a 24 hour clock for years, my brain must have still been getting used to the clean air of Vancouver.

Once I realized my error, I hightailed it to the conference area and managed to take in the last half hour of Maximillian Dornseif’s “0wn3d by an iPod: Firewire/1394 Issues.”

David Maynor was next up with a very interesting talk entitled “0wn3d by everything else: USB/PCMCIA Issues.” It was fascinating to me to discover that rootkits could be installed on things such as video cards that would be undetectable.

Brian Martin & Jake Kouns, directors of the Open Security Foundation were next up with their talk on Vulnerability Databases. This was a very interesting discussion of the history of vulnerability databases, problems with assumptions about VDB’s, and standards. Martin and Kouns discussed their own vision for OSF’s VDB.

Mike Schiffman from Cisco then had the floor with his topic, “The Common Vulnerability Scoring System.” Mike explained how he was involved with a working group that aimed at coming up with a standard scoring system to rate vulnerabilities based on a number of criteria. Part of this system allows organizations to determine their own risk factors which means that the scoring system, although standardized, would allow different organizations to rate vulnerabilities differently depending on their own unique circumstances. More information along with a spreadsheet may be obtained here.

Last but not least on Wednesday was Fernando Gont who flew in from Argentina to discuss his paper on ICMP attacks against TCP. Unfortunately, Gont has a heavy accent and I was unable to understand a lot of what he was saying. I did notice however that there seemed to be some debate after Gont’s presentation about the practicality of the attacks he was discussing.

That wrapped up the days formal events which were followed by some interesting “lightening talks” that could last no longer than five minutes. When the day was completed, I had some time to talk with other attendees who all agreed that it was a very interesting day.

My review of day 2 and 3 to follow.

Read more in: Training |

© SecPriv.com | About/Disclaimer | Privacy Policy