Hackfest 2010

I really appreciated my two days at Hackfest 2010.

In my opinion, two speakers stood out of the crowd:

First, Olivier Bilodeau, a PaketFence developer,  gave us a good tour of the 802.1X standard, the benefit of implementing it, the protocol weakness and ways to attack it.  He gave us use case scenarios and example of  a smooth roll-out plan.

Second, Danny Fullerton from Mantor Organization, told us about the broken security model used by all major OS. He introduce us to Qubes-OS, the exception from the rule. One point that got my attention was when he told us that a web of trust could be achieve by leveraging the DNSSEC infrastructure to distribute keys in PKI implementations (read “SSL”). I think it is a “tip of the iceberg” point of view and I’ll elaborate on that topic at some later time. Bottom line: he’s really onto something big (I think I’m the someone he is referring to).

One weak point to the event: one presentation wasn’t “l33t”  enough for the technical audience he was speaking to. Although Guy Bruneau, an instructor from SANS.org, is a great communicator, his presentation about DLP wasn’t about DLP! It was simply a 101 course on using grep with regular expressions. In my mind, grep doesn’t equal to DLP. Maybe the title of his presentation was misleading. I do need to point out that his last year Wireshark presentation was very good.

Overall it was a very good event.

See ya next year!