I really appreciated my two days at Hackfest 2010.
In my opinion, two speakers stood out of the crowd:
First, Olivier Bilodeau, a PaketFence developer, gave us a good tour of the 802.1X standard, the benefit of implementing it, the protocol weakness and ways to attack it. He gave us use case scenarios and example of a smooth roll-out plan.
Second, Danny Fullerton from Mantor Organization, told us about the broken security model used by all major OS. He introduce us to Qubes-OS, the exception from the rule. One point that got my attention was when he told us that a web of trust could be achieve by leveraging the DNSSEC infrastructure to distribute keys in PKI implementations (read “SSL”). I think it is a “tip of the iceberg” point of view and I’ll elaborate on that topic at some later time. Bottom line: he’s really onto something big (I think I’m the someone he is referring to).
One weak point to the event: one presentation wasn’t “l33t” enough for the technical audience he was speaking to. Although Guy Bruneau, an instructor from SANS.org, is a great communicator, his presentation about DLP wasn’t about DLP! It was simply a 101 course on using grep with regular expressions. In my mind, grep doesn’t equal to DLP. Maybe the title of his presentation was misleading. I do need to point out that his last year Wireshark presentation was very good.
Overall it was a very good event.
See ya next year!