This Feb. 14th I had off for Presidents Day (happened to also be Valentines Day). Luckily I have a wonderful wife and she let me run off to San Fransisco to attend B-Sides San Fransisco.

Unfortunately, on my way there the traffic on the bridge took longer than I had planned and I missed the first talk.

The next talk in track 2 was Selling Security Without Selling Your Soul given by Aaron Cohen. It was a good talk with some very humorous videos.

We then broke for lunch. Free pizza and beer!

The next talk that I saw was Security Domination via Hard Drive Isolation given by Gal Shpantzer. This was a very interesting talk about securing the communication between an offsite computer to an internal network. Gal mentioned various options a company has to connect from a home computer to an internal network. These are: VPN (horrible security), deploy strictly regulated company laptops (not cost effective), set up a safe virtual environment (still unsafe if the host pc is pwned), and boot directly to a custom OS on removable media (this is the method chosen for the talk). Gal spoke of the benefits of using a bootable usb as the media of choice. With a USB the OS, certificates, encryption, etc. can be updated (not so with a burned CD). With the usb encrypted it is safe if misplaced, as any finder of the usb key would not be able to use it without the encryption code. An employer has many options as to how secure they need the connection, how durable the usb key needs to be, how covert the drive needs to be, etc.
Though I do not need ultra secure access to my work network, I would like to implement some of the ideas of the talk. I need to start using a separate OS for logging into my bank account, home mortgage site, etc.

Post Attack: Working with Law Enforcement by Nick Selby was the next talk that I saw. This was a wonderful talk to sit in on, as I will explain. The beginning of the talk was spent discussing how the infosec community can help out law enforcement by speaking their language. LE does not understand digital theft. It needs to be proven that a law was broken. Once that is done their hand is forced to help. But what can they do?
LE does not have the capability to investigate a digital crime. The FBI do, but they cannot be bothered by small time theft. So where does that leave the organization? They can try to solve the problem internally if they have the staff, but that usually does not result in a conviction. A member of the audience actually mentioned that her company was breached and lost $40,000. They investigated internally and were able to find enough information to pursue a case against someone. Unfortunately for them the case is on it’s seventh year in trial and does not look like it will end soon.
This is where the talk became interesting for me. At the heart of the matter was that there is no one to turn to when a company is breached. The police do not have the resources and the FBI only take high profile cases.
Nick Selby proposed that there needs to be an organization formed to fill this gap. He wants to help organize a non-profit group of LE, detectives, infosec, etc. to give organizations a place to turn if they need help. He stressed the need for members to be “bilingual”: to be trained and knowledgeable in LE and information security. This would help bridge the gap between the two realms.
I always thought there was a tech department available to investigate computer crimes. Unfortunately, I was wrong.
I hope that Nick Selby can create the team necessary to help the organizations and people who need them.
Though I don’t have the necessary training in either field I will keep an eye on this and contribute in any way I can.

The fourth talk that I saw (fifth talk of the day) was How to Attack Windows Kernel given by Song Liu. The talk was interesting, albeit difficult to understand. Song Liu’s accent was difficult to get through, and the sound was a bit low. What I gathered from the talk was that Song Liu found an exploit in the Windows Kernel by manipulating the TCP/IP stack. By sending malformed TCP/IP headers he said that he was able to get windows to crash. This sounds very interesting and I would love to attempt to recreate the scenario. I probably don’t have the knowledge to do this but at the very least I am learning more about the TCP/IP stack while I try.

The last talk for me (there was one more but I had a long drive home ahead of me) was Cloud Security Realities by David Mortman. This was a fun talk to sit in on as it was more of a conversation, with everyone in the talk able to ask questions and bring up points. The talk varied in many directions but the main point was that a company needs to weigh the needs, costs, and security involved in adding a cloud service to their network. The “Cloud” Solution may not work the same for every situation or company. The service may need to be certified pci compliant in order to work in some cases, for example.
Another reason the talk was fun was that anyone with a good question or comment received a slice of bread that David Mortman’s father baked.

As I mentioned above, I left BSidesSF as the last talk started so that I could start the long ride home. All in all I had a wonderful time at B-Sides San Francisco. I feel that I learned a lot and I want to continue to dive deeper into the infosec community. I hope to get to know the other attendees and mingle more at the next conference.

If anyone is interested in mentoring an aspiring infosec member please contact me.

Advertisement