Wednesday, November 23, 2011

Hacked?

The IRISS Cyber Crime Conference in the D4Berkely, Dublin, (23/11/11) was very interesting and sometimes very scary. The IRISS had assembled an impressive panel of speakers covering a range of cyber security areas. They also took the opportunity to release IRISSCERT Irish cybercrime statistics which are reported on here.

The keynote speaker was Mikko Hypponen of FSecure who brought us on a trip down Virus lane recalling the development of the virus from a harmless hacker hobby, through a destructive phase, then a moneymaking phase, and finally a form of State-sponsored cyber warfare.

Ryan Jones took us through a security incident, illustrating the importance of advance planning and comprehensive logging if there is to be any prospect of getting on top of the problem.

Robert McArdle introduced us to the fantastic world of HTML5 and then scared the shit out of us with the security implications of this box of tricks which can effectively bypass much of the traditional anti-virus machinery.

Dale Pearson gave a virtuoso performance on social engineering which effectively means exploiting the human factor vulnerabilities.

Stephen Bonner took us through a Barclay's Bank user awareness campaign, including some heavy ideas that didn't get used. He generated an active audience response by pegging Ferrero Rocher chocolates at anyone who made remarks or asked questions. He literally threw a book at me.

Conor Daly showed how Passive DNS could be used to pin down threats. David Rook demonstrated his code scanning tool Agnitio. John Burroughs teased out the security implications of the Cloud. Mathieu Gorge gave an overview of Information Security Ireland which is attempting to bring Irish security firms together both to share information and campaign to bring multinational jobs to Ireland. Daragh O'Brien dealt with some aspects of crisis management which are often overlooked, such as coming clean quickly and having a good public communications strategy to protect the brand.

Dave Venman and Eoin Keary went over my head.

While all this was going on in the main room, the hackers were busy at work next door. HACKEIRE was a competition in which teams of hackers had to hack a virtual system set up to test their mettle. Seriously competitive co-working.

Some of the day's sponsors had stands in the foyer and Amazon were actually recruiting. They have 12 hour global functions located in Dublin.

All in all a very interesting day.


I attended on behalf of
.

You can read some supplementary remarks on my website. These were originally on the Nodecity wiki, but that site has been closed to public access and I have transferred the material to my own website.