Some of the topics you missed that I liked (and can remember right now):
- Stefano Zanero ranted about Intrusion Detection|Prevention Systems. Stuff many of us have been saying for a long time like "Real-time response is not really possible" but he had the math and pretty graphs to prove it to management. IDS isn't dead but it's never been a killer app in my opinion. It is still very important to have in any environment.
- Cedric Blancher's presentation on 802.11 security was insightful and I spoke with a few people who hadn't yet heard about all of the attacks before.
- Shawn Merdinger from VOIPSA showed a few of VoIP's problems. He's primarily focused on client/handset issues vs protocol weaknesses or server issues but his liquid-fueled talk was informative and put the spark back in me to finish setting up an asterisk server. So many projects, so little time!
- Matt Hargett and Luis Miras have very strong opinions on source code analysis for vulnerabilities. It's a topic I'm looking into this year for work and understand it's a very difficult problem with no real good answer.
- Whoever named it "Web 2.0" should stop trying to name things. I'm tired of seeing crap about "Web 2.0". Every time somebody says it in a presentation, God kills a puppy or kitten from a no-kill shelter.
Richard cracks me up sometimes, especially when he and Simple Nomad get to talking about UFOs and secret government projects (last year's SecurityOpus).
In other news, some more projects, exploits and scripts will be uploaded sometime this week when I get around to cleaning them up. It's been a busy week.
1 comment:
ur article and ur attitude is very professional!
Post a Comment