2011 FIRST Conference: Thursday

Thursday morning commenced with a presentation from Marc Feidt of the European Commission, talking about the EU’s vision for a more IT enabled society in order to enable economic growth, a reduction in poverty and their climate change goals. They see the need to increase trust in Network and Information security, and are committed to the creation of both an EU institutional security team (iCERT), and to mandate all countries to have a country-wide CERT.

Michael Moran from INTERPOL gave a talk entitled “Online exploitation of children – What’s it got to do with me?”. He began the presentation on this difficult subject with a fairly light-hearted consideration of pornography in general, its increased availability in recent decades, especially since the rise of the Internet, and, to the amusement of the audience, played the song “The Internet is for Porn” from the musical “Avenue Q”. He then turned to the more serious side of pornography, where participants are not all consenting adults but involve those below the age of consent, primarily under ten years of age and often much younger. He illustrated this part of the talk with some shocking statistics and some disturbing images. While far less graphic than many in this area that law enforcement will encounter, this was one presentation where the slides would most definitely not be available for download.

Once again the need for international co-operation was made: even a small amount of material gathered may provide a vital clue in identifying and prosecuting the persons involved. There is a very real human cost when evidence is uncovered but then swept under the carpet, for instance employees being quietly dismissed rather than bringing in law enforcement; some employers have been sued for negligence as a result. In any investigation is is essential to work within the law; IT staff within the University should ensure they are familiar with University guidelines on the handling of illegal materials.

Thursday’s afternoon sessions commenced with the Blitzableiter team exploring mechanisms to counter flash exploits. We are well aware that Adobe Flash is a very common infection vector on desktop systems and as such any ways to protect users are of interest. Their technique is interesting as it presents a normalisation mechanism to strictly validate flash files. Apparently this turns out to be effective at mitigating almost all of the exploits that have been actively exploited over the past 18 months. This technique can be used either as a plugin to Firefox’s NoScript plugin, as a Squid Addon or in various other manners.

This was followed by a talk from John Kristoff of Team Cymru looking at the question of BGP and routing security. This was a talk aimed at a general audience who were not necessarily running BGP based routing on a daily basis. His talk was very informative, explaining in detail how various attacks could be performed (both intentionally and accidentally), and looked at some useful BGP features for dealing with some forms of attacks, including BGP Flowspec, and Blackhole routing. Finally he looked at the question of what future technologies were on the horizon to improve the future security of routing tables.

In the other afternoon stream we followed, the first presentation covered the Stuxnet incident, an incident targeted at Siemens programmable logic controllers used for control of physical devices such as motors and pumps. While the target was probably Iranian nuclear enrichment, and certain governments widely suspected in the initiation of the attack, the presenters concentrated on the anatomy of the attacks and on the detailed analysis conducted by Siemens. While not directly relevant to the University, the talk showed what is possible through infection of standard desktop systems, propagating to highly-specialised systems, where there is not complete segregation between systems. The consequences of a similar attack against critical national infrastructure cannot be underestimated.

The next talk covered the security of the domain name system (DNS). As an old, light, protocol, DNS was originally lacking what many now would see as essential security requirements, and some are only now being added on to the underlying protocol, for instance DNSSEC. DNS increasingly has a critical role everywhere, and a successful attack against DNS could be successful against critical infrastructure nationally or internationally. The speaker felt that insufficient attention is given to the security and stability of the DNS and is keen for greater monitoring of the “health” of DNS and for the establishment of a dedicated CERT for DNS.

Presentations finished mid-afternoon in order to make time for the Annual General Meeting of FIRST. This was immediately preceded by a brief PGP keysigning party, something of a rushed affair for those attending the AGM, but essential in building up the “web of trust” mentioned in one of the previous day’s lightning talks. Compared to some past AGMs, this year’s was a relatively straightforward affair, and the main item on the agenda was the election, with five of the ten places on the steering committee to be filled. We were pleased that for the first time in some years, a representative of a university CERT was elected to a committee that has often been heavily dominated by representatives of major corporations; our congratulations go to Margrete Raaum of the University of Oslo.

Posted in FIRST Conference | Comments Off on 2011 FIRST Conference: Thursday

Comments are closed.