Auscert day 2 update

Published: 2007-05-22
Last Updated: 2007-05-22 14:23:20 UTC
by Mark Hofman (Version: 1)
0 comment(s)
The second day of Auscert has passed with a number of interesting presentations. I didn’t quite get to all the sessions I wanted to due to meetings and clashing times, but that’s the way it goes.

The keynote today was delivered by Howard A. Schmidt (R & H Security Consulting, LLC), an interesting speaker, known to many of us.  He brought up a number of interesting ideas.  One observation was that organised crime has changed focus somewhat over the last few years. It used to be “grab all the information you can” and see what can be sold. Nowadays it is more targeted, specific types of accounts or details are harvested and sold.

Another area Howard explored was quality control in coding. He posed the question “30 years after the first buffer overflow, why do we still have to deal with it today?” He also provided an explanation as to why patching was more expensive for a software house, than proper quality control and testing.

Howard touched on IPv6 as an opportunity to get it right the first time as well issues relating to wireless networks that are being deployed around the world by council’s, etc.

He finished by discussing Peer 2 Peer networks where personal and corporate information is being shared, evident through searches on these types of networks.

Nelson Murilo (Pangeia) is the author of chkrootkit.  He explained where the idea came from and took us through the different generations of the products over the last 10 years.

ISO 27001 Certification Process
Tammy Clark (Georgia State University) took us through the process that Georgia State University went through to implement an Information Security Management System (ISMS). The presentation discussed some of the basic steps needed and some of the challenges faced by the university.

There was an R&D stream where students presented papers on their research, which made an interesting change from the main stream presentations.

Tomorrow is the last day before the tutorial sessions on Thursday and Friday.
0 comment(s)


Diary Archives