Ades Blog

I’ve just returned from my annual visit to Infosec. In recent years I must admit I have come to expect less and less from Infosec. The ratio of good talks versus marketing people selling products that they don’t understand seemed to be dipping below the point that would even make the journey worth contemplating. So I wasnt expecting much this year. However I hadn’t realised that Bruce Schneier was going to be in attendance. He gave one talk on the main stage and two talks a day at the BT stand. This alone made the journey well worth it. Bruce takes a refreshing different approach to security and we could all do with listening to him.

Bruce’s talks centred around the psychology of security and why we seem to always make the wrong decisions on the matter. His talks are based around a paper that he has written, which BT had produced printed versions of on the stand. Its available online here. Not only had the printed out his paper but on the second day, they were giving away copies of Bruces book “Beyond Fear” to everyone in the audience of his talk.

Another hero figure was also in attendance – Phil Zimmerman of PGP fame. He was on the PGP stand for the last hour of each day and available to chat to and/or sign Tshirts. I had a quick chat with him about Zphone, collected my signed Tshirt and made my way out of the building.

On my way out I spotted a person in an SSLExplorer Tshirt. Now I love this product, which is/was an Open Source SSL VPN solution. While SSLExplorer has been an Open Source product from its inception, recent events have meant that the company had taken the decision to move away from that license. This is very disappointing so I thought Id take the opportunity to interrupt the persons cigarette brake and get the low down. After a good old chat we went back into the show, where I met the founder. Their decision was taken due to some unscrupulous people taking their code, disregarding the GPL and basing a product on it. This combined with the very small contribution that the open source community had made, left them with little choice but to focus on what was making them money. They do say that they hope one day to return to an Open Source model in the future. Its a shame to hear that the community hadn’t contributed much especially when one of the areas they had hoped for help was translations. You would think that we would have excelled in this area.

As far as vendors go, the show has little to interest me these days as 99.9% of products are there for the purpose of protecting Windows devices and therefore I have no need for them. I did had a chat with the Iron Key guys, the makers of the most secure USB key on the market, about the fact that their product now works on Linux (as well as Windows and MAC) – good job. I also stopped by at the Astaro stand – these guys make a great product (based on Linux if course) and even do a from home user version.

There was another great demo from the guys over at SecureTest as well – you can always rely on these guys for two things – 1) Interesting Demo 2) Free Secure Test socks and lets just say that I wasnt disappointed this year.

Sophos had an interesting demo as well – their engineer (who was running Linux and emulating a Windows host using Qemu) did an interesting demo on phishing emails that exploited a vulnerability in Windows Media player but the phish only worked if you opened the page in Firefox and didnt work if you opened it in Internet Explorer !

So all in all a good Infosec this year – good talks, goold freebies (Bruces book rather than the usual tat) and some interesting demos from both SecureTest and Sophos

I really must try and make it to the RSA Conference one of these years but the keynotes are all online here - so maybe theres is no need

• Leave a comment...