Survived! Well my laptop did – I’m exhausted and work was waiting for me in Montreal, but – let be honest, I can’t really complain.
For those who don’t know, the DEFCON is one of the leading hacker conference with over 8k attendees getting together in Las Vegas to share knowledge on hacking, cracking, social engineering, lock picking and similar discipline. Peoples come from all social group – 14y old video gamer to senior security specialist for the gov, going through consultant, programmer, developer and hobbyist. Fun crowd.
While my trip was flanked by 2 series of 4 vacation days (before and after), I was @DEFCON as the owner of Les Laboratoires Phoenix – my free software consulting firm – and as such, I was confronted to this dichotomy:
* I need Internet access to answer clients requests
* Connecting to Internet at DEFCON is professional suicide if your not up to it
Let me explain this second point a bit: first, the Wall of Sheep, an inline filter tracking unencrypted connections and broadcasting users credentials (including a partially obscured password) on a big screen in the lounge. Generally, the flow is quasi non-stop.
If you think that it’s not that bad, the password being garbled… think again : Wall of Death. It’s an inline switch, freely available, where the 7 ports broadcast a mirror of everything the firewall see (which is.. everything). Live, un-garbled, un-modified feed of everything in the pipe. In other words, if you are on the Wall of Sheep, then someone from the Wall of Death got your credential.
And then, this is only using the standard infrastructure. I am not mentioning peer attack, wireless impersonation and so on.
So, how to survive in such hostile environment ? Here’s a few rules (which should also be taken as golden rules if you work from your client’s office).
1) ‘netstat -lntp‘ ; this command (an output of incoming listing ports on your system) should return nothing. There is no need to have any listening services if you are ‘mobile’.
2) iptables -L -n -v ; this command give you your firewall rules. INPUT should be restricted to established and related connection with a default policy of DROP. OUTPUT, when in a ‘not-so-friendly’ environment, should defaulted to DROP with allowed outgoing on secure protocol only (http:443, ssh:22, …). If you need to connect to an un-encrypted destination, at least forward through a ssh-tunnel/proxy.
3) never auto-connect to unencrypted network. This is exactly what causes the wall of sheep to be full of iPhone user’s credentials. This cute little device can auto-connect to the unprotected network (such as DEFCON) and start sending security credential (un-encrypted) to twitter, facebook, myspace…
4) Do not take anything for granted. PREPARATION is the key. Before the trip, start collecting all your ssh-key fingerprint on your system, this can become really handy if someone tries some ‘not-so-great’ men-in-the-middle attack against you.
Well, thinking about it, number 4 is the best advice. DO NOT TAKE ANYTHING FOR GRANTED. In the last 2 years, there have been 2 attack against the SSL infrastructure disclosed at DEFCON. Btw, this is for GNU/Linux system. If you are using a Microsoft operating system at the DEFCON, you better… well… just don’t use it.
Security @ DEFCON 17
CloudComputing @ LibrePlanet – Mako Hill talk
Mako Hill on cloud computing @ LibrePlanet
Keyword: Affero GPL, autonomo.us, cloud computing, software services.
Interesting talk covering a very very wide array of topic, from “free software usage in provider infrastructure” to “usage freedom of networked services” going through “ownership problems of user data on networks”.
It brings out quite a few important points about network services closed infrastructure (even if it use free software and are open about it). This is very important because it underline differences between Laconica and Twitter, between Amazon and more open infrastructure…
I’ll need quite some time to digest this talk and think about the implication about cloud computing. While I’ve been working in this domain for couples years, pushing free software mentality to services (not only the software) is quite interesting and important for the future of cloud computing.
LibrePlanet
@ LibrePlanet ;
Je suis présentement @ Cambridge, à quelques minutes de Boston, pour la rencontre annuelle (LibrePlanet) de la Free Software Foundation (dont je suis un donateur et membre). Je suis ici avec ma copine (Catherine) et avec Yannick Gingras. Shame on Francois for not coming!
Sans faire une session de live blogging vraiment poussée, je devrais faire quelques posts en rafalle dans les prochaines heures…
Pour l’instant, on écoute une présentation de Jeremy Allison – du project Samba (et de Google) au sujet de Microsoft Windows et de leur ouverture/fermeture dans le domain du free software et des brevets. C’est très général, mais un bon talk pour lancer une conférence en résumant les issues (et opposant) du mouvement.
@ Linux Symposium – SynergyFS
SynergyFS,
by Keun Soo Yim from Samsung @ Ottawa Linux Symposium
Ok, that was a flop :
– We get it – solid state drive (SSD) are faster, have a smaller energy footprint than hard disk drive (HDD). With a general engineering background most of the group knew already that there is no moving part… No need to show us a 10 minutes video of windows vista booting, of people sitting in a plane, of trying to break a laptop… This time would have been better spent giving out actual technical detail about the file-system.
– Question: “Can we see what SynergyFS look like, how it fare in benchmark”, answer: “not without signing NDA”.
– Question: “Is the source available for SynergyFS”, answer: “no, GPL really is a bad idea for a business, you could distribute our code afterward”.
… yeah, well… that was a waste of my time.
GNU/Linux symposium proceedings
I’ve been informed that I forgot to post the link for the conference proceedings…
Here we go : Linux Symposium 2008 @ Ottawa, proceedings.