BSides Detroit overview

BSides Detroit overview

Do information security conferences seem a tad corporate these days? Too staid? A little too serious? Maybe, maybe not.

Fresh from Source Boston, I definitely had an expectation of security conferences that the new BSides Detroit blew away. Forget vendors and booths. There were none. Forget nametags. How about a piece of tape with a sharpe, eh? Forget av equipment with wireless mics. Heck, forget even having a projector screen. Throw up the slides on an improvised canvas. Let’s get a room full of tech people with a hacker bent, get them talking, get them thinking, and get them outside of the typical conference mindset.

Outside the norm: that defined the atmosphere this past weekend at the OmniCorpDetroit hackerspace. Present the can-do raw creative experience. BSides Detroit was different, fun, inspiring.

Highlights from the talks are below. I hear planning for a 2012 event is already underway, so more good content to come.

High-level talks:

Rafal Los: Ultimate Hack – Manipulating Layers 8+9 [Management & Budget] of the OSI Model.

If you’ve been following Raf’s #SecBiz threads, you know he has been stirring the pot. Think social engineering meets Dilbert corporate America. For me, this was the talk that made the conference. I am hoping to get Rafal back into the area to give us an encore.

Chad Childers: Towards Data Centric, Technology Agnostic Security.

I am sure there’s been at least once in your career where you have thought, heck, Bell-La Padula and Biba security models should be good enough for anyone. No? Well, good, you have not been touched by the CISSP mindset. Chad broke down the classic models and argued for a data-centric model, possibly based on ccREL, S/MIME, virtual smart cards, and DRM.

Nuts-and-bolts talks:

Brett Cunningham, Jack Crook, Matt Sabourin: Intelligent Fuzzy Hashing for Malware Similarity and Attribution.

We all know that regular hashing (MD5/SHA) works great for finding identical files. But how do we find similar files? Use Fuzzy hashing with tools like ssdeep, which give an indication of how similar (in terms of percentage) two or more files are. Possible use cases include forensics, plagiarism, malware analysis, and data loss prevention. The cool thing is that they are launching a project (www.allsum.org) to integrate the technique with intrusion detection and malicious code detection.

Mark Stanislav: It’s Vulnerable… Now What?: Three Diverse Tales of Woe and Remediation.

I am not a PHP programmer. I am less AppSec, and more NetSec. But none of that mattered. Mark’s common sense talk on PHP security was good fun. What’s more, his emphasis on vulnerability disclosure as a community responsibility spoke to me. Just as we would not walk by garbage on the street without addressing it, we cannot ignore garbage in the code. We have an obligation to help keep our Internet clean.

Posted by