InfoSec

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Just got back with a couple of bags full of freebies... Coolest one this year was a mini Etch-A-Sketch from SurfControl

Attended a couple of really good sessions, including an excellent presentation on Botnets and tracking the malcontents who create/trade in them from Chris Boyd from FaceTime. Some really good background on the efforts being made by the grassroots community to bring the little turds to justice.

Also saw a decent presentation from McAfee on their new DLP (Data Loss Prevention) technology - which is a wicked looking records management system that allows you to be ridiculously granular about what data leaves your network. Its something I've been tasked with looking at in the next two quarters, and I was really impressed.

Usual old shite from all the established AV vendors (the world is going to end in 2007, are you spending enough money on AV at the gateway, AV on the desktop, AV on the server, AV in your canteen etc etc) but managed to snag a cool Snort T-Shirt from SourceFire in exchange for letting one of their guys arrange a sit with me to go through their Enterprise IDS/IDP system.

If anyone in the London area is interested in going, it runs for two more days and there's loads of good sessions on Wednesday and Thursday. Thursday's last keynote is the #4x0R5 panel, where the underground meets the Security community to brag/bitch - its always a winner, last year one of the dudes was arrested at the event!

 

It sounds like you had fun Zeb, thanks for sharing this lovely info. By the way why was one of the guys arrested last year in the serminal? Just curious as to know if he was trying to steal from another legit thieve

 

UPDATE

Went back today (what can I say - I'm a Trade Show junkie ). Whilst there was a bit of a 'seen all this before' vibe I did swing by a couple of vendors who I hadn't seen yet.

First up was Norman - saw their new Malware detection & dissection engine. Damn this thing rocks! You should see how its able to sandbox and analyse new malware threats. The dude on the stand gave me a wicked cool demo of this by firing it up against a newly-discovered IRC bot. You can see how useful this would be on, say, a college campus where IRC comms are not only rife but permitted by campus policy.

I also had the chance to see SecureTest give their usual professional presentation to the masses. This year it was on Googledorking - loved watching the shocked faces of all the corporates there when he brought up a mahoosive amount of data on some guy randomly from the audience... You could almost hear the Sarbanes Oxley bods going 'ker-CHINGGG!!!' as the finance bods in the audience started shuffling around nervously and wondering about compliance...

Finally, what I was expecting to be the highlight of the day actually turned out to be a bit of a damp squib. The Hackers' Panel - always the last keynote of the show - promised to be entertaining, with McKinnon sitting in on it. Unfortunately, it was all rather dull - a lot of discussion on the hopeless legal framework for prosecutions under the MoCA and the stupidity of making the proposed amendments so vague that you can basically get arrested for changing the MAC address on your Router, but no real tech stuff. Although McKinnon actually looks pretty good, considering all the shite he's been through, I think the pressure of the extradition case is starting to wear on him - he wasn't the lucid, informed guy I heard last year and have seen on interviews in the past few months.

All in all, it was a bit better than last year, but there is so much bullshitting going on from vendors now that it really isn't worth listening to any of it any more - at least a few years ago you could get some decent nuggets out of them. Now, there's barely a single geek amongst all the sales bods and me and the compliance guy spent almost the whole afternoon dodging people desperate for 'one more contact' for their lead sheets.

ugh.

 

I didn't think that much of InfoSec or the Service Desk show this year. I gave them a miss last year and only went this year to speak with certain people (sorting out ITIL training for some people and catching up with a few suppliers).

Lots more buzzwords again ... all meaning stuff that used to be called something else and all designed to cnvince you to cough up more cash.

The PixAlert folk were good to chat to, as were Smoothwall and Lapsafe (but I know the folks ... so I am biased).

As much as I enjoy a good trade show I am not likely to go back next year as I will pick up the ITIL v3 stuff elsewhere and unless I see some *really* interesting sessions advertised I'll just send my Network Manager and his folk instead.