Charles Engelke’s Blog

February 27, 2004

My Assessment of the RSA Conference

Filed under: RSA 2004 — Charles Engelke @ 2:31 pm

Although the quality of the sessions picked up a lot during the
last two days, I was still disappointed with the content of this
conference. There is a great quantity of material (14 concurrent
tracks, 4 sessions per day, for 4 days; about 200 sessions in all),
the quality is generally very poor. The content has often been
trivial and obvious, and the technical level has been very low, despite
the self-assigned ratings. About 10% of the conference seems to be
pretty good, but even then, the technical level is usually pretty
low, and the material covered is often handled better at other
conferences.

(more…)

Cracker Methodologies and Tools

Filed under: RSA 2004 — Charles Engelke @ 2:31 pm

Douglas Conorich of IBM and Matthew Luallen of Sph3r3 and Argonne
National Laboratory.

(more…)

The Myth of the Disappearing Perimeter

Filed under: RSA 2004 — Charles Engelke @ 1:35 pm

Wes Wasson of NetContinuum will talk about how the simple notion
of a clear border between inside and outside your organization isn’t
so much wrong, as oversimplified. Now there are multiple zones
with varying levels of security, but there are still boundaries.

(more…)

Two Icons of American Products Don’t Mix

Filed under: ThinkPad — Charles Engelke @ 1:13 pm

I finally did it: spilled a Coke across the keyboard of my
ThinkPad. I was tired at the end of a long day far from home, making me very
clumsy. There was also a lot of clutter on the hotel room desk as
I was gathering all my stuff to pack for my return trip, and as I
was avoiding the clutter, I knocked down the Coke can.
The Coke was more than a foot from the ThinkPad, but
I knocked it over with a lot of force.

(more…)

How to Break Software Security

Filed under: RSA 2004 — Charles Engelke @ 12:42 pm

James Whittaker and Hugh Thompson are presenting.
These two, from Florida Tech and SecurityInnovation performed
a study of security vulnerabilities in shipped products. (Is Florida
Tech the Florida Institute of Technology in Melbourne, or a different
school? The same.) They asked
what the fault was that caused it, what were the symptoms that should
have alerted testers to its presence, and what testing or analysis
techniques could have prevented the product from shipping with
the products.

(more…)

February 26, 2004

The Exhibit Hall

Filed under: RSA 2004 — Charles Engelke @ 5:06 pm

A couple of days ago I
said
that there were a thousand vendors selling three products in the exhibit
hall. Well, I spent a few hours there yesterday, and I have to say I
was wrong. They’re selling about five products: e-mail filters,
hardware authentication tokens, network appliances, patch management
tools, and consulting services. There are a few others there, but it’s
overwhelmingly those five.

(more…)

Spyware… the next real threat

Filed under: RSA 2004 — Charles Engelke @ 5:06 pm

That’s the claim of Roger Thompson, VP of Product Development for
PestPatrol, a company that makes products to detect and remove
spyware. So he’s hardly an impartial observer of the issue. Still,
spyware is one of my main concerns about our own security, and I
hope this is a useful talk.

(more…)

Building 802.11i Enabled Equipment

Filed under: RSA 2004 — Charles Engelke @ 5:06 pm

This is a bit of a departure for me, since I don’t intend to build
any equipment, 802.11i or not. However, I hope to gain more insight
into the wireless security standards from listening. Muhammad Raghib
Hussain of Cavium Networks is speaking.

(more…)

802.11 Network Security

Filed under: RSA 2004 — Charles Engelke @ 5:05 pm

David Wallace of Travelocity is speaking. My notes will be
abbreviated, because the talk is full and I can’t type well in this
crush. I can’t imagine why the conference put a talk on this
subject into the smallest theater they have. (Note that the
presentation slides will be placed on the
RSA Conference web site.)

(more…)

Infosec Top 10 Security Threats

Filed under: RSA 2004 — Charles Engelke @ 5:05 pm

Fortrex Technologies is going to tell us what the major information
security concerns are now, and perhaps a bit about how ameliorate
them. This will be a vendor-neutral talk.

(more…)

February 25, 2004

Password Alternatives for Mobile Devices

Filed under: RSA 2004 — Charles Engelke @ 10:36 pm

The speaker is Wayne Jensen from NIST. He’s going to talk about
PDAs in particular. The focus is user authentication on a device,
not over a network. That’s not what I was hoping for.

(more…)

Layer 3 Routing and Enterprise Network Security

Filed under: RSA 2004 — Charles Engelke @ 10:32 pm

Manish Vaidya of NextHop Technologies is going to tell us about
routing using more general purpose computing devices than
routers, and how that can help network security.

(more…)

Web Hacking Live

Filed under: RSA 2004 — Charles Engelke @ 8:18 pm

My second session of the day is billed as demonstrations of how
to hack systems using open source tools. (The hacking using open
source, not necessarily the systems being hacked.) The speaker is
Kurt R. Roemer, the Director of Security Research at NetContinuum.

(more…)

Programming with libnet

Filed under: RSA 2004 — Charles Engelke @ 8:18 pm

Yesterday I took no notes, but today I think I’m prepared for that.
This is the first session with live notes.

(more…)

Network Problems at RSA

Filed under: RSA 2004 — Charles Engelke @ 8:18 pm

Maybe I’m jinxed. Starting Tuesday afternoon I’ve been having
network problems.

(more…)

Day One at the RSA Conference

Filed under: RSA 2004 — Charles Engelke @ 8:18 pm

I didn’t take live notes the first day, because it’s not well set
here for using a PC. These notes were taken Tuesday, during
breakout sessions in the Sony Metreon movie theaters, which have
much roomier and more comfortable seats that the general sessions
had.

(more…)

RSA Conference

Filed under: RSA 2004 — Charles Engelke @ 8:18 pm

The 2004 RSA Conference
will be in San Francisco from February 23rd through the 27th. This
is a very big, and pretty expensive annual conference that was
started by RSA, Inc. (the company founded by the inventors of the RSA
public key cryptographic algorithm) several years ago primarily to support
their products and users, and which has grown into the premier conference
on cryptography and its use for security, authentication, and commerce.
This is central to Expedite and Bid Express, and is becoming important
to most of our products.

(more…)

February 22, 2004

Well, okay…

Filed under: Notes — Charles Engelke @ 8:41 pm

How can I migrate my ” personal” (note the leading space) mailbox?
Just copy the Eudora ” personal.mbx” file to the Local Folders
directory in the proper Thunderbird profile directory. Rename it
to something without a file extension. Reopen Thunderbird.

(more…)

Changing Software Programs

Filed under: Notes — Charles Engelke @ 5:10 pm

I’ve become pretty conservative about changing the software I use.
It’s usually just not worth the effort. The software I use is
generally good enough now, and most updates add little or nothing
I want. And the updates may be unstable or worse than the original
(as with Acrobat Reader 6.0, which seems to take forever to start
up, but which doesn’t do a single thing I care about better than
Acrobat Reader 5, or 2, 3, or 4, for that matter).

(more…)

February 8, 2004

Producing Printed Output

Filed under: docbook — Charles Engelke @ 10:58 pm

The formats we’ve produced from DocBook so far are well-suited to
on-line documents. But sometimes we want to get printed output.
Sure, we could print the HTML version from our web browser, but
the quality of the result, and our control over things like
headers and footers, aren’t very good. We want to use DocBook
tools that will generate high-quality printed output.

(more…)

Next Page »

The Rubric Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 52 other followers