Charles Engelke's Blog

Although the quality of the sessions picked up a lot during the
last two days, I was still disappointed with the content of this
conference. There is a great quantity of material (14 concurrent
tracks, 4 sessions per day, for 4 days; about 200 sessions in all),
the quality is generally very poor. The content has often been
trivial and obvious, and the technical level has been very low, despite
the self-assigned ratings. About 10% of the conference seems to be
pretty good, but even then, the technical level is usually pretty
low, and the material covered is often handled better at other
conferences.

(more…)

Douglas Conorich of IBM and Matthew Luallen of Sph3r3 and Argonne
National Laboratory.

(more…)

Wes Wasson of NetContinuum will talk about how the simple notion
of a clear border between inside and outside your organization isn’t
so much wrong, as oversimplified. Now there are multiple zones
with varying levels of security, but there are still boundaries.

(more…)

James Whittaker and Hugh Thompson are presenting.
These two, from Florida Tech and SecurityInnovation performed
a study of security vulnerabilities in shipped products. (Is Florida
Tech the Florida Institute of Technology in Melbourne, or a different
school? The same.) They asked
what the fault was that caused it, what were the symptoms that should
have alerted testers to its presence, and what testing or analysis
techniques could have prevented the product from shipping with
the products.

(more…)

A couple of days ago I
said
that there were a thousand vendors selling three products in the exhibit
hall. Well, I spent a few hours there yesterday, and I have to say I
was wrong. They’re selling about five products: e-mail filters,
hardware authentication tokens, network appliances, patch management
tools, and consulting services. There are a few others there, but it’s
overwhelmingly those five.

(more…)

That’s the claim of Roger Thompson, VP of Product Development for
PestPatrol, a company that makes products to detect and remove
spyware. So he’s hardly an impartial observer of the issue. Still,
spyware is one of my main concerns about our own security, and I
hope this is a useful talk.

(more…)

This is a bit of a departure for me, since I don’t intend to build
any equipment, 802.11i or not. However, I hope to gain more insight
into the wireless security standards from listening. Muhammad Raghib
Hussain of Cavium Networks is speaking.

(more…)

David Wallace of Travelocity is speaking. My notes will be
abbreviated, because the talk is full and I can’t type well in this
crush. I can’t imagine why the conference put a talk on this
subject into the smallest theater they have. (Note that the
presentation slides will be placed on the
RSA Conference web site.)

(more…)

Fortrex Technologies is going to tell us what the major information
security concerns are now, and perhaps a bit about how ameliorate
them. This will be a vendor-neutral talk.

(more…)

The speaker is Wayne Jensen from NIST. He’s going to talk about
PDAs in particular. The focus is user authentication on a device,
not over a network. That’s not what I was hoping for.

(more…)

Manish Vaidya of NextHop Technologies is going to tell us about
routing using more general purpose computing devices than
routers, and how that can help network security.

(more…)

My second session of the day is billed as demonstrations of how
to hack systems using open source tools. (The hacking using open
source, not necessarily the systems being hacked.) The speaker is
Kurt R. Roemer, the Director of Security Research at NetContinuum.

(more…)

Yesterday I took no notes, but today I think I’m prepared for that.
This is the first session with live notes.

(more…)

Maybe I’m jinxed. Starting Tuesday afternoon I’ve been having
network problems.

(more…)

I didn’t take live notes the first day, because it’s not well set
here for using a PC. These notes were taken Tuesday, during
breakout sessions in the Sony Metreon movie theaters, which have
much roomier and more comfortable seats that the general sessions
had.

(more…)

The 2004 RSA Conference
will be in San Francisco from February 23rd through the 27th. This
is a very big, and pretty expensive annual conference that was
started by RSA, Inc. (the company founded by the inventors of the RSA
public key cryptographic algorithm) several years ago primarily to support
their products and users, and which has grown into the premier conference
on cryptography and its use for security, authentication, and commerce.
This is central to Expedite and Bid Express, and is becoming important
to most of our products.

(more…)