Ruxcon 2010

Yesterday and today I attended Ruxcon – the leading technical security conference in Australia [1]. The first lecture I attended was “Breaking Linux Security Protections” by Andrew Griffiths. This included a good overview of many current issues with Linux security. One thing that was particularly noteworthy was his mention of SE Linux policy, he cited the policy for the FTP server as an example of policy that can be regarded as too lax but also noted the fact that to get SE Linux used the policies had to be more liberal than we might desire. There is probably scope for someone to give a good lecture about how we are forced to make uncomfortable choices between making security features stronger and making them more usable.

The next lecture I attended was “Breaking Virtualisation” by Endrazine. It makes me wonder how long it will be before someone cracks one of the major cloud hosting services such as EC2 – it’s not an appealing thought.

Billy Rios gave a really interesting lecture titled “Will it Blend?” about blended exploits. The idea is to try and find a few programs which do things that are slightly undesired (arguably not even bugs) but which when combined can result in totally cracking a system. One example was a way of tricking IE into loading a DLL from the desktop and a way of tricking Safari into saving arbitrary files to the desktop, combine them and you can push a DLL to a victim and make them load it. Learning about these things can really change the way you think about misbehaving programs!

Ben Nagy gave an interesting lecture about “Prospecting for Rootite“. His systematic way of finding test cases that cover a large portion of the code of a large application such as MS-Word seems quite effective. Once you have test cases that cover a lot of code then you can use fuzzing to find flaws.

Edward Farrell gave an informative lecture about “RFID Security“, I didn’t really learn that much though, he confirmed my suspicions that RFID implementations generally suck.

Mark Goudie gave a very informative lecture titled “We’ve been Hacked! What Went Wrong and Why“. Mark works for Verizon and often with the US Secret Service in investigating security breaches. He presented a lot of information that I have not seen before and made some good arguments in support of companies being more proactive in protecting their systems from attack.

Stephen Glass and Matt Robert gave a lecture titled “Security in Public Safety Radio Systems” which mainly focussed on digital radios used by the Australian police. It would be good if the police got people like them to test out new kit before ordering it in bulk, it seems that they will be using defective radios for a long time (it’s not easy or cheap to replace them once they are deployed).

Edward Farrell gave an interesting lecture titled “Hooray for Reading: The Kindle & You” about hacking the Kindle. Unfortunately they haven’t worked out how to get GUI code going on a hacked Kindle yet so there are some limitations as to what can be done.

I think that the most interesting lecture of the conference was “This Job Makes you Paranoid” by Alex Tilley of the Australian Federal Police. He gave some interesting anecdotes about real cases to illustrate his points and he advocated the police position really well. I’ve attended several lectures by employees of law enforcement agencies, but none of them demonstrated anywhere near the understanding of their audience that Alex did.

The last lecture I attended was “Virtualisation Security State of the Union” by David Jorn of Red Hat. He gave an interesting summary of some of the issues including mentioning how SE Linux is being used for confining KVM virtual machines.

Ruxcon was a great conference and I definitely recommend attending it. I have to note that even though there are police attending and lecturing it’s not entirely a white-hat affair. One thing that I hope they do next year is to get a bigger venue. The foyer was rather crowded and because it had a hard floor was really noisy between lectures. Space and carpet are two really important things when you have lots of people in one room!

2 comments to Ruxcon 2010

  • Brad

    FYI the presenter of “Security in Public Safety Radio Systems” was Matt Robert, not Mark.

  • etbe

    Brad: Thanks for the correction. The printed conference schedule they gave me says “Mark”, I guess they did a typo – their web site says “Matt” now.