This is what happens when you have guys in the field getting into the spirit of the conference with little regard for deadlines. 
Late or no submissions. At least Pete finally got something to me. No sign of Knuckle as yet and it’s 3:00pm.
—————————————————————————————————–
Good value following the Twitter updates here. A few interesting posts during last night’s awards also. Some not so happy people with some of the winners, but overall, seemed like a great night for those in attendance:
https://twitter.com/#search?q=%23auscert
—————————————————————————————————–
Pete’s Report:
Since Draz is such a David Rice fanboi, I checked out David’s presentation on the theme of economic incentives for software development companies to code better products.
The premise of David’s presentation is that software makers need the right incentives to code ‘safe’ software. The analogy he used was the car safety rating system, NCAP. It is important, that although some of this is theoretical, that people are thinking and promoting new and better ways we can get better outcomes from the things we do, in this case making software. Unfortunately when David was asked how long before something like this could/would be implemented, he didn’t have much hope that it would be in this correspondent’s working lifetime. (Hooray! I will have a job for a while). Why are things so hard?
The next topic was also on software security with a presentation on the BSIMM – a secure software maturity model. This is some great work done by the likes of Gary McGraw and Ken van Wyk, who presented on the day. The thing that puzzles me is that all the keynotes and most of the talks mentioned that software security, or more specifically the prevalence of software bugs, was one of the biggest issues facing our industry (with much nodding from the punters). So here is a presentation where someone is offering a practical solution to this problem and only 21 people turned up!!!…..one of whom promptly fell asleep……You know who you are! Sure, maybe this is not the best or the right solution, but it is more than what most organisations have. Whilst I can understand that building good security is boring and breaking the [latest.app] is fun, the lack of interest in this topic surprises and disappoints me. If I had my angry pants on it would probably piss me off, but I can’t bare to think about how little the industry has matured. Maybe I need to write my own blog! Hey, upset a few vendors but reality is reality. (Last sentence added by DD). The most surprising thing I found at this presentation was of the nine companies that took part in the BSIMM baseline study, none used WAFs. Make up your own minds on that one. Something to think about?!
AusCERT should be commended….or is that condemmed for putting these topics on in the worst slot on Tuesday – just before the “Backslapping Gala *gush* I Won an Award Dinner”.
The other surprising thing was my “Oh F**k” moment. Nothing new ever comes out of these conferences, or so they say. Roelof of Paterva presented on the Maltego toolkit. This is a wonderful tool to aggregate and collect data/information on the Internet. This is nothing too new, however he did discuss an application that doesn’t exist. (He made this very clear, so the licence must be expensive *wink*).
The idea behind the application, (no it really does not exist I was assured so don’t go asking how much), is to automate virtual identity theft. You know when someone impersonates another identity on the Internet, (Facebook, Twitter, webmail, Linkedin). Once you have a ‘herd’ of these identities you can start to inject messages into a system to influence outcomes. If such an application did exist, the implications would be/are pretty scary.
—————————————————————————————————–
Follow @Big_Galoot on Twitter and his AusCERT photo show here:
http://s469.photobucket.com/albums/rr55/big_galoot/auscert%2009/
—————————————————————————————————–
This early afternoon edition of the AusCERT roundup was brought to you by Penetration Testing.
My apologies for the late response, I got waylaid by some security professionals – Messrs Hahn & Tooheys.
Day 2 was a computer forensics practitioners’ smorgasbord. Unfortunately, as is the case with smorgasbords, not all the meat & vegies on offer was appealing, least of all to the refined palate of yours truly – The Knuckle.
Nigel Phair of the AFP High Tech Crime gave a fairly pedestrian talk about Cybercrime & the Legal Dimension. In fairness to Phair (crappy pun intended), it was probably aimed at those who have little in the way of experience in such matters. To those of us that have, it was like watching old re-runs of Mr Ed.
Most of Phair’s talk was reinforcing the theory that cybercrime investigations are not special in the sense that traditional investigation methods are used in a technical environment. I’m glad he reinforced that point – there’s far too much b-s lately about how ’special’ cybercrime investigations are, perhaps emanating from shows like CSI.
On a highly controversial note, Phair commented that hacking crimes certainly weren’t at the forefront when he was at the AHTCC, and that hacking wasn’t a big issue for them in the sense that they didn’t see a great deal of it. The tone & implication of those remarks appeared to be – that because the AHTCC didn’t see much in the way of hacking offences, therefore, it wasn’t a real problem in society.
Did it ever occur to Phair to ask himself, as boss of the AHTCC, why his mob weren’t seeing too much in the way of hacking crime ? Judging by his comments, it appears not. All of which is jaw-droppingly astounding, given the overwhelming anecdotal evidence to the contrary. One needs to look no further than this year’s speaker list at AusCert 09 to realise – hacking is perhaps one of the internet’s top five threats.
Next, we heard from Steve Whalen of Forward Discovery Inc who gave a seriously impressive talk on iPhone forensics.
Interestingly, Whalen commented that there is currently “no forensically sound method” of imaging the protected file system of an out-of-the-box iPhone without support from apple. Any attempts to do so, he said, would modify the file system & hence, render the “forensics” null & void.
All is not lost, however. A jailbroken iPhone, by implication, has already had it’s file system ‘unprotected’ and hence, can be imaged forensically without any modification to the file system by the forensics practitioner.
Once inside the iPhone, a myriad of cool evidence is available. Without going into too much detail, a fascination tid-bit was the google maps gps history, showing where a person may have been or was going, or the metadata on the iPhone pics which records the *exact* gps latitude & longitude where the pic was taken. Unbelievable stuff, from an evidentiary perspective.
Whalen said he’d developed a free iPhone imaging & acquisition tool, available for download at http://www.raptorforensics.com/Raptor_by_Forward_Discovery/Raptor_Download.html
The evening was capped off at Movieworld, where we we enjoyed a night of comedy. Firstly, we were entertained by the hillariously funny Umbilical Brothers, followed by the hillariously-biased SC Mag awards. A night of comedy all round !
David Rice is AWESOME!!! Who else could get through over 400 slides in half an hour and still keep the audience interested.
It astounds me that Phair fronts conferences to speak about expert matters when no one I know knows WTF this “high tech” mob actually ever did! Thanks for the update Knuckle. There should be a Royal Commission but I doubt there would be one started on the basis of stupidity and incompetence.
Hack on dudes…