| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Feb 2013 09:27:48 +0000 From: Major Malfunction <majormal@...ate-radio.org> To: dc4420@...420.org, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: DC4420 - London DEFCON Tuesday 26th Feb 2013 Apologies for the late announcement... Tomorrow we have a particularly excellent line-up! Primary Speaker: Arron Finnon - Finux Tech Weekly Title: "The OSNIF Project: NIDS/NIPS Testing and Auditing" Synopsis: Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's putting it lightly. I've talked about their limitations for awhile, and I get either "that's awesome" or "they've been done to death". The truth is, we achieved nothing in fixing the problem. We can moan about how rubbish they are, we can pretend it's not our problem, or we can start to address the situation. For too long we've moaned, we've made comments and done little to make them better. Vendors are making money off products we all know could be doing a better job. Here's a crazy idea, let's talk about the issues, why they suck, and this time actually do something! What is to be lost by trying something new? Let's accept they fail and instead, turn that frown upside down. This talk isn't an answer, it's a beginning. Looking at some of the common and uncommon issues faced in trying to make NIDS/NIPS better, and why we fail at finding solutions. I don't have all the answers, however I intend to answer one simple question; What is OSNIF? I intend to look at the current situation surrounding testing and assessing NIDS/NIPS and basically why it sucks. I'll also discuss the Open Source Network Intrusion Framework (OSNIF) project, which is a open group set up by people involved within IDS/IPS to put together a testing methodology for IPS/IDS. Sort of OWASP but for NIDS/NIPS ~~ Secondary Speaker: Adrian Hayter - Convergent Network Solutions Title: "The dangers of black box devices. Or...just how many insecure IP cameras are out there?" Synopsis: Last year a security vulnerability left hundreds of TRENDnet IP camera feeds exposed on the Internet, many of them broadcasting their owner's living rooms, or (even more disturbingly) children sleeping. One year on, and despite assurances from TRENDnet, a large number of feeds are still accessible. Over the last several months, I've hunted down the feeds of numerous types of camera and slowly built up an online viewer to illustrate the problem that these black box devices pose to uneducated users. This talk will give an overview of the processes involved in creating the viewer, as well as showcasing some of the more bizarre & interesting feeds that are still broadcasting to this day. Venue is here: http://www.phoenixcavendishsquare.co.uk/ Full details: http://www.dc4420.org/ See you there! cheers, MM -- "In DEFCON, we have no names..." errr... well, we do... but silly ones...
Powered by blists - more mailing lists