mailing list archives
DC4420 - London DEFCON Tuesday 26th Feb 2013
From: Major Malfunction <majormal () pirate-radio org>
Date: Mon, 25 Feb 2013 09:27:48 +0000
Apologies for the late announcement...
Tomorrow we have a particularly excellent line-up!
Arron Finnon - Finux Tech Weekly
"The OSNIF Project: NIDS/NIPS Testing and Auditing"
Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and
that's putting it lightly. I've talked about their limitations for
awhile, and I get either "that's awesome" or "they've been done to
death". The truth is, we achieved nothing in fixing the problem. We can
moan about how rubbish they are, we can pretend it's not our problem, or
we can start to address the situation. For too long we've moaned, we've
made comments and done little to make them better. Vendors are making
money off products we all know could be doing a better job. Here's a
crazy idea, let's talk about the issues, why they suck, and this time
actually do something! What is to be lost by trying something new? Let's
accept they fail and instead, turn that frown upside down. This talk
isn't an answer, it's a beginning. Looking at some of the common and
uncommon issues faced in trying to make NIDS/NIPS better, and why we
fail at finding solutions. I don't have all the answers, however I
intend to answer one simple question; What is OSNIF?
I intend to look at the current situation surrounding testing and
assessing NIDS/NIPS and basically why it sucks. I'll also discuss the
Open Source Network Intrusion Framework (OSNIF) project, which is a open
group set up by people involved within IDS/IPS to put together a testing
methodology for IPS/IDS. Sort of OWASP but for NIDS/NIPS
Adrian Hayter - Convergent Network Solutions
"The dangers of black box devices. Or...just how many insecure IP
cameras are out there?"
Last year a security vulnerability left hundreds of TRENDnet IP camera
feeds exposed on the Internet, many of them broadcasting their owner's
living rooms, or (even more disturbingly) children sleeping. One year
on, and despite assurances from TRENDnet, a large number of feeds are
still accessible. Over the last several months, I've hunted down the
feeds of numerous types of camera and slowly built up an online viewer
to illustrate the problem that these black box devices pose to
uneducated users. This talk will give an overview of the processes
involved in creating the viewer, as well as showcasing some of the more
bizarre & interesting feeds that are still broadcasting to this day.
Venue is here:
See you there!
"In DEFCON, we have no names..." errr... well, we do... but silly ones...
- DC4420 - London DEFCON Tuesday 26th Feb 2013 Major Malfunction (Feb 25)