Security B-sides London 20/04/11 field report

Adrien Kunysz, Fri, 23 Apr 2011 18:55:30

The first London edition of Security B-sides took place this week. I heard about it a few weeks ago but it was already fully booked and I just though I would keep an eye on it for the next edition. Two days before the event I ended up getting a ticket through a side channel (I still owe a few beers to that guy) and I managed to take the day off.

General notes:

• it's free as in beer;
• it's using the Skills Matter eXchange facilities in Islington;
• it seems to have gotten "sold out" within a week or two;
• it's a small, one-day conference with just three conference rooms (including the unconference);
• it's heavily sponsored (this means ads and freebies, including free food);
• there is Club-Mate, thus making it a hackers con.

Talks I attended:

• DNS tunneling: it's all in the name! by Arron "finux" Finnon
  Didn't learn anything. He said at the beginning it was an introduction-level talk but, AFAICT, there was no way to know that in advance. Also, someone needs to teach that guy how to make useful slides (or at least not worse than useless slides).

• Jedi Mind Tricks For Building Applications Security Programmes by David Rook & Chris Wysopal
  How to talk to developers and management when you are a security guy. Interesting.

• Practical Crypto Attachs Against Web Applications by Justin Clarke
  Some nice practical examples of how to fail at crypto, including war stories. Good fun.

• How not to get hired for a security job! by Stephen Bonner
  Very little of the talk was specific to security but it was well presented and lot of freebies were distributed.

• Breaking, Entering and Pentesting by Steve Lord
  Random war stories. Great fun.

• Breaking out of restricted RDP by Wicked Clown
  Windows Terminal Server is misconfigured by default or something. I guess someone had to demonstrate this particular problem eventually.

• Agnitio: its statis analysis, but not as we know it by David Rook (again)
  Follow up of the morning talk. Discussion on how to give security advices and training that are actually useful to application developers. Introduction of a simple code review tool. Interesting.

• Your money, your media - a DRMtastic Android reverse (re)engineering tutorial. by Manuel
  I didn't plan to attend that talk but the schedule changed in ways I didn't understand until too late. Java gnireenigne 101 given by a /b/tard. Too many lolcats but otherwise surprisingly bearable given my lack of interest.

• Security YMCA by Chris John Riley, The Suggmeister, Arron "finux" Finnon and Frank Breedijk
  Security people are useless if they can't communicate with the developers they are trying to make produce secure code. Ending with a YMCA cover of debatable quality. Fun and hopefully useful.

This was followed by a mass migration to the monthly DC4420 meeting where I got to announce I found a job, mu-b made fun of the sat-card sharing "community" and Steve Lord didn't show his penis. Excellent as usual.

Next cons in the agenda: Solutions Linux (only because they accepted my talk proposal; still not sure why) and the Chaos Communication Camp (whose call for participation ends on May 1st, better send something quick).

Back to all articles.