Posted by: phANT1m on May 11, 2011
Sadly I did not get a chance to put this blog up yesterday due to the fact that rains affected the ADSL so was stuck and tired so just hit the bed.
Anyways so ITWeb's Security Summit - Day1, the day begin more or less standard. Pop up head to registration to grab my pass and then popped into the conference. Since we were a bit early I sat and chilled with Dominic (Sensepost) just talking and stuff while we waited.
First talk was by Caroline Wong of Zynga speaking about Zynga's roots and beginnings and how it has evolved. One quote that caught my attention of the many things was the comparison of Amazon's data services to a bookstore selling cocaine out of a backdoor, in that the store will sell books but are going to make a ton of money out of the cocaine sales in this case Amazon's data services. The general topic was cloud computing and how you can benefit from it but also how un-secure it is at the moment. A lot security analysts will agree that unless you absolutely need cloud data services for business needs dont use it. But the benefits of it were given in the analogy of fat-pants (American lingo for well we dont really have an equivalent here but pants that have elastic in the waist) where you can start small and as you need the space it is easy to rapidly expand.
Next up was Robert Fly of SalesForce talking about building up essentially a security minded community/ecosystem. He spoke in length and in depth but some of the main things that came out that they provide incentives for people to write secure code (which at the moment is Burp licenses). At the base level this was a talk on how to get people to write secure code and not just write any code.
After the break the really cool stuff came up, Patrick Gray got on stage to deliver a talk on how the security industry is going to be militarized by Private Military Contractors and by Government's Departments of Defense. He says that these companies tend to have huge wads of cash which they can use to throw at people and get people to make offensive tools,etc for them because they can afford to. Example being HBGary (who were compromised) being hired to develop a RootKit (a tool set that lets you control a target computer) that was near undetectable and un-removable termed the Magenta Rootkit and how close they were to obtaining it. Another aspect he brought up was the Stuxnet attack in which 4 odays (a bug/exploit which is not yet known off) in the programming to essentially attack a network the case in point being Iran's Nuclear program. The attack has apparently set the Nuclear weapons program back by 2 years and all just by plugging in 1 USB drive, no one is 100% sure of the origins of Stuxnet yet but some say it could be the U.S/ Israel / a think tank doing research or test. The general idea was to set up some form of accountability because governments are going to start stockpiling there attack vectors and if they even get attacked once can wreak havok on a currently extremely fast.
Then another speaker came on speaking a bit more on Stuxnet and how it affects us now that we are post-Stuxnet.
Will update a bit here later on.