Cатсн²² (in)sесuяitу / ChrisJohnRiley

After 3 days on my feet, Infosec Europe has closed it’s doors for another year. I’ve got mixed opinions on this years event. I skipped last years show, but remember the 2007 show with (somewhat) fond memories. At the time I was job hunting (sort of) and spoke to a lot of vendors as somebody looking at security from the outside. Companies like SecureTest gave me some hints on what they looked for when hiring a penetration tester, and that was something that really helped me focus on what direct to head in. Saying that, other vendors (I’m looking at you Norman) thought that spending more than a few seconds talking to people who didn’t want to buy the product was a waste of time. Still, that’s all in the past. This year I was visiting with a number of specific goals in mind. I had a number of vendors to seek out and question on products, the future and how they do things. I also wanted to help out the SANS Institute on their stand, as I really believe in the training they offer. Although I didn’t manage to look around as much as I’d have liked, I did managed to get in-touch with the right people and talk about the right things.

Core Security Technologies were nice enough to invite me to one of the customer evenings. It was great to get to speak to Alex and Mike and get some information on where Core’s product lines are headed in the short and long term. It also gave us a good chance to give feedback on where we use the product and want it to move to help us more in our testing. Core Impact isn’t cheap, but after going through testing on Saint, CANVAS and Impact, we’re still a happy Core customer.

I managed to say hi to Dan Kaminsky while at the event. The Hall of Fame entry didn’t go so smoothly, but sometimes things happen. The panel that followed later that afternoon was good. Even just to see all the corporate suits in the room trying to understand some of the more technical points Dan made. As is typical with me, I turned up late for evening drinks at the Mariott and the evening get together was already done. Still, there’s always Hacking At Random in the Netherlands.

The one thing I saw at the event that actually made me sit-up and pay attention was at the Infoguard AG stand (a Swiss company). What they were selling (end to end layer 2 fiber encryption) was mildly interesting. However the demo they had off to one-side was enough to make me stop and double take. Using a small device bought from eBay, the Infoguard guys were demonstrating how simple it was to sniff one side of a VoIP call running over fiber. I’ve always thought that fiber was harder to sniff than copper lines, and for some reason always thought that it involved splicing into the fiber and therefore disrupting the service for a few seconds. The device Infoguard was using simple introduces a small bend into the fiber and uses the light that leaks out to capture the data. The device is about 800 pounds on eBay. A little much for day to day demos, but cheap enough to make this kind of attack a reality. So, make sure you’re encrypting your data before it hits the fiber. Nothing is safe nowadays.

Even Infosec Europe isn’t immune to a little bit of hacker fun. Although it’s not a Defcon logo, and  is more than likely just a configuration issue, the cash machine at the event didn’t seem to be so happy. Personally, I made the walk to a cash machine down the road, but each to their own I guess.

Overall Infosec this year was much the same as Infosec back in 2007. Same products, same vendors, same old same old. Still, networking opportunities made the trip well worth it. I’d like to thank everybody that I talked to at the SANS stand, as well as Core Security Technologies (thanks Alex/Mike), and  (@dakami I’ll buy you a Club-Mate at HAR2009). Next year, maybe I’ll stay home and just re-read the material from this year. I’m sure it’ll all be the same anyway 😉