Wednesday, May 17, 2006

CONFidence 2006 - trip report

I've just come back from a small conference in Krakow, CONFidence 2006. It was the second edition of this security conference, which is organized by a non-profit organization, PROIDEA, whose primary goal is to promote education in computer science. Apart from CONFidence, they also organize conferences focused on BSD systems and various training courses.

Below I describe some of the talks that I found particularly interesting among those which I managed to see...

Pawel Pokrywka gave a very interesting talk about security issues with DSL infrastructure as used by one of the biggest polish ISP. He discovered the auto-configuration protocol which is used to setup every single DSL modem of that company. He then prepared modem-emulator script which allowed him to get the configuration data (including username and password) for any modem in Poland he wanted. This could allowed an attacker to actually 0wn all the DSL modems belonging to this operator! It was the best presentation in my opinion, not only it was technically interesting, but also was very well presented.

Lukasz Bromirski is a system engineer in Cisco Poland and is a very popular speaker at polish conferences. He gave three (!) lectures there, about BGP Blackholing, Dynamic Routing Protocols (OSPF and BGP) and one more about network attacks on L2 and L3 levels. Lukasz turned out as a very knowledgeable and experienced network engineer who is also a good presenter.

Przemyslaw Frasunek is another frequent speaker at Polish conferences. He is a well known BSD expert, but his talk was about Bluetooth security. Although it wasn't kind of an '0day talk', I think it was a good introduction to Blootooth stack and several basic attacks and was very professionally presented.

I also liked the two talks presented by the members of the Security Team of Supercomputer-Network Center in Poznan. Blazej Miga talked very deeply about Apache architecture and internals, while Jaroslaw Sajko demoed how to write extension modules for IPTables. This team got lots of media attention in Poland last year, after they found several critical bugs in Gadu-Gadu, the most popular Polish IM communicator.

Overall, level of the talks was pretty good. Similarly like on other small conferences, the atmosphere was very cozy and friendly. Organizers took very good care of the speakers, taking us to various nice restaurants and entertaining all the time (even the day after the conference). Krakow is actually a very nice city, probably one of the nicest in Poland. It is a little bit like Prague - it has a very large old town, with lots of nicely decorated restaurants (in an 'old polish' style) serving very tasty food :)

It was also very positive to see how enthusiastic those people are and it was clear to me that they really do this conference for fun and not for profit. I wish them success with the next edition in 2007!


Joanna Rutkowska said...

maybe I will consider doing this after the conference in Taganrog ;)

Anonymous said...

It's been really nice to see you there, J :)

Anton Chuvakin said...

Holy cow, is this Taganrog in Russia? Do they have a security conference there, really?

Anonymous said...

Dear J ,
its nice to see you blog too , i really like your tools and articles , hope this way you will be in touch more than before :P