Security

As each year, the Security topic has tried to discover new topics as forensics and cover with fresh eyes topics already seen at RMLL as network security or identity management.

So, topics will be this year :

  • privacy and crypto
  • malwares and forensics
  • system and network security
  • applications security and vulnerabilities
  • identity management

Note : 2 workshops, one about forensics with DFF et one about RFID/NFC.

2013 Security topic chairmen are Mathieu Blanc, Christophe Brocas and Philippe Teuwen.

Interviews of 3 speakers :

GnuPG Status Report

Speaker(s) : Werner Koch

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Monday 8 July 2013
  • Schedule : 14:00
  • Duration : 40 minutes
  • Place : H 2215
Fils rouges : Au quotidien
Public cible : ProfessionnelsGeeks
The GNU Privacy Guard is the standard tool for data and mail encryption as well as for creating digital signatures. First released in 1997, GnuPG is well matured software with a strong focus on quality releases and backward compatibility. It is core component of all Linux distributions and also av... Read more

Full disk encryption on Linux, only an impression of security ? Second round.

Speaker(s) : Kevin Denis

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Monday 8 July 2013
  • Schedule : 14:40
  • Duration : 40 minutes
  • Place : H 2215
Fils rouges : Au quotidien
Public cible : Geeks
Full disk encryption on Linux is an answer to a great number of security issues related to data confidentiality and integrity. This conference presents a study of disk encryption on Linux in 5 parts:
 The cryptsetup header
 Human interface: implementation and use
 Data overwriting
&nb... Read more

Malware on Linux platform

Speaker(s) : Paul Rascagneres

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Monday 8 July 2013
  • Schedule : 15:20
  • Duration : 40 minutes
  • Place : H 2215
Public cible : Grand publicProfessionnelsGeeks
Malware target more and more Linux platforms. The purpose of the talk is to present last linux malware. How do they work, what are their goals and few technical analysis of this malware.
Paul Rascagneres is the creator of the project malware.lu and the creator of the first private CERT in Luxembourg... Read more

An introduction to digital forensics

Speaker(s) : Solal Jacob

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Monday 8 July 2013
  • Schedule : 16:20
  • Duration : 40 minutes
  • Place : H 2215
Public cible : Grand publicProfessionnelsDécideursGeeks
This presentation have for goal to explain what is digital forensics and when/why you need to conduct a computer investigation. What’s the advantage of using open source tools rather than commercial one for the practitioner of this field. And finally to presents in more details the GPLv2 tools... Read more

CMS audit, ask more than the release number

Speaker(s) : Antoine Cervoise

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Monday 8 July 2013
  • Schedule : 17:00
  • Duration : 40 minutes
  • Place : H 2215
Public cible : ProfessionnelsGeeks
Content Management Systems are everywhere in the World Wide Web and in the different Intranet; due to the large number of CMS available on the market, a lot of users choose free software CMS.
Using a CMS requires you to use the same rules you use with any other software : correct configuration, remo... Read more

Logging and Free Software. 2013. State of the Art.

Speaker(s) : Peter Czanik

  • Language : Anglais
  • Level : Newbie
  • Nature : Conférence
  • Date : Tuesday 9 July 2013
  • Schedule : 09:20
  • Duration : 40 minutes
  • Place : H 2215
Public cible : Grand publicProfessionnels
This talk will answer to following questions that you may have about, logging, standards and free software in 2013 :
. What is syslog? What is syslog-ng?
. Why logging and log management are important? And why to do it centrally?
. What’s wrong with free form text messages? Why should one use ... Read more

What will you investigate today?

Speaker(s) : Xavier Mertens

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Tuesday 9 July 2013
  • Schedule : 10:00
  • Duration : 40 minutes
  • Place : H 2215
Fils rouges : Open Data
Public cible : ProfessionnelsDécideursGeeks
With the continuously growing infrastructure used inside companies, it became very difficult to extract the right information at the right time in case in security incident. Even more, it could be a good idea to search for potential issues based on behavioral monitoring. Finally, the Internet offers... Read more

Defend your network from Microsoft Word upload with Suricata and Netfilter

Speaker(s) : Eric Leblond

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Tuesday 9 July 2013
  • Schedule : 11:00
  • Duration : 40 minutes
  • Place : H 2215
Public cible : ProfessionnelsGeeks
This talk will present some advanced usage of Linux QoS, Netfilter and Suricata to demonstrate how they can be used together to fight against one of the plague of modern time: Microsoft Word.
After a introduction of the different components, the talk will focus on their interaction and explain how u... Read more

Opening up mobile and telecommunications networks: from walled garden to open and reviewed security

Speaker(s) : Pierre-Olivier Vauboin, Omar Awile

  • Language : Anglais
  • Nature : Conférence
  • Date : Tuesday 9 July 2013
  • Schedule : 11:40
  • Duration : 40 minutes
  • Place : H 2215
Public cible : ProfessionnelsGeeks
Telecommunication networks differ from IP networks in several important aspects. First, telecom networks have to provide the infrastructure ensuring high-availability, high throughput as well as resilience for a wide range of services. Second, telecom networks must offer support for legacy network e... Read more

Workshop "Being an investigator" : Solving a digital crime with DFF

Speaker(s) : Solal Jacob

  • Language : Anglais
  • Level : Confirmed
  • Nature : Atelier
  • Date : Tuesday 9 July 2013
  • Schedule : 14:00
  • Duration : 120 minutes
  • Place : H 2111
Fils rouges : Atelier
Public cible : Grand publicProfessionnelsDécideursGeeks
Have you ever dreamed of being an expert like in the NCIS TV show ? This workshop is for you ! You will learn how to use DFF to conduct the analysis of a provided disk image in order to be able to answer the questions (who, what, where, when, why & how) which lead to solve a digital investigatio... Read more

RFID/NFC security & privacy workshop

Speaker(s) : Philippe Teuwen

  • Language : Anglais
  • Nature : Atelier
  • Date : Tuesday 9 July 2013
  • Schedule : 16:20
  • Duration : 120 minutes
  • Place : H 2111
Fils rouges : Au quotidienAtelier
Public cible : Grand publicGeeks
Two main goals of this workshop are:
 highlighting the privacy and security issues in some deployments (epassports, transportation cards, card emulation, relay attacks...).
 giving the open source tools and knowledge to the audience so that they can go back home and try stuffs by themselve... Read more

Securing PostgreSQL From External Attack

Speaker(s) : Bruce Momjian

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 10:00
  • Duration : 40 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/securing-postgresql-from-external-attack/

Fils rouges : Open Data
Public cible : ProfessionnelsDécideursGeeks
This talk explores the ways attackers with no authorized database access can steal Postgres passwords, see database queries and results, and even intercept database sessions and return false data. Postgres supports features to eliminate all of these threats, but administrators must understand the at... Read more

cve-search - a free software to collect, search and analyse common vulnerabilities and exposures in software

Speaker(s) : Alexandre Dulaunoy

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 10:40
  • Duration : 40 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/cve-search-a-free-software-to-collect-search-and-analyse-common-vulnerabilities-and-exposures-in-software/

Fils rouges : Open DataCloud
Public cible : ProfessionnelsDécideursGeeks
cve-search is a free software to collect, search and analyse common vulnerabilities and exposures in software. cve-search growed organically over the past months in a modular system to fetch, index, search and analyse Common Vulnerabilities and Exposures (CVE) and Common Platform Enumeration (CPE) a... Read more

Setting up a Secure Development Life Cycle with OWASP

Speaker(s) : Sebastien Deleersnyder

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 11:20
  • Duration : 40 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/setting-up-a-secure-development-life-cycle-with-owasp/

Fils rouges : Enjeux sociétauxOpen DataCloud
Public cible : ProfessionnelsDécideurs
Using the OWASP Software Assurance Maturity Model (OpenSAMM) as a framework, this talk covers the major application security controls of a secure development lifecycle program as provided by OWASP. Featured OWASP open source material include: OWASP guidelines and tools such as ESAPI, ZAProxy, as wel... Read more

(Net|s)Flow: Security events detection in a university

Speaker(s) : Cedric Foll

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 12:00
  • Duration : 20 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/netsflow-security-events-detection-in-a-university/

Fils rouges : Au quotidien
Public cible : ProfessionnelsGeeks
NetFlow/sFlow with open source tools in a university.
The aim is to show how these tools can detect several security issues:
misuse
tunnels
Portscan
infected computers
...
Former CSO of French Ministry of Education, former CSO of local department of French Ministry of Education in Mayotte, currently... Read more

Automating Security Policies, from deployment to auditing using Rudder

Speaker(s) : Jonathan Clarke

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 14:00
  • Duration : 40 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/automating-security-policies-from-deployment-to-auditing-using-rudder/

Fils rouges : Cloud
Public cible : ProfessionnelsDécideurs
Designing, applying and keeping track of security-oriented rules for your IT infrastructure can be a time-consuming, costly and approximate job. Whether you’re in charge of defining the policy, implementing it or checking for discrepencies, you’ll be aware that all of this takes time, of... Read more

Security@Mozilla

Speaker(s) : Yvan Boily

  • Language : Anglais
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 14:40
  • Duration : 40 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/securitymozilla/

Fils rouges : Au quotidienEnjeux sociétauxOpen Data
Public cible : Grand publicProfessionnelsDécideursGeeks
As an open source project and a not-for-profit, Mozilla is strongly dedicated to being transparent as an organization, in our processes, products, and day to day business.
As the stewards of the Firefox family of applications and platforms, and several powerful new services, security has become incr... Read more

SAML, SSO 4 Skilled people

Speaker(s) : Clément Oudot

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 15:20
  • Duration : 40 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/saml-sso-4-skilled-people/

Fils rouges : Cloud
Public cible : ProfessionnelsDécideursGeeks
SAML, SSO 4 Skilled people
SAML (Security Assertion Markup Language) is a standard born at the beginning of the XXI century, providing SSO (Single Sign On) and SLO (Single Logout) mechanisms for decentralized identities and applications running on the Internet.
The version 2.0 of the standard, unif... Read more

History and design principles of the Belgian eID card

Speaker(s) : danny de cock

  • Language : Anglais
  • Level : Newbie
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 16:20
  • Duration : 40 minutes
  • Place : H 2215
Fils rouges : Au quotidienEnjeux sociétaux
Public cible : Grand publicProfessionnelsDécideurs
In this talk, we will give an overview of the rationale behind the design, and the history of the Belgian eID card.
Danny De Cock received a Master’s Degree in Computer Science at the Katholieke Universiteit Leuven (Belgium) in 1996 and a Ph.D in Engineering Science from the same university in... Read more

Open Source eID Projects

Speaker(s) : Frank Cornelis

  • Language : Anglais
  • Level : Newbie
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 17:00
  • Duration : 40 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/open-source-eid-projects/

Fils rouges : Au quotidien
Public cible : ProfessionnelsGeeks
We present the various open source projects related to the Belgian eID card and how these are used as e-government enablers.
Frank Cornelis is working as JavaEE freelance for various companies in the security sector. He is focusing on startup of product development, development teams and software fa... Read more

Mozilla Persona for your domain

Speaker(s) : François Marier

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conférence
  • Date : Wednesday 10 July 2013
  • Schedule : 17:40
  • Duration : 20 minutes
  • Place : H 2215

Video : http://video.rmll.info/videos/mozilla-persona-for-your-domain/

Fils rouges : Au quotidienEnjeux sociétauxCloud
Public cible : ProfessionnelsGeeks
Passwords are a big problem on the Web. Users pick bad ones and re-use
them all over the place, developers can’t seem to be able to secure
them. We need something better, but almost all of the new login systems
for the Web rely on centralised gate keepers. We can do better than this.
Persona i... Read more