2008 – Day 1

Well it’s the conclusion of Day 1 of (The official conf doesn’t start till Wednesday – but the mini-confs are just as much value). I hovered between the security mini-conf and a few others. Michael Davies gave a quite informative talk on signing code fragments before they end up in distro repos. Enno Davids talk on self-defending networks was pretty neat. He had some good insight into the issues surroung DDoS attacks – particular he propogates some useful ideas that might make use of ICMP to signal pwned bot hosts operating systems to back off for a little while. (Of course this assumes that the essential integrity of the bot herd’s host operating system is not compromised 😉 . There was a very neat lighting talk from a real white-hat hacker (who seems fairly grey in a lot of his outlook) called Metlstorm. He is a Kiwi his alterego is Adam Boileau. Pretty smart guy working on a lot of projects. ssh-jack allows you to eavesdrop on a ssh session on your host, without letting the user being aware – purportedly to keep an eye on the bad guys.

We also had a pretty long-winded GPG key signing party. Unfortunately I feel pretty deflated after finding about I got duped by one of the attendees with dubious ID – . What I am more dissapointed in is that the keysigning herd didn’t protect itself, instead letting everyman fend for themselves. Clearly in my mind a true Web of Trust ought to protect itself when an attack on it’s integrity is observed. I can only blame myself for accepting Martin’s ID (and in hindsight I can remeber even what it looked like), but I do feel there should be an obligation to protect each other.