Recent conferences’ reports

It seems like the blog has been dead for more than two months, mainly due to kind of wrong priority hierarchy – there was always something interesting to research, even when I should be busy writing a next interesting post on my blog ;)

The recent weeks haven’t been wasted at all, as the site state might suggest. Thanks go to the SecNews admin for dropping a line about this place, a few days ago – the sudden visit rate increase was really motivational to keep on posting here. Since now, I’ll try to redesign my priorities so as to spend more time on the blog development, but life will show how will I handle it.

What I am going to describe today is not a technical subject at all (though strongly related to). During recent times I’ve been present at a few really well-organised conferences (though not every I wanted to attend), all of which I am going to mention here. The most popular one, CONFidence 2009 will be described in detail while the other ones will only be briefly introduced to the reader.

In order to follow a chronological order, I’ll begin with the IGK (VI Ogolnopolska Konferencja Inzynierii Gier Komputerowych) conference. It took place in Siedlce (central Poland), a cute city laying something like 80 kilometers from Warsaw (east direction), and was three days long. The whole event began on the 20th March, at about 4PM in the “Akademia Podlaska” building, with a formal opening. Right after then, three initial lectures has been presented by the academy workers. After their presentations (which all were of decent level, imo), the participants have been taken to the hotel. The rest of the evening was spent mostly on setting-up the necessary devices and having fun owning other players in Quake3Arena via a LAN. When it comes to the second day, the participants’ papers were being presented all the day, till 2-3PM hour (there was a lunch break somewhere in the middle). Next then, the Farm51 company had nearly 2 hours to present the development track of their latest release – NecroVisioN FPS game (the guys did a really good job, imo). When their performance was over, time has come for an IT quiz organised by Regedit – since I was a little bit late, I missed a chance to take part in it, but observing the game from 3rd person’s perspective was also very entertaining.

As always, the Compo subject had to be chosen by the participants (the organisers suggested three possibilities), and what should not be a surprise, the “psychodelic game” won by majority vote. Since 6 of the Vexillium members attended the event, we decided to divide into two teams (3+1 team), with an extra person in each. The competition preperations made it unable for my team to sleep, thus we were discussing some gameplay related issues till the 5AM hour, when we decided to get some rest, anyway ;) After 8 hours of coding hard, the so-called “Eleven” team (which was apparently my team) managed to create an undoubtly psychodelic game, but whether it is “playable” or not – this is another matter. Rzenicy Inc. team turned out to be this year’s winners, by creating a production that actually wiped all the other games out. Congratz & GW! The final evening was nothing else but playing classing games like Q3A, Starcraft:BW and a few others in a net consising of nearly 20 computers connected by a few switches, access points and an infinite number of cables. That would probably be enough in the IGK case – all in all, the entire event was a really nice chance to meet people working in the gamedev industry ;)

Just a week after then, another (security oriented, this time) conference was held in Wroclaw (30-31th of March). Unfortunately, I had some other trip planned before, so I had no possibility to be there on time. As far as I know, it was an intimate event, though very successful in terms of technical level. You can (and have probablydone it) get more information at Gynvael Coldwind’s post.

Going further in time, I had the pleasure to take part in SEConference – as the name itself suggests, it’s a conference directed towards the technical aspects of security in its general meaning. To make things short – the event was organised in Cracow, free of charge (if one wanted to participate, he had to register online), and one day long. As for a free conference, the organisation as well as the presentations were apparently prepared very carefully. I especially enjoyed three of the planned lectures -> Piotr Konieczny, Gynvael Coldwind and Borys Lacki – their appearance was really impressive, in my opinion. Some of the materials have already been published and can be downloaded from here.

Straight to the point, already! ;)
Since CONFidence was held just a few days ago, I am still fresh and have many feelings to write about. Not to rush too much, let’s start with some basics.

CONFidence 2k9 was the fifth edition, and it is very likely that we can expect it to take place in next years, too. No changes have been applied when it comes to the location – the conference took place in Cracow, on 15-16th May 2009. It is one of the biggest security events in Poland (if not the biggest one), where the all the lectures and talkings are in english – no wonder as the CONF organisers invites experts from all over the world. An entire cinema building has been reserved for the event – speeches were given in the movie-room, while other entertainment means provided (I’m going to describe those, further) were present in the main hall – this includes various kinds of snacks and drinks.

In the evenings, when one wanted to meet new people in a bit loosier atmosphere, he could just go to the Kijow Club, where the Before and After parties were held. I particularly liked the idea of Hackers-Movie Night during before-party – three or four hack-related films were played in the mentioned club, most of which I haven’t seenyet. Everything would be fine if only the Kijow Club would be a little bit larger –   it was way too small to accomodate every single participant, or even half of themin its current state. I think this resulted in decreased integretation amongst people, that chose spending time in their own groups of friends, but that’s only my personal opinion. To make things worse, even if one went to the after-party, it was simply impossible to talk with the others due to a horribly loud music being played by a local DJ.

Despite the conference itself, the orgs took steps to provide a decent accomodation during these days. To be exact, two so-called “Hackers Squad” hostels have been booked for exclusive CONF-participant use. The distance between HS and the cinema building was no more than 100 meters – kind of perfect location ;) There is nothing I could complain about when it comes to HackerSquad, except the fact that the WiFi signal was kind of weak and unavailable in the room I was staying at, but it was always possible to sit on a sofa in the anteroom and get regular access.

Back to the conference – another nice thing I enjoyed during CONF2k9 were the competions organised by both the sponsoring companies (F5,ESET) and the Confidence itself (Capture the Flag). Since I love competing with the others, I wasn’t present at every single lecture I initially wanted to.

Personally, I have generally been busy playing with the Capture The Flag competition tasks (there were 15 of them) for most of the time. It was divided into 3 fields: Networking, Web and Forensics, 5 objectives in each. To be honest, many of those tasks were very informative and tought me things I haven’t yet been aware of (PHP alternate data streams, for instance). While I was fighting with the above, Gynvael took care of a CrackMe application released by ESET company especially for this event – and won the main prize that turned out to be a 320GB HDD (I don’t know more details, check out this post to get some technical information). It wasn’t particularly hard to beat, though a very curious protection scheme has been put into use, that has once been explained in one of the Xploit magazine editions.

One thing I really disliked about the organisation were the meals being served as a “dinner”. Not to write too much, the portions given to a single participants were ridiculously small, especially when comparised to their price. Fortunately, sandwiches and juice were available all the time, but it is not a good thing to take money for something that is neither expensive nor makes people full. As far as I know, it is not only my opinion and this single problem should somehow be dealed with in the next editions.

As for the lectures (the actual heart of a conference, isn’t it?), I was really impressed by Bruce Schneier talking about three different approaches to computer security (the talkings were being recorded and are hopefully going to be released soon, so I won’t spoil too much here) and Joanna Rutkowska explaining the technical details of how are the Intel’s latest Trusted Computing mechanisms designed and implemented. I find these two presentations best of all I could furtherly see. Another interesting speeches that draw my attention were: “Lockpicking 101” by Walter Belgers, “Race to Bare Metal: UEFI and Hypervisors” by Martin Mocko, “Bakeca.it DDoS: How Evil Forces Have Been Defeated” by Alessio L.R. Pennasilico and finally “Corporate Security and Intelligence: the dark links” by Raoul Chiesa. The above are IMO remarkably good and worth watching when they appear on the public. A complete agenda may be found here.

On the whole, I find CONFidence 2009 a very good event, when it comes to organisation, participants and technical level. Except the two or three minor things I would improve in next editions, I am under big impression towards people I could meet at the place – keep doing the great job!

It seems to be everything I currently would like to describe, as new facts starts coming up to my mind, I will respectively extend this post :P

PS. I encourage everyone present one of the above event to express your own opinion and thoughts.