This morning I delivered a talk at CONFidence 2007 in Krakow, Poland. I'd like to thank Andrzej Targosz and Jacek Artymiak for being the best hosts I've met at any conference. They got me at the airport, took me to dinner (along with dozens of others), and will take me to the airport (at 0430 no less!) tomorrow. I spent a good amount of time with Anton Chuvakin, Daniel Cid, and Stefano Zanero, which was very cool.
I'd like to mention two talks. First, I watched Paweł Pokrywka talk about a neat way to discovery layer two LAN topology with crafted ARP packets. Unfortunately, his talk was in Polish and I didn't exactly learn how he does it! I spoke to Paweł briefly before my own talk, and he said he plans to release a paper (in English) and his code (called Etherbat), so I look forward to seeing both.
Second, I attended Dinis Cruz's talk on buffer overflows in .NET and ASP.NET. I'm afraid I can't say anything intelligent about his talk. Dinis is a coding ninja and I really only left his talk with one idea: all general-computing platforms can be broken. What's funny is I'm not even sure Dinis would agree with me. His point seemed to be that .NET and ASP.NET (as well as other managed code environments) are breakable, but if implemented "properly," could be made not breakable.
Let's think about that for a moment. I'm sure the people who dreamed up .NET and ASP.NET are really smart. However, there are problems that render them vulnerable to people like Dinis. "Fine," you say. "Let Dinis help Microsoft fix the problems." Ok, Dinis helps implement a new version of this framework. A year or so later someone with a different insight or skill comes along and breaks the new version. And so on. This is the history of general purpose computing. I don't see a way to break the cycle if we continue to want developers to be able to write general purpose software. I am not speaking as a developer, but as an historian. We have been walking this path for over 20 years and I don't see any improvements.
Update: I forgot to mention that I liked Anton Chuvakin's definition of forensics:
Computer forensics is the application of the scientific method to digital media to establish factual information for judicial review.