Report from BSDCan, Part I

I was fortunate enough to be accepted to deliver two presentations at BSDCan 2005 today. I attended the first BSDCan last year, and this year's event seems to have attracted a bigger crowd. I heard somewhere between 150 and 190 attendees are roaming the University of Ottawa campus.

This morning worked out very well. My wife and I took our 6 month old to the airport for her first trip -- except my wife and child flew to Detroit for a wedding, and I flew to Ottawa for BSDCan. (Thanks Aimes!) I landed in time to see the rest of Colin Percival's Hyper-Threading Vulnerability talk. You can read Colin's paper in .pdf format here. This problem is not limited to FreeBSD. It affects any operating system running on an Intel HTT-capable CPU. The attack Colin discusses:

"permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected."

After Colin's talk I participated in my first real author's book signing. I signed several copies of my book and asked the other participants to sign copies of their books I hauled from home. Unfortunately copies of my book never made it pass the border patrol! That's another story, and not my fault. :)

Immediately after the signing I hustled to set up and present Keeping FreeBSD Up-To-Date. This talk was based on my paper of the same name. Those interested in keeping applications up-to-date will find another paper on that page describing that process.

During lunch I attended a planning session of the BSD Certification Group. They reminded me to complete the task survey to help guide our certification development process.

No sooner was lunch done than I had to hurry to another room and deliver my talk More Tools for Network Security Monitoring. In addition to NSM, I discussed the new Net Optics PCI tap, Flowgrep, IPCAD, and MODE Z. You may recognize one or more of these topics as being recent blog postings.

After my second presentation I listened to Kris Kennaway describe the FreeBSD Package Cluster. You can see error logs from pointyhat, which is the master server which coordinates the package building process.

Immediately after this class ended I found myself at the BSD Certification BoF. I attended with George Rosamond, Dru Lavigne, Dan Langille, Marc Spitzer, and Jim Brown from our group. We spoke with about 50 attendees who wanted to know more about the certification process. We also solicited their advice and emphasized that our bsdcertification.org group is in no way affiliated with the crew using the .com site.

Tomorrow evening I fly home, but I hope to report on Saturday's events during the conference.

Comments

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4