AusCERT2019: An interesting experience
- 04 June, 2019 09:02
Wow, I have to say a lot happened in the last two days of May 2019. I am not sure where exactly I should start but let's make it simple and start from the beginning – 4:30 am on Thursday the 30th of May. My alarm started to sound, and I reluctantly reached over and switched it off. I lay there for a few moments thinking its way too early for this, but I pushed myself to get out of bed and headed for that needed shower, followed by a nice and strong cup of hot coffee (That was exactly what I needed to get me going). I checked that I had everything I needed to for the couple days at the conference and left on my 2 ½ hour commute. I was worried that I may have left it too late by leaving at 5 am but the traffic ran smoothly as I made my way from the north side of Brisbane down to the Gold Coast.
As I got to the Helensvale exit that takes you in towards the ocean and the Gold Coast I had a bit of nostalgia creep in (quite a few years ago I worked for Gold Coast Tourism on Ferny Ave, just down the road from the Marriot where the conference was being held). Obviously, it had been some time since I did that same drive into Surfers Paradise, but it just clicked and felt like old times. I finally arrived at the Marriot, the anticipation was rising as I started to think about what the next two days would bring. This was my first time attending the AustCERT conference so really wasn’t sure what to expect, would it be just the same old security conference? You all know what I mean, the same vendors, the same presentations, the same people as is at all the conferences.
I am happy to say that wasn’t the case, yes indeed there was the same bespoke security vendors and I chatted with them all to see what they had new or whatever, but I saw some new vendors as well which is great to see. Some fresh perspectives on some new and some old ideas (nothing earth shattering but it was still good to have new ways of looking at things).
As far as the presentations go I can think of a few standouts over the two days that I really enjoyed. Mikko Hypponen's presentation "Computer Security: Yesterday, Today and Tomorrow", Now this guy is super funny and is a gifted presenter. Sort of a storyteller relating back to the history of how it all started and how he feels it is heading. If you ever get the chance to sit in on one of his presentations, do it, you will be thankful you did.
There was another talk from Troy Hunt who I have seen present a few times before, but he is also a pleasure to watch for both educational reasons and for the entertainment value. The main point from his talk that stood out to me was when he tested one of those ridiculously secured phone/GPS tracking watches that parents are getting their children, so they can call or track them anytime they want. With some simple app manipulation One of Troy's colleagues was able to call the smartphone and talk to Troy's 6-year-old daughter (Troy was filming it at the time), they also were able to manipulate the GPS information to trick the app into displaying incorrect GPS location information, he made it look like Troy's daughter was in the middle of the water.
The sad thing is that this wasn’t a sophisticated hack, it was just input and output manipulation to allow them to access to devices that they should not be able to. It’s a scary thought and I have discussed devices like these in my smart home article a few weeks back. So, point to remember here, security on these devices isn’t very good at the moment so really consider these things before you all go out and strap them to your children's wrists.
On Friday morning there was a great talk from Jessy Irwin, which challenged some standard ways of thinking and I enjoyed how it made me consider about our industry. Basically, we are almost stuck in this terrible loop of bad ideas, followed by more bad ideas that are just completely insecure. We can do better if we band together as a coherent industry to make things better for all areas of our society, not just security.
I was also able to hang out with Abigail Swabey, it was great to catch up and talk all things CSO and this world of security. Anyone who past by the CSO stand would have certainly left with a sugar high, the selection of lollies/sweets was impressive. It was great to see a strong presence of CSO at the conference and I was informed that is a regular thing at the AusCERT conferences over the years.
Thursday nights gala entertainment with neon-lit waterjet fireworks shows, where the waterjet wearer shot fireworks form his arms straight past my balcony from the pool area below. I have to say I was a little surprised and it quickly grabbed my attention from the work I was trying to catch up on in my motel room. Certainly, a different entertainment but it will be memorable, to say the least for all who saw the show.
With many a conversation, some fresh new ideas for both articles and my day job pulsing around my brain the conference came to a hilarious end with an intentionally comedic debate on normally some very serious topics in the security industry. I think that debate was brilliant at finishing off a mind draining two-day influx of information and new approaches that I believe left all who made it through the full two days unscathed a new sense of can-do attitude and an understanding that our jobs are way too serious. We need to allow ourselves to have a bit of a laugh at ourselves sometimes and keep fighting the good fight.
Till next time...