Thursday Sep 15, 2005
08:30 Registration and Morning Coffee
09:00 Opening Words, Tomi Tuominen
09:15 Keynote: The Web - Bottomless Cornucopia and Immense Garbage Dump
Fravia
10:15 Coffee
10:30 Keynote: The Web - Bottomless Cornucopia and Immense Garbage Dump
Fravia
11:30 Lunch
12:30 Scapy - explore the net with new eyes
Philippe Biondi
Life at the Virus Frontlines
Mikko Hyppönen, Gergely Erdelyi
F-Secure Oyj
13:30 Break
13:45 Scapy - explore the net with new eyes
Philippe Biondi
Life at the Virus Frontlines
Mikko Hyppönen, Gergely Erdelyi
F-Secure Oyj
14:45 Coffee
15:00 Miten lait säätelevät tietoliikenteen ja tietojärjestelmän valvontaa ja tutkimista?
Pekka Kiviniemi
Asianajotoimisto Jukka Kallio Oy - Attorneys at Law
Heikoin lenkki - ilmiö nimeltä Social Engineering
Tomi 'T' Tuominen
16:00 Closing Words for the 1st day, Tomi Tuominen
16:15 Cocktails & Networking
19:00 Cocktails & Networking ends

Friday Sep 16, 2005
08:30 Morning Coffee
09:00 Opening Words, Tomi Tuominen
09:15 Diff, Navigate, Audit - Three applications for graphs in reverse engineering
Halvar Flake
Adidaksesta automaatioon - laajan Windows-ympäristön policy-pohjainen hallinta
Erka Koivunen
Elisa Oyj
10:15 Coffee
10:30 Diff, Navigate, Audit - Three applications for graphs in reverse engineering
Halvar Flake
Adidaksesta automaatioon - laajan Windows-ympäristön policy-pohjainen hallinta
Erka Koivunen
Elisa Oyj
11:30 Lunch
12:30 Symbian OS Security
Job de Haas
ITSX
FFF Wizardry - Finding Forbidden Fruit
n/a
13:30 Break
13:45 Symbian OS Security
Job de Haas
ITSX
FFF Wizardry - Finding Forbidden Fruit
n/a
14:45 Coffee
15:00 Symbian malware - mitä se on ja miten siitä pääsee eroon
Jarno Niemelä
F-Secure Oyj
Total Information Awareness - verkkoliikenne uudesta näkökulmasta
Pekka Pietikäinen
OUSPG
16:00 Closing Words, Tomi Tuominen
16:00 Conference Ends

Keynote: The Web - Bottomless Cornucopia and Immense Garbage Dump

Fravia

(Fravia has promised to prepare completely new material for T2'05. Meanwhile here is some food for thought.)

The Path of the Seeker

Like a skilled native, the able seeker has become part of the web. He knows the smell of his forest: the foul-smelling mud of the popups, the slime of a rotting commercial javascript. He knows the sounds of the web: the gentle rustling of the jpgs, the cries of the brightly colored mp3s that chase one another among the trees, singing as they go; the dark snuffling of the m4as, the mechanical, monotone clincking of the huge, blind databases, the pathetic cry of the common user: a plaintive cooing that slides from one useless page down to the next until it dies away in a sad, little moan. In fact, to all those who do not understand it, today's Internet looks more and more like a closed, hostile and terribly boring commercial world. Yet if you stop and hear attentively, you may be able to hear the seekers, deep into the shadows, singing a lusty chorus of praise to this wonderful world of theirs -- a world that gives them everything they want. The web is the habitat of the seeker, and in return for his knowledge and skill it satisfies all his needs.

The seeker does not even need any more to hoard on his hard disks whatever he has found: all the various images, musics, films, books and whatsnot that he fetches from the web... he can just taste and leave there what he finds, without even copying it, because he knows that nothing can disappear any more: once anything lands on the web, it will always be there, available for the eternity to all those that possess its secret name...

The web-quicksand moves all the time, yet nothing can sink.

In order to fetch all kinds of delicious fruits, the seeker just needs to raise his sharp searchstrings. In perfect harmony with the sourronding internet forest, he can fetch again and again, at will, any target he fancies, wherever it may have been "hidden". The seeker moves unseen among sites and backbones, using his anonymity skills, his powerful proxomitron shield and his mighty HOST file. If need be, he can quickly hide among the zombies, mimicking their behaviour and thus disappearing into the mass.

Moving silently along the cornucopial forest of his web, picking his fruits and digging his jewels, the seeker avoids easily the many vicious traps that have been set to catch all the furry, sad little animals that happily use MSIE (and Outlook), that use only one-word google "searches", and that browse and chat around all the time without proxies, bouncing against trackers and web-bugs and smearing all their personal data around.

Moreover the seeker is armed: his sharp browser will quickly cut to pieces any slimy javascript or rotting advertisement that the commercial beasts may have put on his way. His bots' jaws will tear apart any database defense, his powerful scripts will send perfectly balanced searchstrings far into the forest.

Fravia+, speaks five languages and graduated in Berlin as historian of the early middle ages. He works -since 20 years- as an expert in linguistic-related informatic matters. Active on the web since 1995 in the reverse engineering field, he shifted five years ago his interests towards advanced web searching techniques and search engines' algorithms reversing. His sites ( www.fravia.com and www.searchlores.org ) offer an in-depth approach to the many lore related to internet data mining.


Scapy - explore the net with new eyes

Philippe Biondi

First part of the speech will be about what the author thinks is wrong with almost all packet building tools, packet analysers, network discovery tools, network probing tools, attack tools, etc.

The second part will concentrate on Scapy, a python program that uses the interpretor's mainloop to enable you interactively manipulate packets, send them, probe the network, etc. Philippe will go on and try to show what he did to fix what he thought was wrong with all the other tools.

After a basic introduction to Scapy, He will show you real life examples, from vulnerability research (and finding!) to network discovery.

Philippe Biondi is a research engineer and security expert working at the EADS Corporate Research Center. He is a member of the French Honeynet Project and co-author of LIDS ( http://www.lids.org ). He is the author of Scapy ( http://www.secdev.org/projects/scapy ) and Shellforge ( http://www.secdev.org/projects/shellforge ) and plethora of other tools ( http://www.secdev.org/ ).


Miten lait säätelevät tietoliikenteen ja tietojärjestelmän valvontaa ja tutkimista?

Pekka Kiviniemi @ Asianajotoimisto Jukka Kallio Oy - Attorneys at Law

Esityksessä perehdytään haastavaan ja keskustelua herättävään aiheeseen siitä, mitä rajoja voimassa oleva oikeus asettaa tietoliikenteen ja tietojärjestelmän seuraamiseen ja valvontaan. Sähköpostiliikenteen tarkkailua lainsäädäntö määrää tarkimmin. Toisaalta muun Internetin tietoliikenteen tarkkailua säädellään huomattavasti vähemmän. Tietoverkot ovat lainsäädännön näkökulmasta usein täynnä henkilötietoja, joita lainsäädäntö suojaa tiukasti. Aihepiirin haasteina ovat myös tiedon salassapidon ongelmat. Toisaalta tietoverkoissa olevia tietoja voi olla jopa velvollisuus paljastaa viranomaisille. Esitys kannustaa kysymyksien esittämiseen ja keskusteluun.

Pekka Kiviniemi toimii sähköisen liiketoiminnan kysymyksiin erikoistuvana juristina Asianajotoimisto Jukka Kallio Oy:ssä. Hän on myös työskennellyt teknologiajuridiikkaan erikoistuneessa asianajotoimisto Brown, Raysman, Millstein, Felder & Steiner LLP:ssa New Yorkissa. Hän on kirjoittanut kirjan ja artikkeleita erikoistumisalueisiinsa liittyen ja kouluttanut yrityksiä Suomessa, Latviassa ja Yhdysvalloissa.


Life at the Virus Frontlines

Mikko Hyppönen, Gergely Erdelyi @ F-Secure Oyj

This presentation is split in two parts (first in Finnish, second in English). We'll be discussing recent developments in the virus world, including new viral platforms we've seen lately and the raise of commercial virus writing from our point of view. We'll present various new virus techniques we've run into in the F-Secure virus labs. Then we'll discuss on practical level how we analyse viruses with manual and automatic methods and show some of the custom tools we've built. There will also be a demo on how to code visualization on any code - viral or not.

Mikko Hyppönen työskentelee tutkimusjohtajana F-Secure Oyj:ssä, vetäen yhtiön virustutkimusyksikköä. Hän on tutkinut tuhansia virustapauksia viimeisen 15 vuoden aikana. Hyppönen on konsultoinut tietoturva-asioita mm. Suomen valtionhallinnolle ja puolustusvoimille, Interpolille, Scotland Yardille, Yhdysvaltojen salaiselle palvelulle sekä liittovaltion poliisille.

Gergely Erdelyi was born in Hungary in 1978. He became interested in computer viruses in 1995 and a year later he joined the Hungarian Virus Buster Team as a Virus Analyst. In 2001 he joined F-Secure's Antivirus Research and Response Team and has been working there since. He is doing research in the area of binary viruses on Win32 and Linux platforms. His freetime is devoted to his fiancee, photography, cinema, electronics and exotic computers.


Heikoin lenkki - ilmiö nimeltä Social Engineering

Tomi 'T' Tuominen

Termillä Social Engineering kuvataan yleisesti menetelmää, jolla ihmistä manipuloidaan antamaan tietoja tai suorittamaan haluttu tehtävä. Esityksessä tutustutaan käytännön esimerkkien avulla viimeisimpiin tekniikoihin.

Tomi "T" Tuominen on työskennellyt tietoturvan parissa vuodesta 1991 lähtien. Hän seuraa alaa tiiviisti ja on tunnettu puhuja alan tilaisuuksissa. Nykyisin hän toimii TietoEnator Oyj:ssä tietoturvatehtävissä.


Diff, Navigate, Audit - Three applications for graphs in reverse engineering

Halvar Flake

The talk will present three applications of directed graphs to reverse engineering:Abstract graph theory will be used to construct a methodology for comparing executables (e.g. "diff"ing security updates), a graph-based visualisation framework for navigating executables and visualize execution flow will be presented and some ideas for using graphs for detection of vulnerabilities in executables will be discussed.

With more than 6 years experience in reverse engineering and a background in mathematics, Halvar Flake co-founded SABRE Security in 2004 to conduct research in applying mathematics to reverse engineering and security analysis.


Symbian OS Security

Job de Haas @ ITSX

The presentation will cover a basic intro into Symbian from a security perspective. It will show that it mostly is security from the era of Windows 98. Possible topics include analysis of known viruses and trojans, attack demonstrations, tools to aid reverse engineering of Symbian OS programs or the OS itself. Show some differences between the different Symbian licensees such as Nokia and SonyEricsson. Show the security measures that have been taken or that could or should be taken. Introduce the new features in the upcomming release v9 of Symbian OS.

Job de Haas got involved in the area of Internet and security in 1991, during his studies in Electrical Engineering, when he responded to internet providers' offers to hack their sites and win a free account. Following post-graduate studies in Electrical Engineering and three years of work in aerospace robotics at the Dutch National Aerospace Laboratory, he worked for DigiCash, where he acquired experience in cryptographic techniques used in secure, anonymous payment systems for the Internet. As ITSX Technical Director, Job leads and supervises pentetration test teams. At ITSX, Job has been involved in research into Solaris Kernel hacking, SMS and WAP security and he is currently a member of the Honeynet Project. Currently his main interest is in mobile phone security.


Symbian malware - mitä se on ja miten siitä pääsee eroon

Jarno Niemelä @ F-Secure Oyj

Symbian laitteissa toimivat madot, virukset ja troijalaiset ovat muuttuneet teknisestä kuriositeetista uhkaksi. Nykyään Symbian haittaohjelmat ovat vielä harvinaisia. Mutta useissa maissa tehdyt Cabir ja Commwarrior havainnot osoittavat että, tilanne jossa yrityksen työntekijän älypuhelin saastuu ja tarvitsee puhdistusta, tulee ajan myötä yhä todennäköisemmäksi.

Esityksen tavoite on antaa tarvittavat tiedot Symbian virusten ja troijalaisten tunnistamiseen ja poistamiseen. Esityksessä tutustutaan yleisimpiin Symbian haittaohjelmiin, niiden vaikutuksiin ja puhelimen puhdistamiseen. Esityksessä myös neuvotaan kuinka tunnistaa saastunut puhelin, kuinka etsiä tartunnan aiheuttaneita tiedostoja ja kuinka ottaa näytetiedostoja avun saamiseksi.

Jarno Niemelä työskentelee vanhempana tietokonevirustutkijana F-Secure Oyj:ssä. Hän on tutkinut mobiili- ja PDA haittaohjelmia vuodesta 2000, ja on analysoinut ja nimennyt suurimman osan nykyisin tunnetuista Symbian viruksista, troijalaisista ja madoista.


Adidaksesta automaatioon - laajan Windows-ympäristön policy-pohjainen hallinta

Erka Koivunen @ Elisa Oyj

Microsoft Windowsin Group Policy tuo automaation myös tietoturvan palvelukseen - yksi napin painallus riittää lähettämään kovennetut turva-asetukset kerralla tuhansiin työasemiin. Automaatio on kuitenkin kaksiteräinen miekka. Tehokas tuotantolinja suoltaa hallinnasta riistäytyessään sutta ja sekundaa nopeammin kuin kukaan ehtii korjaamaan.

Esityksessä käsitellään Microsoft Windowsin policy-ominaisuuksia tietoturvallisuuden hallinnan näkökulmasta. Erityishuomio annetaan Windowsin oman Group Policyn ominaisuuksille, sen vahvuuksille ja heikkouksille.

Elisan tietohallinnolle on kertynyt vuosien saatossa äärimmäisiä kokemuksia Windows-verkkojen hallinnasta; sekaan mahtuu suuria voittoja mutta myös katkeria tappioita. Elisalle policy-pohjainen hallinta on ensisijaisesti tapa tuoda tietoturvan pakottava minimitaso yrityksen johdon tietoturvapolitiikasta IT-järjestelmiin.

Erka Koivunen on keskeisellä tavalla ollut vaikuttamassa Elisan nykyisen Windows-ympäristön tietoturvasuunnitteluun ja toteutukseen. Erka on työssään oppinut luottamaan siihen, että vaikka yksilöt joskus tekevätkin tietoturvan kannalta järkeviä valintoja, populaatio ei koskaan. Group Policy on Erkalle työkalu tietotekniseen joukkojenhallintaan. Nykyisin hän on työskentelee tietoturvallisuuspäällikkönä vastuualueenaan Elisa CERT.


FFF Wizardry - Finding Forbidden Fruit

n/a

(Fravia has promised to prepare completely new material for T2'05. Meanwhile here is some food for thought.)

The Path of the Seeker

Like a skilled native, the able seeker has become part of the web. He knows the smell of his forest: the foul-smelling mud of the popups, the slime of a rotting commercial javascript. He knows the sounds of the web: the gentle rustling of the jpgs, the cries of the brightly colored mp3s that chase one another among the trees, singing as they go; the dark snuffling of the m4as, the mechanical, monotone clincking of the huge, blind databases, the pathetic cry of the common user: a plaintive cooing that slides from one useless page down to the next until it dies away in a sad, little moan. In fact, to all those who do not understand it, today's Internet looks more and more like a closed, hostile and terribly boring commercial world. Yet if you stop and hear attentively, you may be able to hear the seekers, deep into the shadows, singing a lusty chorus of praise to this wonderful world of theirs -- a world that gives them everything they want. The web is the habitat of the seeker, and in return for his knowledge and skill it satisfies all his needs.

The seeker does not even need any more to hoard on his hard disks whatever he has found: all the various images, musics, films, books and whatsnot that he fetches from the web... he can just taste and leave there what he finds, without even copying it, because he knows that nothing can disappear any more: once anything lands on the web, it will always be there, available for the eternity to all those that possess its secret name...

The web-quicksand moves all the time, yet nothing can sink.

In order to fetch all kinds of delicious fruits, the seeker just needs to raise his sharp searchstrings. In perfect harmony with the sourronding internet forest, he can fetch again and again, at will, any target he fancies, wherever it may have been "hidden". The seeker moves unseen among sites and backbones, using his anonymity skills, his powerful proxomitron shield and his mighty HOST file. If need be, he can quickly hide among the zombies, mimicking their behaviour and thus disappearing into the mass.

Moving silently along the cornucopial forest of his web, picking his fruits and digging his jewels, the seeker avoids easily the many vicious traps that have been set to catch all the furry, sad little animals that happily use MSIE (and Outlook), that use only one-word google "searches", and that browse and chat around all the time without proxies, bouncing against trackers and web-bugs and smearing all their personal data around.

Moreover the seeker is armed: his sharp browser will quickly cut to pieces any slimy javascript or rotting advertisement that the commercial beasts may have put on his way. His bots' jaws will tear apart any database defense, his powerful scripts will send perfectly balanced searchstrings far into the forest.

Fravia+, speaks five languages and graduated in Berlin as historian of the early middle ages. He works -since 20 years- as an expert in linguistic-related informatic matters. Active on the web since 1995 in the reverse engineering field, he shifted five years ago his interests towards advanced web searching techniques and search engines' algorithms reversing. His sites ( www.fravia.com and www.searchlores.org ) offer an in-depth approach to the many lore related to internet data mining.


Total Information Awareness - verkkoliikenne uudesta näkökulmasta

Pekka Pietikäinen @ OUSPG

Verkkojen ja niiden komponenttien lisääntyvän monimutkaisuuden vuoksi on entistä todennäköisempää, että jostakin verkkojen osasta löytyy tietoturvaongelmia. Tietoturvasta huolehtiminen vaatii verkon syvällistä tuntemista. Monet verkot ovat nykyisin kuin protokollista muodostuvia viidakkoja, joiden ymmärtäminen on vaikeaa.

Esityksessä käydään läpi monimutkaisiin verkkoihin liittyviä erityispiirteitä tietoturvan kannalta, sekä esitetään vikatilanteita, joita "yksinkertaisessakin" testiverkossa voi esiintyä. Lopuksi esitellään Oulun yliopiston tietoturvallisen ohjelmoinnin ryhmässä (OUSPG) kehitettävää verkkoliikenteen visualisointityökalua, ja sen käyttöä monimutkaisten verkkojen ongelmanratkaisussa.

Pekka Pietikäinen (DI) työskentelee tutkijana OUSPG:ssä. Hänen tutkimusalueensa on syy-seuraussuhteiden löytäminen verkkoliikenteestä ja niiden visualisoiminen.