Keynote: The Web - Bottomless Cornucopia and Immense Garbage Dump

(Fravia has promised to prepare completely new material for T2'05. Meanwhile here is some food for thought.)

The Path of the Seeker

Like a skilled native, the able seeker has become part of the web. He knows the smell of his forest: the foul-smelling mud of the popups, the slime of a rotting commercial javascript. He knows the sounds of the web: the gentle rustling of the jpgs, the cries of the brightly colored mp3s that chase one another among the trees, singing as they go; the dark snuffling of the m4as, the mechanical, monotone clincking of the huge, blind databases, the pathetic cry of the common user: a plaintive cooing that slides from one useless page down to the next until it dies away in a sad, little moan. In fact, to all those who do not understand it, today's Internet looks more and more like a closed, hostile and terribly boring commercial world. Yet if you stop and hear attentively, you may be able to hear the seekers, deep into the shadows, singing a lusty chorus of praise to this wonderful world of theirs -- a world that gives them everything they want. The web is the habitat of the seeker, and in return for his knowledge and skill it satisfies all his needs.

The seeker does not even need any more to hoard on his hard disks whatever he has found: all the various images, musics, films, books and whatsnot that he fetches from the web... he can just taste and leave there what he finds, without even copying it, because he knows that nothing can disappear any more: once anything lands on the web, it will always be there, available for the eternity to all those that possess its secret name...

The web-quicksand moves all the time, yet nothing can sink.

In order to fetch all kinds of delicious fruits, the seeker just needs to raise his sharp searchstrings. In perfect harmony with the sourronding internet forest, he can fetch again and again, at will, any target he fancies, wherever it may have been "hidden". The seeker moves unseen among sites and backbones, using his anonymity skills, his powerful proxomitron shield and his mighty HOST file. If need be, he can quickly hide among the zombies, mimicking their behaviour and thus disappearing into the mass.

Moving silently along the cornucopial forest of his web, picking his fruits and digging his jewels, the seeker avoids easily the many vicious traps that have been set to catch all the furry, sad little animals that happily use MSIE (and Outlook), that use only one-word google "searches", and that browse and chat around all the time without proxies, bouncing against trackers and web-bugs and smearing all their personal data around.

Moreover the seeker is armed: his sharp browser will quickly cut to pieces any slimy javascript or rotting advertisement that the commercial beasts may have put on his way. His bots' jaws will tear apart any database defense, his powerful scripts will send perfectly balanced searchstrings far into the forest.

Scapy - explore the net with new eyes

First part of the speech will be about what the author thinks is wrong with almost all packet building tools, packet analysers, network discovery tools, network probing tools, attack tools, etc.

The second part will concentrate on Scapy, a python program that uses the interpretor's mainloop to enable you interactively manipulate packets, send them, probe the network, etc. Philippe will go on and try to show what he did to fix what he thought was wrong with all the other tools.

After a basic introduction to Scapy, He will show you real life examples, from vulnerability research (and finding!) to network discovery.

Miten lait säätelevät tietoliikenteen ja tietojärjestelmän valvontaa ja tutkimista?

Esityksessä perehdytään haastavaan ja keskustelua herättävään aiheeseen siitä, mitä rajoja voimassa oleva oikeus asettaa tietoliikenteen ja tietojärjestelmän seuraamiseen ja valvontaan. Sähköpostiliikenteen tarkkailua lainsäädäntö määrää tarkimmin. Toisaalta muun Internetin tietoliikenteen tarkkailua säädellään huomattavasti vähemmän. Tietoverkot ovat lainsäädännön näkökulmasta usein täynnä henkilötietoja, joita lainsäädäntö suojaa tiukasti. Aihepiirin haasteina ovat myös tiedon salassapidon ongelmat. Toisaalta tietoverkoissa olevia tietoja voi olla jopa velvollisuus paljastaa viranomaisille. Esitys kannustaa kysymyksien esittämiseen ja keskusteluun.

Life at the Virus Frontlines

This presentation is split in two parts (first in Finnish, second in English). We'll be discussing recent developments in the virus world, including new viral platforms we've seen lately and the raise of commercial virus writing from our point of view. We'll present various new virus techniques we've run into in the F-Secure virus labs. Then we'll discuss on practical level how we analyse viruses with manual and automatic methods and show some of the custom tools we've built. There will also be a demo on how to code visualization on any code - viral or not.

Heikoin lenkki - ilmiö nimeltä Social Engineering

Termillä Social Engineering kuvataan yleisesti menetelmää, jolla ihmistä manipuloidaan antamaan tietoja tai suorittamaan haluttu tehtävä. Esityksessä tutustutaan käytännön esimerkkien avulla viimeisimpiin tekniikoihin.

Diff, Navigate, Audit - Three applications for graphs in reverse engineering

The talk will present three applications of directed graphs to reverse engineering:Abstract graph theory will be used to construct a methodology for comparing executables (e.g. "diff"ing security updates), a graph-based visualisation framework for navigating executables and visualize execution flow will be presented and some ideas for using graphs for detection of vulnerabilities in executables will be discussed.

Symbian OS Security

The presentation will cover a basic intro into Symbian from a security perspective. It will show that it mostly is security from the era of Windows 98. Possible topics include analysis of known viruses and trojans, attack demonstrations, tools to aid reverse engineering of Symbian OS programs or the OS itself. Show some differences between the different Symbian licensees such as Nokia and SonyEricsson. Show the security measures that have been taken or that could or should be taken. Introduce the new features in the upcomming release v9 of Symbian OS.

Symbian malware - mitä se on ja miten siitä pääsee eroon

Symbian laitteissa toimivat madot, virukset ja troijalaiset ovat muuttuneet teknisestä kuriositeetista uhkaksi. Nykyään Symbian haittaohjelmat ovat vielä harvinaisia. Mutta useissa maissa tehdyt Cabir ja Commwarrior havainnot osoittavat että, tilanne jossa yrityksen työntekijän älypuhelin saastuu ja tarvitsee puhdistusta, tulee ajan myötä yhä todennäköisemmäksi.

Esityksen tavoite on antaa tarvittavat tiedot Symbian virusten ja troijalaisten tunnistamiseen ja poistamiseen. Esityksessä tutustutaan yleisimpiin Symbian haittaohjelmiin, niiden vaikutuksiin ja puhelimen puhdistamiseen. Esityksessä myös neuvotaan kuinka tunnistaa saastunut puhelin, kuinka etsiä tartunnan aiheuttaneita tiedostoja ja kuinka ottaa näytetiedostoja avun saamiseksi.

Adidaksesta automaatioon - laajan Windows-ympäristön policy-pohjainen hallinta

Microsoft Windowsin Group Policy tuo automaation myös tietoturvan palvelukseen - yksi napin painallus riittää lähettämään kovennetut turva-asetukset kerralla tuhansiin työasemiin. Automaatio on kuitenkin kaksiteräinen miekka. Tehokas tuotantolinja suoltaa hallinnasta riistäytyessään sutta ja sekundaa nopeammin kuin kukaan ehtii korjaamaan.

Esityksessä käsitellään Microsoft Windowsin policy-ominaisuuksia tietoturvallisuuden hallinnan näkökulmasta. Erityishuomio annetaan Windowsin oman Group Policyn ominaisuuksille, sen vahvuuksille ja heikkouksille.

Elisan tietohallinnolle on kertynyt vuosien saatossa äärimmäisiä kokemuksia Windows-verkkojen hallinnasta; sekaan mahtuu suuria voittoja mutta myös katkeria tappioita. Elisalle policy-pohjainen hallinta on ensisijaisesti tapa tuoda tietoturvan pakottava minimitaso yrityksen johdon tietoturvapolitiikasta IT-järjestelmiin.

FFF Wizardry - Finding Forbidden Fruit

(Fravia has promised to prepare completely new material for T2'05. Meanwhile here is some food for thought.)

The Path of the Seeker

Like a skilled native, the able seeker has become part of the web. He knows the smell of his forest: the foul-smelling mud of the popups, the slime of a rotting commercial javascript. He knows the sounds of the web: the gentle rustling of the jpgs, the cries of the brightly colored mp3s that chase one another among the trees, singing as they go; the dark snuffling of the m4as, the mechanical, monotone clincking of the huge, blind databases, the pathetic cry of the common user: a plaintive cooing that slides from one useless page down to the next until it dies away in a sad, little moan. In fact, to all those who do not understand it, today's Internet looks more and more like a closed, hostile and terribly boring commercial world. Yet if you stop and hear attentively, you may be able to hear the seekers, deep into the shadows, singing a lusty chorus of praise to this wonderful world of theirs -- a world that gives them everything they want. The web is the habitat of the seeker, and in return for his knowledge and skill it satisfies all his needs.

The seeker does not even need any more to hoard on his hard disks whatever he has found: all the various images, musics, films, books and whatsnot that he fetches from the web... he can just taste and leave there what he finds, without even copying it, because he knows that nothing can disappear any more: once anything lands on the web, it will always be there, available for the eternity to all those that possess its secret name...

The web-quicksand moves all the time, yet nothing can sink.

In order to fetch all kinds of delicious fruits, the seeker just needs to raise his sharp searchstrings. In perfect harmony with the sourronding internet forest, he can fetch again and again, at will, any target he fancies, wherever it may have been "hidden". The seeker moves unseen among sites and backbones, using his anonymity skills, his powerful proxomitron shield and his mighty HOST file. If need be, he can quickly hide among the zombies, mimicking their behaviour and thus disappearing into the mass.

Moving silently along the cornucopial forest of his web, picking his fruits and digging his jewels, the seeker avoids easily the many vicious traps that have been set to catch all the furry, sad little animals that happily use MSIE (and Outlook), that use only one-word google "searches", and that browse and chat around all the time without proxies, bouncing against trackers and web-bugs and smearing all their personal data around.

Moreover the seeker is armed: his sharp browser will quickly cut to pieces any slimy javascript or rotting advertisement that the commercial beasts may have put on his way. His bots' jaws will tear apart any database defense, his powerful scripts will send perfectly balanced searchstrings far into the forest.

Total Information Awareness - verkkoliikenne uudesta näkökulmasta

Verkkojen ja niiden komponenttien lisääntyvän monimutkaisuuden vuoksi on entistä todennäköisempää, että jostakin verkkojen osasta löytyy tietoturvaongelmia. Tietoturvasta huolehtiminen vaatii verkon syvällistä tuntemista. Monet verkot ovat nykyisin kuin protokollista muodostuvia viidakkoja, joiden ymmärtäminen on vaikeaa.

Esityksessä käydään läpi monimutkaisiin verkkoihin liittyviä erityispiirteitä tietoturvan kannalta, sekä esitetään vikatilanteita, joita "yksinkertaisessakin" testiverkossa voi esiintyä. Lopuksi esitellään Oulun yliopiston tietoturvallisen ohjelmoinnin ryhmässä (OUSPG) kehitettävää verkkoliikenteen visualisointityökalua, ja sen käyttöä monimutkaisten verkkojen ongelmanratkaisussa.