For those of you, who are still visiting sometimes this page there’s a bunch of interesting news. First of all, in a few days I will upload the video from the last presentation. It’s a time-consuming process, that’s why it takes me quite a lot of time to do.
The next LuSec is planned for the next year, however if I stay in Sweden until June (which will be clear next week), then at the end of April “LuSec Briefings” are scheduled. It is an unofficial meeting with small presentations (20-25 minutes + 10 minutes discussion). So far there are 3 presenters already. Not sure about the webcast, but all the slides and probably also audio will be later available. More information comes at the beginning of April. So stay tuned
If you have any feedback, comments, proposals, please drop me a line to alius@ludd.ltu.se! I am not yet sure, but hopefully LuSec will be also next year, and bigger, better and more interesting!
I guess, some of you are curios to get the solutions for the competitions? Then read below.
The binary code on the poster read the following: “Hello, Dave… I know everything hasn’t been quite right with me, but I can assure you now, very confidently, that it’s going to be all right again. I feel much better now. I really do. I really do. I really do. I really… #@&*$^!%{#* …I am completely operational, and all my circuits are functioning perfectly. …it’s going to be”. Anders was the only one to decrypt this hard text! Congratulations to him!
What was bad about the dummy network configuration? Actually, everything was bad. Here are the things, that you could report:
* The wireless network was open, which itself is a big security risk for the company
* FreeBSD 5.5
* The password for root was “happiness”, the same on both servers and on the WiFi router
* Both servers had test account, which had the password “test”
* One of the machines had “finger” service enabled
* Both machines had several accounts on them with passwords from Top 500 worst passwords list
* In the home directory of the test account on one of the servers there was a compiled program with SUID bit enabled, which had several buffer overflow bugs, which could be exploited to get the root access. Additionally, there was a source code in the same directory to ease the finding of bugs
* Old version of thttpd server with a lot of security vulnerabilities
* Netutils scripts running on one of the servers
* Outdated Apache server, which has security vulnerabilities
* PHP4, which has numerous security vulnerabilities
* PHP allow_url_fopen and register_globals was on
* MySQL root password is “happiness”
* FTP allows root to login
* Outdated version of Wordpress with security vulnerabilities
* Outdated version of Coppermine photo gallery with security vulnerabilities
* Disabled e-mail verification in the Coppermine photo gallery
* Not enabled firewalls on both of the servers
* Disabled security settings on both servers, which limit the amount of packets per second, that kernel receives
* Predictable path for PHPMyAdmin (http://server/pma)
* Old version of PHPMyAdmin
Congratulations to Jonas and Andreas, who won this competition!
I am still struggling with videos. As it turned out, it is not so easy to convert them from Marratech format to something better, so keep on waiting, in a few days I will upload them together with slides. So far, here are some photos from the event: http://picasaweb.google.com/shipzdik/LuSec
There have been changes in the schedule, below is the new and final:
09.45 – 10.15: Doors open
10.15 – 10.30: Opening of the conference. Welcome speech from Jonas Ekman. Description and rules of the first competition
10.30 – 11.00: Presentation of John Lindström “Policy problems related to collaboration working environment tools”
11.00 – 11.15: Break
11.15 – 12.00: Presentation of Artjom Vassiljev “Introduction to telephone network insecurities”
12.00 – 13.00: Coffee break. Key-signing party. Description and rules of the second competition.
13.00 – 14.00: Presentation of Neil Costigan “Introduction to Public Key Infrastructure/Behaviometrics”
14.00 – 14.15: Break
14.15 – 14.45: Presentation of Onur Mahmut Yirmibesoglu “A quick overview of network access control”
14.45 – 15.30: Continuation of the key-signing party and competitions
15.30 – 16.00: Announce of the competition winners, and giving out the prizes. Closing of the conference
One week before the start of the LuSec, first ever event in Luleå dedicated to Information Security, which includes presentations and competitions. Do not miss the chance to meet new interesting people, listen to to the news and presentations, take part in the key-signing party and create a web of trust, take part in the security competitions and win some prizes. Yesterday I received a bag full of goodies that I plan to give away during the conference to the winners of competitions and to those, who will make a presentation. So if are not the one, who will give a talk, be the one, who will win the competition! Just grab your Wi-Fi enabled laptop equipped with at least telnet, and come to test your skills in practical computer security!
Don’t forget to write down or print out your public key fingerprint, so that you can exchange it with others during the key-signing party!
And if you are not anyhow related to IT, computers, programming and security, you can still come to meet people, and have a chat.
Are there any brave people left, who is willing to give a presentation on the conference? Do not be afraid! If you have an interesting topic to share with people (for example: secure coding using Perl, or maybe introduction to Metasploit, or MS09-001 simply explained), drop me a line at alius@hot.ee, and we discuss the details!
One week before the start of the LuSec, first ever event in Luleå dedicated to Information Security, which includes presentations and competitions. Do not miss the chance to meet new interesting people, listen to to the news and presentations, take part in the key-signing party and create a web of trust, take part in the security competitions and win some prizes. Yesterday I received a bag full of goodies that I plan to give away during the conference to the winners of competitions and to those, who will make a presentation. So if are not the one, who will give a talk, be the one, who will win the competition! Just grab your Wi-Fi enabled laptop equipped with at least telnet, and come to test your skills in practical computer security!