I was surprised at the number of people who stayed for the last day, an even more surprised at the high quality of the talks. In the feedback form, I rated very session today highly.
The first two talks I attended revolved around hacking and application vulnerabilities. While I do not work much in the application space, most security attacks are based on application vulnerabilities, and thus highly relevant.
The first speaker, Jeremiah Grossman highlighted a particular issue with security spending in enterprises - the spending does not match the established estates or problem areas. I agree with his assessment and arguments, that it does not make sense to spend on firewalls or anti-virus when most attacks are due to bad coding practices.
The second talk, by Dave Aitel, argued that current arguments (both for and against) on cyberwarfare are misplaced, that it is not only about technology and tools, but about movements like Wikileaks and Anonymous, that the danger of cyberwarfare from non nation states are driven by profit and that the danger of cyberwarfare is not that Internet or power will be shutdown (since that would then stop the war also) but rather impact the logistical and economic infrastructure. And most importantly, Stuxnet was more than just a worm against nuclear infrastructure, it was proof that any industrial infrastructure could be targeted and shut down. It was the most rational discussion on cyberwarfare I have attended in the conference.
The last "talk" was more managerial in nature, looking at priorities of CISO's; I liked the practical nature of the discussion and the acknowledgement, that despite all the issues, only a few can be really addressed at a time due to resource limitations.
Hugh Thompson, hosted a more informal discussion on the psychology of decision making; it was entertaining, it was interesting but not very practical I suppose. Tony Blair gave the final keynote to close the conference; I thought it was too much of a political speech and not really relevant. It was very entertaining though.
The RSA Conference is the biggest information security conference in the world; and was definitely a great learning experience and I would be keen to come back next year.
About Me
- alapan
- I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).
03 March 2012
American Train Ride
I have ridden in light rail/metro rails in all the American cities I have visited, but for the first time I took a proper train, to visit a friend in San Jose. The Caltrain goes through the many well known towns of Silicon Valley, though I didn't spot any of their offices by the track.
It is almost a step back in time in some respects; the trains run on Diesel and not electric, the stations have a certain colonial charm and it just doesn't seem to be as efficient as the European rail network (running 10 minutes late, even after leaving San Francisco on time, further enhanced this perception).
It is almost a step back in time in some respects; the trains run on Diesel and not electric, the stations have a certain colonial charm and it just doesn't seem to be as efficient as the European rail network (running 10 minutes late, even after leaving San Francisco on time, further enhanced this perception).
02 March 2012
DSTV Price Increase
I have a DSTV mobile (Drifta) subscription as a standalone, and noticed that it will be going up by 25%. Not sure on the other price increases, but that is excessive when compared to the year-on-year relative stability of the Rand and low inflation rate. I hardly use it, perhaps I should just get rid of it.
RSA Conference Day 3
Today was probably the most informative day at the conference for me, with a number of great sessions and speakers. The highlights undoubtedly were the talks by Mikko Hypponen and Sal Khan.
One of the "gurus" of security, Mikko Hypponen (chief researcher at F-Secure) presented a brilliant presentation on terrorism and IT - on the technology platforms used by terror groups to communicate and spread propaganda; on their encryption and steganography techniques and also where their IT system are concentrated. Although he focused on Al Qaeda, this was a sample of what is available and used by other groups including white supremacist etc. While there has been no "real" cyberterrorist activity (e.g. attacks on mass infrastructure, instead of defacement) there is proof that there are people who actually have the technical means.
That said, I think the hype on cyberterrorism is overblown. As is the case for cyberwarfare, although there are certainly nations that have already built up capabilities in this regard. But some of the proposed remediations are not only technically difficult (if not impossible) but have far more reach than is necessary.
Salman Khan, the founder of the Khan Academy gave an inspirational talk on possibly the future of education. It is the only talk I have attended at the conference to have received a standing ovation, and deservedly so - it was inspirational, it was funny and it was technical. The intention is that it is eventually available in multiple languages and I think it could really revolutionize education everywhere. Yes, bandwidth and infrastructure are issues, especially with video but this is not insurmountable.
One of the "gurus" of security, Mikko Hypponen (chief researcher at F-Secure) presented a brilliant presentation on terrorism and IT - on the technology platforms used by terror groups to communicate and spread propaganda; on their encryption and steganography techniques and also where their IT system are concentrated. Although he focused on Al Qaeda, this was a sample of what is available and used by other groups including white supremacist etc. While there has been no "real" cyberterrorist activity (e.g. attacks on mass infrastructure, instead of defacement) there is proof that there are people who actually have the technical means.
That said, I think the hype on cyberterrorism is overblown. As is the case for cyberwarfare, although there are certainly nations that have already built up capabilities in this regard. But some of the proposed remediations are not only technically difficult (if not impossible) but have far more reach than is necessary.
Salman Khan, the founder of the Khan Academy gave an inspirational talk on possibly the future of education. It is the only talk I have attended at the conference to have received a standing ovation, and deservedly so - it was inspirational, it was funny and it was technical. The intention is that it is eventually available in multiple languages and I think it could really revolutionize education everywhere. Yes, bandwidth and infrastructure are issues, especially with video but this is not insurmountable.
01 March 2012
RSA Conference Day 2
Most of the sessions I attended yesterday was about identity, especially on the fragmented nature of identity on the web. There was an interesting legal discussion on the legal issues of using a federated identity model, such as who gets the liability if things go wrong (eg incorrect authentication). I have also been interested in security metrics for a while, so the panel discussion gave some food for thought, though only scratched the surface.
Of the keynotes, David Brooks' talk on how social development affects decision making was informative, funny and interesting. He made some comments on trust that I want to blog about later, once I get my thoughts in order, and perhaps read a bit more of Bruce Schneir's new book.
The conference has an interesting concept of "Dinner for 6", where strangers can get together for conversation and a meal. We became a party of 8 (I think we were tables of 4&4), and the table consisted of a wide variety of people - a startup CEO with a background of starting and advising numerous (successful) startups, a reformed black hat hacker, a manager of dev team from a leading security company, an analyst from the DoD, two IT directors from separate non profit organizations and a manager from a state based angel funder. It was a great mix of people, and some engaging conversation.
Of the keynotes, David Brooks' talk on how social development affects decision making was informative, funny and interesting. He made some comments on trust that I want to blog about later, once I get my thoughts in order, and perhaps read a bit more of Bruce Schneir's new book.
The conference has an interesting concept of "Dinner for 6", where strangers can get together for conversation and a meal. We became a party of 8 (I think we were tables of 4&4), and the table consisted of a wide variety of people - a startup CEO with a background of starting and advising numerous (successful) startups, a reformed black hat hacker, a manager of dev team from a leading security company, an analyst from the DoD, two IT directors from separate non profit organizations and a manager from a state based angel funder. It was a great mix of people, and some engaging conversation.
29 February 2012
RSA Conference 2012 - Day 1
The general theme of the conference seems to be "big data", though the definition of big data seems to vary. Some are referring to the general explosion in data, either due to increased production or due to retention practices; some are referring to the explosion in sensor data and te implications in processing while Bruce Schneir in his talk was referring to the Amazon, Google, Apple and others, who are collecting a lot of data, especially personal data, where the data owner is giving up a lot of control.
As is the case with first days, the majority of the day was keynotes from notable luminaries, of which I enjoyed the Cryptographers Panel (comprising of Diffie, Rivest, Shamir amongst others) the most.
In the evening, I attended Symantec's "small and exclusive" party, which was neither small not exclusive, with a line that stretched a block. Nothing special to be honest ...
As is the case with first days, the majority of the day was keynotes from notable luminaries, of which I enjoyed the Cryptographers Panel (comprising of Diffie, Rivest, Shamir amongst others) the most.
In the evening, I attended Symantec's "small and exclusive" party, which was neither small not exclusive, with a line that stretched a block. Nothing special to be honest ...
28 February 2012
California Academy of Sciences
Located within the Golden Gate Park, the Academy of Sciences is a super museum encompassing natural history, botanical gardens, aquarium and a planetarium. Individually, they are not particularly big, but it is how they are integrated that makes it really cool and interesting.
For example, the botanical garden only focuses on one thing - the rain forest, and showcases an indoor rainforest (fully recreated and live with butterflies and a few birds) focusing on different aspects of the rainforest ecosystem. The rainforest leads to an aquarium, which makes up for a lack of really large sharks and dolphins with stunningly presented ecosystems including coral reefs.
The highlight for me, is the planetarium. Instead of focusing on the traditional night sky, this is a virtual exploration of the universe and it's evolution on a massively curved screen. IMAX and 3D are quite poor in the relative experience in comparison. I did miss some parts of the traditional planetarium, but the immersive experience is impressive.
The natural history section is famous for its Africa hall; full of stuffed big game species, and some live Cape Penguins. It made me realist how lucky we are in SA that I regularly hike amongst impala, giraffes and zebra and penguins are a minor attraction amongst other things to do in Simonstown (let alone Cape Town).
The last thing to note about the museum, is that the architecture itself is an attraction. It is at the forefront of Green building techniques, with a living roof and solar panels etc. What is especially impressive is how the building management is automated, by taking account of outside weather conditions.
(Clicking on an image will enlarge it slightly)
For example, the botanical garden only focuses on one thing - the rain forest, and showcases an indoor rainforest (fully recreated and live with butterflies and a few birds) focusing on different aspects of the rainforest ecosystem. The rainforest leads to an aquarium, which makes up for a lack of really large sharks and dolphins with stunningly presented ecosystems including coral reefs.
The highlight for me, is the planetarium. Instead of focusing on the traditional night sky, this is a virtual exploration of the universe and it's evolution on a massively curved screen. IMAX and 3D are quite poor in the relative experience in comparison. I did miss some parts of the traditional planetarium, but the immersive experience is impressive.
The natural history section is famous for its Africa hall; full of stuffed big game species, and some live Cape Penguins. It made me realist how lucky we are in SA that I regularly hike amongst impala, giraffes and zebra and penguins are a minor attraction amongst other things to do in Simonstown (let alone Cape Town).
The last thing to note about the museum, is that the architecture itself is an attraction. It is at the forefront of Green building techniques, with a living roof and solar panels etc. What is especially impressive is how the building management is automated, by taking account of outside weather conditions.
(Clicking on an image will enlarge it slightly)
27 February 2012
The San Francisco Cable Car
One of the enduring images of San Francisco is that of a cable car traversing the hills (with the bay in the background). The cable cars remain one of the largest tourist attractions, and are continued to be used by the locals (though certainly not for its speed). It is also a brilliant piece of engineering, something I only began to comprehend once I went to the Cable Car Museum, which also doubles up as the storage, maintenance and central operations of the entire cable car.
Wikipedia would be better to understand the whole system, but here is the gist. Traditional cable cars, have a rope slung between two points with a carriage dangling below. The rope moves, dragging the car along. String the cable between a high point and a low point, and you get the cable car as seen on Table mountain and elsewhere.
Instead of overhanging cables, the cables in the SF system run under the streets, with centralised controls. The cables run constantly (you can hear them run) and the cable cars have a mechanism to "grip" and release the cable. When it grips the cable, it moves forward, when it is released it stops. There are two key advantages of the system, which are only now overcome with modern cars - they can climb very steep hills and even stop on hills & they effective travel at a constant speed regardless of the incline.
They are no longer the most practical means of transportation, but they do their job well. They are expensive ($6 each way) but the passes are also valid on the system, and this makes it a lot cheaper.
(Clicking on a photo will enlarge it slightly)
Wikipedia would be better to understand the whole system, but here is the gist. Traditional cable cars, have a rope slung between two points with a carriage dangling below. The rope moves, dragging the car along. String the cable between a high point and a low point, and you get the cable car as seen on Table mountain and elsewhere.
Instead of overhanging cables, the cables in the SF system run under the streets, with centralised controls. The cables run constantly (you can hear them run) and the cable cars have a mechanism to "grip" and release the cable. When it grips the cable, it moves forward, when it is released it stops. There are two key advantages of the system, which are only now overcome with modern cars - they can climb very steep hills and even stop on hills & they effective travel at a constant speed regardless of the incline.
They are no longer the most practical means of transportation, but they do their job well. They are expensive ($6 each way) but the passes are also valid on the system, and this makes it a lot cheaper.
(Clicking on a photo will enlarge it slightly)
26 February 2012
San Francisco to Muir Woods (and Stinson Beach)
The two things I learnt about San Francisco long ago was the Golden Gate bridge and the giant redwoods on the other side of the bay (Muir Woods).
Public transport in San Francisco is great, but it doesn't extend far outside the city limits. Getting to Muir Woods with public transport during the "off" season is not easy; the tourist officer at Sausalito claimed that it didn't exist, and my host in SF was also of the opinion that I would need to hire a car. Mountain bike routes exist, but I am no where near the fitness levels required for such a feat.
There is a route, though not very convenient. The Golden Gate Transit busses between San Francisco and Sausalito is the first leg; although one could also take the ferry if desired. Thereafter, Bus 61 takes one from either Marlin City or Sausalito ferry stop on the weekends; up the aptly named Panoramic Highway to a number of hiking points along the park.
The very helpful driver dropped me at the crossing of the Dipsea trail, which was about a mile from the entrance to Muir Woods.
The busses are about every 2 hours, and I was not too confident on making it back in time. So I decided to carry on hiking, all the way down to the pacific ocean at Stinson beach. It was a total distance of about 16 km (as per my hiking app), the trails are well marked and the views are well worth the effort.
Muir Woods is amazing, the large trees dominate, but as you leave the park, there is other vegetation also. Compared to other forests, there is a distinct quietness (discounting the human chatter) - I expected a lot more bird life.
Bus 61 can be caught from Stinson beach, and waiting by the beach is so much better than the side of the road.
Public transport in San Francisco is great, but it doesn't extend far outside the city limits. Getting to Muir Woods with public transport during the "off" season is not easy; the tourist officer at Sausalito claimed that it didn't exist, and my host in SF was also of the opinion that I would need to hire a car. Mountain bike routes exist, but I am no where near the fitness levels required for such a feat.
There is a route, though not very convenient. The Golden Gate Transit busses between San Francisco and Sausalito is the first leg; although one could also take the ferry if desired. Thereafter, Bus 61 takes one from either Marlin City or Sausalito ferry stop on the weekends; up the aptly named Panoramic Highway to a number of hiking points along the park.
The very helpful driver dropped me at the crossing of the Dipsea trail, which was about a mile from the entrance to Muir Woods.
The busses are about every 2 hours, and I was not too confident on making it back in time. So I decided to carry on hiking, all the way down to the pacific ocean at Stinson beach. It was a total distance of about 16 km (as per my hiking app), the trails are well marked and the views are well worth the effort.
Muir Woods is amazing, the large trees dominate, but as you leave the park, there is other vegetation also. Compared to other forests, there is a distinct quietness (discounting the human chatter) - I expected a lot more bird life.
Bus 61 can be caught from Stinson beach, and waiting by the beach is so much better than the side of the road.
Subscribe to:
Posts (Atom)