Experts in Codes

The increase in economic activities, personal communications and services offered through the Internet, has made security in the exchange of information and transactions one of the key elements in the development of what will the be the future of the Internet.

A group of multidisciplinary professionals will guide the participants of this area through the different facets contemplated by computer security: forensic analysis, perimeter security, networking, encryption, systems and architecture of networks, etc…

Also, the Campuseros will be able to try out their talent by trying to solve a security challenge, which will make them use all their knowledge on the material.

Coordinated by Security by Default (Alejandro Ramos, José A. Guasch, Lorenzo Martínez, Laura García y Yago Jesús, Spain).

Competition • 04/15/2010 - 15.00h
Security Challenge

Four categories (networks, web security, inverse engineering and cryptography) and four levels of difficulty to test the ability and capacity of the participants at Campus Party Europe to solve the security problems.  A challenge with different levels of difficulty and different points ratings – the person with most points wins.  To make the competition more spectacular, the game will develop within the context of different wars prior to the XIX Century.

Conference • 04/16/2010 - 11.00h
Joanna Rutkowska at Campus Party Europe

Youtube Joanna Rutkowska, founder of Invisible Things Lab, leads a team of researchers who focus on system-level security. This includes kernel, hypervisor, chipset and CPU security issues. The recent achievements of the team include: bypassing Intel Trusted Execution Technology (TXT), attacks on System Management Mode (SMM), Intel vPro/AMT and vPro BIOS, and demonstration of practical Xen hypervisor compromises. She is also known for writing Blue Pill -- the first virtualization-based rootkit with nested hypervisors support, and also for her work on various kernel mode malware for Windows and Linux. Her speech at Campus Party Europe will concentrate around desktop/laptop operating system security.

Description:
Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers.
This talk will first discuss security shortcoming of the current popular desktop OSes, like Window, Mac, and Linux, and then will introduce Qubes architecture and discuss its security advantages.
http://www.qubes-os.org/

Conference • 04/16/2010 - 16.00h
Web Application Security

Youtube Stefano Di Paola is the CTO and a cofounder of Minded Security, where he is responsible for the Research and Development Lab. Prior to founding Minded Security, Stefano was a freelance security consultant, working for several private and public companies. He also worked in collaboration with University of Florence at the Faculty of Computer Engineering. Stefano is recognized as one of the top application security researchers. In past years he released several cutting edge security advisories and researches presented at several international events (Flash application security testing, Subverting Ajax). He is the Research & Development Director of OWASP Italian Chapter and contributor to several chapters of the OWASP testing guide. At Campus Party Europe, Di Paola will dictate the lecture "Web Application Security, past present and future concerns".

Taller • 16/04/2010 - 19.00h
AlienVault: Open Source Security

Youtube Intrusion detection systems, antivirus,  vulnerabilities scanners, network sniffers, anomalies detectors, availability monitors, honeypots and so on. There are great Open Source Security solutions out there.

So, what if we use some of the best, all together, to protect our home or business network? That's definitely a very good idea.

Let's take a worm or virus as an example. Most of these tools will probably detect it, but some will fail, so it isn't a good idea to rely on just one technology. You know, security systems are not perfect.

That's why security data management and correlation is so important, so we can have the global view. OSSIM (Open Source Security Information Management) is the perfect tool for that.

Campus Party network is being monitored this way, so during this talk some real examples will be explained.

About the speakers: Santiago González has been working as Security Consultant for more than 7 years, leading projects for important companies in Spain. He has a deep knowledge in many Open Source Security tools, being member of OSSIM core team since its creation in 2003. Jaime Blasco (picture) is an expert in information security, founder member of "Eazel and Aitsec". He has developed his career around the vulnerability analysis, and research and development of new security tools. He currently leads the VRT of AlienVault analyzing and developing new technologies to combat emerging threats."