Sunday, April 15, 2007

First TC meeting

So, Gord and I are at the security conference for a few days. Here's a few things I've learned:
  • The current malware products are sophisticated - the HackDoor client looks a well-designed piece of software engineering. I'd always assumed they would be fairly naive. The server side looks simpler, but then server programming is simple ;)

  • Phishing scams have avoided those banks which have implemented two-way authentication on their websites.

  • Firewire ports and PCMCIA slots have direct memory access, so can be used to copy an image of your computer's RAM even if no one is logged in. This can recover useful forensic material even after a reboot cycle, as modern BIOS's don't clear RAM. Eek.

  • Vista has an option for encrypting the filesystem. However, files are cached in RAM in an unencrypted state. Eek.

  • There are no data, from anyone, on the scale of the IT security problem that exists in the gulf. Honestly.

There aren't many delegates from Qatar at the conference beyond the staff of Q-CERT. That's a shame, and I can't work out whether it's down to a lack of interest or poor advertising. I'm sure if they'd mentioned the free Ritz lunches, the attendance would have been much higher.