Micro Focus is now part of OpenText. Learn more >

You are here

You are here

RSAC 2019: Better, wetter—and weirder

Richi Jennings Your humble blogwatcher, dba RJA

It’s that time again: Another RSA Conference in a rain-lashed San Francisco. This year’s theme is “Better.”

RSAC is the big infosec bunfight for hawkish vendors, arm-wavy consultants, and harassed PR mavens. Some think it’s the place to see and be seen, but others can’t wait for it to be over for yet another year.

And what caught your humble blogwatcher’s eye this year? In Security Blogwatch, we scour the Moscone Center so you don’t have to.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Happy birthday, Concorde.

There is nothing like a Dame

What’s the craic? Sara Peters out—Trust, or Lack of It, Is a Key Theme:

The need for trust — in machines, in systems, and in one another — was a central theme here. … The crowd was first warmed by … acclaimed actress Dame Helen Mirren, who gave the opening address.

She dubbed the RSA delegates "a steadfast constellation of guiding stars that never waver," and continued … "Perhaps you do not have to be such very solitary heroes. So, seize this moment to become better and stronger together."

But Jack Morse is dottily cynical, dashing off—Helen Mirren at RSA security conference:

Things have taken a turn for the weird.

[This] industry conference … draws security professionals from around the globe. … Mirren was there to welcome them, and aggressively stroke their egos in the process.

"Many of you patrol a vast untamed wasteland on your own," [she] cooed. … "You see the hope that you radiate has been felt worldwide by many souls you may never meet. Your sense of duty and goodness, like an eternal beacon, helps others find their way through the darkness."

But wait, it got better. … "The collective brilliance of this conference has addressed major world problems, such as cyber fraud, espionage, theft, extortion, and election meddling on a grand scale. … If you did not adapt and change, nations would drown. Our planet would be flooded by unreliable communication, and distorted by shifts in power."

[She] asked the crowd to take out their phones and find a photo that "means something special." She then instructed the bleary-eyed, coffee-slurping security experts to show those seated near them said pic and to introduce themselves.

A surprising number did as instructed. … "Don't be cynical," she admonished.

But still, the Cryptographers’ Panel is always entertaining, right? Iain Thomson notes the Shamir visa snub:

Adi Shamir, the S in the renowned RSA encryption system, didn't take his usual place … because he couldn't get a visa. [He] applied for a US visa two months ago to attend the information-security conference, the largest of its type in the world.

Shamir, along with Ron Rivest and Leonard Adleman, invented the widely used RSA cryptosystem. … "I've been left in total limbo," he told the conference via video. … "If someone like me can't get a visa to get a keynote, perhaps it's time we rethink where we organize our conferences."

Over the past few years, security researchers have found it increasingly difficult to enter America legally for conferences. … Rivest, Shamir's long-time colleague and the R in RSA, was visibly fuming over the blocking of his friend. … "It's embarrassing to be a Yankee some days."

[ Special Coverage: RSA Conference 2019 ]

And then what? Laura K. Bate tweets Wow:

The first several minutes of the cryptographers’ panel then discussed US immigration policy. Policy has real consequences.

But DeVino aims to be even-handed:

Though it's only fair to point out that getting in and out of Israel … requires an exquisite amount of faff too.

Wait. Pause. Are you feeling a touch of déjà vu? Here’s Adi Shamir, five and a half years ago—A personal apology:

I will not be able to attend the forthcoming meeting of the [NSA] History of Cryptology conference, even though I submitted a paper which was formally accepted. … Unfortunately the US bureaucracy has made this impossible.

I filed the visa application at the beginning of June, two and a half months before my planned departure. … I finally got the visa stamped in my passport on September 30th, exactly four months after filing my application.

Clearly, no one in the US is trying to see the big picture, and the heavy handed visa bureaucracy you have created seems to be collapsing under its own weight.

Speaking of the NSA, here’s Lily Hay Newman—The NSA Makes Its Powerful Cybersecurity Tool Open Source:

At the RSA security conference … the agency demonstrated Ghidra, a refined internal tool. … NSA cybersecurity advisor Rob Joyce called the tool a "contribution to the nation’s cybersecurity community."

Ghidra [is] a reverse engineering platform. … It transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveals what the software you churn through it … like malware being used to carry out attacks … does.

The NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind, which makes it a powerful and particularly usable tool. … The NSA [also] views the release of Ghidra as a sort of recruiting strategy … all 1.2 million lines of it.

Any good? Pepper Potts spins it ’round the block:

Here, I did a quick analysis of a TrickBot sample from early 2019. … I only wanted to learn a bit about Ghidra and I used this framework to find some interesting parts of the code of TrickBot that were introduced in the newer versions of the malware.

Browsing code is similar to IDA, you can double-click a name to jump there (for example double-clicking the destination of a call , would take you to the destination function). You can move easily to the previous location with Alt+left (equivalent to Esc in IDA) and next location with Alt+right (equivalent to Ctrl+Enter in IDA).

Once you have located an interesting point in the code, you can show a tree of calls to that point. … The tree makes easy to follow the incoming or outgoing references to the interesting function. … Additionally, you could highlight (select) back or forward refs to an address in the disassembly and decompiled windows.

In spite of the fact that I really love IDA (and WinDbg), I liked this framework, and I will continue using it.

But this Anonymous Coward is hesitant:

No thank you. I don't want any software from the NSA. I'll run that North Korean Linux before I run anything from the NSA.

Back this year is the RSAC SOC, run by DEF CON and Black Hat alumni—including @Grifter801:

We started ingesting traffic in the RSAC SOC roughly 26 hours ago. We’ve seen 33,581 clear text passwords in that time.

A lot of that is SNMP, but there are thousands of HTTP, POP3, and IMAP account creds in there too. Oof!

Is the conference more gender-diverse this year? Ask Katie Anderson—@AndeKat101:

#RSAC traded the Women’s Restrooms for Gender Neutral Bathrooms—in theory I get it, but in practice the women’s bathrooms are so gross right now.

Meanwhile, Greg Otto is (literally) perplexed:

Literally the first four words I heard walking into #RSAC "artificial intelligence machine learning" … It was literally the first sentence I heard.

The moral of the story?

Your sense of duty and goodness, like an eternal beacon, helps others find their way through the darkness. Or something.

And finally

Happy 50th birthday, Concorde

You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Dick Thomas Johnson (cc:by-sa)

Keep learning

Read more articles about: SecurityInformation Security