If you’re going to be at FOSDEM, don’t forget to say hi! Here is a list of talks that struck my fancy at first glance.
This will be a slight divergence from the usual programming…
I’m at the MIT Sloan Sports Analytics Conference this weekend and I’m having a blast. Jeff van Gundy is hilarious. Also, I was feeling a little snarky when I registerred (like 4 months ago) and I was also at work doing security stuff. So I put a joke in my company name. The attendees list is sorted by company and now I’m the top of the list.
However, getting down to San Diego sports, I took a look at the attendees list and nobody is here from the Chargers or Padres. I’m hoping they’re just incognito, but I’m guessing nobody came. Hopefully the home teams don’t get left behind…
I’ve been in Vegas for what seems like forever attending Blackhat & Defcon. I’m completely worn out even though I’ve been going to bed sober and before midnight for the past two nights. Raging ’til four for a couple nights really does that to you.
Getting back to the point, it really looks like a lot of security folks love Python. There were a number of talks focusing on Python specifically and I didn’t notice any of them pointing out vulnerabilities in the language. In the talk on Offensive Python for Web Hackers, the presenters demonstrated a number of cool tools [Edit (August 2, 2010): like pywebfuzz] for testing web apps for vulnerabilities.
However, I’ve been unable to find one of the tools — pywebfuzz — on google code where the presenter said it would be. Rich Smith’s talk on Reversing Python Bytecode was pretty interesting. Basically, it looks like companies selling closed source software by distributing .pyc files and doing some obfuscation aren’t doing enough.
Other talks of note were Jackpotting ATMs and Marco Slaviero’s Lifting the Fog (of memcached). If you have a memcached server that is not firewalled, fix it ASAP. That was one of the scariest and most interesting briefings.