Sécurité : entre transparence et opacité

À quelles problématiques doivent faire face les ingénieurs et les hackers, de quels outils disposent-ils pour rendre compte des failles et les corriger, et comment le logiciel libre peut-il favoriser un monde plus sûr alors que la machine qui nous accompagne devient notre ennemie ?

Entretiens avec :

  • Clémentine Maurice, chercheuse en Sécurité à l’université de technologie de Graz, Autriche.
  • Sara Dickinson, experte DNS et co fondatrice de Sinodun.
  • Péter Czanik, ingénieur à Balabit et travaillant sur le logiciel syslog-ng.

Animation :
Le thème est animé cette année par Stéphanie Ouillon, Mathieu Blanc, Christophe Brocas et Philippe Teuwen.

Caliopen : Privacy index metrics in digital communication.

Intervenant(s) : Laurent Chemla, Stanislas Sabatier

  • Langue : Français
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Monday 3 July 2017
  • Horaire : 14:00
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/caliopen_11059/

Public cible : GeeksGrand publicProfessionnels
The confidentiality of correspondence has been historically characterized by letter exchanges. Think of the stamped royal letter protected with a wax seal. Everyone knows that a letter mailed in a glued envelope is more private than a standard postcard. This confidentiality with easily-understood pr... Lire la suite

p≡p ≡ pretty Easy privacy

Intervenant(s) : sva .

  • Langue : Anglais
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Monday 3 July 2017
  • Horaire : 14:40
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/pep_14918/

Public cible : GeeksGrand public
p≡p motivates a new standard to securely encrypt and verify written communications without reinventing the wheel: p≡p eases secure communications relying on well-established end-to-end cryptographic methods by design. Following standards like OpenPGPG or OTR it integrates into existing systems for w... Lire la suite

Ring: distributed comunications that respects users privacy

Intervenant(s) : Adrien Beraud

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Monday 3 July 2017
  • Horaire : 15:20
  • Durée : 20 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/ring_55274/

Public cible : Grand publicGeeksProfessionnels
The goal of the Ring project (now a GNU package) is to build a Free distributed communication platform for everyone, that respects users privacy. Ring now has a beta version available on most popular platforms.
In this presentation we discuss how we tackled (and plan to tackle) interesting challenge... Lire la suite

WORKSHOP Heads - the libre privacy distro

Intervenant(s) : Ivan J.

  • Langue : Anglais
  • Type d'événement : Workshop
  • Date : Monday 3 July 2017
  • Horaire : 16:20
  • Durée : 60 minutes
  • Lieu : Room A 016 Sécurité
Public cible : GeeksProfessionnels
heads is a libre distro aimed at respecting your privacy, anonymity, security, and freedom. In the talk, we will introduce heads, and look at its ins and outs, figure out how it works, go through the developer documentation (https://heads.dyne.org/wiki/inside-heads.pdf), and figure out our next step... Lire la suite

  Roundtable: Internet of Things devices, issues, recommendations (non-tech audience)

Intervenant(s) : Chantal Bernard-Putz, Laurent Chemla, Olivier Desbiey, Jean Louis Lanet

  • Langue : Français
  • Niveau : Newbie
  • Type d'événement : Panel
  • Date : Monday 3 July 2017
  • Horaire : 16:20
  • Durée : 100 minutes
  • Lieu : Lecture hall J 020
A round table on Internet of things devices :
What are they, how do they work ? How IOT devices are a liability, in technical and security terms, source code acces, or privacy-related issues ? What are the applicable laws for those omnipotent computers, what are the ethical values at... Lire la suite

LessPass stateless open source password manager

Intervenant(s) : Edouard Lopez, Guillaume Vincent

  • Langue : Anglais
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 09:20
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/demo-04-07-2017-092046_55603_part334_66469/

Public cible : DécideursGeeksProfessionnelsGrand public
LessPass is an open source password manager. It generates unique passwords for websites, e-mail accounts, from a master password and information known to you. LessPass uses encryption to rebuild your passwords every time you need them. No need to save all your encrypted passwords in a vault that is ... Lire la suite

Zero Knowledge - A cryptographically enforced privacy policy

Intervenant(s) : Caleb James De Lisle

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 10:00
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/demo-04-07-2017-095918_90718_part281_11930/

Public cible : GeeksProfessionnels
The proliferation of online freeware and data-monetizing business models poses a new challenge to people who want to make ethical choices but also want to "keep with the times". Many web services today are promoting themselves as ethical with strong privacy policies. However, once our pers... Lire la suite

From bottom to top: Exploiting hardware side channels from web browsers

Intervenant(s) : Clémentine Maurice

  • Langue : Anglais
  • Niveau : Expert
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 11:00
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/du-materiel-au-logiciel_12764/

Fil rouge : Esthétique du libre
Public cible : ProfessionnelsGeeks
Note: an interview of Clémentine Maurice is available.
Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for... Lire la suite

From theoretical crypto to practice: gloups something is missing

Intervenant(s) : Cryptie, Olivier Blazy

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 11:40
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/crypto_13679_40041/

Public cible : ProfessionnelsGeeksGrand public
Cryptography is becoming more and more important in everyday life, and even if some politicians dream of making it a crime, we are all using it multiple times every day.
In theory, we could used it even more to assure a stronger privacy for everyone, in practice very few library include even the l... Lire la suite

Hydrabus : Lowering the entry fee to the IoT bugfest

Intervenant(s) : Benjamin Vernoux, Nicolas Oberli

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 14:00
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/hydrabus_15907_66917_part338_70668/

Public cible : Geeks
The HydraBus is an evolutive multi-tool hardware which help you to Analyze/Debug/Hack/PenTest all types of electronic bus/chipset
HydraBus is here because today we have plenty of IoT embedded hardware without having good open tools to analyze/debug/hack or test them
This talk will focus on the hardw... Lire la suite

Self defense workshop in the digital age

Intervenant(s) : Benjamin Sonntag

  • Langue : Français
  • Niveau : Newbie
  • Type d'événement : Workshop
  • Date : Tuesday 4 July 2017
  • Horaire : 14:00
  • Durée : 120 minutes
  • Lieu : Room A 016 Sécurité
Did you ever lost a hard drive full of pictures from your past ? How does it feel ?
Was your email or facebook account ever hacked ? How do you know ?
Are you using the same password everywhere ? Why is it a bad idea ?
A lot of our friends and family are asking those questions to us every day. If ... Lire la suite

FLOSS methodologies and tools for IoT forensic investigations

Intervenant(s) : Damien Cauquil, Nicolas Kovacs

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 14:40
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/investigations_objets_11740/

Public cible : DécideursProfessionnelsGeeks
More and more connected devices entered our lives: smart watches, connected locks and padlocks, "smart" medical devices and of course drones. All of these devices may one day be part of an investigation and used to gather evidences and solve cases. But for now, IoT devices related forensic investiga... Lire la suite

Unlocking secrets of proprietary software using Frida

Intervenant(s) : Ole André Vadla Ravnås

  • Langue : Anglais
  • Niveau : Expert
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 15:20
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/frida_03038/

Public cible : Geeks
Ever wanted to understand the internals of an application running on your desktop or phone? Want to know what data is passed to a particular crypto function? Then Frida is for you!
This talk will introduce Frida and show how it can be used to aid in analysis of binary applications. It will be packed... Lire la suite

LIEF - Library to Instrument Executable Formats

Intervenant(s) : Romain Thomas

  • Langue : Anglais
  • Niveau : Expert
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 16:20
  • Durée : 40 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/lief_63569/

Public cible : ProfessionnelsGeeks
When analyzing executable, the first layer of information is the format
in which the executable is wrapped. It comes out that a lot of tools and
libraries exist to analyze and instrument assembly code wrapped by the
format, but there is not such library to handle the three main
executable formats an... Lire la suite

Rumps session

Intervenant(s) : All speakers that have been accepted ;)

  • Langue : Anglais
  • Type d'événement : Conference
  • Date : Tuesday 4 July 2017
  • Horaire : 17:00
  • Durée : 60 minutes
  • Lieu : Lecture hall J 020

Vidéo : https://rmll.ubicast.tv/videos/session-de-presentations-courtes_55188/

This timeslot is dedicated to lightning talks (max. duration : 5min).
We will do a very simple and easy call for ideas :
Send your idea to rumps2017@brocas.org and so, until the last day included (tuesday July, 5th).
Criteria:
security, free software, innovation and/or fun ;-)
Go !
Already accepted... Lire la suite

Manage your SSH access with PaSSHport

Intervenant(s) : Raphaël Berlamont, Erwan Le Gall

  • Langue : Anglais
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 09:20
  • Durée : 20 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/passhport_77129_63578/

Public cible : GeeksProfessionnels
In business as on a personal server, remote access is the most critical. "Human" flaws are common and often simpler to exploit than modern security systems.
To fully master the SSH access of Adminsys, DevOps and other stakeholders, PaSSHport is positioned as a bastion based on the unmodified OpenSSH... Lire la suite

Linux system hardening thanks to systemd

Intervenant(s) : Timothée Ravier

  • Langue : Anglais
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 09:40
  • Durée : 20 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/systemd_durcissement_91042_94304/

Public cible : GeeksProfessionnels
This talk will explain three security functionalities implemented in the Linux kernel. It will then cover how systemd has made them accessible for broader use by system administrators. Finally, their efficiency will be evaluated via a study of three major vulnerabilities they help mitigate.
FR Slide... Lire la suite

Making sense of your security logs using syslog-ng

Intervenant(s) : Peter Czanik

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 10:00
  • Durée : 40 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/salle-a-016-securite-05-07-17-100419_02507_part349_35875/

Public cible : ProfessionnelsGeeks
Event logging is a central source of information for IT security. The syslog-ng application collects logs from many different sources, performs real-time log analysis by processing and filtering them, and finally it stores the logs or routes them for further analysis.
In an ideal world, all log mess... Lire la suite

Secure center of your home, powered by free software - Turris Omnia router

Intervenant(s) : Václav Zbránek

  • Langue : Anglais
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 11:00
  • Durée : 40 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/turris_omnia_66394_02880/

Public cible : GeeksProfessionnelsGrand public
Last year, we launched our router Turris Omnia. With years of experience in the internet security and free software, as a part of the CZ.NIC association (Czech domain registry), we created a device that is able to keep your network secure. It is powered by free software (Turris OS is GNU/Linux with ... Lire la suite

DNS Privacy

Intervenant(s) : Sara Dickinson

  • Langue : Anglais
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 11:40
  • Durée : 40 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/dns-privacy_29899_35352/

Public cible : GeeksProfessionnels
DNS is one of the oldest pieces of protocol "Infrastructure" used in the Internet, and the most widely used. Confidentiality or privacy of users’ DNS queries and responses was not included in its design. As a result the DNS is now one of the most significant leaks of data about an individuals... Lire la suite

WORKSHOP Hydrabus on IoT

Intervenant(s) : Benjamin Vernoux , Nicolas Oberli

  • Langue : Anglais
  • Type d'événement : Workshop
  • Date : Wednesday 5 July 2017
  • Horaire : 14:00
  • Durée : 180 minutes
  • Lieu : Room Info J 207 Workshop Partage/Esthétiques/Sécurité
Public cible : Geeks
The workshop is the continuation of the talk "Hydrabus : Lowering the
entry fee to the IoT bugfest" where the attendance will be able to try
by themselves practical examples of physical attacks on small challenges.
A VirtualBox image will be provided so it’s highly advised to come with
a lapto... Lire la suite

The Armadito antivirus project

Intervenant(s) : François Déchelle

  • Langue : Anglais
  • Niveau : Newbie
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 14:00
  • Durée : 40 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/armadito_92772_99753/

Public cible : GeeksProfessionnels
The opacity of proprietary antivirus raises a double problem of confidence and privacy. Confidence in code safety and detection algorithms, as well as in data privacy sent by the antivirus to the editor for an announced purpose of protection improvement.
Armadito project started in 2015 and aims to ... Lire la suite

One day at the SANS Internet Storm Center

Intervenant(s) : Xavier Mertens

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 14:40
  • Durée : 40 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/internet_storm_center_09668_part356_26475/

Public cible : GeeksProfessionnels
The Internet Storm Center (ISC) was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Provi... Lire la suite

MISP objects and how we are changing the Security information sharing landscape.

Intervenant(s) : Raphaël Vinot

  • Langue : Anglais
  • Niveau : Confirmed
  • Type d'événement : Conference
  • Date : Wednesday 5 July 2017
  • Horaire : 15:20
  • Durée : 40 minutes
  • Lieu : Room A 016 Sécurité

Vidéo : https://rmll.ubicast.tv/videos/misp_62782/

Public cible : GeeksProfessionnels
Lots of organizations understood the importance of indicator of compromise (malware’s hashes, urls, bitcoin addresses, ...) and realized how critical it is to store and share them.
This is why, now, most of the vendors are all over it and try to come with the best feature to please their custo... Lire la suite