Security: between transparency and opacity

What kind of problems engineers and hackers have to solve, what tools are available for finding, reporting and patching vulnerabilities, and how Free Software may make our world safer when even our desktop ou smartphone becomes our ennemy ?

Interviews:

Curation:
The track is curated this year by Stéphanie Ouillon, Mathieu Blanc, Christophe Brocas and Philippe Teuwen.

Caliopen : Privacy index metrics in digital communication.

Speaker(s) : Laurent Chemla, Stanislas Sabatier

  • Language : Français
  • Level : Newbie
  • Nature : Conference
  • Date : Monday 3 July 2017
  • Schedule : 14:00
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/caliopen_11059/

Public cible : GeeksGrand publicProfessionnels
The confidentiality of correspondence has been historically characterized by letter exchanges. Think of the stamped royal letter protected with a wax seal. Everyone knows that a letter mailed in a glued envelope is more private than a standard postcard. This confidentiality with easily-understood pr... Read more

p≡p ≡ pretty Easy privacy

Speaker(s) : sva .

  • Language : Anglais
  • Level : Newbie
  • Nature : Conference
  • Date : Monday 3 July 2017
  • Schedule : 14:40
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/pep_14918/

Public cible : GeeksGrand public
p≡p motivates a new standard to securely encrypt and verify written communications without reinventing the wheel: p≡p eases secure communications relying on well-established end-to-end cryptographic methods by design. Following standards like OpenPGPG or OTR it integrates into existing systems for w... Read more

Ring: distributed comunications that respects users privacy

Speaker(s) : Adrien Beraud

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Monday 3 July 2017
  • Schedule : 15:20
  • Duration : 20 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/ring_55274/

Public cible : Grand publicGeeksProfessionnels
The goal of the Ring project (now a GNU package) is to build a Free distributed communication platform for everyone, that respects users privacy. Ring now has a beta version available on most popular platforms.
In this presentation we discuss how we tackled (and plan to tackle) interesting challenge... Read more

WORKSHOP Heads - the libre privacy distro

Speaker(s) : Ivan J.

  • Language : Anglais
  • Nature : Workshop
  • Date : Monday 3 July 2017
  • Schedule : 16:20
  • Duration : 60 minutes
  • Place : Room A 016 Sécurité
Public cible : GeeksProfessionnels
heads is a libre distro aimed at respecting your privacy, anonymity, security, and freedom. In the talk, we will introduce heads, and look at its ins and outs, figure out how it works, go through the developer documentation (https://heads.dyne.org/wiki/inside-heads.pdf), and figure out our next step... Read more

  Roundtable: Internet of Things devices, issues, recommendations (non-tech audience)

Speaker(s) : Chantal Bernard-Putz, Laurent Chemla, Olivier Desbiey, Jean Louis Lanet

  • Language : Français
  • Level : Newbie
  • Nature : Panel
  • Date : Monday 3 July 2017
  • Schedule : 16:20
  • Duration : 100 minutes
  • Place : Lecture hall J 020
A round table on Internet of things devices :
What are they, how do they work ? How IOT devices are a liability, in technical and security terms, source code acces, or privacy-related issues ? What are the applicable laws for those omnipotent computers, what are the ethical values at... Read more

LessPass stateless open source password manager

Speaker(s) : Edouard Lopez, Guillaume Vincent

  • Language : Anglais
  • Level : Newbie
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 09:20
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/demo-04-07-2017-092046_55603_part334_66469/

Public cible : DécideursGeeksProfessionnelsGrand public
LessPass is an open source password manager. It generates unique passwords for websites, e-mail accounts, from a master password and information known to you. LessPass uses encryption to rebuild your passwords every time you need them. No need to save all your encrypted passwords in a vault that is ... Read more

Zero Knowledge - A cryptographically enforced privacy policy

Speaker(s) : Caleb James De Lisle

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 10:00
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/demo-04-07-2017-095918_90718_part281_11930/

Public cible : GeeksProfessionnels
The proliferation of online freeware and data-monetizing business models poses a new challenge to people who want to make ethical choices but also want to "keep with the times". Many web services today are promoting themselves as ethical with strong privacy policies. However, once our pers... Read more

From bottom to top: Exploiting hardware side channels from web browsers

Speaker(s) : Clémentine Maurice

  • Language : Anglais
  • Level : Expert
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 11:00
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/du-materiel-au-logiciel_12764/

Fil rouge : Esthétique du libre
Public cible : ProfessionnelsGeeks
Note: an interview of Clémentine Maurice is available.
Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for... Read more

From theoretical crypto to practice: gloups something is missing

Speaker(s) : Cryptie, Olivier Blazy

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 11:40
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/crypto_13679_40041/

Public cible : ProfessionnelsGeeksGrand public
Cryptography is becoming more and more important in everyday life, and even if some politicians dream of making it a crime, we are all using it multiple times every day.
In theory, we could used it even more to assure a stronger privacy for everyone, in practice very few library include even the l... Read more

Hydrabus : Lowering the entry fee to the IoT bugfest

Speaker(s) : Benjamin Vernoux, Nicolas Oberli

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 14:00
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/hydrabus_15907_66917_part338_70668/

Public cible : Geeks
The HydraBus is an evolutive multi-tool hardware which help you to Analyze/Debug/Hack/PenTest all types of electronic bus/chipset
HydraBus is here because today we have plenty of IoT embedded hardware without having good open tools to analyze/debug/hack or test them
This talk will focus on the hardw... Read more

Self defense workshop in the digital age

Speaker(s) : Benjamin Sonntag

  • Language : Français
  • Level : Newbie
  • Nature : Workshop
  • Date : Tuesday 4 July 2017
  • Schedule : 14:00
  • Duration : 120 minutes
  • Place : Room A 016 Sécurité
Did you ever lost a hard drive full of pictures from your past ? How does it feel ?
Was your email or facebook account ever hacked ? How do you know ?
Are you using the same password everywhere ? Why is it a bad idea ?
A lot of our friends and family are asking those questions to us every day. If ... Read more

FLOSS methodologies and tools for IoT forensic investigations

Speaker(s) : Damien Cauquil, Nicolas Kovacs

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 14:40
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/investigations_objets_11740/

Public cible : DécideursProfessionnelsGeeks
More and more connected devices entered our lives: smart watches, connected locks and padlocks, "smart" medical devices and of course drones. All of these devices may one day be part of an investigation and used to gather evidences and solve cases. But for now, IoT devices related forensic investiga... Read more

Unlocking secrets of proprietary software using Frida

Speaker(s) : Ole André Vadla Ravnås

  • Language : Anglais
  • Level : Expert
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 15:20
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/frida_03038/

Public cible : Geeks
Ever wanted to understand the internals of an application running on your desktop or phone? Want to know what data is passed to a particular crypto function? Then Frida is for you!
This talk will introduce Frida and show how it can be used to aid in analysis of binary applications. It will be packed... Read more

LIEF - Library to Instrument Executable Formats

Speaker(s) : Romain Thomas

  • Language : Anglais
  • Level : Expert
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 16:20
  • Duration : 40 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/lief_63569/

Public cible : ProfessionnelsGeeks
When analyzing executable, the first layer of information is the format
in which the executable is wrapped. It comes out that a lot of tools and
libraries exist to analyze and instrument assembly code wrapped by the
format, but there is not such library to handle the three main
executable formats an... Read more

Rumps session

Speaker(s) : All speakers that have been accepted ;)

  • Language : Anglais
  • Nature : Conference
  • Date : Tuesday 4 July 2017
  • Schedule : 17:00
  • Duration : 60 minutes
  • Place : Lecture hall J 020

Video : https://rmll.ubicast.tv/videos/session-de-presentations-courtes_55188/

This timeslot is dedicated to lightning talks (max. duration : 5min).
We will do a very simple and easy call for ideas :
Send your idea to rumps2017@brocas.org and so, until the last day included (tuesday July, 5th).
Criteria:
security, free software, innovation and/or fun ;-)
Go !
Already accepted... Read more

Manage your SSH access with PaSSHport

Speaker(s) : Raphaël Berlamont, Erwan Le Gall

  • Language : Anglais
  • Level : Newbie
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 09:20
  • Duration : 20 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/passhport_77129_63578/

Public cible : GeeksProfessionnels
In business as on a personal server, remote access is the most critical. "Human" flaws are common and often simpler to exploit than modern security systems.
To fully master the SSH access of Adminsys, DevOps and other stakeholders, PaSSHport is positioned as a bastion based on the unmodified OpenSSH... Read more

Linux system hardening thanks to systemd

Speaker(s) : Timothée Ravier

  • Language : Anglais
  • Level : Newbie
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 09:40
  • Duration : 20 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/systemd_durcissement_91042_94304/

Public cible : GeeksProfessionnels
This talk will explain three security functionalities implemented in the Linux kernel. It will then cover how systemd has made them accessible for broader use by system administrators. Finally, their efficiency will be evaluated via a study of three major vulnerabilities they help mitigate.
FR Slide... Read more

Making sense of your security logs using syslog-ng

Speaker(s) : Peter Czanik

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 10:00
  • Duration : 40 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/salle-a-016-securite-05-07-17-100419_02507_part349_35875/

Public cible : ProfessionnelsGeeks
Event logging is a central source of information for IT security. The syslog-ng application collects logs from many different sources, performs real-time log analysis by processing and filtering them, and finally it stores the logs or routes them for further analysis.
In an ideal world, all log mess... Read more

Secure center of your home, powered by free software - Turris Omnia router

Speaker(s) : Václav Zbránek

  • Language : Anglais
  • Level : Newbie
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 11:00
  • Duration : 40 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/turris_omnia_66394_02880/

Public cible : GeeksProfessionnelsGrand public
Last year, we launched our router Turris Omnia. With years of experience in the internet security and free software, as a part of the CZ.NIC association (Czech domain registry), we created a device that is able to keep your network secure. It is powered by free software (Turris OS is GNU/Linux with ... Read more

DNS Privacy

Speaker(s) : Sara Dickinson

  • Language : Anglais
  • Level : Newbie
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 11:40
  • Duration : 40 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/dns-privacy_29899_35352/

Public cible : GeeksProfessionnels
DNS is one of the oldest pieces of protocol "Infrastructure" used in the Internet, and the most widely used. Confidentiality or privacy of users’ DNS queries and responses was not included in its design. As a result the DNS is now one of the most significant leaks of data about an individuals... Read more

WORKSHOP Hydrabus on IoT

Speaker(s) : Benjamin Vernoux , Nicolas Oberli

  • Language : Anglais
  • Nature : Workshop
  • Date : Wednesday 5 July 2017
  • Schedule : 14:00
  • Duration : 180 minutes
  • Place : Room Info J 207 Workshop Partage/Esthétiques/Sécurité
Public cible : Geeks
The workshop is the continuation of the talk "Hydrabus : Lowering the
entry fee to the IoT bugfest" where the attendance will be able to try
by themselves practical examples of physical attacks on small challenges.
A VirtualBox image will be provided so it’s highly advised to come with
a lapto... Read more

The Armadito antivirus project

Speaker(s) : François Déchelle

  • Language : Anglais
  • Level : Newbie
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 14:00
  • Duration : 40 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/armadito_92772_99753/

Public cible : GeeksProfessionnels
The opacity of proprietary antivirus raises a double problem of confidence and privacy. Confidence in code safety and detection algorithms, as well as in data privacy sent by the antivirus to the editor for an announced purpose of protection improvement.
Armadito project started in 2015 and aims to ... Read more

One day at the SANS Internet Storm Center

Speaker(s) : Xavier Mertens

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 14:40
  • Duration : 40 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/internet_storm_center_09668_part356_26475/

Public cible : GeeksProfessionnels
The Internet Storm Center (ISC) was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Provi... Read more

MISP objects and how we are changing the Security information sharing landscape.

Speaker(s) : Raphaël Vinot

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Wednesday 5 July 2017
  • Schedule : 15:20
  • Duration : 40 minutes
  • Place : Room A 016 Sécurité

Video : https://rmll.ubicast.tv/videos/misp_62782/

Public cible : GeeksProfessionnels
Lots of organizations understood the importance of indicator of compromise (malware’s hashes, urls, bitcoin addresses, ...) and realized how critical it is to store and share them.
This is why, now, most of the vendors are all over it and try to come with the best feature to please their custo... Read more