Main reason is that Google rolled out IMAP(s) support for Gmail last week and that this was the one thing which I was missing in their (free) service. I don’t think I can do it better by myself in my free time (and for free) than they can.

Some interesting pointers for those of you who are thinking about migrating can be found here. For uploading my old 1.7 GB mailbox I used a ruby script (partially stolen from here but had to customize it big time). The upload is still running now but should be finished by the end of the night.

Last week I visited HACK.LU, a security conference in Luxemburg. Besides beers at the bar and talking to interesting people there were also very interesting presentations to attend.
Most of the presentations can be found here. I will do a quick overview of the presentations which I found interesting.

Hillar Leoste from shadowserver did a very good wrap up of current Botnet activity. I am also going to play around with nepenthes to set it up as a honeypot and do some malware analysis of my own. There were some other presentations about malware analysis as well.

The death of defense in depth? Revisiting AV software was a presentation given by two people from nruns. I learned that AV scanners themselves are not always examples of Secure Coding Practices and that many exploits are still to be found in those products. A fancy demo was one exploit for a virus scanner which worked on Windows XP, Windows 2003 and… Vista! They apparently found a way around the ASLR in Vista. It was also very cool to see how one could bypass almost all virusscanners by changing the magic byte of a zip file but still making it possible to unzip the file in winzip. This indeed bypasses all layered defenses but I still think that it is a bit early to cry that ‘Defense in Depth’ is death.

Lance Spitzner did a very good opening speech the second day on fast flux botnets. These are fast changing botnets which are almost impossible to track. Most of the command and control servers sponsored by the Russian Business Network.

Wifi Fuzzing, remote kernel exploitation was a nice presentation by three France Telecom Researchers. It focused mostly on driver exploits and AP fuzzing. Although driver exploits are old news (taking the Intel exploit at BlackHat last year into account), when you see it in action, it is scary! A sample exploit for madwifi showed a vulnerable PC sending only a couple of beacons for his network SSID and the PC was already p0wnd! Now you might think that this only affects linux PCs…think about what software runs underneath some access points…right Linux!

A funny presentation was about Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation. This focused on how you could inject fake traffic messages into car sattelite navigation systems. In the demo shown, the GPS suddenly chooses a different route because the fake message stated that there was a closed road, traffic jam, air crash, terrorist attack or … bullfight Funny messages exist in TMC apparantly.

Nitesh Dhanjani did a very good wrap up of XSS attacks and showed how it could be useful to attackers in many ways (except for the usual <alert> demo).

From a CISSP perspective Cracking Windows Access Control was an insightful presentation and showed a practical example of how the failing of the Discretionary Access Control model currently implemented in windows can cause files of a higher level read a file of a lower integrity security level and thus compromising the security of the system. This was an example of how some the dry theory learnt during CISSP studies has a direct application in the real world.

There were many other interesting talks (RFID passports, metasm, new features in Core Impact, hacking captive portals, exploiting SAP, rootkits,…) but I suggest you look to the HACK.LU website for a full agenda.

To conclude I must say I learnt quite much from the three days in Luxemburg. It was a very interesting and also entertaining experience.

PS: If you go to one of these conferences…never open your laptop and trust what you send over the network. (unless you are the one performing the MITM attack)
I needed to change my google talk password because someone was doing a MITM attack and I had forgotten to disable my google talk (or redirect it through my SSL vpn).

UPDATE: I just learned that gtalk uses encryption! I went from the assumption that it was just plain text as most Instant Messengers but this does not seem to be the case. So my password change was not really necessary. Oh well, it does not hurt anyhow…

update: the paperwork is processed, it is official now : https://www.isc2.org/cgi-bin/cert_verification.cgi

A relaxing vacation means enjoying the peace and quiet of Southern France, enjoying the good food, excellent wine, the good weather, seeing some nice sights and catch up on some reading.
Most of my vacation reading went to the 1000 page CISSP exam guide as I needed to start preparing for my exam (planned for the 8^th of September). However, I also packed some fiction and some popular science magazines. I like the popular science magazines on vacation because they are light reading and they offer some interesting facts about various topics. Downside of these magazines is that they tend to oversimplify the science behind the facts and sometimes make obvious mistakes.

Nevertheless, I read an interesting article in Quest about psychological views on our human attention span. I had some misconceptions about this (thanks to popular believe). Some of the things I learned:

• Men and Women are equally good or bad in multi-tasking. Researchers have shown that there is no sexual difference in the human ability (or inability to multi-task).

• We can do two things at the same time but only one of those things can be a difficult task which requires our conscientious brain part. This means that we can for example drive a car and have a conversation with the person sitting next to us. This because, for experienced drivers, driving a car is an automated task which does not require our full attention. For student drivers, this is a different case as driving is not yet an automation and does require their full attention.

• Although we can drive a car and have a conversation, there is a difference when we have a conversation with someone next to us than when we have a conversation with someone on the phone (handsfree or not). This is because the person next to us shuts up when the traffic situation gets dangerous or warns us if we don’t drive carefully. The person next to us does that because he knows that the driver’s attention is required on the road in those cases. The person on the phone does not have the traffic context and thus cannot warn us for danger. He keeps talking no matter what situation the driver is in, or how the driver is driving. This makes having a phone conversation in the car more dangerous than you might think.

• We are not good in multi-tasking between tasks which actually require our full attention span. If we multi-task between for example reading e-mail, typing an sms, writing a report and reading other information, we can only do one thing at a time. This means we need to context switch constantly to finish all tasks simultaneously. Researchers have shown that when doing this, our IQ drops 10 whole points and the quality of our work drops as well. Therefore, it is better to finish a task or sub-task, giving it your whole attention span before moving to the next one.

Another article focused on the psychological virtues of doing nothing. It seems that when our brain is un-stressed and is not focused on anything, the creative processes start and great ideas are born. So I plan to be very creative!