SPARKS #2 Event Review – April 2014

Author: Ionut – Daniel BARBU & Cristian PASCARIU

Published: IJISC Volume 3, Issue 1, Year 2014

Source: sparks.ccsir.org

Photos: cristiannicolau.wordpress.com

SPARKS #2 was the second conference in the SPARKS events series. This Security and Hacking meeting took place on April 14, 2014 at TechHub, Bucharest.

That fact that this is intended as a place to meet security enthusiasts after work was confirmed also by this second event. The participants already felt connected and the atmosphere was a very productive one. As a consequence the number of questions was higher than the last time and discussions were also lucrative. SPARKS #2 has begun with a very captivating presentation concerning the advantages and disadvantages of bug bounty programs. The discussion was structured on two important branches, observing the main points of view. On one hand, from the hacker, ethical or not, perspective, the dispute looks as follows – the two options being: performing a penetration test and providing the results to the targeted company, therefore having the chance of obtaining an amount of money depending on the target’s policy. The other approach could have been publicly disclosing the results and gaining the recognition of the communities. Ionut Cernica On the other hand there are several companies implementing bug bounty programs. This state that, after signing an agreement, a user can legally perform security penetration tests against target’s assets. This, of course has advantages and disadvantages as it can attract also hackers and large amounts of money to be paid. In my opinion, Ionut Cernica held a very interesting presentation on this matter as he provided his own experience. He took part in various bug bounty programs for well – known companies such as Facebook, PayPal etc. The advantages in this situation was, as expected, the financial part. Companies have the tendency not to admit their assets’ vulnerabilities therefore not keeping their part of the agreement. As a summary, I strongly recommend security enthusiasts to attend any presentation held by Ionut Cernica, Security Engineer at SafeTech Innovations. Ionut Cernica_2The second presentation showed vulnerabilities in the mobile devices field. It is already well known that mobile device security becomes a very important branch of IT security due to bring – your – own – device programs. As a consequence, mobile communications companies are taking countermeasures on this matter. I am referring to both device producers such as Apple, Samsung, Nokia and also telecommunications service companies: Orange, Vodafone etc. The first impression was of a very well chosen title “Z.E.R.O – Zero Errors Rarely Occur”. During his speech, Bogdan Alecu, System Administrator at Levi9 captivated the audience by constantly asking whether we knew that free calls can still be placed. Furthermore, the CVE-2014-1286 was detailed disclosing one of Apple’s vulnerabilities. This reveals the possibility of performing a denial of service attack against Apple mobile devices. Apple’s knowledge base site publicly disclose these vulnerabilities. As stated on this site, for the protection of customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Ionut Cernica_3 As expected, by the end of the presentations, the attendants started sharing ideas and experience so this second SPARKS session also finished a very friendly manner. As previously stated, SPARKS accommodates both security home practitioners and corporate employees. The attendance was free of charge which made it available to a wide variety of technical fellows from university students, IT employees, security specialists to just passionate people. However for administrative purposes, prior registration and confirmation was required. For further details and for future events I strongly recommend the conference’s web page: sparks.ccsir.org. In the end of this review I would thank to Andrei Avadanei, the leader of the organizing team. This seems to be recurrent in Bucharest Information Security community. To conclude, I am really looking forward to the next month’s meeting.

Information and photos: sparks.ccsir.org & cristiannicolau.wordpress.com

Published: IJISC Volume 3, Issue 1, Year 2014

Advertisements

Leave a comment

Filed under Event Review

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s