Lightning Talks

Lightning talks (approx 10-15 minutes each)

Talk 1: IoT meets IPv6: The Perfect Storm? - Kristian Bognæs

Mirai was for many a wakeup call on what not to do with IoT security. Using default creds, this malware spread itself on thousands of webcams and home routers and became one of the most disruptive DDOS tools in 2016.
Now 3 years on, are we facing a new Mirai with the steady introduction of IPv6 and the number of private devices going online in this space increasing a massive rate? What do we need to consider as developers designing and developing applications for these IoT platforms?
Join Kristian as he walks you through how IPv6 will affect your security, and what you need to start doing to protect your code and create safer systems.
-------------------------------------------------------------------------------------------
Talk 2: Root-of-trust - What it is and why you need one in IoT - Ole Alexander Konstad

Whether you know it or not, if you have ever implemented any kind of digital security mechanism, your security is rooted somewhere. This is the root-of-trust (RoT) concept. This talk will elaborate on the RoT-concept, the various types of RoTs (one example being the TPM chip found in modern computers), how they can be used, typical implementations mistakes that can happen from the developer side and why you need one if you are deploying devices in IoT.
-------------------------------------------------------------------------------------------
Talk 3: What hit my webservice with 408?! - Paweł Krzywicki

On a windy, cold night, a webservice hosted on a popular cloud provider was struck by a mysterious http request and surprisingly did not recover for half an hour. That event triggered an investigation that quickly reminded that if you start hosting a publicly available webservice, you immediately become a target for a number of scanners that relentlessly crawl the internet trying to find vulnerabilities.
This lightning talk discusses a real-world story of a certain message from such a massive scan that instead of failing gracefully with 404 response code (Not found) started to cause 408 (Request timeout), which poses a bigger threat of Denial of Service.
The investigation of the message showcased different methods of logging such suspects - both using cloud services, as well as Java application based - when they fail and when they succeed to log all the details required to reproduce the issue. Surprisingly, it also offered a way to optimize the load on the hosting infrastructure and offered an interesting insight into modern scans, as well as individual malware campaigns launched.
The talk includes also a demo of quick analyses of logged http requests
-------------------------------------------------------------------------------------------
Talk 4: RSA encryption in 10 minutes - Fredrik Meyer

Always wanted to understand the idea and mathematics behind RSA encryption, but never had the will to read the Wikipedia article? In this lightning talk, I'll explain RSA encryption in an understandable way.
-------------------------------------------------------------------------------------------
Talk 5: I thought we did things right until I went looking - Security errors in Norwegian websites - Håvard H. Pettersen

Have you ever thought about bug hunting? Well, here is how I got started, and how I ended up finding security issues in a couple of Norwegian companies' online systems.