[Tech] Lisa 2005 - Day 5

Tutorials are over (for me). Today starts the tech sessions and the conference in full force. They opened the gates and the barbarian vendor hordes have arrived (but they have put them in their own room and left the window open a crack so they can breathe).

LISA 2005 Trip Log: 12/07/2005
==================
Day 5 - Tech Sessions and Referreed Papers

Tech Sessions and Refereed Papers
-------------------------------

Keynote - Scaling the Search, Dr Lu, Yahoo!

Tech Session 1 - AM

Invited Talk 2 - Network Black Ops: Extracting Unexpected Functionality from Existing Networks
Dan Kaminsky, DoxPara Research
[CANCELED, lecturer did not show]

Went to Refereed Papers:

GULP: Unified Logging Architecture for Authentication Data, by Matt Selsky adn Daniel Medina, Columbia University

notes: only keeps 28 days worth of data in Oracle DB, no archives, no backups, not ready for prime-time yet.
links:
http://www.columbia.edu/acis/networks/advanced/gulp/

Toward an Automated Vulnerability Comparison of Open Source IMAP Servers, by Chaos Golubitsky, Carnegie Mellon University
notes: IMAP vulnerability was determined by a weighting of the available f(x) calls via the network API and assigned a score. Interesting idea for analyzing potential security risks via complexity of code.
links:

Fast User-Mode Rootkit Scanner for the Enterprise, by Yi-Mon Wang and Doug Beck\, Microsoft Research
notes: very energetic speaker. They are scanning based on the principle of di\ffing a running system and a stopped system. On a running system a stealthy ro\otkit will hide itself from all the APIs, but it will still exist on disk, by s\canning a disk of a non-running system, you can now find the rootkit by what sh\ows up. If they don't hide, however, the GhostBuster tool cannot find it, but \other tools should be able to find it.
links:
http://research.microsoft.com/csm/strider/
http://research.microsoft.com/rootkit/
http://www.schneier.com/blog/archives/2005/02/ghostbuster.html

-------------------------------
Lunch - Pizza in Fashion Valley...a strange place. Had lunch with SAs from Sweden, very informative, good exchange of ideas and culture.
-------------------------------

Tech Session 2 - Afternoon
INVITED TALKS I - What Big Sites Can Learn from Little Sites, by Tom Limoncelli, Cibernet Corp.

notes:
links:

Afternoon break - bought a few tech books, wander through the barbarian vendors hordes.

Referreed Papers:

About the Integration of Mac OS X Devices into a Centrally Managed UNIX Environment, by Anton Schultschik, ETH Zurich

notes:
links:
http://isg.ee.ethz.ch/tools/tetre2/
http://www.sepp.ee.ethz.ch/
http://isg.ee.ethz.ch/tools/
http://isg.ee.ethz.ch/tools/isgtc/ (great idea for work)

RegColl: Centralized Registry Framework for Infrastructure System Management, by Brent ByungHoon Kang, Vikram Sharma, and Pratik Thanki, University of North Carolina at Charlotte

notes:
links:
http://isr.uncc.edu

Herding Cats: Managing a Mobile UNIX Platform, by Maarten Thibaut and Wout Mertens, Cisco Systems, Inc.

notes:
links:

Evening:

Dinner was the Mexifest sponsored in the vendor room. Good hallway discussions.

NetApp/Symantec/Decru Mixer. Good times had by all.