Secure Camp I
I was there today.
I expected a big crowd there after seeing the registration page, but not even half turned up. I’ve been into security stuff at Yahoo! for quite sometime, so I have fair idea of web security. The web security part there was not very interesting to me, for, I know most of it already. I dint plan to speak there, but I prepared a short presentation on the fly about basic practices to avoid XSS, XSRF, SQL attacks. My laptop ran out of power and thanks to RSA guys who allowed me to use their laptop for presentation. I dint speak more than twenty minutes, I know that was not a good presentation, but next time I will plan to talk well before.
Most interesting part of the talk was a tool presented by Yash. He could capture passwords from sites that used SSL, which created a shiver down my spine. The tool captures data before it enters the SSL tunnel between the desktop and the website. It’s not a key logger.
If I’m right, Rasmus Lerdorf, the inventor of PHP said “the internet is broken”. Yash reiterates desktop (at least Windows) is even more broken.
