658 lines
36 KiB
Plaintext
658 lines
36 KiB
Plaintext
|
Episode: 454
|
||
|
|
Title: HPR0454: BruCon Interview
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0454/hpr0454.mp3
|
||
|
|
Transcribed: 2025-10-07 21:01:36
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
🎵
|
||
|
|
Welcome podcast listeners to another episode of Haka Public Radio. I'm your host, Phoenix.
|
||
|
|
So guys, I'm very lucky to have Christian Riley and Benny Keedisleger on from Bruton.
|
||
|
|
So the HPR guys haven't caught you guys before on the Haka Public Radio podcast. Chris, could you introduce yourself?
|
||
|
|
Yeah, my name is Chris Riley. I work for a banking Austria as a penetration tester.
|
||
|
|
And Benny?
|
||
|
|
I'm a security professional by day security blogger and event organizer by night.
|
||
|
|
Thanks very much, guys, for hoping on the call with me.
|
||
|
|
For regular podcast listeners, you may have recognized Chris's voice and Benny's voice.
|
||
|
|
So I've spoken to these people before. For you guys that don't know, Benny has just survived Bruton.
|
||
|
|
I think it's the best way of putting it. Benny was one of the organizers and Chris was also at Bruton as well.
|
||
|
|
And at the last call we talked about how Bruton was coming on and how it kind of liked to get Chris's feedback from Bruton.
|
||
|
|
And then he said maybe we could talk about getting Benny back on and Benny the legend that he has agreed to come back on.
|
||
|
|
So first and foremost, Benny, congratulations on Bruton. How did you think it went?
|
||
|
|
It went great. First of all, I have to thank four other people, Peter Daniele, Sebastian Lesnett,
|
||
|
|
if he poitens, if he bohards, are the four crazy people who got called together with me and started discussing it.
|
||
|
|
And then the whole team of volunteers that followed in the months afterwards because people kept saying like,
|
||
|
|
we can't believe it that it's your first conference. It's like it's your fourth edition.
|
||
|
|
You have been running for four years. That's one of the biggest compliments I had after the conference.
|
||
|
|
And Chris, how are you surviving after attending pretty much every hacking conference that would let you in? You being it?
|
||
|
|
Yeah, and I think I've been to every single conference. Well, almost every single conference has been available worldwide over the last six weeks.
|
||
|
|
Yeah, I know Bruton for me was a really special event. I mean, there are lots of people there I know.
|
||
|
|
It seems that at least 90% of all security professionals in Europe seem to live in Belgium.
|
||
|
|
At least most of the people I know seem to live in Belgium. It was a really nice catching up with everyone again.
|
||
|
|
And I mean, I can only echo what other people at the conference have said is like, no one believed it was the first time that Bruton had run.
|
||
|
|
And I mean, some of the other conferences I've been to have been a lot worse in the organizational point of view than Bruton is.
|
||
|
|
I mean, Brutons kind of come from nowhere and run so smoothly and so well.
|
||
|
|
And all of the speakers that I talked to were just overwhelmed with it.
|
||
|
|
And it's definitely coming back next year. It's like best conference we've ever had.
|
||
|
|
I think Jason E Street said it was like the best conference he's been to.
|
||
|
|
So, you know, it's a great compliment.
|
||
|
|
I mean, from the sidelines, Bruton was fit for me at a slow beast almost.
|
||
|
|
You heard it rumbling for a while and then when it came closer to it, it seemed like everyone was really excited that Bruton was coming.
|
||
|
|
A lot of people were really looking forward to it.
|
||
|
|
Did that kind of atmosphere transfer to the conference itself then?
|
||
|
|
Was everyone kind of really jicked to be either?
|
||
|
|
Well, I mean, I think even the speakers are really excited.
|
||
|
|
I mean, if you're actually out of the event, you got to see Chris Gates and Chris Nickerson kind of joining together there two talks.
|
||
|
|
Because they were so excited about doing the talks. They were kind of exchanging slide decks before the event to say,
|
||
|
|
what do you think of this? How does this fit with your stuff?
|
||
|
|
And Chris Gates did a great talk on open source information gathering.
|
||
|
|
Which kind of slotted in very nicely with Chris Nickerson's follow-up on social engineering, red teaming and kind of using the information gathering phase
|
||
|
|
and then kind of taking it to the next level and kind of moving into the one-on-one social engineering aspect of it.
|
||
|
|
And you could just see the excitement from the people there. It was kind of a one-time only opportunity to see the speakers really talking about things that they're really, really interested in.
|
||
|
|
Instead of the kind of static, defcon, you must break something and give us an exploit.
|
||
|
|
They were really talking about stuff that was really interesting to them and it really showed through.
|
||
|
|
Benny. I think we had a...
|
||
|
|
You carry on, Benny. Sorry, mate.
|
||
|
|
No problem. I think we had a good mix of speakers. We were really fortunate.
|
||
|
|
I think because of the best in work, works also for the OAS conference.
|
||
|
|
I think we all work in the security industry and know some people and I spam a lot on Twitter.
|
||
|
|
Actually, that got us in contact with some great speakers and we had a great selection.
|
||
|
|
And a lot of visitors have said that the overall quality was really good.
|
||
|
|
So even the volunteers were asking me the day afterwards,
|
||
|
|
well, when do we start for the next one? I was like, let me sleep for a minute and we'll talk about it.
|
||
|
|
Benny, could I ask you how much of your own conference did you actually see?
|
||
|
|
Not a lot.
|
||
|
|
Yeah, I had this sneaky feeling.
|
||
|
|
I think about 10 minutes was the most I saw of every presentation.
|
||
|
|
Because I was just walking around and checking with all the teams like did everything start.
|
||
|
|
On time, everybody showed up, also the catering for the bar.
|
||
|
|
We had several workshops because the venue only had one really, really big and beautiful presentation room.
|
||
|
|
And we wanted to do something else.
|
||
|
|
But I had a lot of meeting rooms, a lot of smaller rooms,
|
||
|
|
that were ideal for workshops.
|
||
|
|
So we did a lot of workshops.
|
||
|
|
And I was really fortunate to have some of the neighboring hacker spaces come from the Netherlands,
|
||
|
|
Luxembourg, Brussels.
|
||
|
|
And have them give several workshops like soldering and then tinkering with LEDs and Arduino boards.
|
||
|
|
Because for me, it is also an important part of hacking.
|
||
|
|
Because a lot of people consider it still to be like exploits and panthesting, black hat, white hat, grey hat.
|
||
|
|
But I think a big part of hacking is also about making things, not just breaking it.
|
||
|
|
So for me, it was an important part to include in the conference.
|
||
|
|
Because I really wanted to be a positive event, because it was the first time in Belgium.
|
||
|
|
And most people still think when they hear the word hacking that's about illegal activities and stuff like that.
|
||
|
|
And I think we changed the views of a lot of people.
|
||
|
|
So would it be fair to maybe suggest that it was a security conference for security people almost, you know,
|
||
|
|
designed by security people for security people and maybe not so much about selling, you know,
|
||
|
|
not so much about the media hype, but actually about what it is that we love and do for a living.
|
||
|
|
Exactly. That was like meeting people, sharing knowledge.
|
||
|
|
And I think that's really one of the cornerstones through why we started Bruchon.
|
||
|
|
I mean, as I've said before, immensely jealous that I didn't get to Bruchon, immensely jealous.
|
||
|
|
Because just for the hype that was surrounding you guys, that maybe the two weeks before Bruchon had started,
|
||
|
|
you could, from the site like I can say, from the sidelines, really smiled that this was going to be an awesome, awesome conference and event.
|
||
|
|
And I'm sure, you know, even from this side, you know, it's easy for me to say that Benny, you've done an awesome job.
|
||
|
|
Well, just a team.
|
||
|
|
Yeah, well, you know, when I say, when I say you, Benny, I know that you're part of a team and it's no eye in team.
|
||
|
|
That's certainly true.
|
||
|
|
What was the, what was, if you could change one thing, Benny, what would it, what would you do if, what would you do differently?
|
||
|
|
Well, I wouldn't change too much about the concepts, what we did.
|
||
|
|
Well, for small details, we need to figure out, well, to monitor where people need to be, just behind the scenes, some small details.
|
||
|
|
But actually, everything went quite well.
|
||
|
|
And catering can be improved.
|
||
|
|
It was like emergency solution because we really started too late, looking into it and like we had Belgian fries in the evening.
|
||
|
|
And well, we'll continue to keep it, but we're looking into having a more variety, more selection of things to eat in the evening.
|
||
|
|
Because some people like Belgian fries, but some people prefer to have something else.
|
||
|
|
Chris, what was, you know, what was, how was, how was brew confused?
|
||
|
|
I mean, what I suppose I'm trying to ask is, is, I mean, you really, you know, we'd left and joked about it beforehand, but I mean, pretty much anywhere that had a security conference this year, you were up.
|
||
|
|
And, you know, it must be great to have, you know, some more educated views, probably not the right term.
|
||
|
|
I can't find the right words that I'm looking for, but, you know, sampling so many different conferences.
|
||
|
|
And you said that you enjoyed brew con.
|
||
|
|
What was the bit that really rocked the boat for you?
|
||
|
|
Really kind of rocked it for you.
|
||
|
|
Yeah, I mean, there were a couple of things.
|
||
|
|
I mean, the one thing is I really like the one track conference.
|
||
|
|
You go to someone like Defcon, someone like Black Hat, you got six conferences, six talks going on at the same time, and it's always the same.
|
||
|
|
You get three talks on at the same time, you want to see them all, you just come.
|
||
|
|
And that kind of, that kind of leads you to running around between rooms, who, you know, there could be miles away from each other, literally miles away from each other sometimes.
|
||
|
|
To try and catch all of the, all of the talks you want to catch.
|
||
|
|
And then when you get there, there's no seats left, and it's just too busy.
|
||
|
|
And what I really liked about brew con was there was one track, and they had such good talks.
|
||
|
|
But I mean, if there was something that you didn't want to see or something, you'd already seen somewhere else, then there was always, you know, a workshop or two going on at the same time.
|
||
|
|
And then there was the Hex Challenge, which was being put on by Didier Stevens and...
|
||
|
|
Did you know?
|
||
|
|
No, I didn't.
|
||
|
|
Which was great.
|
||
|
|
I mean, I didn't get enough chance to really play.
|
||
|
|
Basically, you know, the idea of Hex Challenge was it was kind of...
|
||
|
|
It's not the typical capture of the flag style thing that goes on at these kind of events.
|
||
|
|
There was a bit of reverse engineering, you know, kind of trivia questions, as well as some, you know, typical capture of the fact penetration testing stuff.
|
||
|
|
And kind of a bit of hardware hacking as well.
|
||
|
|
And I was, I teamed up with a friend of mine there, and we kind of did, you know, some of the trivia stuff.
|
||
|
|
We did some of the hardware hacking stuff, which I'm not particularly good at.
|
||
|
|
But I mean, even though we only played for maybe a couple of hours, we came in, I think, ninth in the contest.
|
||
|
|
Which was, you know, kind of an achievement for us.
|
||
|
|
It's like, wow, what can you do for a couple of hours? You can achieve so much.
|
||
|
|
But there were people who played it for the whole time they were there.
|
||
|
|
And I mean, they must have really enjoyed it.
|
||
|
|
And I think that those guys spent a lot of time organizing that, and I really respect that, because it's a lot of work to organize those kind of events.
|
||
|
|
So I mean, my wish for the conference was that I had at least two days longer to play the Hex Challenge.
|
||
|
|
Because I think it would have been great if I had more time.
|
||
|
|
So, yeah, I think it's a team of seven people.
|
||
|
|
And unfortunately, I don't know them all by heart.
|
||
|
|
But the DA, Peter and Andreas, well, congratulations, because I think a lot of people enjoyed it.
|
||
|
|
For just something to fill in the gaps and through the break, something to have fun with.
|
||
|
|
And for some people, just playing it for the time.
|
||
|
|
So, is it the one track? Is it fair to say that then that kind of the buzz that you get from the conference kind of transcends?
|
||
|
|
Well, the buzz that you get from say a particular talk that was very, you know, very engaging.
|
||
|
|
Were you finding people in bars talking to each other?
|
||
|
|
But did you talk to each other about it?
|
||
|
|
Or, you know, was it you were going to see presentations and then get caught in the next thing or the next thing or next thing?
|
||
|
|
I mean, there was a lot of conversation going on.
|
||
|
|
There was a huge lounge area, which was very well done from what I could see.
|
||
|
|
Everyone had enough rooms to sit and talk.
|
||
|
|
And, you know, there was enough to keep people busy there.
|
||
|
|
But there were lots of people, you know, just talking about stuff they'd seen.
|
||
|
|
And as it was such a kind of a smaller conference, more personal conference, you could sit with the person you just did the talk and discuss it with them.
|
||
|
|
You know, we quite regularly kind of just went out drinking in the evening.
|
||
|
|
And it was just like, okay, going to go out with Chris Gates, Chris Nicholson, Jason E Street and, you know, Robin Wood.
|
||
|
|
You know, just kind of people who you knew from the industry, you just, you know, have some drinks, have a chat.
|
||
|
|
As it was such a personal conference, you know, if you had questions about it, the guys were there.
|
||
|
|
They weren't just flying in to give a talk and then flying out again.
|
||
|
|
They were really there for the conference and they really enjoyed it as well.
|
||
|
|
You couldn't have chosen a better weekend for a conference, a security conference either.
|
||
|
|
I mean, talk about a weekend when you've had major security vulnerabilities either a couple of days before or even while you're there.
|
||
|
|
It must have been pretty awesome to have some really big security vulnerabilities and not many security people in the one place at the one time talking about a security must have been awesome.
|
||
|
|
I'm referring to some of the SMB and denial of service stuff that we've seen against our Microsoft friends recently.
|
||
|
|
But I was sitting there thinking that, you know, at the time, I think it was on the 19th that I'd heard through the grapevine that, you know, remote execution was happening on this SMB version 2 thing.
|
||
|
|
And I was sitting there thinking, my god, there's a ton of ethical hackers sitting in Brussels at the moment.
|
||
|
|
I mean, some of the cream that, you know, the cream of the crop almost.
|
||
|
|
So, it's eye tracking now.
|
||
|
|
So, how many, how many people do you think were at Brook on them, Benny?
|
||
|
|
More or less, take a, take a few, 270 people.
|
||
|
|
And, or minimum estimates, I liked it.
|
||
|
|
It was more like a worst scenario.
|
||
|
|
It was 100 people.
|
||
|
|
So, and the maximum for the, for that venue was 400.
|
||
|
|
So, I'm really happy with the results for this year.
|
||
|
|
So, it was kind of very kind of like a friendly atmosphere.
|
||
|
|
I'm getting that kind of vibe with it being a small number, not a small number.
|
||
|
|
But, you know, I mean, a number that you could actually get to meet a majority of the people there.
|
||
|
|
Yeah, because there has been a similar security conference in Luxembourg for a few years.
|
||
|
|
And one of the things I always liked is like Chris said,
|
||
|
|
it's smaller, there's a nice atmosphere.
|
||
|
|
It's easier to talk to, to speakers.
|
||
|
|
And that's what I like about our venue and our events.
|
||
|
|
Okay, the first edition is like 200, 270 people,
|
||
|
|
but personally for me, I prefer it to keep it within the 400 limits to the limit of this venue.
|
||
|
|
Because, yeah, you get, it is easier to see and meet the same people for next year
|
||
|
|
because at the CCC Congress, which is an awesome event,
|
||
|
|
but the CCC Congress is like 4,000 people.
|
||
|
|
And I knew a lot of people and some colleagues from the industry that were also there.
|
||
|
|
And I think in four days, I bumped only once into them.
|
||
|
|
All right.
|
||
|
|
Yeah, it's really, really difficult to see and find people
|
||
|
|
because it becomes so massive.
|
||
|
|
Well, the atmosphere, well, suffers a bit from it.
|
||
|
|
I mean, Chris, am I right in thinking that you were talking
|
||
|
|
of something this year, a blue corner?
|
||
|
|
I was hoping to do a lightning talk, but...
|
||
|
|
Yeah, there was no thunder.
|
||
|
|
Yeah, there was no thunder with that.
|
||
|
|
Now, it was more a case of it.
|
||
|
|
I was being selfish.
|
||
|
|
You know, the lightning talks kind of clashed with two of the talks I really, really wanted to see.
|
||
|
|
So it was a decision for me.
|
||
|
|
Do I make the talk or do I not make the talk?
|
||
|
|
I mean, I wish I'd given the lightning talk personally.
|
||
|
|
I mean, I'm hoping to next year, certainly, if I'm invited.
|
||
|
|
But, you know, personally, for me, it was like, at that time,
|
||
|
|
there was stuff on I really wanted to see that I hadn't seen before anywhere else.
|
||
|
|
And I really wanted to be there for the talks.
|
||
|
|
So, and I was blogging for the event as well, very, very quickly.
|
||
|
|
Some people were claiming that I had a time machine, and therefore were blogging before people had even finished giving their presentations.
|
||
|
|
But, no, I really wanted to go to the talk, so I didn't really give me the chance to do a lightning talk this year.
|
||
|
|
Yeah, didn't you win something?
|
||
|
|
Yeah, yeah.
|
||
|
|
I won the t-shirt for the most tweets during the event, I think it was, wasn't it?
|
||
|
|
I could also be said as the most loudmouthed person on Twitter at the event that was me.
|
||
|
|
So, you also blogged like almost about every presentation there.
|
||
|
|
So, you're also the biggest blogger of Facebook on Facebook.
|
||
|
|
So, yeah, I get a press pass next year, then.
|
||
|
|
So, this is his redemption for, like, blogging, nothing good, that's gone.
|
||
|
|
Yeah.
|
||
|
|
Where he did have a press pass.
|
||
|
|
No, really.
|
||
|
|
I only blogged from the premium event, obviously.
|
||
|
|
Just, I'm going to pick on you, slightly, Chris.
|
||
|
|
I have to be honest with you, because, and let me get this right.
|
||
|
|
This year, you've been to DEF CON, hacking at random, brew con.
|
||
|
|
Have I missed anything so far?
|
||
|
|
Oh, this year, are we talking the whole year, or just last two months?
|
||
|
|
Well, the whole year.
|
||
|
|
Yeah, the whole year.
|
||
|
|
Let's have a look at the whole year for a second.
|
||
|
|
Wait, what do I mean to this year?
|
||
|
|
InfoSec, I'm in London, which is a bit of a bust.
|
||
|
|
Yeah.
|
||
|
|
First conference in Japan.
|
||
|
|
Black Hat, DEF CON.
|
||
|
|
Hacking at random, brew con.
|
||
|
|
And then, coming up, I've got...
|
||
|
|
There's computer congress.
|
||
|
|
Yeah, there's computer congress.
|
||
|
|
I've got the SANS conference in London in December, which is going to be great.
|
||
|
|
And I've got DeepSec and ITSec X, which are both Austrian cons.
|
||
|
|
I can't really not go to the cons in Austria, if I'm in Austria, so.
|
||
|
|
And after which conference do you think your girlfriend will change the locks?
|
||
|
|
What do you mean?
|
||
|
|
When?
|
||
|
|
She's not already done that.
|
||
|
|
After brew con, I'm in the car doing this right now.
|
||
|
|
Out of the conferences that you've been to so far, what was out of all of them?
|
||
|
|
And I'm sure Benny will be okay if you say a different conference here.
|
||
|
|
What was the one talk that really captured your imagination, Chris?
|
||
|
|
The one talk.
|
||
|
|
Oh, that's really hard.
|
||
|
|
There's been so many good talks.
|
||
|
|
I mean...
|
||
|
|
I'll give you three if you really want.
|
||
|
|
Yeah, oh, thanks.
|
||
|
|
Great. I've got three.
|
||
|
|
Three from like a hundred.
|
||
|
|
I mean, there was some... there's been a lot of good talks.
|
||
|
|
Actually, ironically, probably at least two of them come from brew con in my top three.
|
||
|
|
In no particular order, going in date order, really, a conversation that I had and a presentation I saw at first conference in Japan
|
||
|
|
about Microsoft's patching of the MSO-1067 SMB floor.
|
||
|
|
That was kind of really good from a technical point of view.
|
||
|
|
Just been able to see what Microsoft had done and how they dealt with it.
|
||
|
|
So that was kind of educational, and I met some of the guys from Microsoft who were meant to be a brew con,
|
||
|
|
but who didn't seem to make it, probably due to the other SMB floor.
|
||
|
|
It's good to see them as light, we busy at that.
|
||
|
|
There was slightly busy at that point.
|
||
|
|
I get a feeling he got to the airport and then got a phone call to go back again.
|
||
|
|
But I mean, the other two that kind of really opened my eyes were open source information gathering from Chris Gates
|
||
|
|
and the red and tiger teaming from Chris Nickerson, which were two of the talks I mentioned earlier on,
|
||
|
|
which were both a brew con, and they just really kind of hit home with what I'm doing
|
||
|
|
and kind of what we should be doing in this industry instead of just kind of turning up on day one and saying,
|
||
|
|
right, I'm going to run their map, I'm going to run necessarily.
|
||
|
|
Go, look, there's a floor, I'm going to exploit it.
|
||
|
|
We're in finished.
|
||
|
|
They're taking it more from the personal meat layer floors, social engineering,
|
||
|
|
kind of taking the, almost the easy way in.
|
||
|
|
It's kind of like getting to know the person that you're attacking,
|
||
|
|
and I think their talks really melded well together,
|
||
|
|
and I think I've got a lot out of their talks.
|
||
|
|
Thank you, another question Chris.
|
||
|
|
I don't want to keep on picking on you.
|
||
|
|
Do you think that for me, I mean, I didn't make it to any of the events,
|
||
|
|
but I feel like I was still able to be a part of it in some way,
|
||
|
|
shapes and forms through media and Twitter and blog posts and so on and so forth.
|
||
|
|
Is it me or does this year seem to have been an incredibly good year for ethical hacking and security conferences
|
||
|
|
and a lot of decent quality content and information getting out for people?
|
||
|
|
Or am I just kind of, you know...
|
||
|
|
No, I mean, it's been a good year and it's been a bad year.
|
||
|
|
From my point of view, this isn't against BrewCon because I think the event was great,
|
||
|
|
but I think there's almost kind of like now too much conferences going on.
|
||
|
|
I don't fit BrewCon into that pile of theirs too much,
|
||
|
|
because there was a big gap there that needed to be filled and BrewCon filled there,
|
||
|
|
and it was a great event.
|
||
|
|
But I think now there's a lot of big companies kind of going,
|
||
|
|
wow, look, people are making money on this, we're just going to run our own conference.
|
||
|
|
And what they offer is they'll just get three big names in and then fill the rest
|
||
|
|
with stuff kind of marketing employees disguised as talks.
|
||
|
|
And what I really enjoyed about BrewCon was that there's none of that.
|
||
|
|
There was not a single person who I met at the con or a single thing that I saw at the con that said,
|
||
|
|
this is what our company does and this is what our product does.
|
||
|
|
Everyone was just, I'm talking from a personal point of view,
|
||
|
|
and this is what I'm going to talk about.
|
||
|
|
There was really no kind of, I work for X company and we're selling this,
|
||
|
|
and this is how it works.
|
||
|
|
And I've kind of, I've started to see that kind of affecting some of the bigger conferences,
|
||
|
|
even kind of Black Hat, DefCon is kind of not so much DefCon because people tend to throw things,
|
||
|
|
but a Black Hat, yeah, it was kind of, you know, I work for McAfee,
|
||
|
|
for example, picking on them because they're going in like a super hacker.
|
||
|
|
And sort of like, we're going to talk about Antivirus.
|
||
|
|
And I was like, oh, well, this isn't going to be a marketing thing at all.
|
||
|
|
Every chance they can get, they say, well, our product does things slightly differently.
|
||
|
|
And I see that coming along more and more,
|
||
|
|
and those are the kind of talks that I don't want to be associated with.
|
||
|
|
I don't want to write a blog entry about someone's brand new, shiny product,
|
||
|
|
that they're trying to sell to everyone.
|
||
|
|
I'd much rather write about, you know, for example, Craig Boldings,
|
||
|
|
great talk that he did on cloud security.
|
||
|
|
I went in not knowing anything about cloud security and came out thinking, wow,
|
||
|
|
this cloud security thing is great. I still don't like it, but it's great.
|
||
|
|
I mean, for me, personally, I've had someone that,
|
||
|
|
it just seems to me that there was an awful lot of really good content being done
|
||
|
|
and that what posted that home to me is the great work that the guy does.
|
||
|
|
There's security tube.net or .com. I can't remember,
|
||
|
|
but the site.net.net, who just, I follow him on Twitter,
|
||
|
|
and it's just, you know, you're getting three or four incredibly great videos
|
||
|
|
and some of them are conference related and so on and so forth.
|
||
|
|
And it's been for me very, very good because I've been able to actually get in
|
||
|
|
to what people are talking about and actually get to watch them.
|
||
|
|
I've been very impressed with the work that that guy's done over there,
|
||
|
|
but Benny, is there any plans to have the, was there any audio or video recorded
|
||
|
|
at Bruecon this year?
|
||
|
|
I actually have been just tweeting about it.
|
||
|
|
Oh, tweeting while you're on the line to meet us, just shocking Benny.
|
||
|
|
No, just before, just before, we're looking for mirrors to host the files.
|
||
|
|
I actually have the videos ready.
|
||
|
|
Okay, so is that correct?
|
||
|
|
Ironically, Frank Autoness has also posted to say that he's quite happy to be a mirror.
|
||
|
|
So he did get on the podcast, even though he's not on the podcast.
|
||
|
|
Yeah, but for regular listeners, it feels like, you know, we're going through a 12th separation
|
||
|
|
without our brother and on Autoness.
|
||
|
|
It feels like, you know, I'm having separation anxiety at the moment.
|
||
|
|
So there is audio, there is video you're just looking for a mirror at the moment.
|
||
|
|
Yeah, the presentations themselves, the PDFs are all online,
|
||
|
|
except for the right things.
|
||
|
|
So you can already download those.
|
||
|
|
What's the, just to put you on the spot, Benny, do you know what the URL is for the presentations?
|
||
|
|
Yeah, Bruchon.org, and just go to the schedule, the schedule, the list of presentations,
|
||
|
|
offer the text, the abstract, there's a PDF icon for each presentations,
|
||
|
|
and as soon as I can upload the videos to one or two mirrors,
|
||
|
|
I will put the link on the video page of Bruchon,
|
||
|
|
because it's 1.18 gigabytes, and well, every ADSL has limited upload speed.
|
||
|
|
So I'm going to see, maybe I have a friend at University,
|
||
|
|
maybe I'm going to drop a DVD, and it's like a 100 megabit upload.
|
||
|
|
Did you know, see this thing in South Africa,
|
||
|
|
where it was quicker to send a carrier pigeon with four and a half gigabits,
|
||
|
|
and it was to send it down an ADSL modem.
|
||
|
|
I'm sure you guys are busy at the conference at the time.
|
||
|
|
Do you guys hear about this?
|
||
|
|
No, no, probably.
|
||
|
|
This is awesome.
|
||
|
|
They actually did a test, and this guide got a carrier pigeon with a USB of four and a half gigabits,
|
||
|
|
and sent the carrier pigeon with the four and a half gigabits,
|
||
|
|
and got an ADSL to upload four and a half gigabits,
|
||
|
|
and the carrier pigeon won by about four and a half hours or something.
|
||
|
|
But the latency must be really cramped.
|
||
|
|
Yeah, and you pack it back.
|
||
|
|
Your packets don't usually get shot by farmers either, so.
|
||
|
|
Are you there in RFC?
|
||
|
|
Yeah, IP over pension.
|
||
|
|
I've seen this somewhere before as well.
|
||
|
|
I don't know if you would be like this.
|
||
|
|
This IP over sheep, and IP over pension,
|
||
|
|
and then the third one I remember,
|
||
|
|
which really good was the RFC,
|
||
|
|
about the TCP or the IP flag, the evil bits.
|
||
|
|
What do you think?
|
||
|
|
Yeah.
|
||
|
|
Forget firewalls, just filter on the evil bits.
|
||
|
|
If it's an evil cyber criminal,
|
||
|
|
the bit is set to one first packets,
|
||
|
|
and all group packets are zero.
|
||
|
|
Well, just Google for it.
|
||
|
|
Actually, it's like, I don't know how people can write it,
|
||
|
|
because it's like 40 pages.
|
||
|
|
That's someone taking care of the far too seriously, isn't it?
|
||
|
|
It's really RFC.
|
||
|
|
It will all the details.
|
||
|
|
RFC 3514.
|
||
|
|
It just doesn't surprise me that you know that, Chris.
|
||
|
|
I'm looking at it at the moment on Wikipedia.
|
||
|
|
I couldn't remember what it was.
|
||
|
|
I think the release date always was the first of April.
|
||
|
|
Actually, curious, if the lost one released this year.
|
||
|
|
But some of these RFCs come across as eight football jokes,
|
||
|
|
and then you just realize it's, you know,
|
||
|
|
weeping scripts and something.
|
||
|
|
The interest of keeping the show a little bit shorter.
|
||
|
|
I just want to kind of maybe wrap up in the next couple of five, ten minutes,
|
||
|
|
but I mean, Benny, do you...
|
||
|
|
I mean, how...
|
||
|
|
I mean, for the HBO listeners, I don't know.
|
||
|
|
I do a software freedom day event in Scotland.
|
||
|
|
It's quite a big one.
|
||
|
|
By the time I'm finished, I'm still...
|
||
|
|
By the time I get through that event,
|
||
|
|
and I'm an organizer of it,
|
||
|
|
that I'm very, very exhausted, tired,
|
||
|
|
and can't possibly think about anything else.
|
||
|
|
I can imagine that that was times by ten for you, Benny.
|
||
|
|
I mean, I joke about at the beginning,
|
||
|
|
but you start to recover,
|
||
|
|
and maybe not the handle over the right word,
|
||
|
|
but, you know, calmness coming back to the barn almost.
|
||
|
|
Well, it's almost done,
|
||
|
|
but there's still some off-the-route-con work
|
||
|
|
like Bill's administration,
|
||
|
|
but the email volume,
|
||
|
|
because the organization of the conference is gone,
|
||
|
|
is really going down,
|
||
|
|
so there are less emails to respond to,
|
||
|
|
and well, next weekend,
|
||
|
|
it's the first three weekends,
|
||
|
|
I really look forward to having a long sleep.
|
||
|
|
So are we to expect slurring twitters from you on Sunday morning now?
|
||
|
|
Well, my security for all block,
|
||
|
|
well, it's like a suspended animation,
|
||
|
|
and I might pick up that one,
|
||
|
|
because I think it's like,
|
||
|
|
I used to block one post a day,
|
||
|
|
and the last month is one each month.
|
||
|
|
So you stuck it into a deep freeze?
|
||
|
|
Yeah, I really didn't want to say on the block,
|
||
|
|
like I don't have time to block anymore,
|
||
|
|
because people said,
|
||
|
|
like, well, just don't mention it,
|
||
|
|
and when you have time to block,
|
||
|
|
just block again.
|
||
|
|
But, well, yeah,
|
||
|
|
I learned a lot about having a lot of work,
|
||
|
|
and learning to be more time efficient,
|
||
|
|
and yeah, it's just a brutal,
|
||
|
|
also good exercise.
|
||
|
|
So I remember after my first software Freedom Day event,
|
||
|
|
so I'm saying to me,
|
||
|
|
you know,
|
||
|
|
oh, I'm looking forward to next year's,
|
||
|
|
and me sitting there thinking,
|
||
|
|
you know, maybe, maybe not,
|
||
|
|
and it's amazing within four or five days,
|
||
|
|
you kind of, yeah, it was really good,
|
||
|
|
to see speakers.
|
||
|
|
They were all very happy,
|
||
|
|
lots of people were entertained.
|
||
|
|
You, at that point,
|
||
|
|
yet, where, you know,
|
||
|
|
you can start to think about,
|
||
|
|
you know, maybe next year.
|
||
|
|
Yeah, but, yeah, yeah.
|
||
|
|
I mean, thinking a bit about,
|
||
|
|
it's like that next year,
|
||
|
|
we will have more experience.
|
||
|
|
It's not the first edition.
|
||
|
|
We can improve on things,
|
||
|
|
but on the other hand,
|
||
|
|
because I'm not saying it was perfect,
|
||
|
|
but because we did quite well,
|
||
|
|
we're on the pressure to deliver
|
||
|
|
at least the same result.
|
||
|
|
So it's like a double-edged sword.
|
||
|
|
I kind of set the bar quite high on that one.
|
||
|
|
Benny, I think there's absolutely no doubt
|
||
|
|
that you and your team will definitely do better
|
||
|
|
than last year, I mean,
|
||
|
|
you're passionate for what you guys are to achieve.
|
||
|
|
In my belief,
|
||
|
|
it's what got you over the finishing line,
|
||
|
|
and I'm producing such a good,
|
||
|
|
event that everyone's really proud to have attended
|
||
|
|
and been a part of.
|
||
|
|
I remember first speaking to you to go,
|
||
|
|
it must be, you know,
|
||
|
|
10, 10, 12 weeks ago or something like that,
|
||
|
|
and just coming off the call from you,
|
||
|
|
thinking how, you know,
|
||
|
|
passionate and excited you were about to get this off,
|
||
|
|
and I mean, personally,
|
||
|
|
I'm just chuffed,
|
||
|
|
so it was such a great event for you guys,
|
||
|
|
I am, and really, really, you know,
|
||
|
|
stoked for you there.
|
||
|
|
And, I mean, Chris,
|
||
|
|
it's been really good to actually have
|
||
|
|
you come onto the calls as well, you know,
|
||
|
|
and, you know, like I said,
|
||
|
|
I didn't get to get to any of them,
|
||
|
|
so it was really nice to have someone that had been there,
|
||
|
|
especially, especially to have,
|
||
|
|
especially someone from the industry itself,
|
||
|
|
you know, having that ethical hacking eye on things.
|
||
|
|
Benny, are you,
|
||
|
|
are you conferencing a toll for the rest of the year,
|
||
|
|
or are you just conferenced out now?
|
||
|
|
I wanted to go to a heck of a toll,
|
||
|
|
to the one in Luxembourg,
|
||
|
|
but I don't have any training
|
||
|
|
or holidays left to get off work.
|
||
|
|
If you've not got the flu or something like that.
|
||
|
|
Yeah, but it's not that far,
|
||
|
|
so I might just drive there and have a drink
|
||
|
|
with some of the people there in the evening.
|
||
|
|
And so the only one really on my schedule
|
||
|
|
is the Chaos Computer Congress,
|
||
|
|
which is like, you know,
|
||
|
|
a bit of Christmas holiday.
|
||
|
|
I think it's true time for me now.
|
||
|
|
As I say, I'm going to wrap up the interview for now.
|
||
|
|
Chris, is there anything you, you know,
|
||
|
|
the shameless plug moment that we all do in podcasting?
|
||
|
|
Chris, is there anything that you'd like to wrap up with
|
||
|
|
anything that you'd want to say or promote,
|
||
|
|
or all three?
|
||
|
|
No, no, I'm good.
|
||
|
|
I'd like to give thanks to everyone who helped organise
|
||
|
|
Baruchon, and I know Benny's not the only one,
|
||
|
|
but I'd like to thank Benny for his contribution,
|
||
|
|
because I know he's worked hard,
|
||
|
|
and I saw him running around the conference,
|
||
|
|
sweating profusely, and looking confused.
|
||
|
|
And he really did work,
|
||
|
|
particularly hard at the event,
|
||
|
|
and I know lots of other people did.
|
||
|
|
I consider coming next year,
|
||
|
|
because it'd be nice to meet everyone in podcast
|
||
|
|
a land, or however people refer to it.
|
||
|
|
You know, I really, I really love the event,
|
||
|
|
and I'm really happy to be part of it,
|
||
|
|
and I'm looking forward to 2010 already.
|
||
|
|
And Benny, is there anything that you'd like to share
|
||
|
|
with me, or say?
|
||
|
|
No, thank you for having me on the podcast,
|
||
|
|
and if you want to see the presentations and the videos,
|
||
|
|
check the website in a few days.
|
||
|
|
We'll try to get them online as soon as possible,
|
||
|
|
so everybody can have a sneak peek about what happened on Baruchon.
|
||
|
|
The blog posts and the pictures from some people
|
||
|
|
are also already mentioned,
|
||
|
|
so you can check out the hacker loans with arcade games.
|
||
|
|
Brian, I mean, for me personally, Benny and Chris,
|
||
|
|
I'd really like to thank you for taking the time
|
||
|
|
to come and speak to us and share your experiences
|
||
|
|
with the HPR audience.
|
||
|
|
I mean, there's no secret that there's incredibly jealous
|
||
|
|
of the work that you guys have done.
|
||
|
|
I'd love to have been there,
|
||
|
|
and it's just nice that we have people in the industry
|
||
|
|
that are willing to give back and to share.
|
||
|
|
And for that, I do thank you and all my guests
|
||
|
|
that have been on in the past.
|
||
|
|
I mean, in the interest of keeping everyone,
|
||
|
|
everyone on page almost,
|
||
|
|
could I get your blog addresses?
|
||
|
|
Chris, what's your blog?
|
||
|
|
Yeah, my blog's at www.c22.cc.
|
||
|
|
Any of you, one of those Twitterers?
|
||
|
|
Yeah, unfortunately, I tend to get Twitter.
|
||
|
|
Twitter, at least.
|
||
|
|
It's just at Chris John Riley, which is our ILEY.
|
||
|
|
And if anyone knows from the first time I interviewed Chris,
|
||
|
|
I spoke his name completely wrong.
|
||
|
|
So there's some other guy.
|
||
|
|
That's why I spelled it for you.
|
||
|
|
Even I can't spell my name right.
|
||
|
|
It's amazing what I can spell wrong.
|
||
|
|
And Benny, once your blog address,
|
||
|
|
if people want to have a look at your blog post,
|
||
|
|
blog.securityforall.be
|
||
|
|
but for as in the number and not spelled out.
|
||
|
|
Okay, so it's the numeric for?
|
||
|
|
Security number forall.be.
|
||
|
|
Okay, and the Twitter that can people follow you on Twitter
|
||
|
|
or you're not into it?
|
||
|
|
Yeah, it's at security for all the Twitter accounts.
|
||
|
|
I tend to be more active on Twitter than blogging
|
||
|
|
because yeah, it doesn't take as much time.
|
||
|
|
Even if you got 160 characters to worry about.
|
||
|
|
Exactly.
|
||
|
|
You can't say anything that embarrassing in 140 characters.
|
||
|
|
I don't know.
|
||
|
|
Actually, yeah, actually, you can.
|
||
|
|
Anyway, I'll take that back to come back.
|
||
|
|
I'm curious if Chris will maintain his Chrome
|
||
|
|
or because Twitter will call next year.
|
||
|
|
I doubt that.
|
||
|
|
As soon as people realized they were just Twittering constantly.
|
||
|
|
Almost as soon as you called me out and said,
|
||
|
|
here's a t-shirt, I was like,
|
||
|
|
okay, and I went back to sit down
|
||
|
|
and suddenly people were Twittering all over the place.
|
||
|
|
Maybe there's a price to second place.
|
||
|
|
Quick, quick, quick, you know.
|
||
|
|
Twitter will make it.
|
||
|
|
In other words, it's like,
|
||
|
|
you got a t-shirt if I Twitter in.
|
||
|
|
Exactly.
|
||
|
|
Well, I did it on purpose to not announce it.
|
||
|
|
I just wanted to know what was the person most active on Twitter.
|
||
|
|
Well, maybe I'll give another t-shirt next year, maybe not.
|
||
|
|
Or maybe next year you can do who's blogging them.
|
||
|
|
No, that wouldn't work either.
|
||
|
|
Yeah, maybe you want to be blogging the most.
|
||
|
|
It could maybe find to do a competition
|
||
|
|
for who's Twittering the least.
|
||
|
|
You know, got them a t-shirt going,
|
||
|
|
you know, I came to this conference
|
||
|
|
and I couldn't be asked to Twitter.
|
||
|
|
I didn't want to announce it,
|
||
|
|
so people would get spammy.
|
||
|
|
But yeah, just like Chris was spreading the word
|
||
|
|
to book on Twitter and well,
|
||
|
|
yeah, I had a hunch it was him,
|
||
|
|
but I actually had someone write a script
|
||
|
|
to ask for the sticks.
|
||
|
|
And yeah, my hunch was right.
|
||
|
|
Right, guys.
|
||
|
|
I'm going to wrap up the show.
|
||
|
|
I'd like to thank both of my guests today,
|
||
|
|
who, as I say, it's very,
|
||
|
|
I'm very grateful that they took the time
|
||
|
|
and to come and speak to us
|
||
|
|
and it's brilliant that they share their experiences.
|
||
|
|
And you can follow the Twitters and their blog posts.
|
||
|
|
And I do encourage you to do so.
|
||
|
|
It's a great information that I've found on both Chris's
|
||
|
|
and Frank's and also NASA's from previous shows
|
||
|
|
and stuff like that.
|
||
|
|
What I'd also like to mention to the Hacker Public Radio audience,
|
||
|
|
if you guys want to get involved in producing
|
||
|
|
your own podcast, it really couldn't be any easier
|
||
|
|
with Hacker Public Radio.
|
||
|
|
If there's something that you really want to share
|
||
|
|
or talk about or a project that you're interested in
|
||
|
|
or much let yourself find someone that you want to interview,
|
||
|
|
you can produce a show if you contact either a Nigma
|
||
|
|
or a Hacker Public Radio.
|
||
|
|
They can help you get your show aired out
|
||
|
|
and you too can be part of the HPR podcasters.
|
||
|
|
So, as left for me to do is once again
|
||
|
|
thank you all for listening to Hacker Public Radio
|
||
|
|
and we'll catch you the next time.
|
||
|
|
Thank you very much.
|
||
|
|
Thank you for listening to Hacker Public Radio.
|
||
|
|
HPR is sponsored by Carol.net
|
||
|
|
so head on over to C-A-R-O dot N-T for all of us here.
|