This year I participated again in the security track of the largest French open source conference, Libre Software Meeting (RMLL). “Participated” as I did not only give a talk on syslog-ng there, but also sat in to most of the presentations and had very good discussions both with visitors and fellow speakers. The organizers brought together talks from diverse IT security related fields, a very good opportunity for cross-pollination of ideas.

You can find the schedule of the security track here.

RMLL / LSM

Monday

As the security track started only in the afternoon, I was looking for an English speaking session elsewhere. I found one about an open source application developed in close cooperation between doctors and open source developers. It was originally designed for rescue workers at the Nepal Earthquake two years ago and since then it was successfully used after other disasters as well.

The first afternoon of the security track focused on making the privacy of communication over the internet easier for end users. All of the applications shown are still in various stages of early development.

  • Caliopen is a unified message management application with a strong privacy focus. It basically aggregates all private messages from mobile messaging apps (Facebook, Twitter, email and so on) into a single timeline. It creates a privacy index for anything, making sure that the user knows how secure is it to post on a given channel.
  • Pretty Easy Privacy is making privacy for email default and easy to use. It encrypts and anonymizes your email and works with accounts such as Gmail or Yahoo.
  • Ring: distributed communications application based on blockchain technologies that respects users privacy. It serves as a secure phone and messenger application that does not store centralized information about users.

Tuesday

The second day also covered many diverse topics. For a full list, check the schedule, I only list some of my favorites here.

  • Clémentine Maurice demonstrated in her talk, that Javascript has a lot more access to your hardware than you would ever think. Using just a browser running on the host she was collecting keystrokes from an isolated virtual machine. I got an uneasy feeling about how secure my system actually is…
  • Damien Cauquil & Nicolas Kovacs talked about Internet of Compromised Things and how IoT devices can be used in forensic investigations. That is why CERT-UBIK created the Hardware Forensic Database so when necessary these devices can be analyzed quickly.
  • Ole André Vadla Ravnås made the most fantastic live demo during his talk at RMLL about the Frida debugger. I do not actively code any more, but it seemed so easy to debug a running application using Frida that it made me think about coding again.

At the end of the day there was a lightning talk session where I also participated. I turned one of my blogs into a short talk: using SCL to simplify syslog-ng configuration.

Before my talk I asked people in the room how many of them know about syslog-ng and about 3/4 of the attendees raised their hands. When I asked how many actually use it, still more than half responded positively. Both are very nice numbers, considering that syslog-ng is not installed by default, but it is the choice of the user.

In the evening I participated the security track speakers’ dinner. The food was as fantastic as the company. I had long discussions with some of the organizers and fellow speakers. Based on this I expect to do some testing of MISP, the Open Source Threat Intelligence Platform. If everything works as expected then with some minimal integration the inlist() filter of syslog-ng could use lists maintained by MISP for real time threat detection.

Wednesday

My last day at the conference was Wednesday. To catch my plane back to Budapest I even had to skip a few talks in the afternoon. Luckily I talked to the speakers whose talks I missed the day before at the speakers’ dinner.

  • The morning started with a talk about PaSSHport. It is a solution to control access to SSH servers. Being in France and hearing that only Balabit was mentioned together with a French company as the commercial competitors made me feel proud.
  • My talk was about making sense of your security logs using syslog-ng. I gave an introduction to syslog-ng, talked a lot about message parsing, showed a simple syslog-ng configuration and concluded my talk with a few interesting use cases.
  • Václav Zbránek gave a talk about the router I also have at home, the Turris Omnia. He talked about its history and some of the features, powered entirely by open source software. A couple of the features were new even to me. 🙂

RMLL beer :)

As you can imagine reading about my experiences: I plan to be back at RMLL next year!

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or you can even chat with us. For a long list of possibilities, check our contact page at https://syslog-ng.org/contact-us/. On Twitter, I am available as @PCzanik.