Archive for the ‘event’ tag

Jurackerfest – 2 Hours of Hacking Thrills and Caffeine HighsAugust 31st, 2011

The competition

Jurackerfest.ch, which took place on August 27th, was part of the first edition of Jura Security Days. This event was organized by BIMO (www.bimo.ch), whose aim is to promote quality software development, and featured conferences running throughout Friday and Saturday. The white-hat hacking competition was organized by SCRT (www.scrt.ch) who are the organizers of the renowned Insomni’Hack.

In the morning we practiced on specially crafted websites designed with specific errors to give participants an idea of what they would be facing during the contest. After a brief lunch break, we were given two hours to solve a set of 10 varied problems, ranging from a (fairly simple) protocol hack, to an exercise in steganography which no team managed to solve in the timeframe given.

 

The atmosphere

Jurackerfest hacking competition

Arriving early, the competition room was fairly empty and quiet, but as the starting time neared, it quickly becamecrowded and lively. Participants came from an array of different backgrounds; there was a technical school teacher with about fifteen of his pupils, quite a few qualified and experienced developers, a few security experts and lambda citizens interested to pick up a few things along the way…

The buzzing of laptop fans and the smell of energy drinks was overpowering!

The funniest part of it all was that in order to prove that one had indeed found a solution; one had to explain how it was found. And as the solutions themselves usually consisted of random characters, people were constantly running to the referee table with their laptops in their hands, to be able to show both the solution and how they had found it!

 

The team

 

blue-infinity's Thomas Hofer at JurackerfestCompeting with me was Nicolas Heiniger, currently working in IT security for the Hôpital du Jura. We studied at the EPFL together and spent many exercise sessions tuning our brains to work together (along with three more classmates, who could unfortunately not make it). Knowing each other’s strengths allowed us to split the challenges efficiently.

Nicolas was running a Linux Backtrack distribution (a dedicated penetration testing OS), while I was running Ubuntu Natty almost out-of-the-box (with zsh and vim added to it).

 

A sample challenge

Out of the ten challenges:

  • One was a cypher to decode (a variation on a Cesar cypher)
  • Two were oriented towards reverse engineering
  • Two were so-called “trivia” challenges (steganography concepts actually)
  • And the last five were web oriented (e.g. hacking a JavaScript authentication, overriding a htaccess authentication, a SQLi hack for a database authentication…)

One of the reverse engineering challenges consisted of finding the password verified by a python function.

The source file, which we were given, wasn’t too complex (remember we only had two hours to solve ten challenges):

  • When run, it checked that the number of arguments was correct and if so, started verifying the user input – if not, it printed usage instructions.
  • The verification consisted of a series of tests, based (amongst others) on comparisons between the value of an internal variable and the position of one character of the input string in the ASCII table (i.e. the value of the corresponding byte).

One of the tests (the last one) checked that the length of the input was exactly seven. Working backwards from there (and with the help of an ASCII table), we were able to work out that the code was Jc4HAcK.

 

My conclusion

All in all, a very fun day and a thrilling experience (more in my league than extreme sports, admittedly). And a surprisingly satisfying outcome, since Nicolas and I were first-timers in an ethical hacking contest. Next time though (andyes, there WILL be a next time), I’ll make sure I have all the necessary tools installed before going, rather than lamenting not having Internet access from there!

 PS: How did we fare?

Well, we were proud 3rd place winners… and got our pictures in the local papers! View the article (in French).


Share and Enjoy:

Maximising online customer conversionJuly 7th, 2011

The internet has become an extremely competitive space to market products, so how do you stay ahead of the competition? Without physical sales people, how do you encourage visitors to click on the oh-so-important “add to basket” button?

These were just two of the issues addressed by blue-infinity at this year’s “Salon eCom”, which took place on the 24th May at the Ramada Hotel in Geneva. Laetitia Giannettini, Lead User Experience Consultant, and Guillaume Arluison, Open Source Solutions Practice Manager, teamed up for a presentation on how to optimize product landing pages to convert visitors into buyers. To illustrate this, Laetitia and Guillaume discussed usability best practices across different e-commerce sites, which included the often overlooked work that goes into attracting people to your product page – effective SEO.

 

 

 

 

 

 


Share and Enjoy:

blue-infinity at TechDays’ Highway to KnowledgeMarch 17th, 2011

Once again, blue-infinity will be an official speaker at the TechDays conference taking place in Geneva on April 5th-6th. We will be presenting two sessions; the first of which will detail the search capabilities of SharePoint 2010, where we will be discussing the different search options available in each version. We will then examine ways to extend the search, using integration methods, search federation and customization.


The second session will focus on identity management and federation through Active Directory Federation Services Version 2. Initially developed to enable trust relationships with external entities, ADFS is becoming more crucial as it allows federation of identity within the enterprise and in the cloud.




Share and Enjoy:

The deployment of nlyte’s DCIM solution within the Dutch Police ForceNovember 10th, 2010

Previously on HQ News, we announced our partnership with nlyte Software, the sole provider of performance-based solutions for DCIM. We launched this partnership by holding the first ever DCIM event in Switzerland, which took place in Geneva on the 27th October.

The event attracted a great turn out, with speakers from blue-infinity, nlyte, and the Dutch Police Force demonstrating how DCIM solutions can help address the challenges associated with data centres.

Following introductions to both companies and an overview of this new partnership, nlyte introduced their DCIM solution and the new features in the latest version of the software – one of these is the introduction of Microsoft Reporting Services to comply with more standard environments. Whilst the software offers a very quick deploy solution which is easy to install, the existing IT environment needs to be discovered and understood – either through analysis (the more preferable option) or importing existing data.

Following this overview, Jan Wiersma of the Dutch Police Force presented his experiences in deploying the nlyte solution to manage the force’s 18 data centres, 6,000 servers and 1,500 plus applications. As a member of the global data centre community Pulse, Jan has excellent knowledge about what is needed within a data centre, along with the latest issues and solutions.

The Dutch Police Force has an extensive network of data centres and servers utilising both Windows and OpenVMS systems, and Jan explained how the nlyte solution was solving many management challenges by providing a 3D view of its data centres, modelling capabilities and lifecycle management. Jan relived the pre-install preparation that was needed, which consisted of auditing the existing set-up (floors, connections, existing servers etc.) in order to populate the nlyte database with accurate and reliable data. He also highlighted the importance of process – without which the solution could not have been sustained as the data would have been inaccurate.

In obtaining data centre reports, Jan stated his preference for using Crystal Reports. Jorge Pablo Gonzalez, practice manager at blue-infinity agrees, stating that ‘Crystal reports allow for reporting and statistical analysis of many data sources, which make them ideal for large scale deployments of nlyte’s software, such as in the case of the Dutch Police Force’.

The event was very well received, and offered foresight into how the recent partnership between blue-infinity and nlyte has provided us with the capacity to present to our clients an effective and efficient solution to data centre management.


Share and Enjoy: