"Those who are willing to pay a penny of security for a penny of usability will eventually have neither"

23 enero 2016

#IXJornadasCCNCERT (Securtiy Workshop)

The CCN-CERT is the Spanish Government CERT. And among its responsabilities is assisting the Public Administrations in fighting agains security incidents. It was created in 2006 as a part of the CCN (National Cryptology Centre), asigned to CNI (National Centre of Intelligence).

Every year, it arranges two days for the STIC Workshop to be hold as a meeting place for security professionals. This conference is probably the most prestigious security congress in Spain, having among the speakers many professionals from major international companies like Kasperky and FireEye, as well as from different spanish enterprises and institutions.

The subject of this year's congress was “Detección e intercambio, factores clave” ("Detection and exchange key factors") and it was made up of a plenary and two diferent simultanious modules: "Cyberspying / APTS / Threats, tools and technologies" and "Cybersecurity strategy. ENS and compliance". ENS stands for "Esquema Nacional de Seguridad" ("National Security Scheme").

Among the the talks in the "Cyberspying..." module was a vulnerability disclosure: the Linux Grub2 vul (CVE-2015-8370). This zero day in the Linux bootloader, call "back to 28", was discovered by the cibersecurity research group of the UPV spanish university. You can see all the details here:

As for the ENS module, there was a roundtable discussion about the implications of a upcomming regulatory development of the "Law on private security" in public procurement of cybersecurity services. The table was attended by different professionals like a commisary, two hackers and a director civil servant in the field of security.

These are just but a few of the very interesting talks givent at the event. Access to the whole presentation is available in the following links  (Spanish):

- Video recording: