In this event I listened the Stallman’s message and his particular way to spread it with huge curiosity. He got some really interesting momentum in the lectures although I would like to highlight the Q&A time where he answered several interesting questions indeed. Specifically, he shared his thoughts and insights on the software libre movement (SLM) and how it fits in the software libre industry currently. Thereby he flied over hot topics such as the acquisition of Sun by Oracle, SaaS and the SLM or the GPL’s last version among others.

I have to recognize I was surprised when he talked about the GNU/Linux integration and how he was disappointed when the GNU project took off like a rocket with the Linux kernel on board while the different communities identified the GNU project with the kernel only calling it Linux alone instead GNU/Linux.

Stallman talked about the Linux community too and how the distributions share this piece of software and how their decisions, particularly those ones related to non free drivers and firmwares impact every distribution and the movement itself.

Last, but not least, he talked about his experience making decisions and how he made one difficult decision between the micro and monolithic kernel design and how it changed a lot of things in the project’s history.

As you know, the last year we handled different attacks and techniques showing practical countermeasures in order to get more secure configurations for our systems, so this year we decided to complete this approach including the best security management practices for persons in charge of security strategy and tactic in organizations.

In detail, we covered the following topics:

• Benefits of good security practices
• Security methodology
• Risk analysis and defense models
• Network architectures
• Network device security
• Integrity and availability architecture

Vulnerability management was a hot topic too. We introduced responsible disclosure and how it relates to the free software community …

In this lesson we saw, other than typical configurations and trouble shooting, some theory covering the current networking models (concepts, protocols, applications and so on) and a full revision about the networking stack implementation together with source code for the Linux kernel.

Reviewing the planning, security is the next battlefield …

As you know, I landed this thursday at Coruña and on friday I was teaching at Master on Free Software the last security networking lesson. With this lesson we finished our first security block. This time we finished with a full laboratory covering practical corporative firewalling and a real web hacking session.

We played a dynamics group too where we were talking about security industry and how it impacts our enterprises and organizations. In particular we spoke about adding effective countermeasures in your organization/business, our current security situation, being productive with open security tools, handling vulnerability responsible disclosure or the new vulnerability markets among other topics.

We close this master class answering doubts and sharing our opinions and ideas about effective security.

Now, people attending those classes know about tactics and tools used by blackhats while breaking in real targets. We focused on different topics such as design flaws, protocol weakness, hijacking connections, fragmentation attacks, active/passive fingerprinting, switched sniffing, MITM attacks, advanced scanning and so far.

The next master class, scheduled on the 18th/July, we’ll see advanced and strategic defense for organizations. Among the practices we’re going to analyse real attacks and play dynamics group.

By the way, I’m blogging from Istanbul … see you guys at GUADEC!