Living in the eastern part of Poland means you don’t have a lot of IT events you can attend to. The situation is getting better each year but I am still a little bit jealous of the possibilities my friends in other cities have. But it doesn’t mean ‘our’ conferences and meetups are weak or boring – not at all! It only means that they are less often than I would like!
The one conference I attended last Thursday was Software Talks organized at Rzeszow University of Technology by PGS Software . With the main subject ‘Get back the control‘ it looked very promising. If I add, that one of the two prelectors was Piotr Konieczny I think everybody will know why I was so anticipating this event. Who knows the Polish language and is interested in the security subjects probably knows Piotr and his blog niebezpiecznik.pl and for sure would share my excitement!
I also have to add that it was extremly nice to attend a lecture at my university after 5 years since I graduated! And meeting my university buddies… Wow, it felt like if I was young again only without the fear of approaching exams! Perfect!
But coming back to the conference…
‘You are the controller (in .net)’ by Damian Jarosch
Damian is a programmer and blogger. When I saw his lecture’s topic I was sure it will be about controllers in MVC. But it occurs that his topic wasn’t even close to the Model-View-Controller patern. It was all about eye and body movement tracking systems but you know what? I wasn’t disappointed! I learnt a few interesting facts from Damian and actually… I got an impression that programming eye tracker can be a piece of cake! Really, the examples were really easy and even worked! 😀
But let me play a litle question-answer game with you, before I tell you about some details.
- How do you think, how much data/s can generate Kinect? Well, it’s ‘just a camera’ with ‘a few’ additional features, right? So what’s the big deal, right?
Well, better sit down. Kinect (in version 1, if I remember) can produce 2GB of data per second! Yep! 2 GB. Per second. Really, I still can’t believe it.
- How many joints in a moving body, can Kinnect detect?
This number also surprised me because the answer is… Up to 25! Really! Can you think of moving so many joints at the same time? Ha!
- What is the maximum number of people that can be tracked at the same time with Kinect?
Two? Nooo… Tree? Nah, try again? Five? Nope! Kinect can track up to 6 people! The main problem is a room where you put them together in front of the device!
But the presentation wasn’t only about Kinect! There was also a chance to see other device at work – Tobii’s eye tracker. The possibilities of this device seem to be endless but the most interesting fact is that Damian is currently working on an open source project that will help paralized people communicate with the use of their eyes (very often the only controlled part of their bodies). That’s a big thing, man! Hope you will succed!
‘Privacy doesn’t exisist’ by Piotr Konieczny
As I said before, Piotr is owner of niebezpiecznik.pl . The company not only writes about security and security failures but also performs pentests on demand, to check the security levels of big companies. I really really really love this area of IT because it’s like fixing a broken car for me. I would love to have enough knowledge to not be afraid of car’s unsuspected failures. And I would love to feel mostly safe in the internet (and I don’t mean protecting my passwords or being aware of internet traffic I generate) but I feel like it’s kind of too late to learn the whole subject. That’s sad.
But never mind, the prelection was great! Piotr showed FB photos with the sensitive data on them (like pics of IDs, credit cards, driving licenses and so on). I also learnt how easily you can get sensitive data directly from the person you aks for them (and you don’t have to know the person – all you have to do is to ask a question in some unsuspected manner like ‘I bet you won’t be able to say your PESEL* from your memory’). Or how easily we send very private data to some big companies just putting them into the web translator or by uploading some files to the cloud.
What was quite surprising for me, is the amount of data you can get from o piece of image. Everybody knows about the data saved in metadata like the camera details or GPS location and so on. But did you know that when you cut a part of a photo and save it as a separate file, it still has a miniature of the whole image? Of course Piotr, as a typical guy, presented it on an example of nudes but the fact is terrifying! How often do you cut some less (what do you think about, you naughty person? :P) sensitive data from the picture containing something you desperately want hide from anybody? Yeah, exactly… But nudes example is horrifying too, ok, let’s admit it ;).
Piotr also made a few trics on the audience. For example he just showed a query code on a screen, not saying a word about it. You can suspect what some of the people did – of course scanned it (the page says it’s 404 so nothing suspicious 😉 ). But a minute after that the prelector admitted it was a trick to collect our data. Funny? Yeah, but what if it wasn’t just for fun? It really makes me more aware and cautious with query codes. Piotr even emphasize to never ever scan query codes and it was surprising for me too! But if you think about it more, it seems quiet obvious, anyway ;).
The prelector also showed how he reads the internet traffic of his ‘victims’. Of course the audience was the victim.
He used a small portable router, powered by a power bank, with a SIM card usually (not this time) providing the internet. It occured that he turned the device on at the beginning of the presentation. The router pretended it’s the wifi networks audience smartphones know and that way made our cells to connect to this fake network. Luckily, I know that trick (it was once described on the niebezpiecznik.pl page) and I usually turn off the wifi in public areas but it clearly demonstrates how dangerous is a life of a ordinary human in 2017.
I could write a lot more interesting facts I learned because the presentation was full of them but I’ll stop here and just recommend attending on Piotr’s lectures. It’s really worth your time (and probably money – this time it was totaly free).
And at the very end – believe me – even if you think you are absolutely safe on the internet and you don’t publish your data (or even don’t have any socials), you are not safe at all!
* (it’s kind of global ID number in Poland)