I thought I had an excellent plan when attacking the massive number of RSA sessions available. My plan was to attend the sessions unique to RSA, mainly the business sessions because I already attend a handful of technical security conferences throughout the year. Here is a my original RSA schedule, and I none of them really panned out.
Of the business sessions that I went to, they discussed old security issues, but in business speak. Some of the case studies were interesting, but none went into the technical details that I wanted. It was all high level business talk. Dennis Fisher also has a post called ‘Where have all the good RSA talks gone?‘
I didn’t get to see Jeremiah Grossman’s cross-site request forgery talk, but I heard many people enjoyed it. And while this attack isn’t a super new, it still is a huge problem, and quite dangerous. Daniel Miessler’s RSA day 4 post notes that he enjoyed watching people going from the “what the hell is this guy talking about?” state, to the “holy crap!” state. Yes, it is that bad. Jeremiah also posted his CSRF presentation on slideshare for those interested.
Lastly, one major annoyance was the policy that during a session or keynote, everyone in the area had to be seated, and nobody can be standing. Joanna Rutkowska posted her thoughts as a speaker, and Michael Mimoso also posted his thoughts from the crowd.