Jan 15 2010
Giuseppe Paternò is known in the computer industry with the nickname of Gippa. Computer enthusiast since the age of 7, he actively participates in the italian security community, with particular regards to the famous “sikurezza.org”. As an expert in computer architecture, he works within the most famous italian and foreign companies in the telecommunications, government and finance industries.
Giuseppe started participating in the development of the Italian telecommunication network since he was 15 years old by first entering the world of the BBS as a sysop of different boards. While in the BBS world, he started his roots in the Internet first through the BBS Galactica, then being part of a small ISP named Datanord Multimedia. By that time (1995), he joined the “newly born” Italian Naming Authority for the operation and rules of the “.it” domains, along with the famous italian Internet founders, i.e. Allocchio Claudio, Daniele Vannozzi, Joy Marino and Marco Negri. Due to his works and the fewer and fewer technical content of the Naming Authority, he has decided to retire from active participation, although he’s still with the MAIL-ITA (ITA ex-PE).
It is in this time-frame that Giuseppe entered the security world: the servers under his control were compromised by some crackers. To protect his systems, he begun to study the core behaviour of the Cisco routers and Unix systems, most notably Linux.
In 1996 he joined IBM, where he worked as a specialist on AS/400 networking and Internet systems, followed by one year of assignment at Lotus Software in Dublin as a cross-platform specialist. It’s in Ireland that Giuseppe becomes aware of the mailing list “sikurezza.org” and knew some of the founders. The “Dublin period” is the one in which Giuseppe understood his attitude towards in-deep security.
Back to Italy in 2001, after a short period in Infostrada/Wind as a core Internet router/system senior administrator, Giuseppe was hired by Sun Microsystems as a Senior Network and Security Architect. He begun to attend big enterprise environments such as telcos and banks, both domestic and international, working on major projects. From 2006 to 2010 became Solution Architect at Red Hat, with the task of being the focal point of security in EMEA.
He collaborated on major projects such as creation of the standard for J2ME Over-The-Air (OTA) provisioning along with Vodafone, the study of architecture and standards for the delivery of MHP applications for the digital terrestrial television (DTT) on behalf of DTT Lab (Telecom Italia/LA7) and implementation of HLR for Vodafone landline services.
His project of protecting confidential files in a government agency will lead him to SMAU in 2008 with the speech “Protecting confidential files from unauthorized use with SE-Linux, a case study”: whitepapers and slides which are available on this website.
In June 2009 he was appointed Visiting Researcher at the University of Dublin Trinity College at the Center for Telecommunications Value-Chain Research (CTVR).
Writing and quotes
Giuseppe Paterno’ wrote several publications, mainly on computer security. Every publication is distributed free of charge, without the author perceived any rewards. Giuseppe thinks that the knowledge is like open source software: the philosophy behind is that knowledge is similar to what is behind open source.
Following this philosophy, even his two books are distributed in “dual license” mode, i.e. both electronic and in printed form. In the latter form, he reached an agreement with a publisher that would allow him to retain both forms, giving up his earnings.
His Internet Draft “Using PPP-over-Ethernet (PPPoE) in Wireless LANs” is cited by the University of Southampton as a possible authentication method for the “Mobile Ad-Hoc Wireless Access in Academia (Mawa)”, stating that the same methodology was in use at the time of writing by the University of Bristol. The methodology will also cited in a speech of blackhats as a best practice to secure wireless networks. Contacted by representatives of Microsoft and Cisco Systems on the subject, he agreed with them that the technology IEEE 802.1x to strive to be the best and he refrained to go on with the process of submission of the document.
Apple is adopting Giuseppe’s Internet Draft “DHCP Option for LDAP Directory Services discovery” in Mac OS X for automatic discovery of Apple’s Open Directory servers, although not officially confirmed.
His books “Wireless LAN Security” and “Single Sign-On with Kerberos and LDAP” have been quoted by major sites and speakers. They were used as references in some Italian and foreign thesis and recommended by some italian regions as a best practice for their small and medium business (SMB). The books are also mentioned in the Operating Systems course at the University of Brescia. Giuseppe teached wireless security at the master of computer security at the Politecnico di Milano (CEFRIEL) and helped several students to write their thesis on a free basis.
Most of his whitepapers are cited by personal websites and other whitepapers.