Recently in conference Category

27th Chaos Communication Congress

| No Comments | No TrackBacks

As in the past years I'm currently attending the Chaos Communication Congress, the annual 4 day hacker conference organized by the CCC in Berlin, Germany. Currently we're on day 2 of the conference and I will try to post a summary of the most interesting talks for my own reference and for anyone who's interested in the details. To get an overview of this years schedule, refer to the Fahrplan or search for #27c3 on twitter.

More to come in the following hours and days...

25C3 Day 1

| No Comments | No TrackBacks

I am currently in Berlin attending the 25th Chaos Communication Congress or 25C3 for short, which is an annual event hosted by the Chaos Computer Club germany's non profit hacker organization.

In contrast to the two other conferences mentioned in this blog so far, the crowd is really different. It looks a lot more like your local universities LAN party but I really like the tight integration of political activism and IT Security. The NOC is doing a pretty good job in having a decent network connection via WLAN for something like 1500 hardcore users and disregarding a few hickups it actually works (see Swisscom Failure at LeWeb).

Some of the talks clearly lack struckture and a good speaker but generally it had been an interesting first day. If you want to follow the 2nd day here is a link to Livestream plus there's also a recording to download here - I haven't tested how well they work.

The keynote presentation by John Gilmore of EFF raised some interesting points but lacked structure and Mr Gilmore seemed a little unprepared at times not sure what to say next.

I did not see a point at all in Sandro's talk on The Trust Situation. It didn't present anything new to the audience at hand and the way it was presented was not focused enough to capture the attention of anyone not knowing the details of the issues discussed. A 20 min introduction to decision theory was just not neccessary.

Steve Murdoch's talk on how to hack PIN entry devices was quite good in illustrating the point that an attacker always goes for the weakest link in a chain first. While a lot of measures were taken by the payment card industry and the manufacturers of these devices, to protect the encryption keys for the uplink communication, they failed to keep attackers from eavesdropping on the communication between the smart card chip and the terminal and therefore allowing access to unencrypted PINs plus all the other banking details transmitted by the chip.

The most insightful talk today for me was a presentation by the iPhone Dev Team - the ones bringing you the pawnage tools - on the inner workings of the security measures on iPhones to protect the system from unauthorized tampering. The first part of the presentation was really good and to the point and I learned a lot here. The second part was a total disaster from a presentation point of few.

Jacob Applebaum presented the well-known cold-boot attacks in a very intelligent, well-rounded presentation called Advanced memory forensics: The Cold Boot Attacks. It was really entertaining and informative, although I had already read enough about the topic before. He also announced a much more interesting talk Making the theoretical possible on day 4, which I will sadly miss but am sure to watch as a video clip.

Le Web 08

| No Comments | No TrackBacks

webbanner-leweb08.jpg

Even though I'm currently covered with work all the way up to my neck, I will be attending Le Web '08 conference in Paris next week. After listening to some of last years speakers I was convinced that this promises to be a very inspirational and exciting event.

I'm looking forward to meeting a lot of interesting people there and to embrace this opportunity to think about new ideas.

Anyone else going? Please leave a comment or ping me, so we can meet.

Below is a video about the conference program and the speakers.

[ This trip on dopplr ]

WJAX Session Web App Firewalls

| No Comments | No TrackBacks

I have just finished a talk on Web Application Firewalls at this years WJAX conference in Munich.

Here's an abstract of the contents of the speech:


A number of open source and commercial Web Application Firewalls (WAF) promise "all around" protection, freeing developers from the burden of dealing with security, while increasing the overall security level. This session presents the results of a study, clarifies where it makes sense to deploy a WAF and how to use it. Further topics are performance evaluations, details about rulesets, automatic learning features as well as maintenance and what level of interaction with developers is required.

The audience was particularly interested in the practical aspects of the study and comparison between different product vendors and on how the tests were executed.

The study covers the following products:

OPTIMAbit will make the extended results of the study available to its customers by the end of the year.

For further information please contact me directly or refer to Bruce Sams of optima.
Thanks again to all vendors for supporting the study by supplying test machines and/or licenses.

About this Archive

This page is an archive of recent entries in the conference category.

cloud is the previous category.

dev is the next category.

Find recent content on the main index or look in the archives to find all content.

Creative Commons License
This blog is licensed under a Creative Commons License.
homemade code GmbH
powered by homemade code GmbH ~ the application security experts!