Thursday, March 14 2013
Monday, March 04 2013
CanSecWest was pretty good this year. My favorite talks were (no order):
Desktop Insecurity - Ilja van Sprundel & Shane "K2" Macaulay, Smart TV Security - SeungJin Lee, Godel's Gourd - Fuzzing for Logic Issues - Mike "dd" Eddington, and Reflecting on Reflection - Exploiting Reflection Vulnerabilities in
Managed Languages - James Forshaw. I can't wait to get the slides.
Call for Papers:
I totally missed Black Hat Europe, it had some interesting talks: The M2M Risk Assessment Guide, A Cyber Fast Track Project - Don A. Bailey, Practical Attacks Against MDM Solutions - Daniel Brodie + Michael Shaulov, Off Grid Communications With Android- Meshing The Mobile World - Josh Thomas + Jeff Robble, Next Generation Mobile Rootkits - Thomas Roth.
An interesting looking paper from TROOPERS13 UI Redressing Attacks on Android Devices (apparently it was released at Black Hat Abu Dhabi last year).
Fun find by my former co-worker Matthias: Lost connection to Battery ... WTF!?!
Last week I attend the RSA Conference for the first timer ever. I always
had the impression that it is not worth going but this year I went anyway.
The plan was to just hang around at the various side events that take place
during RSAC. Meeting with people etc. That part is totally worth it
if you can spent the day doing actual work. I ended up going to the conference
to speak on the Mobile Security Battle Royale panel (as a replacement for Jon Oberheide). So I got a conference pass and could checkout the actual
conference and expo. The expo was pretty standard if you are used to attend
events like CeBIT or maybe CES. Just smaller and security companies only.
I didn't have the chance to attend other talks besides Big Brother's Greek Tragedy State-Deployed Malware & Trojans so I can't really make my mind up
if it is worth the money or not.
SC Magazine wrote an article
about the panel I spoke on. Here are some comments: Android certainly does
support remote updates. But the problem really is that manufacturers and
mobile carriers stop supporting devices after 12-18 month.
Infiltrate posted a few more talks. The one I'm really interested in is: Josh "m0nk" Thomas -
NAND-Xplore -> Bad Blocks = Well Hidden.
Troopers in Heidelberg Germany (March). They have a few interesting talks: UI Redressing Attacks on Android Devices by Marcus Niemietz, Malicious Pixels: QR-Codes as attack vectors by Peter Kieseberg, Corporate Espionage via Mobile Compromise: A Technical Deep Dive by David Weinstein and a few other non mobile talks that look really interesting.
Hack in the Box Amsterdam LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements, SMS To Meterpreter: Fuzzing USB Internet Modems. I really need to go to HITB some day.
NSC - NoSuchCon is a new conference
held in May in Paris, France. The organizers seek strong (only) technical
HTC Settles Privacy Case Over Flaws in Phones Interesting read, quote: The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows-based phones in ways that let third-party applications install software that could steal personal information, surreptitiously send text messages or enable the device's microphone to record the user's phone calls.