Collin R. Mulliner

Black Hat USA and Defcon XX

Wed, 01 Aug 2012 07:38:00 GMT

Once again I attended Black Hat USA and Defcon. This year I was actually speaking at Black Hat again. My talk Probing Mobile Operator Networks was received well as what I understood from the feedback. The slides can be downloaded from my project web page. I'm planning a follow up project to extend my work for an academic research paper.

Some personal comments.

Both events where to crowed with people I know and like that I didn't get the chance to hangout with everyone. I even missed a few people entirely, could even say hi :-(

Best thing this year was playing at HackCup with the good guys from the Intrepidus Group.

Finally, NinjaTel! How cool is this! See here

Events in June 2011

Tue, 07 Jun 2011 14:16:00 GMT

I'm quite busy these days which is good and bad at the same time. My travel schedule is packed for my opinion.

June 1 : Bochum @ RUB to give a talk (that was last week)

June 18 : BSides/NinjaCon @ Vienna to give a talk on NFC security.

June 26-28 : I'm doing a talk on NFC security at RFIDsec 11 in Amherst, MA, USA.

Troopers 2011 Review

Sat, 02 Apr 2011 18:00:00 GMT

Last week I attended Troopers11 in Heidelberg Germany. Troopers is a nice and small IT security conference. One of two that exist in Germany as far as I know (IT-Defense being the other one). I'm not counting CCC congress and similar events this they are not security focused (which is good!).

Troopers was well organized, very nice location, good break times, good food, and a nice evening program. The conference badges where totally awesome.

The conference included a nice challenge that was based on their badges. You had to fulfil a number of tasks in order to get the number one your badge increased by the staff. Since this was a security con our SecT team took it in to our own hands and hacked the badges to show the maximum score.

Get an impression by checking the Twitter search for #troopers11.

I had a great time and hope to make it again next year.

CanSecWest 2011

Mon, 14 Mar 2011 13:21:00 GMT

CanSec was a blast. I had a real good time. Meeting people I only knew by email and seeing people I only see at cons :-)

Pwn2Own was quite interesting for mobile security folks like me. First, finally BlackBerry was pwnd and this was really hard work since there is no SDK and/or debugger available for BlackBerry (the Java stuff does not count). ZDNet has a longer article on the case. Second, no body was able to pwn Android and Windows Phone 7 - which is quite interesting to. Third, the iPhone (pre 4.3) was pwnd once again.

All in all the talks were quite good and mostly interesting. A collection of reviews on the various talks are here: day I day II day III by talk

Mobile World Congress 2011

Tue, 15 Feb 2011 14:12:00 GMT

So this is my first time at the MobileWorldCongress somehow I expected more but it feels like CeBIT just for mobile communications. Well it is just CeBIT for mobile phones only :-)

One thing that you notice is that Android is every where here. Its like no other smart phone OS exists. Okay I saw the WindowsPhone 7 booth but everything else is non existent. Apple of course does not need to come here, Symbian is dead. MeeGo has a tiny tiny booth when compared with the Android area. Interestingly no Google logos anywhere.

The only hardware I looked at so far was the Galaxy Tab 10.1. A real nice Android tablet. I could actually imagine to buy this thing. Probably very expensive for a toy.

Lets see what the other days bring.

27c3 Review

Mon, 03 Jan 2011 09:05:00 GMT

the 27th Chaos Communication Congress (27c3) was awesome altogether. I met all my buddies from around the world and had a great time. This year -- due to the ticketing system -- the congress seemed less crowded, very nice! Talks were still packed but not crazy packed.

Talks:

Wideband GSM sniffing

High-speed high-security cryptography: encrypting and authenticating the whole Internet

Android geolocation using GSM network

hacking smart phones

Adventures in analyzing Stuxnet

Thanks again CCC for this nice congress!

Sadly I totally missed out going to berlinsides. I registered and everything but I just didn't make it :-( I especially wanted to see Travis' talk on the IM-ME (I just bought it for that reason).

MALWARE 2010

Fri, 15 Oct 2010 15:17:00 GMT

On Monday I will travel to Nancy, France to attend MALWARE 2010 and present my paper Rise of the iBots: 0wning a telco network on smartphone botnet design.

ICIN 2010

Tue, 12 Oct 2010 13:51:00 GMT

First day of ICIN 2010 was quite interesting. I presented my paper: Privacy Leaks in Mobile Phone Internet Access which was quite well received. Also ICIN is really telco biased rather than security (the kind of conferences I normally go to) I meat some interesting people.

ISSE GI-Sicherheit 2010

Wed, 29 Sep 2010 11:21:00 GMT

next week I'm going to attend ISSE GI-SICHERHEIT 2010 here in Berlin. Ping me via twitter if you're coming and want to chat.

CAST Workshop Embedded Security

Tue, 17 Aug 2010 12:48:00 GMT

In a couple of days I'm travelling to Darmstadt to attend the CAST-Workshop on Embedded Security to talk about our embedded systems security lab.

Survived Black Hat and Defcon 2010

Mon, 02 Aug 2010 18:32:00 GMT

So I survived Black Hat and Defcon, it was great fun, f**ing expensive and totally exhausting but totally worth it. Saw a bunch of talks at Black Hat some of which where cool stuff but others sadly where not worth it. Defcon was way too crowded. 12K people I was told. Therefore I couldn't attend any talk :-( Talking to cool (new) people made up for it.

Now I'm at Stanford for a couple of days. Many things planed but ping me if you want to chat.

Curse of Silence, a Symbian S60 SMS Exploit (25C3)

Wed, 31 Dec 2008 12:49:00 GMT

Today Tobias Engel presented his SMS exploit for Symbian S60. The exploit basically prevents the attacked phone from receiving any SMS. F-Secure has a nice writeup on their blog over here: Curse of Silence, a Symbian S60 SMS Exploit

Update: get the advisory and demo video from: http://berlin.ccc.de/~tobias/cos/

25C3 Days 3 and 4

Tue, 30 Dec 2008 20:48:00 GMT

Day three was really hard core, many good talks such as howto run your own GSM network, RFID Security, DECT In-Security, Cisco exploits and attacks using office documents. Of course I couldn't see all of them but the videos of most talks are already available.

My NFC talk went quite nice I think. Also I kind of went overtime (+20 minutes), since I didn't get thrown of the stage I just continued :-)

Day four was very short for me since we already left at 2 o'clock to catch our flight. I only attended the Debian RNG talk which was very nice, good demos and fun slides.

All in all the congress was just awesome. Also it was way to crowed the first two days.

Happy new year everybody!

25c3 Day 2

Mon, 29 Dec 2008 12:06:00 GMT

I saw Harald's talk on smartphone hardware which was quite interesting. I also saw Ben's talk since we had nice seats in Saal 1 the talk was nice too :-)

I got some nice feedback for my talk, thanks everybody!. Also I think I spent too much time on the boring introduction. Next time I will remove some slides instead of planning to skip them.

25C3 Day 1

Sun, 28 Dec 2008 00:20:00 GMT

the first day of 25C3 has been great fun. I attended 3 talks: PLC (the power line stuff), 202c, iPhone dev-team, and SS7. I must say the SS7 talk was the best. The iPhone talk was boring (maybe they showed something interesting in the last 10 minutes but I left before the end).

The congress is really packed with people, they sold all tickets on the first day (3800).

Good night.

OWASP Germany Conference 2008

Wed, 26 Nov 2008 09:50:00 GMT

the conference was in Frankfurt at a nice hotel. The food was good and the event seemed to be organized quite well. But unfortunately the conference was not technical enough in my opinion. The organizers actually said that this is going to be the German OWASP theme: not be too technical and focus more on management/organizational aspects. This is rather sad in my opinion - since I'm just starting with the whole web security stuff now. (Of course I've played with web security many years ago but this was really just for fun and not professional.)

Lets see if there is going to be a OWASP Germany conference in 2009 and how technical it will be.

Nothing to do between years? Go to 25C3

Mon, 24 Nov 2008 23:50:00 GMT

the Fahrplan (schedule) finally got published tonight, also it is not complete yet but this is normal. After having to cancel my talk last year (for time reasons) I'm going to do two talks this year. I'll do my Symbian talk from BlackHat Japan and my NFC talk from EuSecWest. Both talks will be updated of course.

So far I'm pretty happy with the time slots I got. Also being selected for speaking in Saal1 (the really big room) is awesome.

Back from BlackHat Japan

Mon, 13 Oct 2008 09:36:00 GMT

BlackHat Japan was a lot of fun, I met many new people who do really cool security stuff. I had the chance to hangout with Jeroen van Beek and he got to clone my German ePassport. He made a copy (on to a smart card - he didn't make me a new passport) for myself that doesn't contain the fingerprint record. Really awesome. I also had the chance to talk to Charlie Miller about iPhone security. All in all I had a really good time.

Traveling to BlackHat Japan

Mon, 06 Oct 2008 11:06:00 GMT

later today I'll board a plane to Tokyo for BlackHat. This time I'm really traveling light. I only take my MSI Wind netbook, my Nokia N810, my Nokia 6131 NFC, and my iPhone. It may sound a lot to you but all the stuff combined is just slightly over 2KG. In comparison my old T42p alone is heavier (not including the power supply).

For those of you who use Twitter can follow me there.

FrOSCon 2008

Sat, 23 Aug 2008 17:29:00 GMT

today I visited FrOSCon for the first time. My impression is very mixed. The location is quite nice, the admission fee is low (5 Euros) and the talks are mixed.

I visited the OpenVZ talk which was OK but not great. The iPhone talk was garbage or worse. The guy didn't have a clue. He didn't talk about free/open software he did a 35 minute iPhone tour. I wished he would have covered the free SDK that exists since the first iPhone was released. ARG I'm pissed about this what a waste of time. The OpenMoko talk was interesting, I saw many talks about OpenMoko and the Neo device and every time they tell you a little more.

The actual reason for me going to FrOSCon was the keynote by Andrew Tannenbaum (the MINIX guy). His talk about MINIX 3 was interesting and funny.

All in all a nice day - also we only stayed until 4pm.

MRMCD111 Sep 5-7 in Darmstadt

Sun, 03 Aug 2008 15:27:00 GMT

I'm going to do a talk on my InfoPanel project.

Event website is at: MRMCD111

Short Talk on NFC Mobile Phones and Payment

Fri, 18 Jul 2008 08:09:00 GMT

at the Cast Workshop SmartCards und Bezahlsysteme here in Darmstadt. Looking forward to visit my employer of my undergrad days (Fraunhofer IGD).

ph-neutral

Fri, 23 May 2008 14:59:00 GMT

I'll be at ph-neutral this weekend ;-]

I'm on Vacation!

Sun, 30 Mar 2008 19:45:00 GMT

nothing more to say :-)

Embedded World

Fri, 29 Feb 2008 07:37:00 GMT

Yesterday I spent the day at Embedded World in Nuernbeg. Embedded World is quite small (no comparison with CeBIT) so it was not very crowed and therefore not too stressful. I really like small computers so I had a good time looking at stuff you only know from catalogues or web-shops. Some of the designs were even smaller then I thought. Since yesterday was the last day of the exhibition the exhibitors seem to be more generous with giveaways so I got some cool stuff for free. Maybe it is like this on every day of Embedded World.