Wednesday, August 01 2012
Tuesday, June 07 2011
Once again I attended Black Hat USA and Defcon.
This year I was actually speaking at Black Hat again. My talk
Probing Mobile Operator Networks was received well as what I
understood from the feedback. The slides can be downloaded from
my project web page. I'm
planning a follow up project to extend my work for an academic research
Some personal comments.
Black Hat: 1. I really liked
the track idea, putting related talks into one room. I basically staid
in my room "Mobile" for the whole day. 2. The new room layout of
Black Hat was good and bad. Moving the vendor area into the back was
an good move. Also for some reason the new layout made it impossible
to meet people randomly (as confirmed by some people I actually met).
3. The "vendor talk" aka the iOS security talk: I didn't like the
talk since it only listed iOS security features. Also the speaker
didn't take questions. 4. All in all a good event.
Defcon: 1. too many people! 2. I saw three talks by accident, the one
I liked was Eddie's NFC Credit Card talk, nice work. 3. too many people!
Both events where to crowed with people I know and like that I didn't get
the chance to hangout with everyone. I even missed a few people entirely,
could even say hi :-(
Best thing this year was playing at HackCup with the good guys
from the Intrepidus Group.
Finally, NinjaTel! How cool is this! See here
Saturday, April 02 2011
I'm quite busy these days which is good and bad at the same time. My travel schedule
is packed for my opinion.
June 1 : Bochum @ RUB to give a talk (that was last week)
June 18 : BSides/NinjaCon @ Vienna to give a talk on NFC security.
June 26-28 : I'm doing a talk on NFC security at RFIDsec 11 in Amherst, MA, USA.
Monday, March 14 2011
Last week I attended Troopers11 in Heidelberg Germany. Troopers is a nice and small IT security conference.
One of two that exist in Germany as far as I know (IT-Defense being the
other one). I'm not counting CCC congress and similar events this they
are not security focused (which is good!).
Troopers was well organized, very nice location, good break times,
good food, and a nice evening program. The conference badges where totally
The conference included a nice challenge that was based on their badges. You
had to fulfil a number of tasks in order to get the number one your
badge increased by the staff. Since this was a security con our SecT
team took it in to our own hands and hacked the badges to show the maximum
Get an impression by checking the Twitter search for #troopers11.
I had a great time and hope to make it again next year.
Tuesday, February 15 2011
CanSec was a blast. I had a real good time. Meeting people I only knew by email and seeing people I only see at cons :-)
Pwn2Own was quite interesting for mobile security folks like me. First,
finally BlackBerry was pwnd and this was really hard work since
there is no SDK and/or debugger available for BlackBerry (the Java stuff
does not count). ZDNet has a longer article on
the case. Second, no body was able to pwn Android and Windows Phone 7 - which
is quite interesting to. Third, the iPhone (pre 4.3) was pwnd once again.
All in all the talks were quite good and mostly interesting. A collection
of reviews on the various talks are here: day I day II day III by talk
Monday, January 03 2011
So this is my first time at the MobileWorldCongress somehow I expected more but it feels like CeBIT just
for mobile communications. Well it is just CeBIT for mobile phones only :-)
One thing that you notice is that Android is every where here. Its like
no other smart phone OS exists. Okay I saw the WindowsPhone 7 booth but
everything else is non existent. Apple of course does not need to come here,
Symbian is dead. MeeGo has a tiny tiny booth when compared with
the Android area. Interestingly no Google logos anywhere.
The only hardware I looked at so far was the Galaxy Tab 10.1. A real nice
Android tablet. I could actually imagine to buy this thing. Probably
very expensive for a toy.
Lets see what the other days bring.
Friday, October 15 2010
Tuesday, October 12 2010
the 27th Chaos Communication Congress (27c3) was awesome altogether. I met all my buddies
from around the world and had a great time. This year -- due to the
ticketing system -- the congress seemed less crowded, very nice! Talks
were still packed but not crazy packed.
The keynote by Rob was very nice -- I even saw it again as recording.
Karsten and Sylvain's talk on Wideband GSM sniffing was quite nice - as they combined "Karsten's" A5/1 project with Sylvain's awesome sniffer :)
DJB's talk on High-speed high-security cryptography: encrypting and authenticating the whole Internet was quite entertaining but certainly not new. I saw more or less the same talk at USENIX WOOT'09. Still very awesome of him to come to 27c3!.
Renaud Lifchiz did a great presentation on Android geolocation using GSM network. He explained the whole Android geolocation system in great detail and showed how to recover previous locations of a phone. For me this talk was the
best in terms of expectations to delivery!
Ilja van Sprundel gave a talk on hacking smart phones. I must sadly say this
was not very good -- sorry Ilja. Many previously known stuff (without citing them).
Bruce Dang and Peter Ferrie did a nice job with their talk Adventures in analyzing Stuxnet.
Thanks again CCC for this nice congress!
Sadly I totally missed out going to berlinsides. I registered and everything but I just didn't make it :-( I especially wanted to see Travis' talk on the IM-ME (I just bought it for that reason).
Wednesday, September 29 2010
Tuesday, August 17 2010
Monday, August 02 2010
First day of ICIN 2010 was
quite interesting. I presented my paper: Privacy Leaks in Mobile Phone Internet Access which was quite well received. Also ICIN is
really telco biased rather than security (the kind of conferences I normally go to) I meat some interesting people.
Wednesday, December 31 2008
Tuesday, December 30 2008
So I survived Black Hat and Defcon, it was great fun, f**ing expensive and
totally exhausting but totally worth it. Saw a bunch of talks at Black Hat
some of which where cool stuff but others sadly where not worth it.
Defcon was way too crowded. 12K people I was told. Therefore I couldn't attend
any talk :-( Talking to cool (new) people made up for it.
Now I'm at Stanford for a couple of days. Many things planed but ping me if
you want to chat.
Monday, December 29 2008
Day three was really hard core, many good talks such as howto run your own GSM network, RFID Security, DECT In-Security, Cisco exploits and attacks using
office documents. Of course I couldn't see all of them but the videos of
most talks are already available.
My NFC talk went quite nice I think. Also I kind of went overtime (+20 minutes), since I didn't get thrown of the stage I just continued :-)
Day four was very short for me since we already left at 2 o'clock to catch
our flight. I only attended the Debian RNG talk which was very nice, good
demos and fun slides.
All in all the congress was just awesome. Also it was way to crowed the
first two days.
Happy new year everybody!
Sunday, December 28 2008
I saw Harald's talk on smartphone hardware which was quite interesting. I also saw Ben's talk since we had nice seats in Saal 1 the talk was nice too :-)
I got some nice feedback for my talk, thanks everybody!. Also I think I spent too much time on the boring introduction. Next time I will remove some slides instead of planning to skip them.
Wednesday, November 26 2008
the first day of 25C3 has been great fun. I attended 3 talks: PLC (the power line stuff), 202c, iPhone dev-team, and SS7. I must say the SS7 talk was the best. The iPhone talk was boring (maybe they showed something interesting in the last 10 minutes but I left before the end).
The congress is really packed with people, they sold all tickets on the first day (3800).
Monday, November 24 2008
the conference was
in Frankfurt at a nice hotel. The food was good and the event seemed to be organized quite well.
But unfortunately the conference was not technical enough in my opinion. The organizers actually
said that this is going to be the German OWASP theme: not be too technical and focus more on
management/organizational aspects. This is rather sad in my opinion - since I'm just starting
with the whole web security stuff now. (Of course I've played with web security many years ago
but this was really just for fun and not professional.)
Lets see if there is going to be a OWASP Germany conference in 2009 and how technical it will be.
Monday, October 13 2008
the Fahrplan (schedule) finally got published tonight, also it is not complete yet but this is normal. After having to cancel my talk last year (for time reasons) I'm going to do two talks this year. I'll do my Symbian talk from BlackHat Japan and my NFC talk from EuSecWest. Both talks will be updated of course.
So far I'm pretty happy with the time slots I got. Also being selected for
speaking in Saal1 (the really big room) is awesome.
Monday, October 06 2008
BlackHat Japan was a lot of fun, I met many
new people who do really cool security stuff. I had the chance to hangout with
Jeroen van Beek and he got to clone my German ePassport. He made a copy (on to a
smart card - he didn't make me a new passport) for myself that doesn't contain the fingerprint record. Really awesome.
I also had the chance to talk to Charlie Miller about
iPhone security. All in all I had a really good time.
Saturday, August 23 2008
later today I'll board a plane to Tokyo for BlackHat. This time
I'm really traveling light. I only take my MSI Wind netbook, my Nokia
N810, my Nokia 6131 NFC, and my iPhone. It may sound a lot to you but
all the stuff combined is just slightly over 2KG. In comparison my
old T42p alone is heavier (not including the power supply).
For those of you who use Twitter
can follow me there.
Sunday, August 03 2008
Friday, July 18 2008
Friday, May 23 2008
Sunday, March 30 2008
Friday, February 29 2008
today I visited FrOSCon for the first time. My impression is very mixed. The location is quite nice, the admission fee is low (5 Euros) and the talks are mixed.
I visited the OpenVZ talk which was OK but not great. The iPhone talk was garbage or worse. The guy didn't have a clue. He didn't talk about free/open software he did a 35 minute iPhone tour. I wished he would have covered the free SDK that exists since the first iPhone was released. ARG I'm pissed about this what a waste of time. The OpenMoko talk was interesting, I saw many talks about OpenMoko and the Neo device and every time they tell you a little more.
The actual reason for me going to FrOSCon was the keynote by Andrew Tannenbaum (the MINIX guy). His talk about MINIX 3 was interesting and funny.
All in all a nice day - also we only stayed until 4pm.
Yesterday I spent the day at Embedded World in Nuernbeg. Embedded World is quite small (no comparison with CeBIT)
so it was not very crowed and therefore not too stressful. I really like
small computers so I had a good time looking at stuff you only know
from catalogues or web-shops. Some of the designs were even smaller then I thought. Since yesterday was the last day of the exhibition the exhibitors seem to
be more generous with giveaways so I got some cool stuff for free. Maybe it
is like this on every day of Embedded World.