...stuff I do and things I like...

Tuesday, April 26 2011

Mobile Security News Update April 2011 (part 2)

A nice blog post by Frank Rieger on the iPhone location logging: Was the iPhone location logging put in by quiet law-enforcement / intelligence agency request?

The talk A Million Little Tracking Devices by Don Bailey is really worth reading if you are in to GSM and GSM equipped hardware.

Whisper Systems (Moxie) released their Android FDE image for the Nexus One. Try it out and go full disk crypto on your Android phone. Whispercore.

    Recon has one mobile talk so far: AndBug -- A Scriptable Debugger for Android's Dalvik Virtual Machine by Scott Dunlop of IOActive

In other news. I'll be in SF for Oakland 2011. I'll be there a few days before the conference so ping me if you want to meet up.

Thursday, April 14 2011

Mobile Security News Update April 2011

    SyScan Singapore Mobile Money is not a Ringtonea by The Grugq COSEINC; Targeting the iOS Kernel by Stefan Esser SektionEins; I'm going hunting, I'm the Hunter by Don Bailey iSEC Partners;Telecom Signaling attacks on 3G and LTE networks from SS7 to all-IP, all open by Philippe Langlois P1 Security inc.;

    Infiltrate Rock'm Sock'm Robots: Exploiting the Android Attack Surface by Bas Alberts and Massimiliano Oldani;

    SourceBosten Secure Development Lifecycle in the Mobile World by Marc French and Iron Mountain; Secure Development for iOS by David Thiel iSEC Partners; Tinker, Tailor, Soldier, A-GPS: How Cost Turns Security Devices Into Weapons by Don Bailey iSEC Partners.

    Hack in The Box Amsterdam Attacking 3G and 4G Telecommunication Networks by Enno Ray; I'm Going Hunting. I'm the Hunter. by Don Bailey; Popping Shell On A(ndroid)RM Devices by Itzhak Avrah; iPhone Data Protection in-Depth by Jean-Baptiste B├ędrun; iNception Planting and Extracting Sensitive Data From Your iPhone's Subconscious by Laurent Oudot; Antid0te 2.0 - ASLR in iOS by Stefan Esser

    Looks quite okay, I never attended any SourceConference but the speakers are the usual suspects :-) Infiltrate is new. I would be mostly interested to hear Don Bailey's talk but judging from the number of talks he does on the subject I guess I'll catch it at BlackHat or Defcon in summer.

The mTAN trojan problem finally spread over to Europe and Germany. This version is called SpyEye and comes as a developer signed Symbian application.

Nico and myself finally released our Tech Report on SMS filtering recommendations. It's available here: Countering SMS Attacks: Filter Recommendations. Feedback is welcome.

I guess I missed a bunch of stuff but right now I'm kinda busy with work ;-)

Saturday, April 02 2011

Troopers 2011 Review

Last week I attended Troopers11 in Heidelberg Germany. Troopers is a nice and small IT security conference. One of two that exist in Germany as far as I know (IT-Defense being the other one). I'm not counting CCC congress and similar events this they are not security focused (which is good!).

troopers11 badge on Twitpic Troopers was well organized, very nice location, good break times, good food, and a nice evening program. The conference badges where totally awesome.

The conference included a nice challenge that was based on their badges. You had to fulfil a number of tasks in order to get the number one your badge increased by the staff. Since this was a security con our SecT team took it in to our own hands and hacked the badges to show the maximum score.

Get an impression by checking the Twitter search for #troopers11.

I had a great time and hope to make it again next year.