«
Expand/Collapse
493 items tagged "authors"
Related tags:
slides [+],
dingledine [+],
cisco event [+],
windows security [+],
vulnerability [+],
video [+],
tor event [+],
hacking [+],
usa [+],
windows [+],
shah tags [+],
google [+],
forensics [+],
forensic [+],
china [+],
black [+],
attack [+],
translation [+],
stephen dugan [+],
setiri [+],
secure [+],
s vision [+],
lost in translation [+],
lindner [+],
lance spitzner [+],
johnny long [+],
jennifer granick [+],
intrusion detection [+],
ietf [+],
ids [+],
honeypots [+],
h.d. moore tags [+],
felix [+],
everybody [+],
event [+],
domino event [+],
de haas [+],
d moore [+],
christian grothoff [+],
chaos communication camp [+],
c. there [+],
bert bos [+],
attacking [+],
anonymity [+],
advanced [+],
chaos communication congress [+],
tags [+],
x event [+],
vulnerabilities [+],
tobias gruetzmacher [+],
tim pritlove [+],
symbian [+],
security 2002 [+],
sassaman [+],
roberto preatoni [+],
rendezvous point [+],
project [+],
nintendo [+],
master of puppets [+],
martin herfurt [+],
mario manno [+],
marcel klein [+],
marcel holtmann [+],
malware [+],
mac os x [+],
mac os [+],
len sassaman [+],
introduction [+],
information [+],
homebrew software [+],
homebrew [+],
government level [+],
gaming [+],
fabio ghioni [+],
exploiting [+],
europe [+],
engineering [+],
dugan [+],
ds [+],
domino [+],
digital playground [+],
david litchfield [+],
dave aitel [+],
database [+],
corp [+],
car [+],
browsing [+],
bluetooth [+],
barnaby jack tags [+],
art [+],
ajax [+],
adam laurie marcel holtmann [+],
abuse [+],
xss [+],
wouter aukema [+],
windows kernel [+],
wifi [+],
web application [+],
vulnerability disclosure [+],
vulnerability assessment [+],
virus [+],
uri use [+],
uri event [+],
type [+],
tunisia [+],
tricks [+],
thomas akin [+],
talk [+],
syria [+],
sven moritz hallberg [+],
stefano zanero [+],
spider [+],
social engineering [+],
snort [+],
sleeping giant [+],
simple [+],
simon p.j [+],
server [+],
security failures [+],
security 2001 [+],
scott blake [+],
saumil shah [+],
runtime [+],
rooted [+],
rob carter tags [+],
rob carter [+],
rich internet [+],
ria [+],
reloaded [+],
protection flash [+],
project authors [+],
private investigations [+],
philip wadler [+],
patrick miller [+],
optimizations [+],
openleaks [+],
onion routers [+],
nick breese [+],
nathan mcfeters [+],
miranda [+],
metasploit [+],
martin roesch [+],
linux [+],
layer [+],
laws [+],
laurent oudot [+],
language [+],
kevin mcpeake [+],
joe grand [+],
job [+],
jens kubieziel [+],
jeff nathan tags [+],
jeff nathan [+],
jay beale [+],
java event [+],
jacob appelbaum [+],
jaco van [+],
international [+],
intelligence [+],
information operation [+],
ian goldberg [+],
hat hacker [+],
haskell [+],
haroon [+],
handshake [+],
greg hoglund [+],
graan [+],
goldberg [+],
future [+],
framework [+],
flake [+],
felix von leitner [+],
falling [+],
dpi [+],
dom [+],
defeating [+],
decompilation [+],
deadly cocktail [+],
ddos attacks [+],
database security [+],
daniel domscheit [+],
cryptography [+],
crackstation [+],
compiler [+],
communication endpoints [+],
communication [+],
closing [+],
cisco router [+],
cisco devices [+],
christopher tarnovsky [+],
christoph weber [+],
christian klein [+],
chris hurley tags [+],
chris hurley [+],
charlie miller [+],
bruce potter [+],
browser [+],
brian caswell [+],
bluecoat [+],
billy rios [+],
arkin tags [+],
alexander kornbrust [+],
Wireless [+],
Software [+],
Programming [+],
11b [+],
asia [+],
yuan [+],
yong kim [+],
yersinia [+],
xssploitation [+],
x kernel [+],
wtf [+],
wsis [+],
wreck utation [+],
wouters [+],
worms [+],
worldwide [+],
world war ii [+],
world authors [+],
world [+],
wlan [+],
wireless lan security [+],
wireless event [+],
winny [+],
wilco [+],
wep [+],
webapp [+],
web hacks [+],
web hacking [+],
web event [+],
web authors [+],
weather effects [+],
warez [+],
wardrive [+],
walter van holst [+],
walt tags [+],
vpn [+],
voip [+],
voice [+],
vlans [+],
virtual machine [+],
video nintendo [+],
video digitizer [+],
van holst [+],
van ginkel [+],
van der walt [+],
van beek [+],
valleri [+],
understand [+],
tyler [+],
turn [+],
tunnel data [+],
truth [+],
trusted [+],
trust [+],
tracks [+],
tor anonymity [+],
toolkit [+],
todd sabin [+],
timothy mullen [+],
threats [+],
thomas ryan tags [+],
thomas c. waszak [+],
thomas c [+],
theory [+],
theo de raadt [+],
thackeray [+],
test authors [+],
terminal [+],
technology authors [+],
technology [+],
technical context [+],
tea [+],
taranis [+],
tapping [+],
takayuki sugiura [+],
tables [+],
syscall [+],
synthesis [+],
surrounding [+],
steve riley timothy bollefer [+],
steve riley [+],
stealth [+],
state authorities [+],
state [+],
spyware [+],
sploits [+],
spike [+],
south america [+],
source [+],
software scene [+],
software modifications [+],
social networking sites [+],
social [+],
smartphone [+],
six degrees [+],
silver needle [+],
silicon chips [+],
shortcomings [+],
shoot [+],
shinder [+],
shellcode [+],
shaun clowes [+],
shatter proofing [+],
seth fogie [+],
self destruct [+],
seek [+],
security issues [+],
security incidents [+],
security design [+],
securing [+],
search [+],
sean convery [+],
schoenefeld [+],
scenes [+],
scene [+],
scale [+],
sarah gordon tags [+],
sarah gordon [+],
ryan permeh [+],
ruby [+],
routing [+],
rootkits [+],
rootkit [+],
root privilege [+],
rolles [+],
rolf rolles [+],
rogue [+],
roelof [+],
robin sage [+],
robin [+],
robert hensing [+],
robert guerra [+],
robert baird [+],
rick smith [+],
rfid [+],
review [+],
reverse engineering [+],
retention [+],
reporting [+],
renaud deraison [+],
renaud bidou [+],
remote [+],
record [+],
razor [+],
raynal [+],
rashid tags [+],
rashid [+],
ralf spenneberg [+],
ralf bendrath [+],
ralf [+],
proxying [+],
protocol attacks [+],
protocol [+],
protecting [+],
proprietary [+],
program [+],
processors [+],
privacy [+],
practice [+],
port [+],
pocket pc [+],
pocket [+],
piercing [+],
phone [+],
phishing [+],
philippe lagadec [+],
philippe biondi [+],
pgp [+],
petkov [+],
peter panter [+],
peter fuhrmann [+],
perspectives [+],
person [+],
persistent [+],
penetration [+],
paul wouters [+],
paul vincent sabanal [+],
paul vincent [+],
paul syverson [+],
paul simmonds [+],
patrick chambet [+],
paris [+],
p security [+],
p file [+],
p event [+],
oracle security [+],
oracle databases [+],
oracle [+],
openhack [+],
openbsd [+],
open source tools [+],
open source system [+],
oded [+],
o connor [+],
number [+],
not [+],
nmap [+],
nicholas economou [+],
networks project [+],
networked [+],
net [+],
nessus project [+],
nessus [+],
nematodes [+],
neilson [+],
neel mehta [+],
neel [+],
navigate [+],
nate kube [+],
nate [+],
munich [+],
mosdef [+],
moore tags [+],
moniz [+],
mobile devices [+],
milkymist [+],
mike schiffman [+],
mike lynn robert baird [+],
mike eddington [+],
middle [+],
michael becher [+],
messenger [+],
messaging [+],
memory [+],
mehta [+],
maynor [+],
maximillian dornseif [+],
maximillian [+],
maximiliano caceres [+],
matrixay [+],
martin ling tags [+],
martin khoo [+],
markus beckedahl [+],
mark vincent yason [+],
mark vincent [+],
marco valleri [+],
marco gercke [+],
marc schoenefeld [+],
mandy andress [+],
man [+],
maliha [+],
malicious [+],
mail [+],
maik hentsche [+],
mac osx [+],
lua [+],
lotus domino [+],
lotus [+],
locking [+],
live [+],
linux event [+],
liability [+],
lessons [+],
law [+],
latin america [+],
lars weiler [+],
lars eilebrecht [+],
lan security [+],
kube [+],
kim tags [+],
keynote speech [+],
kernel [+],
katarzyna szymielewicz [+],
k security [+],
joy [+],
josh daymont [+],
jose nazario [+],
jose [+],
jonathan wilkins [+],
jonathan squire [+],
jon callas [+],
joi [+],
johnny cache [+],
john tan [+],
jim harrison tags [+],
jim harrison [+],
jim edwards [+],
jericho [+],
jeff forristal [+],
jaya baloo [+],
java card [+],
java [+],
japan [+],
james d. broesch [+],
ivan arce [+],
ito [+],
isa server [+],
isa [+],
ira winkler [+],
ips [+],
internet worms [+],
internet [+],
international computer [+],
insecurity [+],
information intelligence [+],
immunix way [+],
ilja [+],
ike test [+],
ike event [+],
identifying [+],
icmp [+],
ian amit tags [+],
hubbard [+],
honeynet project [+],
honeynet [+],
hintz [+],
himanshu dwivedi [+],
hideaki [+],
hide [+],
hat [+],
harry [+],
hardware involved [+],
hardening [+],
hard [+],
hap hazard [+],
hacks [+],
hackproofing [+],
hacking mac [+],
gunter ollmann [+],
graeme neilson [+],
government [+],
gigabit networks [+],
germany [+],
gerardo richarte [+],
gerardo [+],
georgia authors [+],
georgia [+],
gail thackeray [+],
gadi [+],
g investigations [+],
fyodor tags [+],
fyodor [+],
fuzzing [+],
fuzz [+],
future of internet [+],
fuhrmann [+],
front [+],
free [+],
francesco ongaro [+],
force [+],
flying [+],
flame [+],
firewire [+],
firewall [+],
filter implementations [+],
field [+],
fault [+],
fanboys [+],
fan tags [+],
fabrice desclaux [+],
exploits [+],
exploitation techniques [+],
exploit [+],
experiment [+],
exefilter [+],
execution [+],
evilution [+],
european [+],
estonia [+],
erik birkholz [+],
eric filiol [+],
epassports [+],
engine [+],
enforcer [+],
email encryption [+],
effort [+],
eeye [+],
economou [+],
dtv [+],
drivers [+],
door [+],
domino servers [+],
dnssec [+],
dns [+],
dmca [+],
distribution [+],
disclosure law [+],
dilemma [+],
diana kelly [+],
diana [+],
device drivers [+],
device [+],
design patterns [+],
design [+],
derek soeder [+],
deploying [+],
degrees [+],
defcon 1 [+],
deep [+],
deconstructing [+],
debra littlejohn [+],
dead [+],
daymont [+],
david shinberg [+],
david maynor [+],
david blight [+],
dave cole saumil [+],
databases [+],
darrin [+],
daniel kirstenpfad [+],
dan moniz [+],
dan kaminsky [+],
dan hubbard tags [+],
cybercrime [+],
cyber threats [+],
cyber crime [+],
cyber [+],
cryptographic authentication [+],
cryptographic algorithms [+],
crispin cowan [+],
criminal investigations [+],
crime authors [+],
creighton [+],
cowbird [+],
covering [+],
country [+],
convery [+],
controls [+],
computing [+],
computer crime laws [+],
computer [+],
collin mulliner [+],
coldfusion [+],
closing ceremony [+],
clinton mugge [+],
client side [+],
cisco security [+],
cisco ios [+],
cisco infrastructure [+],
ciphire [+],
chuck willis tags [+],
chuck willis [+],
chris eng [+],
chip reverse [+],
chip [+],
ceremony [+],
cell phone users [+],
cecchetti [+],
card [+],
cache tags [+],
brussels [+],
brown rob ragan [+],
brian martin jake kouns [+],
brett moore [+],
brendan oconnor [+],
brandon creighton [+],
bram cohen [+],
bootroot [+],
boot [+],
bluetooth hacking [+],
birkholz [+],
biondi [+],
biometrics [+],
bing [+],
billy hoffman [+],
bgp [+],
becher [+],
barroso [+],
baloo [+],
automated [+],
authentication [+],
auditing [+],
audio voice [+],
attacktecs [+],
attacker [+],
attaccking [+],
assessment framework [+],
asps [+],
asp [+],
arien [+],
architecture [+],
architectural [+],
antivirus [+],
andrs pablo riancho [+],
andrew hintz [+],
andrew daviel [+],
andres lopez [+],
amit [+],
ambitious undertakings [+],
alfredo andres david barroso [+],
alfredo [+],
alex wheeler [+],
alex rice [+],
aldora louw [+],
alberto ornaghi [+],
aircraft techniques [+],
adware [+],
adam cecchetti [+],
activex controls [+],
activex [+],
access points [+],
access [+],
academic research community [+],
abstract overview [+],
Skype [+],
Pentesting [+],
Issues [+],
ARM [+],
23th [+],
21c3 [+],
security [+],
audio [+],
tor [+],
roger dingledine [+],
black hat [+],
web [+],
security authors [+],
paper [+],
privacy event [+],
network [+],
security event [+],
yourself,
yeoh,
x linux,
x 509,
wpa,
worth,
works,
wolf,
with,
wireshark,
web web,
web security,
warszawa,
walsh tags,
visual studio 2005,
virtual,
video security,
video kim,
vaughn tags,
van heerden,
val smith,
val,
upgrade,
updates,
unpacking,
unmasking,
unique,
unforgivable,
understanding,
underground economy,
underground,
u.s.,
types,
training simulation,
traces,
trace,
tor network,
tomasz,
timing,
tim wyatt,
thumann,
textbook authors,
textbook,
temporal,
tcpdump,
tavis ormandy,
tales,
tactical,
stuxnet,
strom carlson,
strom,
stopping,
stop,
steve christey,
static analysis tool,
stack,
speaker max kelly,
somthing,
solveable,
soldering gun,
soldering,
sohail ahmad,
sohail,
smoke,
smashing,
smartphones,
smartcard,
smart card,
slow,
sle,
simulation applications,
simulation,
side channel,
shuzo,
shewmaker,
shellcodes,
shawn moyer,
session,
sensors,
sensor networks,
sensor,
security risks,
security network,
security consulting,
sebastian fernandez,
seattle wireless,
seattle,
scada systems,
scada,
saumil,
satellite event,
satellite environment,
satellite,
sandro,
san,
sai emrys tags,
ryan upton,
ryan sherstobitoff,
ryan anderson tags,
ryan anderson,
russ mcree,
rtl,
rsnake,
routers,
room 101,
room,
rook,
rodney thayer,
robert lentz,
robert jason,
robert,
rob degulielmo,
rip,
rfidiots,
restroom,
response,
resilient,
reconstructing,
raoul chiesa,
randal,
ragan,
quist,
pwnage,
psychotronica,
prototype,
protocols,
privilege,
power,
pointer,
point,
play,
pki,
picture,
physical security,
physical,
philippe langlois,
peter eckersley,
perspective,
personal freedom,
permissions,
pending,
pdf,
paul theriault,
paul sebastian ziegler,
paul sebastian,
paul henry tags,
paul henry,
patching,
papathanasiou,
osx,
os x,
optional,
omg wtf pdf,
omg wtf,
ofir,
officer,
observations,
obfuscator,
obfuscation,
noah brickman,
nkill,
nitesh,
nick depetrillo,
nicholas j. percoco,
nicholas arvanitis,
new language,
network surveillance,
network privacy,
nesbit,
neal krawetz,
nacattack,
nac,
moore production,
mobile phone users,
military,
mike shaver,
mike perry tags,
mike perry,
mike cooper tags,
mike cooper,
mike bailey,
michael thumann,
michael ligh,
michael kemp,
michael brooks,
metapost exploitation,
metapost,
metaphish,
met,
mentor,
max kelly,
matthew richard tags,
matthew richard,
matt krick,
massexploitation,
mary yeoh,
mark goudie,
mark dowd,
marisa fagan,
mario heiderich,
mariano graziano,
marco slaviero,
marco bonetti,
management event,
malaysia,
machine authors,
machine,
luiz eduardo tags,
lord,
lock,
linn,
lineberry,
ligh,
leopard,
leonardo nve,
latest trends,
language creation,
langlois,
kung fu,
kung,
kris,
krick,
krakow,
kirschbaum,
kiosk,
kim jong il,
kibler,
keynote speaker,
keynote,
kevin nassery,
keunote,
kernel windows,
kerb,
kenneth scott tags,
kenneth scott,
kenneth geers,
kendall,
ken caruso,
kelly walsh,
kelly,
keith jones rohyt,
karmetasploit,
justin ferguson tags,
justin ferguson,
julia wolf tags,
joshua,
jong il,
jonathan rom,
jonathan afek,
jon r. kibler,
john viega,
john roecher michael,
john mcdonald,
john curran,
john benson,
joel eriksson,
joe klein,
joe damato,
joanna rutkowska,
jinx,
jesse burns,
jeroen,
jeremy rauch,
jeremy brown tags,
jeremy brown,
javascript,
jamie butler,
james shewmaker,
jailbreaking,
jaco,
jack daniel tags,
jack daniel,
jabra,
isgameover,
ipv,
interoperability,
internet via satellite,
internet applications,
intelligent,
instrumented,
insider,
insecurities,
industry authors,
industry,
incident response,
incident,
immerman,
hungry,
hooking,
hell,
heffner,
heap,
hat europe,
hashes,
hardware hacking,
hansen,
hack in the box,
hack,
h.d. moore val,
gun,
greg conti,
greetz,
graziano,
goncalves,
girlfriend,
ghosting,
geers,
gcc,
gauci,
garry pejski,
ganesh,
games,
g. mark hardy,
function,
fun,
fred von lohmann,
freakshow,
frank rieger,
frank breedijk,
francisco amato,
foca,
feng shui,
feet,
failure,
fagan,
facebook way,
exposition,
exploitation,
evilgrade,
evasion,
establishing trust,
escalation,
erik berls,
environment,
emmanuel gadaix,
emmanuel,
edward bachelder,
ed skoudis,
economy,
eckersley,
dumber,
dubai,
droid,
dpa,
douchebag,
donation,
don ankney,
dom exploiting,
dod,
dnsbernoober,
disclosure,
diplomatic security,
digital,
diane barrett,
dennis brown tags,
dennis brown,
delivery,
definitions,
def,
decompilers,
debugging,
death,
dd wrt,
dcflux,
day,
david weston tags,
david weston,
david rook,
david richardson tim wyatt tags,
david richardson,
david mortman,
david kerb,
david byrne tags,
david byrne,
danny quist,
dangling pointer,
dangling,
dalvik,
cyber army,
csrf,
crypto,
cross domain,
crm,
crawling,
craig heffner,
craig,
covert channel,
covert,
consulting,
conlanging,
confidence,
conficker,
con kung ,
con,
command,
colin ames,
cloud,
clobbering,
cisco,
christian papathanasiou,
chris wysopal,
chris paget,
chris evans,
chief security officer,
chief security,
charles edge,
caruso,
capitalism,
cache,
c applications,
burns,
building,
build,
buffer overflow,
bruno goncalves,
bruce schneier,
brian wilson ryan linn tags,
brian wilson,
brian blankership,
brent baldwin robert jason tags,
brandon nesbit,
botnet,
boston,
boss,
blitzableiter,
blackout,
bitton,
bit,
belani,
beginners,
baldwin,
badges,
badge,
bad guys,
backdoors,
bachelder,
aurora,
aren,
apps,
anyone,
anti,
anthony zboralski,
anthony lineberry,
ankney,
andrew immerman,
andrea cugliari,
analysis,
amplification,
alonso jose palazon,
alexey,
alexander tereshkin,
alexander sotirov,
alex perry tags,
alex perry,
alek amrani,
ahmad tags,
afek,
adam savage,
adam laurie tags,
adam laurie,
abraham tags,
aaron newman,
Tools,
Release,
IPv6,
Hardware,
General,
Countermeasures
-
-
![Permalink for '[Audio] If you want to do what I do'](/themes/lilina/web//media/mark_off.gif.pagespeed.ce.FiDKaoEBZK.gif)
5:21
»
SecDocs
-
-
14:13
»
SecDocs
-
14:02
»
SecDocs
-
-
12:53
»
SecDocs
-
12:42
»
SecDocs
-
-
14:13
»
SecDocs
-
14:06
»
SecDocs
-
-
14:51
»
SecDocs
-
-
11:06
»
SecDocs
-
10:57
»
SecDocs
-
-
21:27
»
SecDocs
-
-
21:48
»
SecDocs
-
21:48
»
SecDocs
-
-
21:31
»
SecDocs
-
-
12:26
»
SecDocs
-
-
21:41
»
SecDocs
-
-
13:37
»
SecDocs
-
6:54
»
SecDocs
-
6:41
»
SecDocs
-
-
4:38
»
SecDocs
-
-
2:51
»
SecDocs
-
-
21:41
»
SecDocs
-
21:41
»
SecDocs
-
6:05
»
SecDocs
-
-
21:26
»
SecDocs
-
21:26
»
SecDocs
-
5:44
»
SecDocs
-
-
21:48
»
SecDocs
-
21:48
»
SecDocs
-
-
21:27
»
SecDocs
-
21:27
»
SecDocs
-
-
21:45
»
SecDocs
-
-
21:31
»
SecDocs
-
-
21:45
»
SecDocs
-
2:36
»
SecDocs
-
-
6:30
»
SecDocs
-
-
21:47
»
SecDocs
-
-
11:45
»
SecDocs
-
10:34
»
SecDocs
-
-
16:00
»
SecDocs
-
-
12:54
»
SecDocs
Authors:
Maik Hentsche Tags:
firewall Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: IT will be shown how IPv4 based protocols can be used to tunnel data through Firewalls while maintaining RFC compatibility. The goal is to show a broad spectrum of techniques. However, a few examples are presented in more detail.
-
-
1:00
»
SecDocs
Authors:
Lars Eilebrecht Tags:
mail cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A technical introduction to Ciphire Mail, a new email encryption solution. We will discuss the design, concept, and technical aspects of the system, and demonstrate how usability, security, and trust mechanisms are improved.
-
-
4:56
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Tor is a free-software anonymizing network for web browsing, instant messaging, etc. Our deployed network has thousands of users. I'll talk about design decisions, some everyday uses for anonymity networks, and where we need to go from here. Tor (second-generation Onion Routing) is a distributed overlay network that anonymizes TCP-based applications like web browsing, secure shell, and instant messaging. We have a deployed network of 50 nodes in the US and Europe, and the code is released unencumbered as free software. Tor's rendezvous point design enables location-hidden services -- users can run a standard webserver or other service without revealing its IP. I'll give an overview of the Tor architecture, and talk about why you'd want to use it, what security it provides, and how user applications interface to it. I'll show a working Tor network, and invite the audience to connect to it and use it.
-
4:56
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Tor is a free-software anonymizing network for web browsing, instant messaging, etc. Our deployed network has thousands of users. I'll talk about design decisions, some everyday uses for anonymity networks, and where we need to go from here. Tor (second-generation Onion Routing) is a distributed overlay network that anonymizes TCP-based applications like web browsing, secure shell, and instant messaging. We have a deployed network of 50 nodes in the US and Europe, and the code is released unencumbered as free software. Tor's rendezvous point design enables location-hidden services -- users can run a standard webserver or other service without revealing its IP. I'll give an overview of the Tor architecture, and talk about why you'd want to use it, what security it provides, and how user applications interface to it. I'll show a working Tor network, and invite the audience to connect to it and use it.
-
3:52
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Tor is a free-software anonymizing network for web browsing, instant messaging, etc. Our deployed network has thousands of users. I'll talk about design decisions, some everyday uses for anonymity networks, and where we need to go from here. Tor (second-generation Onion Routing) is a distributed overlay network that anonymizes TCP-based applications like web browsing, secure shell, and instant messaging. We have a deployed network of 50 nodes in the US and Europe, and the code is released unencumbered as free software. Tor's rendezvous point design enables location-hidden services -- users can run a standard webserver or other service without revealing its IP. I'll give an overview of the Tor architecture, and talk about why you'd want to use it, what security it provides, and how user applications interface to it. I'll show a working Tor network, and invite the audience to connect to it and use it.
-
-
9:41
»
SecDocs
Authors:
Josef Spillner Tags:
Linux Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Overview about the young and still developing Free Software scene in South and Latin America (mostly Brazil), ways to achieve independence of existing structures, and some specific projects. While in Germany people still talk about the ongoing partial migration in Munich, which is mostly in the hands of only few companies, other places have advanced some more already: where interested citizens are part of IT migrations in both companies and organizations. Not only is this a cultural difference, but also gives all hackers the possibility to block decisions heading the wrong way, and to integrate their own perspective.
-
-
16:07
»
SecDocs
Authors:
Peter Panter Tags:
phishing Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Phishing became a serious problem in 2004 with media coverage even in non-technical context. The lecture will gather the incidents, shows common attacks-techniques and tries to give a prognosis for the near future.
-
-
10:34
»
SecDocs
Authors:
Sven Moritz Hallberg Tags:
technology Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Haskell is a purely functional programming language. Its main features include its strong type system, declarative style, concise syntax, and clean structure. Contrary to the frequently found notion of Haskell being a language of more "academic interest", it is in my opinion much rather the case that Haskell can excellently express applications of direct practical utility without sacrificing the language's academic assets at all. The Haskell programming language is a comparatively young purely functional member of the Miranda family. Its main features include its strong type system, declarative style, concise syntax, and clean structure. A to my knowledge unique trait of Haskell, at least among programming languages "in practical use", is the actual absence of nonfunctional side effects in the core language. That is, in Haskell the statement of referential transparency is /true/. As to the elegance of the of course nonetheless given provisions for expressing inherently imperative processes, I/O especially, let the following two quotes suffice: "How to declare an imperative" (Philip Wadler, [1]) and "Haskell is the world's finest imperative programming language" (Simon P.J. in [2]). Contrary to the frequently found notion of Haskell being a language of more "academic interest", it is in my opinion much rather the case that Haskell can excellently express applications of direct practical utility without sacrificing the language's academic assets at all. See [3], [4], and [5] for documentation. The 45-minute talk will briefly sketch the basic concepts of the language and then open into a (as I hope) exciting tour of some programming highlights, in order to provide a loose outlook into Haskell and transfer some of my excitement about this language to interested hackers.
-
10:34
»
SecDocs
Authors:
Sven Moritz Hallberg Tags:
technology Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Haskell is a purely functional programming language. Its main features include its strong type system, declarative style, concise syntax, and clean structure. Contrary to the frequently found notion of Haskell being a language of more "academic interest", it is in my opinion much rather the case that Haskell can excellently express applications of direct practical utility without sacrificing the language's academic assets at all. The Haskell programming language is a comparatively young purely functional member of the Miranda family. Its main features include its strong type system, declarative style, concise syntax, and clean structure. A to my knowledge unique trait of Haskell, at least among programming languages "in practical use", is the actual absence of nonfunctional side effects in the core language. That is, in Haskell the statement of referential transparency is /true/. As to the elegance of the of course nonetheless given provisions for expressing inherently imperative processes, I/O especially, let the following two quotes suffice: "How to declare an imperative" (Philip Wadler, [1]) and "Haskell is the world's finest imperative programming language" (Simon P.J. in [2]). Contrary to the frequently found notion of Haskell being a language of more "academic interest", it is in my opinion much rather the case that Haskell can excellently express applications of direct practical utility without sacrificing the language's academic assets at all. See [3], [4], and [5] for documentation. The 45-minute talk will briefly sketch the basic concepts of the language and then open into a (as I hope) exciting tour of some programming highlights, in order to provide a loose outlook into Haskell and transfer some of my excitement about this language to interested hackers.
-
-
8:41
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: This talk will provide an overview of all currently know Bluetooth exploits, as well as live demonstrations, including Bluebugging, Snarfing, Dumping, PIN cracking and Car Whispering. Since the last trifinite group presentation at 21C3 a lot has happened in the Bluetooth hacking world. New vulnerabilities have come to light, including some that, unlike previous issues, attack the Bluetooth fundamentals themselves, such as pairing and cryptography. In addition to these, other new attacks such as BlueSmack, BlueSnarf++, BlueBump and Car Whisperer have been developed. In the rapidly expanding world of Bluetooth, it seems the opportunities for mischief abound, and this is a target rich environment for the White and Black Hat hacker alike. In this talk we will present live demonstations of tools such as Car Whisperer, which allows an attacker to connect to vehicle car kits and listen in to conversations via the microphone, and/or inject sound into the car speakers... Provide your own useful traffic bulletins! How often have you wanted to reach out and pass your compliments on the excellent manouver the guy in front of you just made? Now you can do all of that and more... In May, 2005 Shaked & Wool published a theoretical attack on the Bluetooth pairing process. In this talk we will show that the theory is a reality, and present the combined techniques of BlueDumping, BlueSpooofing and PIN cracking, leading to the all-new eavesdropping attack dubbed BlueDropping. This is a brand new attack, never seen in public before, and disclosed for the first time at 22C3. Using this technique, it is possible to monitor and record any and all data and/or voice traffic within a Bluetooth piconet. New tools such as BloooverII will also be released.
-
8:41
»
SecDocs
Authors:
Tim Pritlove Tags:
social Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Please join us as we look back to what happened and look forward to what's next on our agenda.
-
8:41
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: This talk will provide an overview of all currently know Bluetooth exploits, as well as live demonstrations, including Bluebugging, Snarfing, Dumping, PIN cracking and Car Whispering. Since the last trifinite group presentation at 21C3 a lot has happened in the Bluetooth hacking world. New vulnerabilities have come to light, including some that, unlike previous issues, attack the Bluetooth fundamentals themselves, such as pairing and cryptography. In addition to these, other new attacks such as BlueSmack, BlueSnarf++, BlueBump and Car Whisperer have been developed. In the rapidly expanding world of Bluetooth, it seems the opportunities for mischief abound, and this is a target rich environment for the White and Black Hat hacker alike. In this talk we will present live demonstations of tools such as Car Whisperer, which allows an attacker to connect to vehicle car kits and listen in to conversations via the microphone, and/or inject sound into the car speakers... Provide your own useful traffic bulletins! How often have you wanted to reach out and pass your compliments on the excellent manouver the guy in front of you just made? Now you can do all of that and more... In May, 2005 Shaked & Wool published a theoretical attack on the Bluetooth pairing process. In this talk we will show that the theory is a reality, and present the combined techniques of BlueDumping, BlueSpooofing and PIN cracking, leading to the all-new eavesdropping attack dubbed BlueDropping. This is a brand new attack, never seen in public before, and disclosed for the first time at 22C3. Using this technique, it is possible to monitor and record any and all data and/or voice traffic within a Bluetooth piconet. New tools such as BloooverII will also be released.
-
8:41
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: This talk will provide an overview of all currently know Bluetooth exploits, as well as live demonstrations, including Bluebugging, Snarfing, Dumping, PIN cracking and Car Whispering. Since the last trifinite group presentation at 21C3 a lot has happened in the Bluetooth hacking world. New vulnerabilities have come to light, including some that, unlike previous issues, attack the Bluetooth fundamentals themselves, such as pairing and cryptography. In addition to these, other new attacks such as BlueSmack, BlueSnarf++, BlueBump and Car Whisperer have been developed. In the rapidly expanding world of Bluetooth, it seems the opportunities for mischief abound, and this is a target rich environment for the White and Black Hat hacker alike. In this talk we will present live demonstations of tools such as Car Whisperer, which allows an attacker to connect to vehicle car kits and listen in to conversations via the microphone, and/or inject sound into the car speakers... Provide your own useful traffic bulletins! How often have you wanted to reach out and pass your compliments on the excellent manouver the guy in front of you just made? Now you can do all of that and more... In May, 2005 Shaked & Wool published a theoretical attack on the Bluetooth pairing process. In this talk we will show that the theory is a reality, and present the combined techniques of BlueDumping, BlueSpooofing and PIN cracking, leading to the all-new eavesdropping attack dubbed BlueDropping. This is a brand new attack, never seen in public before, and disclosed for the first time at 22C3. Using this technique, it is possible to monitor and record any and all data and/or voice traffic within a Bluetooth piconet. New tools such as BloooverII will also be released.
-
-
21:43
»
SecDocs
-
-
21:40
»
SecDocs
Authors:
Bert Bos Tags:
web Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: W3C brings together experts, companies and users to define the fundamental formats and protocols of the Web. The challenge is to create a coherent system (the "Semantic Web") without forgetting everybody's short-term needs. When W3C started, in 1994, the Web was simple: the IETF had taken on the task of defining URLs; W3C and the IETF worked together on HTML and HTTP; W3C developed CSS; and a group of people donated PNG to W3C. There were plenty of people helping out and although some had trouble understanding W3C's vision of a Web on other devices than PCs, the architecture was simple enough and progress was quick. Now the Web is big, slow and complex. There is an ever increasing demand for new technologies, for security, b2b, multimedia, accessibility, privacy, and what not, and although W3C's vision is still the same, it needs more and more discussion in more and more groups to harmonize all the technologies being proposed. But at least everybody now wants the Web on small devices... Let's take a (brief) look at the methods W3C tries to use to reach consensus (because consensus is the basis of W3C's decision making), at the ways in which people can follow and participate in the work, and at a few of the technologies that are expected.
-
21:40
»
SecDocs
Authors:
Bert Bos Tags:
web Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: W3C brings together experts, companies and users to define the fundamental formats and protocols of the Web. The challenge is to create a coherent system (the "Semantic Web") without forgetting everybody's short-term needs. When W3C started, in 1994, the Web was simple: the IETF had taken on the task of defining URLs; W3C and the IETF worked together on HTML and HTTP; W3C developed CSS; and a group of people donated PNG to W3C. There were plenty of people helping out and although some had trouble understanding W3C's vision of a Web on other devices than PCs, the architecture was simple enough and progress was quick. Now the Web is big, slow and complex. There is an ever increasing demand for new technologies, for security, b2b, multimedia, accessibility, privacy, and what not, and although W3C's vision is still the same, it needs more and more discussion in more and more groups to harmonize all the technologies being proposed. But at least everybody now wants the Web on small devices... Let's take a (brief) look at the methods W3C tries to use to reach consensus (because consensus is the basis of W3C's decision making), at the ways in which people can follow and participate in the work, and at a few of the technologies that are expected.
-
21:40
»
SecDocs
Authors:
Bert Bos Tags:
web Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: W3C brings together experts, companies and users to define the fundamental formats and protocols of the Web. The challenge is to create a coherent system (the "Semantic Web") without forgetting everybody's short-term needs. When W3C started, in 1994, the Web was simple: the IETF had taken on the task of defining URLs; W3C and the IETF worked together on HTML and HTTP; W3C developed CSS; and a group of people donated PNG to W3C. There were plenty of people helping out and although some had trouble understanding W3C's vision of a Web on other devices than PCs, the architecture was simple enough and progress was quick. Now the Web is big, slow and complex. There is an ever increasing demand for new technologies, for security, b2b, multimedia, accessibility, privacy, and what not, and although W3C's vision is still the same, it needs more and more discussion in more and more groups to harmonize all the technologies being proposed. But at least everybody now wants the Web on small devices... Let's take a (brief) look at the methods W3C tries to use to reach consensus (because consensus is the basis of W3C's decision making), at the ways in which people can follow and participate in the work, and at a few of the technologies that are expected.
-
21:40
»
SecDocs
Authors:
Bert Bos Tags:
web Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: W3C brings together experts, companies and users to define the fundamental formats and protocols of the Web. The challenge is to create a coherent system (the "Semantic Web") without forgetting everybody's short-term needs. When W3C started, in 1994, the Web was simple: the IETF had taken on the task of defining URLs; W3C and the IETF worked together on HTML and HTTP; W3C developed CSS; and a group of people donated PNG to W3C. There were plenty of people helping out and although some had trouble understanding W3C's vision of a Web on other devices than PCs, the architecture was simple enough and progress was quick. Now the Web is big, slow and complex. There is an ever increasing demand for new technologies, for security, b2b, multimedia, accessibility, privacy, and what not, and although W3C's vision is still the same, it needs more and more discussion in more and more groups to harmonize all the technologies being proposed. But at least everybody now wants the Web on small devices... Let's take a (brief) look at the methods W3C tries to use to reach consensus (because consensus is the basis of W3C's decision making), at the ways in which people can follow and participate in the work, and at a few of the technologies that are expected.
-
-
10:30
»
SecDocs
Authors:
Fabio Ghioni Roberto Preatoni Tags:
intelligence Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation will also cover a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets.
-
-
21:41
»
SecDocs
Authors:
Fabio Ghioni Roberto Preatoni Tags:
intelligence Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation will also cover a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets.
-
21:41
»
SecDocs
Authors:
Fabio Ghioni Roberto Preatoni Tags:
intelligence Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation will also cover a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets.
-
-
21:37
»
SecDocs
Authors:
Achim Friedland Daniel Kirstenpfad Tags:
network GSM phone Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: We are giving an overview of ip networks used for >=2.5G technologies. Our main focus is on scanning the overlaying ip network, on different Voice-over-IP filter implementations and the possibilities to circumvent them. We want to explain the ip networks used in GPRS and UMTS cellular networks from the enduser point of view. How do they work today and what has to be done to get a normal webpage, voice-over-ip or even a video stream onto your PDA or SmartPhone. For your private investigations inside your providers ip network we want to demonstrate you a tcp/udp port and round-trip-time based traceroute program based on the .NET compact framework. With the help of this program we want to analyse the anti voice-over-ip filters implemented by different cellular providers and show you some possibilities how to circumvent them _efficently_. So we don't just tunnel all the traffic through a VPN. But even when these filters become more sophisticated in the future we want to present some ideas how to defeat your right to talk via voice-over-ip whereever and whenever you want to.
-
-
21:46
»
SecDocs
Authors:
Joi Ito Tim Pritlove Tags:
culture Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Introductory opening session by Tim Pritlove and keynote speech on the 22C3 topic "Private Investigations" by Joi Ito.
-
-
21:32
»
SecDocs
-
-
2:53
»
SecDocs
Authors:
Felix von Leitner Tags:
secure development Event:
Chaos Communication Camp 2007 Abstract: Programmers often attempt to make their code faster but end up only making it less readable. This talk attempts to show what kind of optimizations you can (and should) leave to your compiler.
-
2:51
»
SecDocs
Authors:
Felix von Leitner Tags:
secure development Event:
Chaos Communication Camp 2007 Abstract: Programmers often attempt to make their code faster but end up only making it less readable. This talk attempts to show what kind of optimizations you can (and should) leave to your compiler.
-
-
21:44
»
SecDocs
Authors:
Marcel Klein Mario Manno Tobias Gruetzmacher Tags:
games Nintendo Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The Nintendo DS is a mobile gaming console. It was first introduced in 2004. Our talk will give a short introduction of the hardware and available games. The main focus however lies on homebrew software, DSLinux, alternative firmware, copy protection, flash cards and online gaming protocols. The Nintendo DS is often seen as a direct competitor to the Sony PSP, but sells at a much lower price. The DS consists of two ARM CPUs, two displays, one of them functions as a touchscreen and a wifi interface. Due to its small amount of RAM, 4MB, the DS provides a real challenge to developers. We will explain different methods used to circumvent the copy protection and replace the existing firmware. Afterwards we will introduce the most common flash cartridges used to run homebrew software and pirated ROMs. While talking about homebrew applications we will focus on wifi applications, like scanners and development environments. At last we will present an analysis of the online gaming protocols.
-
-
21:47
»
SecDocs
Authors:
Marcel Klein Mario Manno Tobias Gruetzmacher Tags:
games Nintendo Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The Nintendo DS is a mobile gaming console. It was first introduced in 2004. Our talk will give a short introduction of the hardware and available games. The main focus however lies on homebrew software, DSLinux, alternative firmware, copy protection, flash cards and online gaming protocols. The Nintendo DS is often seen as a direct competitor to the Sony PSP, but sells at a much lower price. The DS consists of two ARM CPUs, two displays, one of them functions as a touchscreen and a wifi interface. Due to its small amount of RAM, 4MB, the DS provides a real challenge to developers. We will explain different methods used to circumvent the copy protection and replace the existing firmware. Afterwards we will introduce the most common flash cartridges used to run homebrew software and pirated ROMs. While talking about homebrew applications we will focus on wifi applications, like scanners and development environments. At last we will present an analysis of the online gaming protocols.
-
21:47
»
SecDocs
Authors:
Marcel Klein Mario Manno Tobias Gruetzmacher Tags:
games Nintendo Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The Nintendo DS is a mobile gaming console. It was first introduced in 2004. Our talk will give a short introduction of the hardware and available games. The main focus however lies on homebrew software, DSLinux, alternative firmware, copy protection, flash cards and online gaming protocols. The Nintendo DS is often seen as a direct competitor to the Sony PSP, but sells at a much lower price. The DS consists of two ARM CPUs, two displays, one of them functions as a touchscreen and a wifi interface. Due to its small amount of RAM, 4MB, the DS provides a real challenge to developers. We will explain different methods used to circumvent the copy protection and replace the existing firmware. Afterwards we will introduce the most common flash cartridges used to run homebrew software and pirated ROMs. While talking about homebrew applications we will focus on wifi applications, like scanners and development environments. At last we will present an analysis of the online gaming protocols.
-
-
15:14
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. Although many people use the Tor anonymity network to get around this censorship, the current Tor network is not designed to withstand a government-level censor. In this talk we describe a design for providing access to the Tor network that is harder to block.
-
15:02
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. Although many people use the Tor anonymity network to get around this censorship, the current Tor network is not designed to withstand a government-level censor. In this talk we describe a design for providing access to the Tor network that is harder to block.
-
15:00
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. Although many people use the Tor anonymity network to get around this censorship, the current Tor network is not designed to withstand a government-level censor. In this talk we describe a design for providing access to the Tor network that is harder to block.
-
-
21:38
»
SecDocs
Authors:
Marco Gercke Tags:
social Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The balance between effective criminal investigations and the protection of human rights is currently intensively discussed. A number of approaches demonstrate a tendency that state authorities gain for more access to sensitive data. But do these information really help to prevent crimes (e.g. terrorist attacks) and how save are these information in the hands of state authorities'?
-
-
21:26
»
SecDocs
Authors:
Alexander Kornbrust Tags:
Oracle Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: Oracle databases are the leading databases in companies and organizations. In the last 3 years Oracle invested a lot of time and engery to make the databases more secure, adding new features ... but even 2007 most databases are easy to hack. This talk will describe the current status, the typical problems in customer installations and the trends for the future for Oracle Security. I will show some scenarios how to attack (and prevent) databases, abuse Oracle security features (like Oracle Transparent Database Encryption (TDE)) and the latest trends in SQL Injection (e.g. why a table "!rm -rF /" sometimes executes code).
-
-
21:44
»
SecDocs
Authors:
Peter Fuhrmann Tags:
games Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: The C64-DTV is a remake of the classic homecomputer sold as a joystick-contained videogame. The talk gives an overview about the structure of the DTV, and shows different hardware and software modifications that can be done.
-
-
21:54
»
SecDocs
Authors:
Jens Kubieziel Tags:
privacy Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: I2P is a message-based anonymizing network. It builds a virtual network between the communication endpoints. This talk will introduce the technical details of I2P and show some exemplary applications. I2P has a different approach than most other known anonymous applications. Maybe you know about the anonymisation network Tor. Here you have central directory servers, onion routers (relaying traffic), onion proxies (send and receive data from the user) and other software roles within the network. I2P calls every software a router and it can send and receive data for the user as well as relay traffic for other users. Furthermore I2P uses no central server for distributing information about routers. You'll get the information from I2P's network database. This is a pair of algorithms which share the network metadata. The routers participate in the Kademlia algorithm. It is derived from distributed hash table. My talk will tell you in detail how I2P work, what roles routers, gateways, netDb etc. plays. Furthermore I'll show differences and similarities to other anonymizing networks e. g. Tor and introduce some exemplary applications.
-
21:54
»
SecDocs
Authors:
Jens Kubieziel Tags:
privacy Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: I2P is a message-based anonymizing network. It builds a virtual network between the communication endpoints. This talk will introduce the technical details of I2P and show some exemplary applications. I2P has a different approach than most other known anonymous applications. Maybe you know about the anonymisation network Tor. Here you have central directory servers, onion routers (relaying traffic), onion proxies (send and receive data from the user) and other software roles within the network. I2P calls every software a router and it can send and receive data for the user as well as relay traffic for other users. Furthermore I2P uses no central server for distributing information about routers. You'll get the information from I2P's network database. This is a pair of algorithms which share the network metadata. The routers participate in the Kademlia algorithm. It is derived from distributed hash table. My talk will tell you in detail how I2P work, what roles routers, gateways, netDb etc. plays. Furthermore I'll show differences and similarities to other anonymizing networks e. g. Tor and introduce some exemplary applications.
-
-
21:28
»
SecDocs
Authors:
Arien Vijn Tags:
network sniffer Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: There are many open source tools available to do packet capturing and analysis. Virtually all networkers use these tools. However millions of packets per seconds are just too much for general-purpose hardware. This is a problem as 10 Gigabit networks allow for millions of packets per second.
-
-
21:43
»
SecDocs
Authors:
Karsten Nohl Tags:
reverse engineering RFID chip Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: Cryptographic algorithms are often kept secret in the false belief that this provides security. To find and analyze these algorithms, we reverse-engineering the silicon chips that implement them.
-
21:43
»
SecDocs
Authors:
Gadi Evron Tags:
warfare intelligence Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: Estonia and Georgia are just two examples of where global scale cooperation is required for handling security incidents on the Internet.
-
-
21:35
»
SecDocs
Authors:
Francesco Ongaro Tags:
penetration testing Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: A collection of engaging techniques, some unreleased and some perhaps forgotten, to make pentesting fun again. From layer 3 attacks that still work, to user interaction based exploits that aren't 'clickjacking', to local root privilege escalation without exploits and uncommon web application exploitation techniques.
-
-
21:36
»
SecDocs
Authors:
Martin Ling Tags:
UAV Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: Birds, glider pilots, and recently UAVs can exploit a variety of weather effects in order to gain altitude, remain airborne and travel long distances all with no power input – effectively, hacking the atmosphere to fly for free. This talk will explain the aircraft, techniques, meteorology, hardware and software that we use to achieve this. In the process I will show why the sport of gliding may be of interest to hackers, and explain how you too can get involved in this highly rewarding and low-cost form of flying.
-
-
21:47
»
SecDocs
Authors:
Roger Dingledine Tags:
vulnerability Tor privacy Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor.
-
-
21:34
»
SecDocs
Authors:
Sébastien Bourdeauducq Tags:
embedded microcontroller Event:
Chaos Communication Camp 2011 Abstract: Milkymist develops a comprehensive solution for the live synthesis of interactive visual effects. It features one of the first open source system-on-chip designs. This talk gives a roundup of what has happened during the last 1.5 year in this project. The Milkymist project is an informal organization of people and companies who develop, manufacture and sell a comprehensive open source hardware and software solution for the live synthesis of interactive visual effects for VJs. The project goes great lengths to apply the open source principles at every level possible, and is best known for the Milkymist system-on-chip (SoC) which is among the first commercialized system-on-chip designs with free HDL source code. As a result, several Milkymist components have been reused in applications unrelated to video synthesis. For example, NASA's Communication Navigation and Networking Reconfigurable Testbed (CoNNeCT) experiment uses the memory controller that was originally developed for the Milkymist system-on-chip and published under the GNU GPL. A lot has happened since the introduction to the project at the 26C3. We have designed and are now producing and selling our own hardware called Milkymist One. The system-on-chip design has reached a very usable state, with improved graphics acceleration capabilities, support for all the interfaces on the Milkymist One (e.g. video digitizer, USB, Ethernet, MIDI, DMX, ...) and a GDB-compatible in-system debugger. On the software side, we have ported the RTEMS real time operating system and up-leveled the Linux port. We also have developed our own end-user video synthesis application which runs on RTEMS and uses the MTK embedded GUI toolkit (based on Genode FX). Several third-party applications and many libraries were successfully run on the Milkymist SoC, such as the MuPDF document viewer and the Lua and Ruby programming languagues. The SoC software can also be run and debugged in the latest versions of the QEMU emulator. This talk presents all this, and more. Demonstrations included.
-
-
2:48
»
SecDocs
Authors:
Walter van Holst Tags:
law privacy data retention Event:
Chaos Communication Camp 2011 Abstract: Right now the European Union is in a bit of a lawmaking frenzy on areas that are relevant to the internet in general. This Commission has several ambitious undertakings going on with regard to: enforcement of so-called intellectual property rights data protection data retention directive Passenger Name Records (PNR) Furthermore, several recent efforts are wrapping up and are moving to the national level, such as ACTA and webfilters against child pornography. During this lecture Katarzyna Szymielewicz (Panoptykon Foundation Poland) and Walter van Holst (European Digital Rights) will explain the main topics in Brussels, what you can do to get involved to defend your freedoms.
-
-
12:36
»
SecDocs
Authors:
Daniel Domscheit-Berg Tags:
information operation privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.
-
12:02
»
SecDocs
Authors:
Daniel Domscheit-Berg Tags:
information operation privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.
-
-
22:30
»
SecDocs
Authors:
Jacob Appelbaum Roger Dingledine Tags:
Tor privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January 2011 and September 2011. Bluecoat tested out a Tor handshake filter in Syria in June 2011. China has been harvesting and blocking IP addresses for both public Tor relays and private Tor bridges for years. Roger Dingledine and Jacob Appelbaum will talk about how exactly these governments are doing the blocking, both in terms of what signatures they filter in Tor (and how we've gotten around the blocking in each case), and what technologies they use to deploy the filters -- including the use of Western technology to operate the surveillance and censorship infrastructure in Tunisia (Smartfilter), Syria (Bluecoat), and other countries. We'll cover what we've learned about the mindset of the censor operators (who in many cases don't want to block Tor because they use it!), and how we can measure and track the wide-scale censorship in these countries. Last, we'll explain Tor's development plans to get ahead of the address harvesting and handshake DPI arms races.
-
-
22:40
»
SecDocs
Authors:
Jacob Appelbaum Roger Dingledine Tags:
Tor privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January 2011 and September 2011. Bluecoat tested out a Tor handshake filter in Syria in June 2011. China has been harvesting and blocking IP addresses for both public Tor relays and private Tor bridges for years. Roger Dingledine and Jacob Appelbaum will talk about how exactly these governments are doing the blocking, both in terms of what signatures they filter in Tor (and how we've gotten around the blocking in each case), and what technologies they use to deploy the filters -- including the use of Western technology to operate the surveillance and censorship infrastructure in Tunisia (Smartfilter), Syria (Bluecoat), and other countries. We'll cover what we've learned about the mindset of the censor operators (who in many cases don't want to block Tor because they use it!), and how we can measure and track the wide-scale censorship in these countries. Last, we'll explain Tor's development plans to get ahead of the address harvesting and handshake DPI arms races.
-
-
21:41
»
SecDocs
Authors:
Karsten Nohl Luca Melette Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. Most severe attack vectors on mobile phones are due to an outdated technology base that lacks strong cryptographic authentication or confidentiality. Given this discrepancy between protection need and reality, a number of countermeasures were developed for networks and phones to better protect their users. We explain the most important measures and track their deployment. Furthermore, we will release tools to measure the level of vulnerability of networks. Sharing the results of these measurements will hopefully create problem awareness and demand for more security by phone users around the world.
-
-
21:46
»
SecDocs
-
21:46
»
SecDocs
-
21:46
»
SecDocs
-
21:46
»
SecDocs
-
-
21:41
»
SecDocs
-
-
21:51
»
SecDocs
-
-
21:52
»
SecDocs
-
13:43
»
SecDocs
-
13:43
»
SecDocs
-
-
21:49
»
SecDocs
-
21:49
»
SecDocs
-
13:49
»
SecDocs
-
-
13:17
»
SecDocs
-
-
21:45
»
SecDocs
-
-
21:48
»
SecDocs
-
21:48
»
SecDocs
-
-
21:32
»
SecDocs
-
-
21:49
»
SecDocs
-
-
12:20
»
SecDocs
-
12:20
»
SecDocs
-
-
13:45
»
SecDocs
-
-
21:34
»
SecDocs
-
21:34
»
SecDocs
-
-
21:34
»
SecDocs
-
-
21:47
»
SecDocs
-
-
21:28
»
SecDocs
-
11:39
»
SecDocs
-
-
21:49
»
SecDocs
-
4:08
»
SecDocs
-
-
10:56
»
SecDocs
-
-
21:38
»
SecDocs
-
-
21:35
»
SecDocs
-
-
21:46
»
SecDocs
-
21:46
»
SecDocs
-
-
15:13
»
SecDocs
-
-
21:53
»
SecDocs
-
-
21:38
»
SecDocs
-
21:38
»
SecDocs
-
12:39
»
SecDocs
-
-
21:34
»
SecDocs
-
21:34
»
SecDocs
-
-
21:41
»
SecDocs
-
3:59
»
SecDocs
-
-
21:28
»
SecDocs
-
-
21:53
»
SecDocs
-
21:53
»
SecDocs
-
-
21:36
»
SecDocs
-
-
21:42
»
SecDocs
-
14:32
»
SecDocs
-
5:43
»
SecDocs
-
2:05
»
SecDocs
-
-
11:21
»
SecDocs
-
-
21:30
»
SecDocs
-
-
6:46
»
SecDocs
-
-
3:22
»
SecDocs
-
-
21:45
»
SecDocs
-
-
21:41
»
SecDocs
-
-
21:28
»
SecDocs
-
21:28
»
SecDocs
-
21:28
»
SecDocs
-
21:28
»
SecDocs
-
-
12:32
»
SecDocs
-
-
21:25
»
SecDocs
-
-
21:29
»
SecDocs
-
21:29
»
SecDocs
-
12:06
»
SecDocs
-
-
21:51
»
SecDocs
-
-
21:51
»
SecDocs
-
21:51
»
SecDocs
-
-
21:44
»
SecDocs
-
-
21:38
»
SecDocs
-
21:38
»
SecDocs
-
-
21:48
»
SecDocs
-
-
21:30
»
SecDocs
-
21:30
»
SecDocs
-
-
21:44
»
SecDocs
-
21:44
»
SecDocs
-
-
21:35
»
SecDocs
-
21:35
»
SecDocs
-
21:35
»
SecDocs
-
21:35
»
SecDocs
-
-
21:31
»
SecDocs
-
21:31
»
SecDocs
-
21:31
»
SecDocs
-
11:30
»
SecDocs
-
-
21:50
»
SecDocs
-
21:50
»
SecDocs
-
-
21:42
»
SecDocs
-
21:42
»
SecDocs
-
-
21:47
»
SecDocs
-
21:47
»
SecDocs
-
21:47
»
SecDocs
-
-
21:52
»
SecDocs
-
-
21:25
»
SecDocs
-
21:25
»
SecDocs
-
-
21:43
»
SecDocs
-
-
21:51
»
SecDocs
-
21:51
»
SecDocs
-
-
21:30
»
SecDocs
-
21:30
»
SecDocs
-
-
22:44
»
SecDocs
-
22:44
»
SecDocs
-
22:44
»
SecDocs
-
-
22:51
»
SecDocs
-
-
22:43
»
SecDocs
-
22:43
»
SecDocs
-
-
22:52
»
SecDocs
-
-
22:48
»
SecDocs
-
22:48
»
SecDocs
-
-
22:54
»
SecDocs
-
10:53
»
SecDocs
-
-
2:18
»
SecDocs
-
2:18
»
SecDocs
-
-
3:25
»
SecDocs
-
-
0:10
»
SecDocs
-
-
3:30
»
SecDocs
-
3:30
»
SecDocs
-
-
0:46
»
SecDocs
-
0:46
»
SecDocs
-
-
2:37
»
SecDocs
-
2:37
»
SecDocs
-
2:37
»
SecDocs
-
-
5:16
»
SecDocs
-
5:16
»
SecDocs
-
-
23:54
»
SecDocs
-
23:54
»
SecDocs
-
-
3:15
»
SecDocs
-
3:15
»
SecDocs
-
-
5:56
»
SecDocs
-
-
1:01
»
SecDocs
-
-
10:35
»
SecDocs
-
10:35
»
SecDocs
-
10:35
»
SecDocs
-
10:35
»
SecDocs
-
-
1:04
»
SecDocs
-
1:04
»
SecDocs
-
-
2:23
»
SecDocs
-
2:23
»
SecDocs
-
-
2:15
»
SecDocs
-
-
2:15
»
SecDocs
-
-
23:12
»
SecDocs
-
1:48
»
SecDocs
-
-
5:14
»
SecDocs
-
-
13:01
»
SecDocs
-
-
23:20
»
SecDocs
-
1:52
»
SecDocs
-
1:52
»
SecDocs
-
-
4:49
»
SecDocs
-
-
11:11
»
SecDocs
-
-
13:16
»
SecDocs
-
11:23
»
SecDocs
-
-
13:33
»
SecDocs
Authors:
Shreeraj Shah Tags:
AJAX XSS Rich Internet Applications Event:
Black Hat USA 2010 Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.
-
13:33
»
SecDocs
Authors:
Shreeraj Shah Tags:
AJAX XSS Rich Internet Applications Event:
Black Hat USA 2010 Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.
-
13:27
»
SecDocs
Authors:
Thomas Ryan Tags:
social engineering Event:
Black Hat USA 2010 Abstract: Given the vast number of security breaches via the internet, the experiment seeks to exploit the fundamental levels of information leakage—the outflow of information as a result of people’s hap-hazard and unquestioned trust. The experiment was conducted by creating a blatantly false identity and enrolling on various social networking websites. By joining networks, registering on mailing lists, and listing false credentials, the conditions were then set to research people’s decisions to trust and share information with the false identity. The main factors observed were: the exploitation of trust based on gender, occupation, education/credentials, and friends (connections). By the end of this Experiment, Robin finished the month having accumulated 100’s connections through various social networking sites. Contacts included executives at government entities such as the NSA, DOD and Military Intelligence groups. Other friends came from Global 500 corporations. Throughout the experiment Robin was offered gifts, government and corporate jobs, and options to speak at a variety of security conferences. Through this 28 day experiment, it became evident that the propagation of a false identity via social networking websites is rampant and viral. Much of the information revealed to Robin Sage violated OPSEC procedures. The deliberate choice of an attractive young female exposed the role that sex and appearance plays in trust and people’s eagerness to connect with someone. In conjunction with her look, Robin Sage’s credentials listed on her profile resulted in selection perception; people’s tendency to draw unwarranted conclusions in their attempt to make a quick decision. By acquiring a large number of connections, Robin had the ability to identify the individual who was positioned to provide the most intelligence based on their involvement in multiple government agencies. The false identity combined with carefully chosen false credentials led to a false trust that could have resulted in the breach of multiple security protocols.
-
-
12:03
»
SecDocs
Authors:
Francis Brown Rob Ragan Tags:
intelligence Event:
Black Hat USA 2010 Abstract: During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - our demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing. Come ready to engage with us as we release two new tools, GoogleDiggity and BingDiggity, which take full advantage of the new hacking techniques. We’ll also be releasing the first ever “live vulnerability feed”, which will quickly become the new standard on how to detect and protect yourself against these types of attacks. This presentation will change the way you've previously thought about search engine hacking, so put on your helmets. We don't want a mess when we blow your minds.
-
-
0:18
»
SecDocs
Authors:
Christoph Weber Tags:
router exploiting Cisco Event:
Hashdays 2010 Abstract: The talk demonstrates, based on Cisco devices, that DDoS attacks, spam and viruses are not only coming from the "normal suspects" (PC, server and mobile devices). There are other devices, like routers or switches, which can do the same. All these devices are becoming more and more "intelligent" and have "features", which will make it possible to realize all kinds of attacks. Because of broad distribution of all these feature packed devices to the customer, these devices have a greater potential for misuse and will in the future become more in focus of hackers.
-
0:18
»
SecDocs
Authors:
Christoph Weber Tags:
router exploiting Cisco Event:
Hashdays 2010 Abstract: The talk demonstrates, based on Cisco devices, that DDoS attacks, spam and viruses are not only coming from the "normal suspects" (PC, server and mobile devices). There are other devices, like routers or switches, which can do the same. All these devices are becoming more and more "intelligent" and have "features", which will make it possible to realize all kinds of attacks. Because of broad distribution of all these feature packed devices to the customer, these devices have a greater potential for misuse and will in the future become more in focus of hackers.
-
-
16:14
»
SecDocs
-
-
11:34
»
SecDocs
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Packet Storm Security Headlines (16 unread)
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution