«
Expand/Collapse
28 items tagged "industry"
Related tags:
tar [+],
salzburg [+],
phone [+],
motorola models [+],
martin herfurt [+],
marcel holtmann [+],
marcel [+],
mac os x [+],
mac os [+],
intrusion detection [+],
enterprise deployments [+],
bluetooth [+],
adam laurie marcel holtmann [+],
adam [+],
aanval [+],
thomas carlyle [+],
reliable software development [+],
erwin erkinger [+],
aerospace [+],
Software [+],
reality [+],
pervasive myths [+],
malware [+],
lag [+],
industry authors [+],
garry pejski [+],
annalee newitz [+],
web [+],
wafer sort [+],
vulnerability [+],
video [+],
spanks [+],
smartphone [+],
slides [+],
site [+],
siebel [+],
schneier [+],
scanning electron microscopes [+],
scanning electron microscope [+],
research [+],
recording industry [+],
recording [+],
protect [+],
pin [+],
oracle [+],
new [+],
microsoft [+],
mature [+],
location [+],
limewire [+],
leap [+],
jtag [+],
intellect [+],
information overload [+],
industry web [+],
industry groups [+],
industry body [+],
industry applications [+],
hook [+],
hacking [+],
flame [+],
felix domke [+],
exact implementation [+],
engineering [+],
chip and pin [+],
chip and [+],
china [+],
chaos communication camp [+],
chair [+],
boxes [+],
botnet [+],
body [+],
beam [+],
auto industry [+],
auto [+],
authors [+],
applications web [+],
1 billion [+],
chaos communication congress [+]
-
-
![Permalink for '[Video] Bluetooth Hacking'](/themes/lilina/web//media/mark_off.gif.pagespeed.ce.FiDKaoEBZK.gif)
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
-
21:46
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
-
4:09
»
SecDocs
Tags:
reverse engineering Event:
Chaos Communication Camp 2007 Abstract: Dual beam systems are a research and development tool widely used in semiconductor industry. They integrate a scanning electron microscope with a focused ion beam and allow to image, remove, and deposit nanometer size structures. The lecture introduces the basic principles, shows application examples, and explains how these devices can be used for hacking on the hardware level. At the headquarter of the worlds largest microchip manufacturer the atmosphere in the executive meeting is tensed. The competitor has just revealed a new processor with far superior performance. The own R&D has been working on the same technology but is at least one year behind. They seem to be just not able to figure out how to get the thing working. But there is this early prototype the guy they managed to poach last month brought with him. They should get to work. Within a few hours the guys at the lab had managed to cut through the packaging. The circuitry on the surface of the chip was already visible. They quickly figured out at which locations they had to dig deeper to get to the sweet secret. They milled out several of the transistors with nanometer precision. With the remote controlled arm of a micromanipulator they took the tiny parts out for final preparation. Once the pieces were in the microscope it was only a matter of waiting. The next morning the tomography was done and a 3d model of the transistor was rotating on the computer screen. Now with the elemental mappings in front of them it would be a piece of cake to copy the process. What would have sounded like science fiction only a few years ago is nowadays a standard application in companies. With more than a hundred deployed devices, sales rising, new vendors entering the market, and prices dropping dual beam systems will become as commonly available as scanning electron microscopes are today. However, this will not only propel research in science and industry but it has also the potential to deeply impact present security paradigms. It is the end of the hardware black box. Since it allows to image, dissect, and rewire on-chip circuitry statements like the following about the trusted platform module: "The endorsement key is a 2,048-bit RSA public and private key pair, which is created randomly on the chip at manufacture time and CANNOT be changed."*) might need to be reconsidered.
-
-
12:07
»
SecDocs
Authors:
Erwin Erkinger Tags:
software development Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The challenge of designing reliable is managed different in every industry. This lecture will give an overview how safety critical and reliable software is designed and produced in the area of aerospace industry and why this could also be interesting for other applications (like web-design) "The greatest of faults, I should say, is to be conscious of none. " - Thomas Carlyle It is the humans most valuable gift to be unprescise – as many new things would not be discovered otherwise. But for reliable (software) development this evolutionary gift turns to be a big challenge as the final product shall not contain any faults. This lecture is about preventing development faults on the example of the aerospace and automotive industry. Part one of this lecture is a basic introduction why reliability is an issue at all. It is obvious that a failure in the primary flight control will seriously endanger the live of people. But buried under functionality of a e.g. Web-application the criticality of these application cannot easily recognized. Often these application are not directly live threatening, but the loss of the income source also endangers lives (at least the quality). Part two will introduce the DO-178B standard with which the aerospace industry tries to handle the reliability challenge. The basic idea of this quality standard is very simple: “SW shall contain only functionality it has to”. To achieve this postulate the DO-178B specifies a series of processes and documents (which can be seen as artefacts of these processes). Of course some examples will illustrate this part. The last part will summarize the lecture and gives some ideas on the (re-)usage of the described methods for “classic” (non-safety critical) application.
-
12:07
»
SecDocs
Authors:
Erwin Erkinger Tags:
software development Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The challenge of designing reliable is managed different in every industry. This lecture will give an overview how safety critical and reliable software is designed and produced in the area of aerospace industry and why this could also be interesting for other applications (like web-design) "The greatest of faults, I should say, is to be conscious of none. " - Thomas Carlyle It is the humans most valuable gift to be unprescise – as many new things would not be discovered otherwise. But for reliable (software) development this evolutionary gift turns to be a big challenge as the final product shall not contain any faults. This lecture is about preventing development faults on the example of the aerospace and automotive industry. Part one of this lecture is a basic introduction why reliability is an issue at all. It is obvious that a failure in the primary flight control will seriously endanger the live of people. But buried under functionality of a e.g. Web-application the criticality of these application cannot easily recognized. Often these application are not directly live threatening, but the loss of the income source also endangers lives (at least the quality). Part two will introduce the DO-178B standard with which the aerospace industry tries to handle the reliability challenge. The basic idea of this quality standard is very simple: “SW shall contain only functionality it has to”. To achieve this postulate the DO-178B specifies a series of processes and documents (which can be seen as artefacts of these processes). Of course some examples will illustrate this part. The last part will summarize the lecture and gives some ideas on the (re-)usage of the described methods for “classic” (non-safety critical) application.
-
12:07
»
SecDocs
Authors:
Erwin Erkinger Tags:
software development Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The challenge of designing reliable is managed different in every industry. This lecture will give an overview how safety critical and reliable software is designed and produced in the area of aerospace industry and why this could also be interesting for other applications (like web-design) "The greatest of faults, I should say, is to be conscious of none. " - Thomas Carlyle It is the humans most valuable gift to be unprescise – as many new things would not be discovered otherwise. But for reliable (software) development this evolutionary gift turns to be a big challenge as the final product shall not contain any faults. This lecture is about preventing development faults on the example of the aerospace and automotive industry. Part one of this lecture is a basic introduction why reliability is an issue at all. It is obvious that a failure in the primary flight control will seriously endanger the live of people. But buried under functionality of a e.g. Web-application the criticality of these application cannot easily recognized. Often these application are not directly live threatening, but the loss of the income source also endangers lives (at least the quality). Part two will introduce the DO-178B standard with which the aerospace industry tries to handle the reliability challenge. The basic idea of this quality standard is very simple: “SW shall contain only functionality it has to”. To achieve this postulate the DO-178B specifies a series of processes and documents (which can be seen as artefacts of these processes). Of course some examples will illustrate this part. The last part will summarize the lecture and gives some ideas on the (re-)usage of the described methods for “classic” (non-safety critical) application.
-
-
14:10
»
SecDocs
Authors:
Annalee Newitz Tags:
social Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? I have just completed a book-length project on female geeks, to be published in January, which is a collection of essays by women in a variety of male-dominated "geek" jobs -- everything from computer science and bioinformatics work, to comic book writing and videogame programming. I will present some of the findings from my book, looking at real-life examples of women fighting back against sexism in technical/science jobs. I'll also examine how women can help change the pop culture image of geeks as almost entirely male.
-
14:07
»
SecDocs
Authors:
Annalee Newitz Tags:
social Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? I have just completed a book-length project on female geeks, to be published in January, which is a collection of essays by women in a variety of male-dominated "geek" jobs -- everything from computer science and bioinformatics work, to comic book writing and videogame programming. I will present some of the findings from my book, looking at real-life examples of women fighting back against sexism in technical/science jobs. I'll also examine how women can help change the pop culture image of geeks as almost entirely male.
-
-
17:00
»
SecuriTeam
Oracle Industry Applications is prone to a remote vulnerability in Siebel Clinical.
-
-
0:01
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
0:01
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
23:00
»
Packet Storm Security Tools
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
23:00
»
Packet Storm Security Recent Files
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
-
-
21:13
»
SecDocs
Authors:
Felix Domke Tags:
reverse engineering hardware hacking Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: JTAG is an industry standard for accessing testmode functionality in almost any complex microchip. While the basics of JTAG are standardized, the exact implementation details are usually undocumented. Nevertheless, JTAG often allows you to interact with the chip very deeply, which makes it very interesting since it is often easily accessible thanks to the small pincount. This talk covers reverse engineering of JTAG interfaces when no or only limited documentation is available. JTAG is an industry standard for accessing testmode functionality, and is available on almost any complex microchip. It is often for functional testing while doing wafer sort, during board production, product development and service. While the basics of JTAG are standardized, the exact implementation details are usually not available in public datasheets. Very often, even when signing a vendor NDA, only limited parts of JTAG will be documented (like boundary scan and the CPU debug interface). JTAG, however, often allows a much deeper interaction with the chip, and often, security is falsely established though obscurity by providing undocumented testmodes. JTAG isn't only available on CPUs, but also on a lot of other peripherals, which turns them into an interesting target if they provide busmaster access to a system bus.
