var imgWindow = ""; function openPopup(img, width, height) { if (img && width && height) { width = Math.min(width + 36, 640); height = Math.min(height + 30, 480); if (imgWindow.location && !imgWindow.closed) imgWindow.close(); imgWindow =, "imgWindow" + width + height, "toolbar=no,location=no,directories=no,status=no,scrollbars=yes,resizable=yes,width=" + width + ",height=" + height); // imgWindow.focus(); } }
It's a shampoo world anyway
Donnerstag, 29. November 2007

DeepSec 2007 Roundup

Last friday I had the honour of giving a talk at DeepSec2007 in Vienna. Due to other obligations I unfortunately could only attend the final day of the conference.

The day started with a keynote presentation by Jeff Moss, the founder of BlackHat. He gave a really entertaining talk on responsible disclosure using the Mike Lynn/ISS/CISCO-debacle of 2005 as an example. Jeff was followed by Halvar Flake who talked about (semi-)automatic malware classification using his tool BinDiff. BinDiff looks fantastic. I am always intrigued by tools that combine clever algorithms with a good looking and usable GUI. While I don't necessary completely agree with Halvar's assessment why his technique is significantly better than the competing approaches, I learned a lot from his presentation. Then I had to to some last minute refinements on my slides and meet some people, therefore I skipped most of the trailing presentations.

The next talk I attended was my own, which went fine. Once again (a probably for the last time) I presented on CSRF. This time I skipped most parts concerning our protection mechanisms and concentrated more on the various exploiting aspects using real life examples and demoing Justus's CSRF-exploit-o-mat, which allows the automatic creation of a working exploit in less the 5 seconds. I got some good questions and had a couple of nice conversations in the hallway.

The conference ended for me with Melanie Rieback's presentation on RFIDGuardian. The RFIDGuardian is a small wearable appliance which is able to intercept, alter, or block communication between RFID-readers and RFID-tags (e.g., your passport, tags in your clothing, or tags you didn't even know you had). The appropriate action which the guardian should execute can be selected on a per tag basis, thus allowing a rather fine-grained control. The feature I liked the most is, that the tool provides auditing/logging capabilities which enable the user to exactly establish when and where somebody tried to access RFID-tags during the day. Right now, only prototypes exist but Melanie's research group is trying to get some funding for mass production, which would result in a possible end-consumer price around 200 €. As all the basic information (software, hardware design) is open and free (GPL, CC) it is also possible to build your own device at home, provided you have a soldering iron and know what you are doing ( a note to my stundents: If anybody wants to do this as a part of his master's thesis, drop me a line).

In the evening fukami, Stefan Esser, and I attended Monochrome's fantastically entertaining Taugshow. The show's talk-guests on stage were (among others) Cory Doctorow, Tim Pritlove and Jeff Moss. The secret highlight of the show was a friendly american who almost chocked when he was trying to eat a dollar-bill (which he did to support the US economy).

In summary, DeepSec was a very pleasant and inspiring experience. My only regret is that my time was to limited so that I missed the first day and neither had the time to check out the Meta-Lab nor visit the Roböexotica-event.

online for 5985 Days
last updated: 09.04.14 16:14
Youre not logged in ... Login
... home
... topics

... antville home

März 2018
the shampoo world is
the personal weblog of Martin Johns.

xml version of this page

Made with Antville
powered by
Helma Object Publisher

...welcome to the long tail...