Tuesday

Upcoming Belgian Security Events

Some upcoming .BE security events

-Sec
Events

12.02.2008 : Standards & Guidelines on IT Management
28.02.2008 : eID and Identity Management Forum
12.03.2008 : Biometrics Forum
24.04.2008 : Securing Media Distribution
29.04.2008 : Fraud Detection and Fraud Management
13.05.2008 : LSEC BCM 2 : Compliance Requirements, ISO, PCI, SAS70, …
09.10.2008 : Security Forum 2008
20.11.2008 : eID and Identity Management

Non LSEC Events Schedule

19 & 20.03.2008 : Infosecurity.be Belgium

You can also have a look at this public google calendar managed by Pieter Danhieux containing upcoming security events in .BE (kudos)

Learn to present like Steve Jobs



On Businessweek.com there is a breakdown of the ace presenter's latest Macworld keynote. The result? A 10-part framework you can use to wow your own audience. But before we go to the details, I want to mention another article: Steve Jobs, Bill Gates & the Zen Aesthetic from the excellent presentationzen.com. After that, have a look at the Macworld 2008 Keynote speech to get inspirational.

The Businessweek article has some really useful tips in there like:

Make numbers meaningful. When Jobs announced that Apple had sold 4 million iPhones to date, he didn’t simply leave the number out of context. Instead, he put it in perspective by adding, “That’s 20,000 iPhones every day, on average.” Jobs went on to say, “What does that mean to the overall market?” Jobs detailed the breakdown of the U.S smartphone market and Apple’s share of it to demonstrate just how impressive the number actually is. Jobs also pointed out that Apple’s market share equals the share of its top three competitors combined. Numbers don’t mean much unless they are placed in context. Connect the dots for your listeners.

And

Create visual slides. While most speakers fill their slides with data, text, and charts, Jobs does the opposite. There is very little text on a Steve Jobs slide. Most of the slides simply show one image. For example, his phrase "The first thing I want to talk to you about today…" was accompanied by a slide with the numeral 1. That's it. Just the number. When Jobs discussed a specific product like the iPhone, the audience saw a slide with an image of the product. When text was introduced, it was often revealed as short sentences (three or four words) to the right of the image. Sometimes, there were no images at all on the slide but a sentence that Jobs had delivered such as "There is something in the air." There is a trend in public speaking to paint a picture for audiences by creating more visual graphics. Inspiring presenters are short on bullet points and big on graphics.

Deliver a Presentation like Steve Jobs (BusinessWeek)

Sunday

CIO's Most Popular 50 Articles



Maybe not that security related but some articles might be very interesting. Here are CIO's Most Popular 50 Articles:

Drive-by pharming attacks in the wild are not that new but are getting more frequent



The blogosphere is buzzing about drive-by pharming seen "in the wild" for the first time. A Symantec report discusses the drive-by pharming in the wild. It talks about modems being insecure because they use the default password. It seems even if you change the password, you are vulnerable.
This exploit uses a vulnerability in 2WIRE modems, as documented in US-CERT http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4389 [nist.gov].
The UNAM-CERT, also has the "Gusanito" exploit documented (spanish only) at http://www.seguridad.unam.mx/doc/?ap=articulo&id=196 [seguridad.unam.mx]
The attack overrides the modem's password... Trendmicro has a more recent analysis: Targeted Attacks in Australia: DNS Poisoning via Modems. Yep, the same 2wire modems.

After reading up on the attack, it seems this is not the first time this was used in the wild. The 2wire modem attack dates from April 2007 (Spanish).

So it's not the first time, but it's getting more frequent and luckily getting more attention in the press. I remember another router having massive vulnerabilities:

So is this router the next victim? BT is denying that there are currently any vulnerabilities.
However, Petko Petkov, one of the GNUCitizen hackers, subsequently denied BT's claim. He said the routers that had been hacked were still on firmware version 6.2.6.B. Since the routers also have VOIP capabilities, we present you a interesting proof-of-concept video:

Phreaking the BT Home Hub

Get your stress management kit here

Some more Sunday Fun:

How much can a lack of security controls and backups cost you?



This is what an architecture firm in Florida, US found out. A female employee saw a job that looked like hers in the classifieds. Out of revenge, she deleted seven years' worth of architectural drawings. The information lost was valued at 2.5 million dollars.

Proper security controls and good backups never sounded as good as about now.

Article link.

Bonus: The TAO of Backup.

Fun: 10 Reasons CISOs Will Resign in 2008



Some Sunday fun: Top Ten Reasons You as a CISO Will Resign in 2008 (CSOOnline)

My favorite: #10 You have to ask everybody in the organization -- all umpteen thousand of them -- to buy into your ideas (because I can relate to it).

PS: If you don't know what an ocelot is (see article), it's in the picture included above.

Whitepaper: IEEE Threat modelling


From Securitybuddha:

This paper from IEEE describes how Ford Motor Company use the Threat and Application Modelling tool from my team to improve the security of their business applications.

Download PDF Here

Saturday

ISC² releases hiring guide for security professionals



Well, security is becoming more and more important. While the guide below only talks about high level concepts (and it is a bit of marketing), you might have some interesting questions for your job interviews.

Information security is a complex field. To make matters even trickier, there's no end to the ingenuity of rogue attackers who find new ways to access your data everyday. Once compromised, a faulty system can virtually cripple an entire company.

Fortunately,

(ISC)² has the solutions you need right here--right now. Front line managers and human resources can work together to find the right employees. Let us help you. Download our new whitepaper which discusses how hiring plays an important role in information security...

Podcast: AudioParasitics Episode 25&26: Verbal data loss & Patch Tuesday



Two new episodes to listen to on the way to work:

Episode 26 - Dave and Jim discuss the phenomenon of *Verbal Data Loss*. How do we compromise our data verbally? What are the risks? How should this issue be approached?

Episode 25 - Microsoft Patch Tuesday Special Edition - MS08-001 and MS08-002 are discussed. Craig Schmugar joins Dave and Jim to discuss the security implications of each bulletin.

CERT released Secure Coding Standards



For the application security guys among us, the following might be useful:

This web site exists to support the development of secure coding standards for commonly used programming languages such as C and C++. These standards are being developed through a broad-based community effort including the CERT Secure Coding Initiative and members of the software development and software security communities. For a further explanation of this project and tips on how to contribute, please see the Development Guidelines.

As this is a development web site, many of the pages are incomplete or contain errors. If you are interested in furthering this effort, you may comment on existing items or send recommendations to secure-coding at cert dot org.

CERT C Secure Coding Standard

CERT C++ Secure Coding Standard

Get a VPN client on your Iphone or Ipod Touch

I don't have an Ipod Touch or IPhone. I'm being tempted to do so (for several reasons which I will expain later). But the Iphone hasn't been launched in Belgium yet (due to some laws). One article on Liquidmatrix is tempting me even more: a VPN client:

OK, this is cool. I was just messing around with my iPod Touch which I upgraded with the January release software. Thanks to a co-worker (thx Sab) I noticed that there is a VPN client on the Touch now.


Bonus (27/01/2007): Install Nmap on your iPhone.

Wikileaks releases details on German police Trojan



Interesting to read. I didn't think I would see Wikileaks so soon again. I mentioned this site during my 24C3 day 3 review. The Trojan mentioned doesn't only cover Skype interception but also all the SSL encrypted traffic.

From Slashdot.org:

"Wikileaks has released documents from the German police revealing Skype interception technology. The leaks are currently creating a storm in the German press. The first document is a communication by the Ministry of Justice to the prosecutors office, about the cost splitting for Skype interception. The second document presents the offer made by Digitask, the German company secretly developing Skype interception, and holds information on pricing and license model, high-level technology descriptions and other detail. The document is of global importance because Skype is used by tens or hundreds of millions of people daily to communicate voice calls and Skype (owned by Ebay, Inc) promotes these calls as being encrypted and secure. The technology includes interception boxes, key forwarding trojans and anonymous proxies to hide police communications."

Tuesday

Dutch public transit card broken



Last weekend, I mentioned the Smartcard RFID to be used for Belgium public transport. It seems the Dutch version has serious issues:

The normal card uses the Mifare Classic chip, which uses cryptography to protect the money stored on it. The single-use card uses the Mifare Ultralite, which does not use cryptography. Recently, students and hackers have launched successful attacks on both of these cards.

The first reported attack was designed by two students at the University of Amsterdam, Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and showed its vulnerabilities in a report. They also showed how a used single-use card could be given eternal life by resetting it to its original "unused" state.

The next attack was on the Mifare Classic chip, used on the normal ticket. Two German hackers, Karsten Nohl and Henryk Plotz, were able to remove the coating on the Mifare chip and photograph the internal circuitry. By studying the circuitry, they were able to deduce the secret cryptographic algorithm used by the chip. While this alone does not break the chip, it certainly gives future hackers a stepping stone on which to stand. On Jan. 8, 2008, they released a statement about their work.

Full article (Free University Amsterdam)

UK to ban possession of hacker tools



Germany tried to outban hacker tools last year. There are so many things wrong with that concept. Like, who decides the difference between legitimate security tools and hacker software? Unfortunately, the UK is going down the same road of misery.

The UK government is preparing to ban the development, ownership, and distribution of hacker tools, even though much the same software is used by system administrators and security consultants for legitimate security testing.

The ban is part of the Computer Misuse Act, which was itself part of the Police and Justice Act of 2006, and will probably not be enforced until May.

Recently published guidelines indicate that prosecutors would have to show that the software was intended to be used to commit computer crime, but distribution of the software remains a crime.

Prosecutors were also told to consider whether the software was available on a wide scale through legitimate channels, but critics said that software development is so rapid that wide-scale availability is often not an issue. (Source: ITCI)

EU might decide that an IP is personal information



IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.

Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. For example, some computers in Internet cafes or offices are used by several people.

Full article (Yahoo news)



Sunday

Yahoo CAPTCHAs might not be strong enough



A follow up on Are CAPTCHAs broken for good?

Russian security researchers tested the strength of CAPTCHA used by Yahoo:

Few months ago we received information that yahoo CAPTCHA recognition system exists in the wild with the recognition rate about 30%. So we decided to conduct few experiments. We explored yahoo CAPTCHA and designed a similar system with even better recognition rate (about 35%). The vendor was notified. The vendor didn't reply. In this article we’ll present you our own research.
Full article.

Previous CAPTCHA articles.

Saturday

14 year old Polish teenager derails tram with remote control


From Schneier.com

A 14-year-old built a modified a TV remote control to switch trains on tracks in the Polish city of Lodz:

Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz's tram network was hacked, even by these low standards, is still a bit of an eye opener.

Problems with the signalling system on Lodz's tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.

Here's Steve Bellovin:

The device is described in the original article as a modified TV remote control. Presumably, this means that the points are normally controlled by IR signals; what he did was learn the coding and perhaps the light frequency and amplitude needed. This makes a lot of sense; it lets tram drivers control where their trains go, rather than relying on an automated system or some such. Indeed, the article notes "a city tram driver tried to steer his vehicle to the right, but found himself helpless to stop it swerving to the left instead."

The lesson here is that security by obscurity, combined with physical security of the equipment, wasn't enough. This kid jumped whatever fences there were, and reverse-engineered the IR control protocol. Then he was able to play "trains" with real trains.

Smartcard RFID to be used for Belgium public transport



I read on datanews.be that Belgium will have one uniform smartcard ticketing system for all of Belgium's public transport systems. A good step forward for customer friendliness. We were first introduced to smardcard technology by Proton cards (a electronic wallet system from Banksys).
Then I read in the datanews article that it was a contactless card. Hmmm. Let's have a look.This system will be based on the Calypso standard. I couldn't find security vulnerabilities about the technology. That doesn't mean there aren't any. Luckily, because another known standard is Mifare which does have some vulnerabilities as shown during the 24C3 Congress.

However there is always one risk using these smarcards. Using a smart card for mass transit presents a risk for privacy, because such a system enables the mass transit operator (and the authorities) to track your movement. But then again, they already can do this with your cellphone. Unless you are willing to give that one up...

Wednesday

Italian bank gets hacked



From CGIsecurity:

"An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details. Fraudsters are currently sending phishing mails which use a specially-crafted URL to inject a modified login form onto the bank's login page.

The vulnerable page is served over SSL with a bona fide SSL certificate issued to Banca Fideuram S.p.A. in Italy. Nonetheless, the fraudsters have been able to inject an IFRAME onto the login page which loads a modified login form from a web server hosted in Taiwan. "

Good real life example of XSS being used.


Article Link: http://news.netcraft.com/archives/2008/01/08/italian_banks_xss_opportunity_seized_by_fraudsters.html

Symantec warns about new banking trojan


Symantec discovered a Trojan dubbed Silentbanker that is targeting more than 400 banks.It hangs in the background to intercept transactions with two-factor authentication, according to researchers at Symantec.

Compared to the usual Trojan attacks the versatility of Trojan.Silentbanker is remarkable. Symantec researcher Liam OMurchu has more details:

The ability of this Trojan to perform man-in-the-middle attacks on valid transactions is what is most worrying. The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker’s account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker’s details instead. Since the user doesn’t notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Unfortunately, we were unable to reproduce exactly such a transaction in the lab. However, through analysis of the Trojan’s code it can be seen that this feature is available to the attackers.

Quicktime flaw (AGAIN)



There have been a lot of security flaws in Quicktime in the last year. The latest one now has active exploits available. I have seen people stating on forums that they are advising all their clients to ban this software entirely. I can't blame them. For those who won't, patch now!!!

Storm Worm starts it's valentine campaign



It might be early for valentine but that isn't stopping the gang behind Storm Worm:

Oracle security patches are seldom applied



I know you got lies, damned lies and statistics but according to this survey from sentrigo, two thirds have never installed Oracle Critical Patch Updates.

Be aware that the January 2008 Critical Patch Update from Oracle fixes 26 vulnerabilities by itself.

The two Application Server client fixes address severe vulnerabilities affecting JInitiator, a web browser extension that enables end users to run Oracle Forms Services applications within their browser. These two vulnerabilities have received a CVSS score of 9.3 because they could allow an attacker to gain full control of the targeted client (e.g. a laptop or workstation) at the Operating System level.

Belgian parliament gets cybersecurity wakeup call



Luc Beirens, head of the FCCU and Len Lavens, a Belgian security researcher and part of the Belgian Security Blognetwork, talked to the Belgian parliament today. Today, Belgium doesn't have a CERT, no incident response plan and isn't prepared for widescale attacks like in Estonia. A lot of other points were discussed. Let's hope the people were listening and things will change.

Zdnet has an article about it, in Dutch and here is Google Translation.

Targeted attacks might be using office 0-day



From US-CERT:

Microsoft has released Security Advisory 947563 to address a vulnerability in Excel. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the local user.

According to Security Advisory 947563:

  • This vulnerability cannot be exploited on Microsoft Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007, Microsoft Office Excel 2007 Service Pack 1, or Microsoft Excel 2008 for Mac.
  • This vulnerability does not affect customers who are running Microsoft Office Excel 2003 Service Pack 2 and have deployed Microsoft Office Isolated Conversion Environment (MOICE).
Until a fix becomes available, US-CERT recommends the following actions to help mitigate the security risks:
  • Do not open unfamiliar or unexpected email attachments
  • Review the workarounds described in Microsoft Security Advisory 947563

  • As they are saying in their advisory:

    Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003. At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited.

    I wouldn't say the risk is limited if you happen to be the target. This also means that the exploit isn't widespread and antimalware vendors don't have updated signatures.

    Sunday

    Paper on VoIP Security Vulnerabilities



    From SIPvicious:

    The SANS Institute just posted an interesting paper by David Persky on VoIP security here. Although there is a growing number of papers and articles on VoIP security, but its very hard to find one that when stripped out of the marketing fluff, has any useful information at all. This paper on the other hand presents specific examples and has some real content.

    Paper on Threat modeling


    From SecurityBuddha:

    Abstract: “Ford Motor Company is currently introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between IT Security & Controls (the ITS group at Ford) and its business customers in analyzing threats and better understanding risk. To accomplish this, a core group of security personnel have piloted Microsoft’s Threat Analysis and Modeling process and tool on a dozen projects. Here, we discuss this TAM process, its benefits and challenges, and some deployment solutions.”

    Download PDF Here

    Webcast: BotArmy Facts. Not Fiction.



    Forget the hype. Learn the facts about how BotMasters build malware, control BotArmies and attack their victims. Come see the reality – it's not what you think! This Webcast demonstrates where bots live, how they are controlled and how BotMasters continue to add new capabilities. Better yet, this powerful presentation shows you what really works in terms of protecting your enterprise – inside and out.

    Register here.

    Online Course: Certified Wireless Analysis Professional (CWAP)



    To hone your Wifoo skills: here is the official CWAP study guide. You can find it here for your browsing convenience.

    Topics covered:

    - 802.11 MAC and PHY Layers
    - Introduction to Wireless LAN Analysis
    - 802.11 Protocol Architecture
    - Connectivity and Data Protection
    - Configuration Options and Protection Mechanisms
    - 802.11 MAC Frame Format
    - 802.11 Management Frames
    - 802.11 Control and Data Frames
    - 802.11 PHY Layers

    - Applied Analysis
    - 802.11 System Architecture
    - 802.11 Protocol Analyzers
    - 802.11 Performance Variables

    To top it off:

    Group around Seguridad Wireless has released 3th final version of pentest distribution WifiSlax. This distribution is unique by list of supported hardware and it's kernel contains many non-public and repaired drivers. For example older distro support card with Texas Instruments chipset or packet injection with Broadcom, rtl8180 and rtl8187 adapters!

    The last version of WifiSlax runs with KDE (kernel 2.6.2) builtin ipw3945, rt73. 'll find in it last version of aircrack 0.9, aircrack-ptw or direct support of ntfs-3g, nvidia etc.

    Complete list of hardware drivers (adapter - driver):

    Ralink
    rt73, rt61, rt2570, rt2500

    Zydas
    zd1201, zd1211rw, zd1211b

    Intel
    ipw2100, ipw2200, ipw3945

    Realtek
    rtl8180, rtl8185, rtl8187

    Broadcom
    (with packet injection)

    Also available are general drivers for Prism54, Madwifi-ng, Wlan-ng, HostAP..

    All WifiSlax versions are available here.

    Wednesday

    Podcast: Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....



    Download the show here (MP3, 20MB)

    Show Content:

    Video: Hak5 Episode 3×06 Released


    In this episode of Hak5 Darren uses the eeePC, BackTrack 3, and Aircrack-ng to audit the security of our WPA encrypted wireless access point. Wess reviews Herbie the Mousebot from Solarbotics, a great electronics projects for beginners/intermediates. Chris Gerling comes by to show us Rockbox, the open source firmware alternative for your portable media players as well as a brief tutorial on building your own songs for frets on fire. Grab a companion cube and gather ’round for some technolust.

    WIZZYWIG!

  • Wizzywig volume 1: Phreak now available
  • Read the first half online.
  • Review of issue 1 by Jason Scott (textfiles.com)
  • Find out about volume 2: Hacking.
  • Virus is using old tricks



    You don't see any bootsector viruses anymore. But Trojans might be borrowing old tricks:

    The developers of the GMER anti-root kit program have discovered a contaminant that makes itself at home on a hard drive's master boot record (MBR) and uses root kit techniques to hide itself on a Windows system. Researchers at security service provider Prevx have discovered an MBR contaminant on a number of comprised websites that exploits security holes in outdated software in order to inject malware.


    The still unnamed MBR root kit is based on the freely available code for BootRoot, a feasibility study conducted by security provider eEye. At the Black Hat USA Conference 2005, researchers at the company demonstrated how a contaminant embeds itself in the MBR, manipulating drivers when the system is booted. It is thus able to infect the kernel of Windows NT and subsequent Windows systems.

    According to the GMER report, the recently detected contaminant first copies the original boot sector to sector 62 of the hard drive before proceeding to copy itself into the MBR and write additional data onto sector 60 and 61. The contaminant writes the root kit driver onto free sectors, usually the last sectors the drive. The code in the MBR then makes sure that the root kit driver is loaded.

    When the system reboots, the code hooks interrupt 13h to get control over the loaded data. It can then hook the Windows kernel and patch it so that it loads the root kit driver. The root kit driver itself hooks into the system functions IRP_MJ_READ and IRP_MJ_WRITE of the driver disk.sys and redirects read requests for the boot sector to the original code in sector 62. In addition, the driver sets up connections to the internet. (Source: Heise)

    Pecha Kucha Brussels Volume 2



    Pecha Kucha Brussels Volume 1 was a success (fotos & video). Soon there will be a second edition.

    The second evening of Pecha Kucha Brussels will take place on January 20th 2008, at 20:20.

    iMAL (interactive Media Art Lab) will have Pecha Kucha in its new venue, the first Center for Digital Cultures and Technology in Brussels, a new place of about 600m2 for the meeting of artistic, scientific and industrial innovations.

    More on http://www.imal.org

    Line-up of speakers is nearly ready. Here are some of them:

    Jean Paul van Bendeghem - scientist
    Salvatore Bono, architect Buro2networks
    Bart Cardinaal & Nadine Roos, HunkDesign Rotterdam
    Cécile Chanvillard / Cédric Libert / Vincent …
    … Piroux / Gilles Vanderstocken - ANORAK architecture
    Satinder Gill, Gesture and Multi-Modal Communication, UK
    François Jégou, strategic design scenarios & SEP
    Jan van den Bergh, Boondoggle, ex iMerge, web design agency
    Rob Van Kranenburg, RFID and cultural operator
    Olu Vandebusche, Textile design for the visually challenged
    Joannes Vandermeulen, archaeologist & user experience expert
    Angelo Vermeulen, biologist artist video gamer performer DJ
    Bernard Yslaire, graphic novelist “le XXème ciel”

    Tuesday

    Tiger Team is no more



    Today, I read the Tiger Team show won't continue. I saw the first two episodes and found them quite good. Okay, it was focussed on physical pentesting but there were elements I liked:

    • dumpster diving: yes, people still throw confidential data away
    • social engineering: miss, could you print the document on this usb stick (insert trojan)
    • access badge (RFID) cloning
    • how to bypass motion sensors
    • ......
    If you did see the show and liked it, write a comment to TruTV.

    F-secure, you are not alone



    Last month, the forum of F-Secure got hacked. Now it's the turn of Computer Associates:

    Hackers have attacked software vendor CA's website and are redirecting visitors to a malicious website hosted in China.

    Although the problem now appears to have been corrected, cached versions of some pages on CA.com show that the site had been redirecting visitors to the uc8010.com domain, which has been serving malicious software since late December, according to Marcus Sachs, director of the SANS Internet Storm Center. (Techworld.com)

    The realplayer vulnerability has been linked to the uc8010-dot-com domain in several other cases.

    Update: DDanchev has more details on the mass Realplayer exploitation.

    Sunday

    Sometimes, I don't like living in Europe



    From heise.de:

    The EU commission has officially put 19 member states on notice for failing to pass national laws implementing controversial EU regulations governing retention of telephone and Internet data. According to the dpa, the commission announced today that only eight of the 27 EU countries had passed such laws and reported back to Brussels. All of the countries who had neglected their obligation had already been served letters of notice by the end of November. Germany is one of eight countries setting the example by taking the lead. In that country, the hotly debated obligation to retain user data for six months within the framework of the new telecommunications monitoring law went into effect with the new year, despite strong protest on several fronts. Opponents, however, representing some 30,000 concerned citizens have filed a complaint, calling into question the constitutionality of the new legislation.

    Ironically, Germany who has been in front in this movement, is also the first country that might turn the tide.

    Friday

    24C3 Review day 4 (30-12-2007)



    Better late then never. I caught a nasty virus during the first day and needed some time to 'fix' the problem.

    Some Trivia about the event:

    • I noticed there were a lot of woman present
    • Apparently it's normal that people take pictures of tourists (us) in German pubs
    • There were more than 4000 visitors at the congress!!!
    • About 30% of observed MAC addresses were from Apple (I saw a lot of people with iBooks)
    So some more talks on this last day:
    The talk was a collection of several smaller discoveries. Technically, it was ok but overall the presentation didn't impress. I must admit, it were some unusual things like dev/[k]mem race conditions. Unfortunately, it's only present in some of the *BSD families.
    The European Commission did an online consultation on RFID in 2006 (of which I was unaware). 2190 responded of which 70% "interested citizens". Quite good!!!
    43% came from Germany and Belgium, UK and Austria had a 4-5% each. Could the presence of the Chaos Computer Club have a good influence?
    So that excessive surveillance and massive privacy violations shouldn't be possible by the massive use of RFID, adequate countermeasures should be taken. Let's hope they adopt a privacy by design. There will be a publication in 2008 by the expert group as well as another online consultation.
    First part of the talk was a look back at 2007. With up to 348 days for a 0-day vulnerabilities or 39 seconds before first attacks after patch release, this looks grim. Also adhoc networks at airports (man in the corner attack) incl. bluetooth were in the picture.
    Didier Stevens got mentioned with his 'Get infected here' google ad but their forgot his name. So here are some due credits.
    To be expected in 2008: Apple software exploits/ Flash memory / Datahygiene / Mobile Malware / Vista / .....
    Well, the 24th edition was a success. The politicians might even revoke the anti-hackertool law, which was silly in the first place. Kudos to the angels and the entire organization for five days of hard work.
    Someone got arrested on the Mediamarket across the street for using a special cyberweapon. Be careful with those toys.

    So see you next time at the 25th anniversary edition!!!

    Previous parts: