-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everybody,
[ Please RSVP directly to me, or on Facebook: https://www.facebook.com/events/540834935934459/ ] This is a SkullSpace event taking place February 20th. It's open to everybody, but we kindly request a $10 (optional) donation from non-SkullSpace members. If anybody else wants to do a talk on crypto that night, let me know and we'll arrange for both of us to go on! I'm going to be doing a talk at Shmoocon this year about crypto, and how it can be misused and abused. I'm going to be releasing a bunch of tools to demonstrate the problems. The intended audience of this is programmers, developers, and technical security people. It's very helpful if you know what "encryption" means, since I won't be dwelling too much on the basics. If you're familiar with the concept of encryption, then you'll understand just fine! If you've ever used crypto in an application, or if you ever plan to, you should see this! If there's too much interest, I'll have a second session on the 21st. Here's the abstract from my Shmoocon talk: - -- As a group. the security industry has solved a lot of difficult problems. Firewalls do a great job blocking traffic, overflow vulnerabilities are getting hard and harder to exploit on modern systems, and spam filters/captchas are nearly perfect. But there's one place where we have dropped the ball: cryptography. Why is cryptography so hard to get right? As a developer, you have to understand random numbers, key generation, padding, block chaining, initialization vectors, proper signature generation, and more, just to be somewhat safe. Even security professionals manage to screw it up, so how do we expect an average developer to get it right? For this talk, we'll be getting into deep detail on a bunch of well known attacks against crypto - including padding oracles (the Vaudenay attack), hash length extension, BEAST, CRIME, poorly generated random numbers, WEP, and more - to help demonstrate the problem, and begin to look at how we might be able to fix it. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlD1hMAACgkQ2t2zxlt4g/QkGwCfQPyNtGsq0Q8pSBpnmZIhlGDc AF8An1iEtKMCKFddVTwpUfcCbQC5+Aj1 =RJ3Z -----END PGP SIGNATURE----- _______________________________________________ SkullSpace Announce Mailing List Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Announce Archive: https://groups.google.com/group/skullspace-announce-archive/
