Send Dailydave mailing list submissions to
dailydave@lists.immunitysec.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.immunitysec.com/mailman/listinfo/dailydave
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Dailydave digest..."
Today's Topics:
1. Black Hat November News: CFPS Now Open, Webinar 5 and Japan
on-line. (jmoss)
2. CSI 2008 Redux (Dave Aitel)
3. Re: CSI 2008 Redux (RB)
4. Re: CSI 2008 Redux (Alexander Sotirov)
5. Re: CSI 2008 Redux (Joanna Rutkowska)
6. [CFP] FRHACK 01 PRE-Call For Papers (Jerome Athias)
----------------------------------------------------------------------
Message: 1
Date: Tue, 18 Nov 2008 12:32:17 -0800
From: "jmoss" <[EMAIL PROTECTED]>
Subject: [Dailydave] Black Hat November News: CFPS Now Open, Webinar 5
and Japan on-line.
To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Daily Dave, we opened up the CFPs for Washington D.C. and Amsterdam, as well
as some new ways to get involved in Black Hat. The audio from Tokyo is being
uploaded today, should be linked in this week.
BLACK HAT FREE WEBINAR Nov 20th
https://www.blackhat.com/html/webinars/clickjacking.html
Black Hat Webcast #5 is scheduled for Thursday, November 20 at 1pm PST.
The topic this time is Clickjacking, and our featured guest is Jeremiah
Grossman, the co-discoverer of the widely publicized vulnerability. For the
uninitiated, it's a set of techniques discovered by Jeremiah Grossman and
Robert Hansen that allows an attacker to transparently capture a user's
clicks, forcing the user to do all manner of unpleasant things ranging from
adjusting security settings to unwittingly visiting websites with malicious
code.
The vectors for this attack include all the major browsers and Flash. In
co-operation with Adobe, the discoverers delayed public discussion to allow
a patch to be created. In the intervening time, other researchers have made
partial disclosures, but this is your chance to join co-discoverer Jeremiah
Grossman for a Black Hat webcast that deals with the attack from all sides.
Bring your questions - we'll have a Q&A session after the presentation.
Black Hat Japan is in the books and we're already looking forward to the
Washington DC and Europe events. If you missed Black Hat Tokyo, we have put
all the material on-line for download, and are in the process of getting the
audio files tagged and on-line as well:
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-onsite-archive.html
BLACK HAT WASHINGTON DC CFP NOW OPEN
Held February 16-19, 2009 at the Hyatt Regency Crystal City. Black Hat DC is
the leading security conference focused on the needs of government and
infrastructure security professionals, with tracks focused on Hardware and
Embedded Devices, Reverse Engineering and Malware, Client Wars and
Application Security, and Forensics and Network Protection. We hope to see
you there for another highly technical and refreshingly vendor-neutral
event.
Submitters will have until January 1 to get their papers into the Black Hat
CFP system at :
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-cfp.html.
We expect to have the final selections for speakers and trainers made by
January 15, 2009. For those who wish to attend, you can get the best rates
by registering early and online registration is open at:
https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html
Information about this year's venue can be located on the BH DC 09 venue
page at:
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-venue.html.
BLACK HAT EUROPE CFP NOW OPEN
Black Hat Europe returns to Amsterdam from April 14 to April 17 with the
best lineup of security trainers and speakers anywhere on the European
continent. Tracks include Hardware and Embedded Devices, Reversing and
Malware, Client Wars and Application Security, as well as a focus on the
Enterprise for issues typically found in large enterprises, from databases,
access control, data management, centralized logging and policy management
all the way to routing and switching infrastructure.
The CFP closes February 1 with final selection expected by February 15,
2009. Papers can be submitted to:
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-cfp.html.
Online registration for BH EU is also open at:
https://www.blackhat.com/html/bh-registration/bh-registration-eu-09.html
so be sure to register early for the best prices.
Black Hat Europe will be located again this year at the Moevenpick Amsterdam
City Center. To learn more about the venue, you can check the EU 09 venue
page on the Black Hat website here:
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-venue.html.
Please keep in mind that paid delegates will have the opportunity to read
and evaluate CFP abstracts as the process unfolds. Early registrants will
have the most opportunity to help shape the upcoming events by helping
review CFPs through our crowd-sourcing CFP system. Learn more here:
https://www.blackhat.com/html/blackpages/blackpages.html
GET INVOLVED WITH BLACK HAT!
- - Help review CFP submissions if you are a paid attendee:
https://www.blackhat.com/html/blackpages/blackpages.html
- - Join the Black Hat LinkedIn group and participate in discussions and
comment on news http://www.linkedin.com/groups?gid=37658&trk=hb_side_g
- - Share your pictures of past events, or just check out ours:
http://www.flickr.com/photos/[EMAIL PROTECTED]/
BLACK HAT NEWS AND UPDATES
If you want to get instant access to Black Hat news, you can get our RSS
feed:
https://www.blackhat.com/BlackHatRSS.xml
Follow us on Twitter:
https://www.twitter.com/BlackHatUSA2008
Jeff Moss
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.2 (Build 1608)
Charset: us-ascii
wsBVAwUBSSMmUkqsDNqTZ/G1AQj3owf/Y5aFQSBRyd0HxS+sa6asewnTbwOpB0OF
W586MwFm+0r+NTgRikW5GfJqh6fbj96HLSYrF3+PIKQPqyEIoXWCV7smW5X2IZav
1p1oudjHKK6wS12Pv965oZal/ipjOx/GAlbHI6SnHdFZuqtKPTguGge3346e4/Bi
34b3h8bEpM/7lzFRJ6DpAE37Kw1QTdGuKqJSoHa2n1mAZzrKIk2ACYCxTDr27Np0
zTk7ilCVrytV+iTToxH405KkA5rJo4P0MVyOXGxctU5LTgyZGNeNy2QYCrYI9B5p
NHG4aaiRr/XmwgyLn9Jb2xoaTqZtlDj51AKRYC8tzSsO7LbHKtQNqw==
=YAsH
-----END PGP SIGNATURE-----
------------------------------
Message: 2
Date: Sat, 22 Nov 2008 08:03:28 -0500
From: "Dave Aitel" <[EMAIL PROTECTED]>
Subject: [Dailydave] CSI 2008 Redux
To: dailydave <dailydave@lists.immunitysec.com>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
For TQBF and similar food people who twitter about cooking but should be
twittering about chemistry like this: :>
"Why Fries Taste So Good"
http://www.rense.com/general7/whyy.htm
CSI is a big conference - aimed not towards hackers but to IT managers.
Nevertheless it's interesting to gauge the speakers on their personalities
sometimes more than their tech. Steve Hanna [1], while ostensibly talking
about trusted computing seemed upset at the current US administration's
choices for the use of technology, which was an undercurrent in the
conference (held in DC). But not having a global PKI system (a.k.a.
Palladium, NGTGB, or Trusted Computing, the group Steve works on) is a good
way to make sure governments or large corporations don't abuse it, you know?
After that he went on to say that even with Trusted Computing, NAC still has
an important place for access control, which seemed to veer into confusing
all the OSI layers. If you can literally cryptographically attest to the
code running on a workstation, why do you need network access control?
And I don't understand why you need a trusted computing chip if you decide
to trust your hypervisor in the first place. Trusting the hypervisor instead
of a public key on a chip from Dell makes a lot more sense. It's more
configurable in a user-friendly way, and less configurable in a RIAA/Big
Brother friendly way.
-dave
[1]
http://www.networkworld.com/power/2006/122506-most-powerful-people-hanna.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20081122/adfaa2e0/attachment-0001.htm
------------------------------
Message: 3
Date: Sat, 22 Nov 2008 15:22:22 -0700
From: RB <[EMAIL PROTECTED]>
Subject: Re: [Dailydave] CSI 2008 Redux
To: "Dave Aitel" <[EMAIL PROTECTED]>
Cc: dailydave <dailydave@lists.immunitysec.com>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
On Sat, Nov 22, 2008 at 06:03, Dave Aitel <[EMAIL PROTECTED]> wrote:
> And I don't understand why you need a trusted computing chip if you decide
> to trust your hypervisor in the first place. Trusting the hypervisor instead
> of a public key on a chip from Dell makes a lot more sense. It's more
> configurable in a user-friendly way, and less configurable in a RIAA/Big
> Brother friendly way.
To quickly address the public key bit: yes, the chip from
Infineon/Atmel/etc. that Dell soldered to their motherboard has an RSA
key (EK) burned into it, but that is only used if you follow the full
TCG specifications. The second RSA key (SRK), which is what everyone
actually deals with, is changed every time you "take ownership" of the
chip. You can't specify or modify the private portion, but you often
can't with smartcards.
Leaving the trust issue alone, I find it entirely regrettable that so
many seem to have blindly swallowed the "Right to Read" hype and
simply assume TPM chips are evil insilicate. I detest DRM & Big
Brother as much as your garden-variety Libertarian, but while trying
to solve the very difficult physical presence security problem a
couple of years ago, I decided to try to examine them for what they
are. Needless to say, I was surprised: although TPM chips certainly
could provide the building blocks to do what we all fear, they're
generally quite benign, more analogous to an integrated smartcard than
an evil overlord's rootkit.
Here's an extremely simplistic overview:
For the most part, a TPM chip sits idle - after "measuring"
(generating a checksum) of a few boot-time bits, it largely serves as
a secure cryptography facility. The only checksums it actively makes
are of itself and of the BIOS; after that, each component in the boot
process _tells_ the TPM a 20-byte value (usually the SHA1) of the next
component and which register to store it in.
Encryption comes in two flavors: bound and sealed. Bound encryption
uses the SRK to encrypt/decrypt arbitrary data that is generally
another encryption key. Sealed encryption takes it a step further and
integrates the checksums from specified boot processes, generally
tying the resulting key to very particular hardware & software
configurations.
The problem at this point is that people inextricably conflate TPMs
with the remainder of the TCG specifications: mostly remote
attestation and the associated big-brother issues. It's a simple
piece of technology that supports a much larger and agreeably more
intrusive suite, but its utility goes far beyond the unfortunate
association. It is _just_ a [presumed] secure cryptography facility
that supports a wide variety of functionality.
Hardware trumps software, and I, for one, would rather trust a
smartcard to securely store my keys than a piece of software.
RB
------------------------------
Message: 4
Date: Sat, 22 Nov 2008 15:06:00 -0800
From: Alexander Sotirov <[EMAIL PROTECTED]>
Subject: Re: [Dailydave] CSI 2008 Redux
To: dailydave <dailydave@lists.immunitysec.com>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
On Sat, Nov 22, 2008 at 08:03:28AM -0500, Dave Aitel wrote:
> And I don't understand why you need a trusted computing chip if you decide
> to trust your hypervisor in the first place. Trusting the hypervisor instead
> of a public key on a chip from Dell makes a lot more sense. It's more
> configurable in a user-friendly way, and less configurable in a RIAA/Big
> Brother friendly way.
Because with a TPM chip you can verify (remotely) that the hypervisor that
booted on the machine is really the one you trust, and not a malicious or
backdoored one.
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url :
http://lists.immunitysec.com/pipermail/dailydave/attachments/20081122/6643e03c/attachment-0001.pgp
------------------------------
Message: 5
Date: Sun, 23 Nov 2008 16:06:40 +0100
From: Joanna Rutkowska <[EMAIL PROTECTED]>
Subject: Re: [Dailydave] CSI 2008 Redux
To: Alexander Sotirov <[EMAIL PROTECTED]>, dailydave
<dailydave@lists.immunitysec.com>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alexander Sotirov wrote:
> On Sat, Nov 22, 2008 at 08:03:28AM -0500, Dave Aitel wrote:
>> And I don't understand why you need a trusted computing chip if you decide
>> to trust your hypervisor in the first place. Trusting the hypervisor instead
>> of a public key on a chip from Dell makes a lot more sense. It's more
>> configurable in a user-friendly way, and less configurable in a RIAA/Big
>> Brother friendly way.
>
> Because with a TPM chip you can verify (remotely) that the hypervisor that
> booted on the machine is really the one you trust, and not a malicious or
> backdoored one.
>
... which, of course, doesn't prevent the hypervisor from being exploited 5 secs
after it got securely loaded, e.g. via some buffer overflow bug...
But, nevertheless, yes, this indeed is a very important feature of the TPM (and
the whole trusted boot concept, like e.g. Intel TXT), and people should
eventually stop talking that TPM is bad. It is not, and it indeed can provide
great value for users concerned about security (and not only physical
security!).
I wish people who complain so much about TPM read the spec first and then make
their complaints. Of course, there could be some undocumented functionality
there (=backdoor), but this applies equally well to you network card, graphics
card, the chipset and even the processor ;)
BTW, I'm also glad to see a VMWare researcher acknowledging it :) So far, only
the Xen hypervisor can use the trusted boot mechanism via the Intel-provided
tboot component AFAIK. So, looking forward to see the ESX implementing trusted
boot at some point in time.
joanna.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkpcWsACgkQORdkotfEW84RXQCgocwxJ+g5A8vws1un85MG4Ic4
8y8Anid9O2faB5U9mJKG1FSDDbpoL1gU
=UnZ0
-----END PGP SIGNATURE-----
------------------------------
Message: 6
Date: Sun, 23 Nov 2008 21:32:12 +0100
From: Jerome Athias <[EMAIL PROTECTED]>
Subject: [Dailydave] [CFP] FRHACK 01 PRE-Call For Papers
To: dailydave@lists.immunitysec.com
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
[CFP] FRHACK 01 Pre-Call For Papers
##########################################################################################
> FRHACK: By Hackers, For Hackers! http://www.frhack.org
##########################################################################################
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ FRHACK 01
+ PRE Call For Papers
+ Besan?on, France (Kursaal Hall)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you like good wine, french bread & food, strikes and the french kiss?
If so, you will love FRHACK!
[ - Introduction - ]
FRHACK is the First International IT Security Conference, by hackers -
for hackers, in France!
FRHACK is not commercial - but - highly technical.
Target Audience: Security Officers, Security Professionals and Product
Vendors, IT Decision Makers, Policy Makers, Security-, Network-, and
Firewall Administrators, Teachers, Academic Researchers and Software
Developers.
The FRHACK Team (TFT) encourages speakers to present new and interesting
projects for FRHACK 01 and will give preferential treatment to
submissions that have not been presented at other conferences.
Further, TFT invites any individual who has not spoken at a conference
before to submit a talk and attempt to make FRHACK their inaugural event!
TFT encourages girls passionated by IT Security to submit papers, as TFT
will offer a prize to the "Best IT Security girl of the year" to reward
innovation.
Papers can be submitted in English and/or French.
The conference language is either English or French.
Conference will be held in Besan?on - EU, East of France, closer to
Switzerland, and aims to get together industry, government, academia and
underground hackers to share knowledge and leading-edge ideas about
information security and everything related to it.
FRHACK will feature national and international speakers and attendees
with a wide range of skills.
The atmosphere is favorable to present all facets of computer security
subject and will be a great opportunity to network with like-minded
people and enthusiasts.
[ - The venue - ]
FRHACK 01 (1st edition) will take place at the Great Kurssal Hall of
Besan?on in two auditoriums with capacity for up to 1400 people.
[*] About Besan?on (stolen from http://en.wikipedia.org/wiki/Besan%C3%A7on)
Besan?on is the capital and principal city of the Franche-Comt? region
in eastern France. Located close to the border with Switzerland, it is
the capital of the Doubs department.
As well as being famed as one of France's finest "villes d'art" (art
cities), Besan?on is the seat of one of France's older universities, of
France's National School of Mechanics and Micromechanics, and one of the
best known French language schools in France, the CLA. It is also
reputed to be France's most environmentally-friendly city, with a public
transport network that has often been cited as a model. On account of
the topography, the historic city centre lies at the edge of the modern
city, and hiking tracks lead straight from the centre and up into the
surrounding hills.
The Citadel of Besan?on dates back to the Celtic era. In his De Bello
Gallicum, Julius Caesar already said about the fortress of Vesontio
(celtic name of Besan?on) that it was one of the best defensive sites he
had ever seen.
Besan?on is situated at the crossing of two major lines of
communication, the NE-SW route, following the valley of the river Doubs,
and linking Germany and North Europe with Lyon and southwest Europe, and
the N-S route linking northern France and the Netherlands with
Switzerland. A key staging post on the Strasbourg-Lyon (Germany-Spain)
route, it also has direct high-speed train (TGV) links with Paris,
Charles de Gaulle International Airport, and Lille. Unusually for a town
of its size, it does not have a commercial airport, though two
international airports, EuroAirport Basel-Mulhouse-Freiburg and Lyon
Saint-Exup?ry International Airport, can be reached in about 2 hours.
[ - Topics - ]
TFT gives preference to lectures with practical demonstration. The
conference staff will try to provide every equipment needed for the
presentation in the case the author cannot provide them.
The following topics include, but are not limited to:
- Rootkits
- Cryptography
- Reverse engineering
- Penetration testing
- Web application security
- Exploit development techniques
- Internet, privacy and Big Brother
- Telecom security and phone phreaking
- Fuzzing and application security test
- Security in Wi-Fi and VoIP environments
- Information warfare and industrial espionage
- Denial of service attacks and/or countermeasures
- Analysis of virus, worms and all sorts of malwares
- Technical approach to alternative operating systems
- Techniques for development of secure software & systems
- Information about smartcard and RFID security and similars
- Lockpicking, trashing, physical security and urban exploration
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Security aspects in SCADA, industrial environments and "obscure"
networks
[ - Important dates - ]
Conference and trainings
2009????: FRHACK trainings
2009????: FRHACK 1st edition
FRHACK's dates are not announced yet, please register to our RSS to stay
tuned:
http://www.frhack.org/frhack.xml
Deadline and submissions
- Deadline for proposal submissions: Not available yet, but please
start to work right now! ;-)
- Deadline for slides submissions: Will be available in a near
future :p
- Notification of acceptance or rejection: Some beers after last
deadline
* E-mail for proposal submissions: [EMAIL PROTECTED] *
Make sure to provide along with your submission the following details:
- Speaker name and/or nickname, address, e-mail, phone number and
general contact information
- A brief but informative description about your talk
- Short biography of the presenter, including organization, company
and affiliations
- Estimated time-length of presentation
- General topic of the speech (eg.: network security, secure
programming, computer forensics, etc.)
- Any other technical requirements for your lecture
- Whether you need visa to enter France or not
Speakers will be allocated 50 minutes of presentation time, although, if
needed, we can extend the presentation length if requested in advance.
Preferrable file format for papers and slides are both PDF and also
ODT/PPT for slides.
Speakers are asked to hand in slides used in their lectures.
PLEASE NOTE: Bear in mind no sales pitches will be allowed. If your
presentation involves advertisement of products or services please do
not submit.
Furthermore, if your talk is just "I found an awesome new technic but if
you want it, just go in hell!" => You're not welcome at FRHACK.
[ - Information for speakers - ]
Please note that it's our first edition, and so we are looking for
sponsors to cover conference's expenses.
Speakers' privileges are:
- FRHACK staff can guarantee and we will provide accommodation for 3 nights:
- For each non-resident speaker we hope to be able to cover travel
expenses up to EURO 1500
- For each resident speaker we might be able to cover travel expenses
- Free pass to the conference for you and a friend
- Speaker activities during, before, and after the conference
- Speaker After-Party with tons of fun, drinks and pretty girls
[ - Information for instructors - ]
- 50% of the net profit of the class
- 2 nights of accommodation during the trainings
- Free pass to the conference
- Speaker activities during, before, and after the conference
- Speaker After-Party with tons of fun, drinks and much more pretty girls
[ - Information for sponsors - ]
- If you can provide or offer materials, devices, goodies and money,
please contact us at: [EMAIL PROTECTED]
[ - Other information - ]
- For further information please check out our web site
http://www.frhack.org (and nowhere else)
It will be updated with everything regarding the conference.
- If you have questions, want to send us additional material, or have
problems, feel free to contact us at: [EMAIL PROTECTED]
Thanks and see you soon at FHRACK!
Jerome Athias, Founder, Chairman, Program Coordinator
/JA
------------------------------
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
End of Dailydave Digest, Vol 40, Issue 3
****************************************
