Send Dailydave mailing list submissions to
dailydave@lists.immunitysec.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.immunitysec.com/mailman/listinfo/dailydave
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Dailydave digest..."
Today's Topics:
1. [CFP] FRHACK 01 Call For Papers (save the dates!) (Jerome Athias)
2. Re: CSI 2008 Redux (RB)
3. Re: CSI 2008 Redux (Bruce Ediger)
4. Re: CSI 2008 Redux (RB)
5. oh noes the russians are coming! (Dave Aitel)
----------------------------------------------------------------------
Message: 1
Date: Tue, 25 Nov 2008 23:12:49 +0100
From: Jerome Athias <[EMAIL PROTECTED]>
Subject: [Dailydave] [CFP] FRHACK 01 Call For Papers (save the dates!)
To: dailydave@lists.immunitysec.com
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
[CFP] FRHACK 01 Call For Papers
##########################################################################################
########### ######### #### #### ###
######### ### ####
############ ########## #### #### #####
########### ### ####
### ### #### #### #### #####
#### ### ####
### ### #### #### #### #######
#### ### ####
### ### #### #### #### #### ####
#### #######
########## ########## ############# ### ###
#### ######
########## ######## ############# #### ####
#### ########
### ### ##### #### #### ###########
#### ### #####
### ### ##### #### #### ### ####
#### ### ####
### ### ##### #### #### #### #### ######
## ### #####
### ### #### #### #### ### ####
########## ### ####
> FRHACK: By Hackers, For Hackers! http://www.frhack.org
##########################################################################################
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ FRHACK 01
+ Call For Papers
+ September 7-8, 2009, at the Great Kursaal Hall of Besan?on, France.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you like good wine, french bread & food, strikes and the french kiss?
If so, you will love FRHACK!
[ - Introduction - ]
FRHACK is the First International IT Security Conference, by hackers -
for hackers, in France!
FRHACK is not commercial - but - highly technical.
Target Audience: Security Officers, Security Professionals and Product
Vendors, IT Decision Makers, Policy Makers, Security-, Network-, and
Firewall Administrators, Teachers, Academic Researchers and Software
Developers.
The FRHACK Team (TFT) encourages speakers to present new and interesting
projects for FRHACK 01 and will give preferential treatment to
submissions that have not been presented at other conferences.
Further, TFT invites any individual who has not spoken at a conference
before to submit a talk and attempt to make FRHACK their inaugural event!
TFT encourages girls passionated by IT Security to submit papers, as TFT
will offer a prize to the "Best IT Security girl of the year" to reward
innovation.
Papers can be submitted in English and/or French.
The conference language is either English or French.
Conference will be held in Besan?on - EU, East of France, closer to
Switzerland, and aims to get together industry, government, academia and
underground hackers to share knowledge and leading-edge ideas about
information security and everything related to it.
FRHACK will feature national and international speakers and attendees
with a wide range of skills.
The atmosphere is favorable to present all facets of computer security
subject and will be a great opportunity to network with like-minded
people and enthusiasts.
[ - The venue - ]
FRHACK 01 (1st edition) will take place at the Great Kursaal Hall of
Besan?on with capacity for up to 1400 people.
[*] About Besan?on (stolen from http://en.wikipedia.org/wiki/Besan%C3%A7on)
Besan?on is the capital and principal city of the Franche-Comt? region
in eastern France. Located close to the border with Switzerland, it is
the capital of the Doubs department.
As well as being famed as one of France's finest "villes d'art" (art
cities), Besan?on is the seat of one of France's older universities, of
France's National School of Mechanics and Micromechanics, and one of the
best known French language schools in France, the CLA. It is also
reputed to be France's most environmentally-friendly city, with a public
transport network that has often been cited as a model. On account of
the topography, the historic city centre lies at the edge of the modern
city, and hiking tracks lead straight from the centre and up into the
surrounding hills.
The Citadel of Besan?on dates back to the Celtic era. In his De Bello
Gallicum, Julius Caesar already said about the fortress of Vesontio
(celtic name of Besan?on) that it was one of the best defensive sites he
had ever seen.
Besan?on is situated at the crossing of two major lines of
communication, the NE-SW route, following the valley of the river Doubs,
and linking Germany and North Europe with Lyon and southwest Europe, and
the N-S route linking northern France and the Netherlands with
Switzerland. A key staging post on the Strasbourg-Lyon (Germany-Spain)
route, it also has direct high-speed train (TGV) links with Paris,
Charles de Gaulle International Airport, and Lille. Unusually for a town
of its size, it does not have a commercial airport, though two
international airports, EuroAirport Basel-Mulhouse-Freiburg and Lyon
Saint-Exup?ry International Airport, can be reached in about 2 hours.
[ - Topics - ]
TFT gives preference to lectures with practical demonstration. The
conference staff will try to provide every equipment needed for the
presentation in the case the author cannot provide them.
The following topics include, but are not limited to:
- Rootkits
- Cryptography
- Reverse engineering
- Penetration testing
- Web application security
- Exploit development techniques
- Internet, privacy and Big Brother
- Telecom security and phone phreaking
- Fuzzing and application security test
- Security in Wi-Fi and VoIP environments
- Information warfare and industrial espionage
- Denial of service attacks and/or countermeasures
- Analysis of virus, worms and all sorts of malwares
- Technical approach to alternative operating systems
- Techniques for development of secure software & systems
- Information about smartcard and RFID security and similars
- Lockpicking, trashing, physical security and urban exploration
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Security aspects in SCADA, industrial environments and "obscure"
networks
[ - Important dates - ]
Conference and trainings
20090909-10: FRHACK trainings
20090907-08: FRHACK 1st edition
Please register to our RSS to stay tuned:
http://www.frhack.org/frhack.xml
Deadline and submissions
- Deadline for proposal submissions: 20090601
- Deadline for slides submissions: 20090701
- Notification of acceptance or rejection: 20090714
* E-mail for proposal submissions: [EMAIL PROTECTED] *
Make sure to provide along with your submission the following details:
- Speaker name and/or nickname, address, e-mail, phone number and
general contact information
- A brief but informative description about your talk
- Short biography of the presenter, including organization, company
and affiliations
- Estimated time-length of presentation
- General topic of the speech (eg.: network security, secure
programming, computer forensics, etc.)
- Any other technical requirements for your lecture
- Whether you need visa to enter France or not
Speakers will be allocated 50 minutes of presentation time, although, if
needed, we can extend the presentation length if requested in advance.
Preferrable file format for papers and slides are both PDF and also
ODT/PPT for slides.
Speakers are asked to hand in slides used in their lectures.
PLEASE NOTE: Bear in mind no sales pitches will be allowed. If your
presentation involves advertisement of products or services please do
not submit.
Furthermore, if your talk is just "I found an awesome new technic but if
you want it, just go in hell!" => You're not welcome at FRHACK.
[ - Information for speakers - ]
Please note that it's our first edition, and so we are looking for
sponsors to cover conference's expenses.
Speakers' privileges are:
- FRHACK staff can guarantee and we will provide accommodation for 3 nights:
- For each non-resident speaker we hope to be able to cover travel
expenses up to EURO 1500
- For each resident speaker we might be able to cover travel expenses
- Free pass to the conference for you and a friend
- Speaker activities during, before, and after the conference
- Speaker After-Party with tons of fun, drinks and pretty girls
[ - Information for instructors - ]
- 50% of the net profit of the class
- 2 nights of accommodation during the trainings
- Free pass to the conference
- Speaker activities during, before, and after the conference
- Speaker After-Party with tons of fun, drinks and much more pretty girls
[ - Information for sponsors - ]
- If you can provide or offer materials, devices, goodies and money,
please contact us at: [EMAIL PROTECTED]
[ - Other information - ]
- For further information please check out our web site
http://www.frhack.org (and nowhere else)
It will be updated with everything regarding the conference.
- If you have questions, want to send us additional material, or have
problems, feel free to contact us at: [EMAIL PROTECTED]
Thanks and see you soon at FHRACK!
Jerome Athias, Founder, Chairman, Program Coordinator
/JA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5395 bytes
Desc: S/MIME Cryptographic Signature
Url :
http://lists.immunitysec.com/pipermail/dailydave/attachments/20081125/31929405/attachment-0001.bin
------------------------------
Message: 2
Date: Wed, 26 Nov 2008 23:18:47 -0700
From: RB <[EMAIL PROTECTED]>
Subject: Re: [Dailydave] CSI 2008 Redux
To: dailydave@lists.immunitysec.com
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
On Wed, Nov 26, 2008 at 05:52, Matthijs Koot <[EMAIL PROTECTED]> wrote:
> You mention that you were looking at TPM "while trying to solve the
> (...) physical presence security problem". Although you didn't claim
> that TPMs provide any solution there, I'd like to emphasize (for other
> readers) that according to the TCG-specs, TPM is not designed to protect
> itself against non-"simple" hardware attacks:
:-) I try not to go off half-cocked, and it would have been foolish
to claim a TPM guards strongly against physical compromise. It is my
understanding that If used properly, they can improve defense against
physical compromise to a level slightly less than that of a smartcard,
advantage going to the smartcard since they may be readily removed and
separately secured.
> So 1) being able to manipulate the (locality) modifier is bad, and
> 2) TPM only provides modest protection against attacker's with physical
> access. The TCG-people confirm this: TPM is intended to protect against
> software-based threats (which it may not do very effectively, as
> Joanna's post suggested, as long as integrity checks can only be done at
> boot/load-time).
The key is maintaining the chain of trust, and the TPM is only a
facility used to aid the process. Mild physical protection aside, it
doesn't know or really care whether a link in the chain is
compromised, only what each link reports to it. Therefore, the
software itself must be "vigilant", as the TPM only provides a safer
storage location for a less subvertible canary.
>> association. It is _just_ a [presumed] secure cryptography facility
>> that supports a wide variety of functionality.
>
> Although you didn't claim the opposite, it may be useful to mention that
> the TPM does not directly expose an interface to its encryption
> capabilities: TPM does not (yet?) give us general-purpose
> hardware-accelerated encryption. I'm not sure about hashing and signing.
The state of TPM support is slightly more complex than that. While
some cryptography facilities are available (since the EK and SRK
private material would otherwise have to be exposed), the hardware is
sufficiently slow as to discourage use beyond priming other, much
faster routines. I don't think it's ever going to be an accelerant
over even the slowest software implementations.
> Btw, it is interesting to see TPM being discussed so gentle and
> reasonable on this list. Perhaps everyone's anticipating TPM to become a
> new fun target for pentesting :)
Software is software, and many of us have our jobs based on humanity's
record on software security. Unless the TC model changes vastly,
programmers are still going to have to exercise due diligence in
secure programming and monitoring integrity. That isn't happening on
a large scale today, so I don't much expect the immediate future to
change. I, for one, am glad to see at least some people share my
opinion: yes, TPMs could be used for evil, but right now they're just
interesting hooks upon which to hang greater security.
RB
------------------------------
Message: 3
Date: Thu, 27 Nov 2008 10:50:33 -0700 (MST)
From: Bruce Ediger <[EMAIL PROTECTED]>
Subject: Re: [Dailydave] CSI 2008 Redux
To: dailydave@lists.immunitysec.com
Message-ID: <[EMAIL PROTECTED]>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Wed, 26 Nov 2008, RB wrote:
> opinion: yes, TPMs could be used for evil, but right now they're just
> interesting hooks upon which to hang greater security.
But they so obviously could be used for evil. The MSFT one even looks like
it's designed to make DRM easier, and to lock-out the use of any non-MSFT
operating system.
In the context of present standards/hardware/etc, isn't your "interesting
hook" actually a virtual plastic worm that conceals and makes interesting
a fearsome hook that would catch you and kill you?
------------------------------
Message: 4
Date: Thu, 27 Nov 2008 21:36:20 -0700
From: RB <[EMAIL PROTECTED]>
Subject: Re: [Dailydave] CSI 2008 Redux
To: dailydave@lists.immunitysec.com
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
On Thu, Nov 27, 2008 at 10:50, Bruce Ediger <[EMAIL PROTECTED]> wrote:
> But they so obviously could be used for evil. The MSFT one even looks like
> it's designed to make DRM easier, and to lock-out the use of any non-MSFT
> operating system.
At the risk of being redundant, it seems you are conflating TPMs with
the full TCG stack. Other than the EK, can you point to any specific
functionality of the 1.1 or 1.2 TPM itself that actually supports your
claim? Would you mind pointing us at the "MSFT" one of which you
speak? My experience with the MS realm of TC stacks is admittedly
slimmer than I would like, but those I have seen seem to have come
from the TPM vendor rather than MSFT.
> In the context of present standards/hardware/etc, isn't your "interesting
> hook" actually a virtual plastic worm that conceals and makes interesting
> a fearsome hook that would catch you and kill you?
I find your metaphor inflammatory and designed to elicit emotional
response rather than technical dialogue. Would you mind eliminating
these elements and try making a technical argument, or are you just
trolling the conversation? If not, you're fulfilling the precise
stereotype we're talking about: hand waving fearmongering based on
3rd-party information.
RB
------------------------------
Message: 5
Date: Fri, 28 Nov 2008 13:48:12 -0500
From: "Dave Aitel" <[EMAIL PROTECTED]>
Subject: [Dailydave] oh noes the russians are coming!
To: dailydave <dailydave@lists.immunitysec.com>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
http://www.latimes.com/news/nationworld/iraq/complete/la-na-cyberattack28-2008nov28,0,230046.story
"""
Reporting from Washington -- Senior military leaders took the exceptional
step of briefing President Bush this week on a severe and widespread
electronic attack on Defense Department computers that may have originated
in Russia -- an incursion that posed unusual concern among commanders and
raised potential implications for national security.
Defense officials would not describe the extent of damage inflicted on
military networks. But they said that the attack struck hard at networks
within U.S. Central Command, the headquarters that oversees U.S. involvement
in Iraq and Afghanistan, and affected computers in combat zones. The attack
also penetrated at least one highly protected classified network.
"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20081128/c67ef489/attachment.htm
------------------------------
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
End of Dailydave Digest, Vol 40, Issue 5
****************************************
