hey all! so this month we've decided to go crazy and make DC4420 coincide with Infosec London to give all you out-of-towners a chance to come and meet up, so get this in your diary if you're heading in for Infosec...
we're getting to the point where we've outgrown our current home anyway, so we've moved location to just down the road at the Sound Club in Leicester Sq., which has much greater capacity, so we are confident we'll be able to host the swelled ranks this month, and we've even managed to negotiate pub pricing on the bar although it's in a west-end club, so don't panic!!! oh, and we've got a dedicated chef and kitchen for the entire duration, serving everything from bar snacks to a full-on a-la-carte menu, so bring appetites as well! doors open at 18:00 and talks start at 19:30 sharp as some people need to get home, but we've got the location through till Midnight for further socialising, and an optional late license to 03:00 if enough people want to stay for further liver damage... shweeet! =:O time / date: 18:00 for 19:30 Thursday 30th April location: Sound Club 1 Leicester Square, London, WC2H 7NA http://maps.google.com/maps?f=q&source=s_q&hl=en&q=1+Leicester+Square,+Westminster,+London+WC2H,+United+Kingdom&sll=21.826091,75.608125&sspn=0.013824,0.027874&ie=UTF8&cd=1&geocode=FTT-EQMdeAH-_w&split=0&z=16&iwloc=A this is the NW corner of the square... if you stand facing the Empire Cinema/Casino, it's two doors to the left... tube: Leicester Square on the Piccadilly and Northern Lines. Piccadilly Circus on the Piccadilly and Bakerloo Lines. bus: http://www.tfl.gov.uk/tfl/gettingaround/maps/buses/pdf/leicestersquare-10899.pdf and, finally, we've lined up some awesome talks this month... *** Andrea Barisani & Daniele Bianco: Sniffing Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage TEMPEST attacks, exploiting Electro Magnetic emissions in order to gather data, are often mentioned by the security community, movies and wanna-be spies (or NSA employees we guess...). While some expensive attacks, especially the ones against CRT/LCD monitors, have been fully researched and described, some others remain relatively unknown and haven't been fully (publicly) researched. Following the overwhelming success of the SatNav Traffic Channel hijacking talk we continue with the tradition of presenting cool and cheap hardware hacking projects. We will explore two unconventional approaches for remotely sniffing keystrokes on laptops and desktop computers using mechanical energy emissions and power line leakage. The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required. We will show in detail the two attacks and all the necessary instructions for setting up the equipment. As usual cool gear and videos are going to be featured in order to maximize the presentation. *** Ari Takanen - Codenomicon: Fuzzing - The Fun of Destructive Software Testing This presentation will give some dirty details of fuzzing, and how to integrate fuzzing into product security processes. Fuzzing is relatively new penetration testing technique for finding critical security problems in any type of communication software. Fuzzing feeds a program, device or system with malformed and unexpected input data in order to find critical crash-level defects. The next generation fuzzing methodologies are based on model-based testing where tests are both generated and executed automatically. You just point and click, and havoc is brought to the test target. Modern day fuzzing is highly effective! In our tests, we have seen very few products that do not fail under fuzzing. And there are no false positives in fuzzing, each issue found is always security critical. Fuzzing is a black-box testing technique that does not require any access to the source code of the system under test. The tests can be conducted against any system, whether it is internally built or developed by third parties. It can also be used in any phase of the software life-cycle, from development into acceptance testing. In this presentation, we will analyze latest fuzzing techniques and several different use cases for fuzzing, including latest advances in XML security tests. We will look at both free and commercial fuzzing tools and frameworks. The presentation is based on Ari's book on fuzzing, published by Artech House in 2008. *** Room for one more! If you've got a proposal for a talk, get it to me or alien asap... more details/announcements at http://dc4420.org ... and don't forget... if this is your first night at dc4420... you *have to* talk... :) cheers, MM -- "In DEFCON, we have no names..." errr... well, we do... but silly ones... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
