Bold Statements
Last week, on the 27th-28th I attended a nice wireless conference in berlin, the WLPC (Wireless LAN Pros Conference). You can visit their website at http://berlin2015.wlanprosconference.com.
Continue reading “Wireless LAN Pros Conference”
Continue readingIn mid-October our friend Bryan Fite aka Angus Blitter invited the community for the ninth edition of Day-Con. Bryan’s annual security summit, which we regard as the sister event of TROOPERS, is a pretty good reason to visit lovely Dayton, Ohio.
And so we did… ERNW sent in five delegates. Delegates is Day-Con-speak for all attendees and speakers and such a subtle choice of wording sets the tone for the whole event. People seemed to be really focused and the roundtable-like setting during the talks (see above) provided a cozy atmosphere for in-depth expert chatting.
Continue reading “A Visual Guide to Day-Con 9”
Continue readingThat was the opener for my presentation on the Security in Medical Devices at CodeBlue 2015 last week in Tokyo, Japan. A Code Blue often describes a patient in a critical condition, mostly needing resuscitation. That just seemed to be a perfect match, also in the sense that the condition of some medical devices out there are still pretty critical concerning security. If you follow our current research on this you know what I am talking about. I hope that we are not talking about this topic anymore three years from now. That would mean that we have made the world a safer place, although it took some time … 😉
Speaking at Code Blue really was a blast! “Arigato” for having me! The conference was organized very well and the staff was extremely caring. You could really feel the community vibe in this event. Considering that the conference is only around a few years that is really remarkable. The talks I enjoyed most obviously were both keynotes: Takuya Matsuda – The Singularity is Near and Richard Thieme’s thoughtprovoking speech at the end of the conference. I also enjoyed Bhavna Soman’s high quality talk about using metrics to correlate APT binaries. The overall quality of the talks on Code Blue was pretty good but what I enjoyed the most were the discussions and the exchange with other researcher from all over the planet.
I hope to see some of you at Troopers16! 🙂
Cheers,
Florian
Continue readingSome readers will probably be aware that we are amongst the proponents of a quite strict stance when it comes to filtering IPv6 packets with (certain) Extension Headers and/or fragmentation, because those can be the source of many security problems (as laid out here, here or here). Actually I still think it was a very good idea of, amongst others, Randy Bush and Ron Bonica to suggest the deprecation of IPv6 fragmentation in the IETF.
On the other hand there are voices arguing that fragmented IPv6 packets will be needed in some cases, namely DNS[SEC]-related ones.
In this post I will discuss some details of this debate (taking place in many circles, incl. this thread on the ipv6-hackers mailing list which, btw, you should subscribe to). Continue reading “Some Notes on the “Drop IPv6 Fragments” vs. “This Will Break DNS[SEC]” Debate”
The current trend of social coding finally arrived at ERNW! From now on, you will find our public released tools and scripts commonly on https://github.com/ernw. Therefore I would like to share some thoughts/guidelines which you have to keep in mind if you want to be a social coder: Continue reading “Social Coding – Simple Things to Keep in Mind (updated)”
Continue readingDear Readers,
today we want to share a method on how to test an OCSP over HTTP validation service with Burp and some Python magic. First a little background about OCSP (Online Certificate Status Protocol): the main purpose of OCSP is to validate the status of an X.509 certificate.
Continue reading “OCSP over HTTP testing with Python”
Continue reading
Netherlands Police is called Politie because they’re so polite. (works only if you suffer from dyslexia)
[ picture stolen from the polite politie ]
Unlike the German Oktoberfest in Munich which already started in September, the Oktoberfest in The Hague started on 2nd October. Continue reading “hardwear.io: Conference Day 2”
Continue readingDuring my stay in The Hague I needed to print something, so I asked for a Copy shop and this is where they sent me:
Continue reading “hardwear.io: Conference Day 1”
On Monday the 28th of September 2015 a rather rare event occurred. At around 4 a.m. the moon changed its colour into a dim of red, luckily the sky was clear enough to see something.
[ picture stolen from NASA ]
If you missed that event your next chance will be in about 15 years or so.
The reason for being awake this early wasn’t the moon in the first place but what followed afterwards – my trip to the hardwear.io Security Conference in The Hague. Continue reading “hardwear.io: Applied Physical Attacks on x86 Systems”
Continue readingLast week Christopher and I were the instructors of an IPv6 workshop. In this one we usually build a lab with the participants incl. a variety of routed segments and native IPv6 Internet access. Once the latter part is implemented people start poking around and surfing the Internet from their laptops, not least to find out which sites they can actually reach from an v6-only network (please note that actually there are many).
Continue reading