Building, Misc

On the discussion about the iTunes 10.5.1 update

Currently there’s quite some discussion ongoing why it took Apple so long to fix a severe vulnerability in the update process of iTunes. A severe vulnerability which could easily be exploited by means of an automated tool called evilgrade which can be downloaded here (Hi Francisco!). Just one small note here: did you know that evilgrade was first shown and released at the 2008 edition of Troopers? We had a number of initial releases of tools in the last years (like wafw00f at the 2009 edition and VASTO at the 2010 edition) and we will continue this fine tradition in 2012. I can already promise that some nice code is going to be released for the first time at Troopers12…

stay tuned


Continue reading

Carriers Converge Their Internet and MPLS Infrastructure: Time to Redo Your Risk Assessment?

The above is the exact title of a Gartner research note published some days ago. Its main thesis is that an increased convergence of carriers’ MPLS and Internet infrastructures onto shared IP infrastructures requires that enterprises re-evaluate their security and performance risks.

While I do not agree with the overall line of reasoning in the paper, it still highlights a number of interesting points when it comes to MPLS security. Which in turn reminds me of quite some stuff we’ve done in the past, mainly our Black Hat Europe 2009 talk “All your packets are belong to us – Attacking backbone technologies”. Today we’ll release an updated version of the accompanying whitepaper as a kind-of technical report. Its title is “Practical Attacks against MPLS or Carrier Ethernet Networks” and it can be found here.

Enjoy reading,



btw: for those of you who have actually read the Gartner paper… did you notice their repeated reference to customer RFIs/RFPs not covering a carrier’s separation between their public Internet and MPLS infrastructures? Here’s a document that describes how a given carrier’s trustworthiness might be evaluated and which furthermore contains an excerpt from an RFI (written back in 2006!) which, amongst others, ask for this very point…

Continue reading

A Wrap-up on MFD Security

On last year’s TROOPERS11, Matthias (mluft) and I gave a talk on Multifunction Devices. Hardly surprising: It was related to the state of secure operation of MFDs. It was heavily motivated by experiences we collected out in the wild. We faced a frightening low level of awareness concerning the role of MFDs for the overall security picture – in particular regarding the processing of sensitive data…

However, instead of only showing and proving well-known weaknesses and vulnerabilities, we decided to adapt ERNW’s Seven Sisters model in order to match the needs of secure MFD operation and to develop some kind of guideline. As Matthias already lost some words on this, I’m not gonna waste your valuable time by repeating, what has already been said. However I described our approach and our thoughts on that topic in a recently published ERNW Newsletter. If for what ever reason you didn’t see our talk or even didn’t attend TROOPERS11 at all, have a look on Newsletter 37 and give us feedback on what you think about the whole topic…

Btw: Enno just wrote some lines about what’s so special about the TROOPERS conference. In case you might want to discuss mentioned and related topics at first hand, think about joining TROOPERS12. For our part, we cannot wait to come together at Heidelberg next March.

See you there
Michael alias Micele

Continue reading

Call me Snake

Once again there’s a reference to some action movie here, as some of you may have immediately spotted ;-).

For the record: this one is from “Snake Plissken”, the main protagonist in John Carpenter’s “Escape from New York”. There’s another well-known quote of the same character in the kind-of sequel “Escape from L.A.” which goes like: “The more things change, the more they stay the same”. I’m aware that this is not the initial source (but French novelist Jean-Baptiste Alphonse Karr presumably is, at the time in French ;-)); still this gives a nice  transition to today’s topic.

To make it short: there’s pieces of software out there which – regardless of ongoing attempts to patch or even rewrite them – just remain crap, security-wise. Regular readers of this blog may have seen (read) me mentioning some of those. Right now I’d like to draw your attention to another one of my all-time favorites in the “is crappy. has been crappy for a long time. will probably continue do to so for a long time” list. Curtain up! for ISC BIND.

ISC published this advisory today (in case you’re too lazy to follow the link, here some quick facts: “BIND 9 Resolver crashes after logging an error in query.c”; severity “serious”; exploitable “remotely”; CVSS 7.8). Apparently it’s exploited in the wild. It’s at least the 5th unauthenticated remote DoS in BIND 9 in the last twelve months (here’s their advisories). And here’s another quote, this time from the BIND 10 project page:

“The architecture of BIND 10 concentrates on these technical aspects: modularity, customizability, clusterization, integration, resilience, and runtime control.”

See what’s missing? You got it. So good luck to those of you still running BIND. Call it snake… oil…




Continue reading
Events, Misc

“What’s so special about Troopers?”

This week I stayed some days in Zurich, to give a workshop and to meet both clients and fellow researchers (kudos again to C. for the awesome office tour @Google). In the course of one of those dinners somehow Troopers was mentioned and a guy asked: “I’ve heard of the conference. What’s so special about it?”

Funnily enough I didn’t even have to respond myself as a 2011 attendee coincidentally present at the table jumped in and started praising the event (“best con ever. great spirit, great talks”). Obviously this gave me a big grin… but it reminded as well me that some of you might ask themselves the very same question.

In my opening remarks of the 2011 edition I tried to describe the Troopers approach and spirit. You can find it here. As for the speakers’ perspective I’d like to point you to this blogpost that Chema (Alonso) wrote before the 2010 edition. It pretty much summarizes how we take care of “our rock stars”…

Btw: the CfP will be open in some days. As in the previous years, there are only few slots left (as most are already assigned to hand-selected speakers).

See you there in 2012, have a great weekend


Continue reading

A Sneak Peek into TROOPERS12

TROOPERS11 Speaker badgesHere we go again: TROOPERS12 is scheduled for March 19th – 23rd 2012 in Heidelberg, Germany.

Those who attended TROOPERS before know for what we are up to. For all newcomers I’ll quickly outline what’s going to happen:

TROOPERS is your premium IT security event in Europe. Think of your usual IT educational event without annoying sales pitching and outdated topics. Now add a superb conference location, an elite line-up of international researchers and practitioners as well as an organizing team not dedicated to make a living doing this, but to celebrate our craftsmanship together with like-minded people.

Sounds good? Let’s see what we have planned for you:

Monday & Tuesday

We start with a great selection of workshops. You’ll have a bigger choice than ever before:

One-day workshops on Monday:

  • Advanced IPv6 Security
  • Android Security
  • CloudSec
  • ISECOM Workshop (to be announced shortly) 

One-day workshops on Tuesday:

  • Advanced Email Security
  • iOS Security
  • ISECOM’s “Smarter, Safer, Better” security awareness training
Special event on Tuesday:

We call it the “TelcoSec Day” – A workshop that assembles researchers and practitioners in the telecommunications operator security space. Invitation only. Please drop us an email, if you think you should be part of it.

Two-day boot camp on Monday and Tuesday:

Chema playing Minesweeper

  • Hacking 101 – Your personal preparation for PacketWars (and beyond…)

Wednesday & Thursday

These are the main conference days. Expect more than 20 international researchers coming in to present on their latest discoveries – ready to share their experience with you. In order to serve you with the latest and greatest we won’t announce a final agenda yet. Topics of already confirmed talks include:

  • Web Application Firewalls
  • iCloud
  • SAP Hacking
  • Quantum Cryptography
  • Bioinformatics


Orange TROOPERS flagWe’ll finish up with a bunch of roundtable sessions. This is the perfect place to recap the week’s happenings and look ahead on upcoming developments.

Something is missing right?

TROOPERS conference is more than a yearly get-together of some IT guys. This event is for enthusiasts, idealists and doers of all nationalities, age groups and sexes. Our common denominator is the passion for what we do and the strong belief that we will succeed in the daily battle of IT security. Professionals from various backgrounds are longing for an environment where their thoughts, work and experience is appreciated and amplified.

TROOPERS11 electronic badgeTherefore we spare no efforts to do just that. To name just a few highlights of your complimentary supporting program:

  • Shared dinner in the Old Town
  • PacketWars hacking contest
  • 10k Morning run to keep you going
  • [TOP SECRET] Competition


Registration is open now. Head over to the sign up page and make yourself familiar with all the deals we offer. Please contact us, if you need any assistance or guidance on your selection.

We’re looking forward to meet you soon,
Florian & the TROOPERS/ERNW crew

Continue reading

iOS 5, S/MIME, and Digital Certificate Management

As a follow-up to this post somebody pointed us to this interesting article on S/MIME support and associated certificate mgmt in iOS 5. Nice read which some of you may find worthwhile.

On a related note: if anyone is aware of an easy way/good (3rd party) solution for pushing certs to iOS devices (besides SCEP) we would be very interested in that one. In that case pls leave a comment or shoot us an email.



Continue reading