Here’s the second round of TROOPERS16 talks. For more information check out our website: TROOPERS
Happy Holidays and all the best for 2016 to everybody!
Your TROOPERS Team Continue reading “2nd Rounds of TROOPERS16 Talks”
Continue readingFirst Talks of TROOPERS 2016 Accepted!
Here’s the first round of TROOPERS16 talks. For more information check out our website: TROOPERS
Happy Holidays and all the best for 2016 to everybody!
Your TROOPERS Team Continue reading “First Talks of TROOPERS 2016 Accepted!”
Continue readingDeveloping an Enterprise IPv6 Security Strategy / Part 2: Network Isolation on the Routing Layer
In the first part of this series we tried to identify which risks related to network-related threats actually change when IPv6 gets deployed and hence which ones to take care of in a prioritized manner (as opposed to those which one might be tempted to [initially] disregard with a “has been there in IPv4 already and we did not address it then, why now?” stance). Let’s assume we went through this step and, for those most relevant risks we identified, we want to come up with infrastructure level controls first, before tackling controls to be deployed on the host level (as in many organizations the sysowners of “hosts” like servers in datacenters tend to expect “the network/infrastructure guys to provide the 1st layer of defense against threats”, in particular once those originate from an apparent network layer protocol, that is IPv6).
Continue readingDeveloping an Enterprise IPv6 Security Strategy / Part 1: Baseline Analysis of IPv4 Network Security
We’ve been involved in some activities in this space recently and I thought it could be a good idea to share a couple of things we’ve discussed & displayed. Furthermore some time ago – in the Is IPv6 more Secure than IPv4? Or Less? post – I announced to come up with (something like) an “IPv6 threats & controls catalogue” at some point… so here we go: in an upcoming series of a few blogposts I will lay out some typical elements of an “Enterprise IPv6 Security Strategy” incl. several technical pieces (and I plan to give a talk on the exact topic at next year’s IPv6 Security Summit).
Continue readingWelcome to Brazil!
Welcome to Brazil!
“Welcome to Brazil”, I think, turned to being the most used statement during the past Hackers to Hackers Conference in Sao Paulo. It was used as the main reaction to every speech taking moment, and there were a lot of those! To honor the moments and give you a quick insight into was what going on in Sao Paulo, here is a quick summary of the overall event and our own contribution.
Continue reading “Welcome to Brazil!”
Continue readingDENOG7
Hi everyone,
we (Christopher, Jan-Pascal and me) had the pleasure to join the 7th DENOG (German Network Operators Group) meeting in Darmstadt which takes place yearly in autumn. For the first time the meeting was scheduled for two days which offered more time for talks and discussions than the previous meetings. The concept of DENOG is to meet, talk, discuss and share experience with the network operator community in Germany. Continue reading “DENOG7”
Continue reading13th escar Europe conference | Embedded Security in Cars
Last week I had the pleasure to attend the “escar” (Embedded Security in Cars) conference in Cologne, Germany.
Arriving late Tuesday, I had the chance to get a rich breakfast before joining the con in the hotel Dorint at Cologne’s famous place the Heumarkt. Unfortunately I had to deal with two stumbling blocks on my way to the Dobrint: The magnetic sensor of my mobile which went crazy (no compass) and – the date. 11th of November in Cologne means just one thing – carneval! The whole city was just in a state of exception. Everybody on my way to the venue seemed to be drinking or beeing already drunk – at 9am! 😉
Being a little late, I went straight to the room after registration. As there was only one track to follow you could not miss any talk – nice thing!
After we were welcomed by the hosts, and the first talk started.
“Green Lights Forever: Analyzing the Security of Traffic Infrastructure” by Allen Hillaker
The con’s first talk was presented by Allen Hillaker. He was speaking about the security of mostly wireless traffic lights and their infrastructure in the US.
Allen presented the design of a typical traffic intersection which is connected via a radio to the road agency. He also described what happens, when a malfunction is triggered and the malfunction management unit sets the traffic lights to a well known (safe) state.
The traffic lights usually operate at 900MHz or 5.8GHz using a protocol similar to 802.11 (Wifi) without strong safety. They gathered access to the networks by using same model radio the systems at the intersections were using. As possible attacks Denial of Service, the change of the traffic lights’ timings and individual light control were named. To mitigate this, he suggested to use WPA, not broadcasting SSIDs, the use of firewalls, firmware updates and – of course – changing the default credentials. Continue reading “13th escar Europe conference | Embedded Security in Cars”
Wireless LAN Pros Conference
Last week, on the 27th-28th I attended a nice wireless conference in berlin, the WLPC (Wireless LAN Pros Conference). You can visit their website at http://berlin2015.wlanprosconference.com.
Continue reading “Wireless LAN Pros Conference”
Continue readingA Visual Guide to Day-Con 9
Welcome to Dayton
In mid-October our friend Bryan Fite aka Angus Blitter invited the community for the ninth edition of Day-Con. Bryan’s annual security summit, which we regard as the sister event of TROOPERS, is a pretty good reason to visit lovely Dayton, Ohio.
And so we did… ERNW sent in five delegates. Delegates is Day-Con-speak for all attendees and speakers and such a subtle choice of wording sets the tone for the whole event. People seemed to be really focused and the roundtable-like setting during the talks (see above) provided a cozy atmosphere for in-depth expert chatting.
Continue reading “A Visual Guide to Day-Con 9”
Continue reading“We have a Code Blue right here!”
That was the opener for my presentation on the Security in Medical Devices at CodeBlue 2015 last week in Tokyo, Japan. A Code Blue often describes a patient in a critical condition, mostly needing resuscitation. That just seemed to be a perfect match, also in the sense that the condition of some medical devices out there are still pretty critical concerning security. If you follow our current research on this you know what I am talking about. I hope that we are not talking about this topic anymore three years from now. That would mean that we have made the world a safer place, although it took some time … 😉
Speaking at Code Blue really was a blast! “Arigato” for having me! The conference was organized very well and the staff was extremely caring. You could really feel the community vibe in this event. Considering that the conference is only around a few years that is really remarkable. The talks I enjoyed most obviously were both keynotes: Takuya Matsuda – The Singularity is Near and Richard Thieme’s thoughtprovoking speech at the end of the conference. I also enjoyed Bhavna Soman’s high quality talk about using metrics to correlate APT binaries. The overall quality of the talks on Code Blue was pretty good but what I enjoyed the most were the discussions and the exchange with other researcher from all over the planet.
I hope to see some of you at Troopers16! 🙂
Cheers,
Florian
Continue reading