Reviewing the submissions took us a while longer than anticipated. The reason was the high-quality content you submitted. We had to make some tough decisions and could have easily filled three or four days of In-Depth security talks and many more workshops. We hope that the schedule we published yesterday satisfies your interest and gives some CIOs something to think about. We tackle the security of the GSM network (which is failing, as was reported at DeepSec 2009 already). We also show you how to probe the security of GSM networks (there’s a whole two-day workshop if you want to dive into the gory details). Watch out for remote binary planting! Just yesterday Mitja Kolsek reveiled that about 200 Microsoft Windows applications are vulnerable to remote code execution. We deal with SAP security by
We’re almost finished with the review of presentations and trainings submitted via the Call for Papers form. Everyone will get a notification during the next couple of days. You really sent us a lot of high-quality content, and we are proud to set the stage for your research results. Some vendors might not be as happy as we, but let’s see what happens. Expect the preliminary schedule soon.
You probably have a cellphone. Your company might even provide an additional one. Your boss most certainly uses a cellphone. What do you use it for? Do you share details about your private life via phone conversations? Did you ever talk to a business partner about confidential offers? Do you rely on cellphone when it comes to important messages? If so you might be interested in hearing some news about the state of security of mobile networks. Most of them are broken, outdated or both when it comes to security. Details of the security issues have been presented at DeepSec 2009 by Karsten Nohl. During Defcon18 in Las Vegas a security researcher successfully faked several attendees’ cell phones into connecting to his phony GSM base station during a live demonstration that had initially raised
Our CfP ends on 31 July 2010, so we start publishing information about some of the submissions in advance. We got the confirmation from Laurent Oudot, founder of TEHTRI-Security, concerning the Advanced PHP Hacking training. The workshop will deal with breaking into PHP environments, methods of attackers once they are inside, defense against intruders and real hack simulations. This is a hands-on exercise guided by TEHTRI Security experts. Everyone running, developing or auditing PHP web applications should attend. Knowing how attacks work is the first step of avoiding them. When it comes to web applications, there is no silver bullet. You have to deal with the hosting environment, known about possible vulnerabilities, learn about the tools attackers use and then you can tune your defenses. Code analysis, filters, fuzzing, NIDS and hardening alone are
Our Call for Papers is still running until 31 July 2010. We already have some very interesting talk and workshop submissions. Two experts cover the black magic of the last mile and network backbones. Clearly this is critical infrastructure and is often neglected when implementing security measures. Few administrators put their firewalls in front of the ISP’s modem. There are attacks against infrastructure. Wireless networks illustrate this problem very well. Strangely when it comes to wired networks people think of them as more secure. True, wired connections cannot be accessed through thin air, but this doesn’t immunise them against threats on the infrastructure level. Routing protocols, administrative interfaces, unpatched firmware, bugs, noisy broadcasts and network design errors can lead to a fertile ground for a compromised network well before your firewall kicks in. So