Tags › conferences
Infosec Europe 2008
Published on Apr 22, 2008 in conferences
If anyone’s going to be at Infosec Europe tomorrow or the next day and would like to have a chat (and maybe offer a beer), contact me. Time to update twitter…
Read more »Blackhat Europe Briefings Day 2
Published on Mar 29, 2008 in conferences, voip security
Second day talks that I attended to were: The URI abuse talk. This was a talk which lists different attack vectors that apply to URI’s. The speakers demoed a Picasa vulnerability that relies on DNS rebinding to be able to expose images from your Picasa to the evil hacker and his little brother. Then they talked about an iPhoto format string vuln that can be exploited via the photo:// URI. More information about this can be found at the speaker’s blog.…
Read more »Blackhat Europe Briefings Day 1
Published on Mar 28, 2008 in conferences, voip security
These are some of the talks I’ve been @ : Keynote by the Angel of Doom was on Digital Security and why it will fail. His conclusion is that we are in the right business and that we got job security. He gave ideas about how security solutions that do not take the big picture into perspective are bound to fail. Had a chat with him during lunch, very interesting conversation.…
Read more »Blackhat Europe && Twitter
Published on Mar 27, 2008 in conferences, voip security
The briefings started today and till now its been a very interesting experience. I’ll be updating my twitter account on BH Europe at: http://twitter.com/sandrogauci…
Read more »Blackhat Europe
Published on Mar 23, 2008 in conferences
In the next few days I’ll be visiting Amsterdam and going to be at the Blackhat briefings. If any readers are around drop me a message ;-)…
Read more »24c3 quick roundup
Published on Dec 31, 2007 in conferences
Originally posted on geekbazaar. Lightning talks - consisting of 5 minute talks. The one that I liked best was regarding Mac OS X widgets. The idea is that since these widgets have access to the system() function and make use of Web 2.0 stuff most of the times, a simple injection (JSON injection / Cross site scripting) has further implications compared to normal web applications. This means that such flaws can easily give remote system access.…
Read more »24c3 photos
Published on Dec 28, 2007 in conferences
Quick note: put up some photos from the first day @ 24c3 on my flickr account.…
Read more »24C3 coming up
Published on Dec 1, 2007 in conferences
Talks of interest: Toying with barcodes Port Scanning improved The Virus Underground An analysis of targeted attacks from 2005 to 2007 The demise of electronic voting in The Netherlands Playstation Portable Cracking Sex 2.0 OpenSER SIP Server Ruby on Rails Security Cybercrime 2.0 Relay attacks on card payment: vulnerabilities and defences If you’re going to be there drop me a line.…
Read more »SIP softphone buffer overflow demo
Published on Aug 8, 2007 in softphone security, conferences
Someone was showing off a 0day exploit at Black Hat. The article is a bit sketchy and feels sensational, but it does show that various parties are concerned. Just like most other pieces of software, softphones will (and do) have security vulnerabilities lead to remote access. Article can be found here. Hardphones, on the other hand, are secure.. right? :-p…
Read more »