Bold Statements
Hi everyone,
we (Christopher, Jan-Pascal and me) had the pleasure to join the 7th DENOG (German Network Operators Group) meeting in Darmstadt which takes place yearly in autumn. For the first time the meeting was scheduled for two days which offered more time for talks and discussions than the previous meetings. The concept of DENOG is to meet, talk, discuss and share experience with the network operator community in Germany. Continue reading “DENOG7”
Continue readingLast week I had the pleasure to attend the “escar” (Embedded Security in Cars) conference in Cologne, Germany.
Arriving late Tuesday, I had the chance to get a rich breakfast before joining the con in the hotel Dorint at Cologne’s famous place the Heumarkt. Unfortunately I had to deal with two stumbling blocks on my way to the Dobrint: The magnetic sensor of my mobile which went crazy (no compass) and – the date. 11th of November in Cologne means just one thing – carneval! The whole city was just in a state of exception. Everybody on my way to the venue seemed to be drinking or beeing already drunk – at 9am! 😉
Being a little late, I went straight to the room after registration. As there was only one track to follow you could not miss any talk – nice thing!
After we were welcomed by the hosts, and the first talk started.
“Green Lights Forever: Analyzing the Security of Traffic Infrastructure” by Allen Hillaker
The con’s first talk was presented by Allen Hillaker. He was speaking about the security of mostly wireless traffic lights and their infrastructure in the US.
Allen presented the design of a typical traffic intersection which is connected via a radio to the road agency. He also described what happens, when a malfunction is triggered and the malfunction management unit sets the traffic lights to a well known (safe) state.
The traffic lights usually operate at 900MHz or 5.8GHz using a protocol similar to 802.11 (Wifi) without strong safety. They gathered access to the networks by using same model radio the systems at the intersections were using. As possible attacks Denial of Service, the change of the traffic lights’ timings and individual light control were named. To mitigate this, he suggested to use WPA, not broadcasting SSIDs, the use of firewalls, firmware updates and – of course – changing the default credentials. Continue reading “13th escar Europe conference | Embedded Security in Cars”
Last week, on the 27th-28th I attended a nice wireless conference in berlin, the WLPC (Wireless LAN Pros Conference). You can visit their website at http://berlin2015.wlanprosconference.com.
Continue reading “Wireless LAN Pros Conference”
Continue readingIn mid-October our friend Bryan Fite aka Angus Blitter invited the community for the ninth edition of Day-Con. Bryan’s annual security summit, which we regard as the sister event of TROOPERS, is a pretty good reason to visit lovely Dayton, Ohio.
And so we did… ERNW sent in five delegates. Delegates is Day-Con-speak for all attendees and speakers and such a subtle choice of wording sets the tone for the whole event. People seemed to be really focused and the roundtable-like setting during the talks (see above) provided a cozy atmosphere for in-depth expert chatting.
Continue reading “A Visual Guide to Day-Con 9”
Continue readingThat was the opener for my presentation on the Security in Medical Devices at CodeBlue 2015 last week in Tokyo, Japan. A Code Blue often describes a patient in a critical condition, mostly needing resuscitation. That just seemed to be a perfect match, also in the sense that the condition of some medical devices out there are still pretty critical concerning security. If you follow our current research on this you know what I am talking about. I hope that we are not talking about this topic anymore three years from now. That would mean that we have made the world a safer place, although it took some time … 😉
Speaking at Code Blue really was a blast! “Arigato” for having me! The conference was organized very well and the staff was extremely caring. You could really feel the community vibe in this event. Considering that the conference is only around a few years that is really remarkable. The talks I enjoyed most obviously were both keynotes: Takuya Matsuda – The Singularity is Near and Richard Thieme’s thoughtprovoking speech at the end of the conference. I also enjoyed Bhavna Soman’s high quality talk about using metrics to correlate APT binaries. The overall quality of the talks on Code Blue was pretty good but what I enjoyed the most were the discussions and the exchange with other researcher from all over the planet.
I hope to see some of you at Troopers16! 🙂
Cheers,
Florian
Continue readingSome readers will probably be aware that we are amongst the proponents of a quite strict stance when it comes to filtering IPv6 packets with (certain) Extension Headers and/or fragmentation, because those can be the source of many security problems (as laid out here, here or here). Actually I still think it was a very good idea of, amongst others, Randy Bush and Ron Bonica to suggest the deprecation of IPv6 fragmentation in the IETF.
On the other hand there are voices arguing that fragmented IPv6 packets will be needed in some cases, namely DNS[SEC]-related ones.
In this post I will discuss some details of this debate (taking place in many circles, incl. this thread on the ipv6-hackers mailing list which, btw, you should subscribe to). Continue reading “Some Notes on the “Drop IPv6 Fragments” vs. “This Will Break DNS[SEC]” Debate”