Some outright rants from a bunch of infosec practitioners.

TAG | conference

Last week I had the pleasure to attend the “escar” (Embedded Security in Cars) conference in Cologne, Germany.
Arriving late Tuesday, I had the chance to get a rich breakfast before joining the con in the hotel Dorint at Cologne’s famous place the Heumarkt. Unfortunately I had to deal with two stumbling blocks on my way to the Dobrint: The magnetic sensor of my mobile which went crazy (no compass) and – the date. 11th of November in Cologne means just one thing – carneval! The whole city was just in a state of exception. Everybody on my way to the venue seemed to be drinking or beeing already drunk – at 9am! šŸ˜‰
Being a little late, I went straight to the room after registration. As there was only one track to follow you could not miss any talk – nice thing!
After we were welcomed by the hosts, and the first talk started.

Conference Room

Conference Room

“Green Lights Forever: Analyzing the Security of Traffic Infrastructure” by Allen Hillaker
The con’s first talk was presented by Allen Hillaker. He was speaking about the security of mostly wireless traffic lights and their infrastructure in the US.
Allen presented the design of a typical traffic intersection which is connected via a radio to the road agency. He also described what happens, when a malfunction is triggered and the malfunction management unit sets the traffic lights to a well known (safe) state.
The traffic lights usually operate at 900MHz or 5.8GHz using a protocol similar to 802.11 (Wifi) without strong safety. They gathered access to the networks by using same model radio the systems at the intersections were using. As possible attacks Denial of Service, the change of the traffic lights’ timings and individual light control were named. To mitigate this, he suggested to use WPA, not broadcasting SSIDs, the use of firewalls, firmware updates and – of course – changing the default credentials. (more…)

, , , , , , , , , , | Post your comment here.



A Visual Guide to Day-Con 9

Welcome to Dayton

In mid-October our friend Bryan Fite akaĀ Angus Blitter invited the community for the ninth edition ofĀ Day-Con. Bryan’s annual security summit, which we regard as the sister event of TROOPERS, is a pretty good reason to visit lovely Dayton, Ohio.

Day-Con Summit

And so we did… ERNW sent in five delegates. Delegates is Day-Con-speak for all attendees and speakers and such a subtle choice of wording sets the tone for the whole event. People seemed to be really focused and the roundtable-likeĀ settingĀ during the talks (see above) provided a cozy atmosphere for in-depth expert chatting.


, , , | Post your comment here.



ERNW speaking @


On October 1st and 2nd Flo and I were presenting at in The Hague, NL. My topic was “Living in a fool’s
wireless-secured paradise” and Flo was presenting his current research
on medical device security. It was the first talk at an international
security conference for me and I am still quite excited! (more…)

, , , , , , | Post your comment here.



Reminiscing About Black Hat USA 2015

The Strip

While searchingĀ for some photos for my lastĀ blog post on Thinkst Canary I found a couple more from our recent trip to Black Hat USA and DEF CON, which I consider worth sharing. Nothing too technical, just some visual impressions and comments from my side. Let’s get it on!


, , , , | Post your comment here.



24th USENIX Security Symposium & WOOT Workshop

Recently I had the pleasure to attend the 24th USENIX Security Symposium and its co-located Workshop on Offensive Technologies (WOOT) in Washington, D.C. The workshop has received quite some attention this year, 57 submissions of which 19 have been accepted, so that the organizers decided to double its length from one to two days. (more…)

, , | Post your comment here.


Mail | Twitter | Imprint

©2010-2013 ERNW GmbH
To top