From kiwicon at kiwicon.org Fri May 2 19:37:19 2008 From: kiwicon at kiwicon.org (kiwicon at kiwicon.org) Date: Fri, 02 May 2008 18:37:19 -0500 Subject: [Dailydave] Kiwicon 2k8 - Call For Papers Message-ID: <20080502183719.e96q9kkkyskc48kg@webmail.focb.co.nz> [-------------------------------------------------------------------------] _.-.. __ .__ .__ ,'9 )\)`-.,.--. | | _|__|_ _ _|__| ____ ____ ____ 2k8 `-.| `. | |/ / \ \/ \/ / |/ ___\/ _ \ / \ \, , \) | <| |\ /| \ \__( <_> ) | \ `. )._\ (\ |__|_ \__| \/\_/ |__|\___ >____/|___| / |// `-,// \/ \/ \/ ]|| //" "" "" BAAAAAAaaaa!!11 [-------------------------------------------------------www.kiwicon.org---] Holy sheepshit, internets! Blanket-Man[1] has wrung out his loin cloth and is ready to fly-tackle more heavy metal t-shirt wearing nerds with large egos and irc handles. Yes, it's time to open up your ~/haxing folder and get your talk together for Kiwicon 2k8! We've put out the black t-shirts, and deflated some satellite radomes, so where, as our more criminal yet fetchingly bikini clad cousins might say, the bloody hell are you? The Kiwicon Cr?e is proud to announce the call for presenters for the second installment of New Zealand's very own security conference: Kiwicon 2k8. [About] Kiwicon2k8 is intended to be an informal conference, drawing on the wider security community of Australia and New Zealand. It will be held in Wellington, New Zealand, on the weekend of the 27th and 28th of September, 2008. Kiwicon's focus is on sharing information; ideas, code, and good whisky, in a rabelaisan carnival of security, nerdery, and *nix beards. Last year, the inaugural Kiwicon ended up being kind of a big deal: highlights included tmasky's mighty Crackstation, the debut of Beau Butler as an "ethical hacker" making Microsoft "look like turkeys", and of course the Kiwicon Hax0r Quiz, with the winner taking the grand prize of An Illustrated Guide to the Commoner Skin Diseases. Hope it came in handy for the post-con diagnosis phase, dude. This year, Kiwicon's own Bogan is already making anti-virus vendors quake in their little signature-laden booties at Defcon's Race to Zero, and the cauldron of 0h-0h-0hday in Brett Moore's secret Insomnia lair is bubbling over with pernicious brew. If you missed last Kiwicon (not "professional enough"? couldn't convince your boss it wasn't a hoax?) then find one of the 230+ people who were there and ask them if they're just-not-gonna-bother this year. [Venue] Our hosts for the weekend will, once again, be Victoria University of Wellington. If you have any memory of last year's Kiwicon, then it'll look disturbingly familiar. The campus has the advantage of being close to the center of the city and its' various amenities. This includes cheap accommodation, good coffee, and, more importantly, several good pubs serving good, non-Australian, beer. [Costs] Kiwicon2k8 is a non-profit, non-commercial, non-corporate-funded event. Attendance for the entire weekend will cost $50 for employed individuals (self-employed and salaried). There is a discounted rate of $30 for students and the unemployed. GST receipts can be issued upon request. If your management can't be convinced of the value of something that only costs $50, we're happy to issue you with some kind of personalised limited edition invitation in crayon, glitter pen, and macaroni (spray-painted gold for that luxe look) for the low enterprise-only price of $500. [Topics] Suggested topics include but are not limited to: - Crowd Control Techniques and Panic Modeling - Information Warfare / Industrial Espionage - Malware (Viruses, Spam, Phishing, Botnets) - Cellular Networks (GSM,GPRS,CDMA,3G,4G) - Application Security, Testing, Fuzzing - Government Spy Networks / Surveillance - Nanotechnology / Quantum Computing - Access Control and Authentication - Wireless / Bluetooth / Infrared - Social Engineering / Trolling - Breaking EAL Certified Kit - Forensics / Antiforensics - Banking / ATMs / Carding - Exploitation Techniques - Layer 1/2/3 Nastiness - Reverse Engineering - Phreaking / VoIP - Virtualisation - Web Security - Lockpicking - Biometrics - Hypnosis - Crypto - Ohday - 23 There is no pre-determined talk length but we ask that speakers limit their presentation to an hour, including some question time. Since Kiwicon is a non-profit organisation, there is no funding available for travel and/or accomodation, even for IT rockstars. However, if your talk is accepted, a formal letter will be provided for employer leverage, and almost certainly, unless you're a complete jackoff, people will try and buy you beer. To submit a presentation to Kiwicon2k8, send an email to cfp at kiwicon.org with the following information: Name or Handle: Country of Residence: Employer (if applicable): Presentation Title: Presentation Length: Presentation Synopsis: Brief Bio: [CFP Submissions] Please submit your CFP by email to cfp at kiwicon.org, no later than 8:47pm NZST, Sunday 17th August 2008. There will be two rounds of selection, with the first half of the talks chosen in early August, so submit early for a better chance of acceptance. [Contacts & Further Information] Email us: kiwicon at kiwicon.org Check the site: http://www.kiwicon.org/ Drop by silc: silc.isig.org.nz:2706/kiwicon Join the list: kiwicon-subscribe at lists.isig.org.nz Greetz and thanks to all who helped make Kiwicon 2k7 the awesomeness it was, we'll see you fuckers again this year. Thick, meaty props to Pipes for stepping up and making 2k7 happen. We would miss you, but Sharrow's just as tall, and better looking. Sorry pal. -- The Kiwicon Cr?e, 2k8 - Bogan, Metlstorm & Sharrow. \m/ [1] http://en.wikipedia.org/wiki/Ben_Hana From prabu at hackinthebox.org Fri May 2 21:41:50 2008 From: prabu at hackinthebox.org (Praburaajan) Date: Sat, 03 May 2008 09:41:50 +0800 Subject: [Dailydave] Photos and Presentation Materials from HITBSecConf2008 - Dubai Released Message-ID: <481BC2DE.9080308@hackinthebox.org> The codes, tools, exploits, slides and other presentation goodies from HITBSecConf2008 - Dubai are available for download! You will also find a 'bonus download' of the live recording of DJ Negative's set from the HITB Post Conference Party at the URL below :) http://conference.hitb.org/hitbsecconf2008dubai/materials/ The official photos from the training, conference and party have also been posted on-line at the HITB Photos page: http://photos.hitb.org/ === Don't forget that the Call for Papers for HITBSecConf2008 - Malaysia October 27th - 30th, Kuala Lumpur, Malaysia) will open on the 5th of May. We're back at The Westin Kuala Lumpur with an expanded program featuring an additional track (HITB Labs) to our usual dual-track conference, 4 keynote speakers and over 25 international experts joining them. We're expecting a 1000+ attendees from around the world to join us, so if you have something cool, new and unreleased you'd like to present - please do submit! See you in October! Warmest regards, The HITB Team From halvar at gmx.de Sun May 4 16:06:17 2008 From: halvar at gmx.de (Halvar Flake) Date: Sun, 04 May 2008 22:06:17 +0200 Subject: [Dailydave] NSA fixing bugs ? Message-ID: <481E1739.9010406@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey all, unfortunately, I haven't seen this news article in english yet: http://www.heise.de/newsticker/US-Regierung-will-zur-Cybersecurity-staerker-das-Offensivwissen-der-Geheimdienste-nutzen--/meldung/107362 The article essentially says that the decision has been made that "offensive" capabilities developed by US government institutions should be examined to determine potential "defensive" capabilities that arise from them. Does anyone on this list feel like speculating what this might imply ? Cheers, Halvar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIHhcvEeADZqHdZi0RAklfAKCC5duXIOxzkIq4/oialCKhaT3x4wCfWieU v5wIFi3UsWDnNHfLN87aewI= =CKmY -----END PGP SIGNATURE----- From dave at immunityinc.com Mon May 5 11:13:36 2008 From: dave at immunityinc.com (Dave Aitel) Date: Mon, 05 May 2008 11:13:36 -0400 Subject: [Dailydave] Anonymized post not from me. Message-ID: <481F2420.6050009@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anonymized post follows: Dave - Not normally an anonymous coward, but in this case, would appreciate it if you could please strip the originator meta data and forward to the list. Thank you! - -- Halvar et al, The original Washington Post article is at: http://www.washingtonpost.com/wp- dyn/content/article/2008/05/02/AR2008050201646.html My 5c on this is that given how poor inter-agency communication is on the most basic IO/IW topics, I highly doubt anything that gets turned into policy concerning use of offensive IO resources, for defensive means is going to have any teeth to it what-so-ever. Consider the likelihood of an offensive organization (say JTF/GNO) releasing the sploit they just dropped 50g's on, to some much larger defensive organization (in a less well controlled environment) so that they can can dream up a workaround / patch, that is going to have little (if any) impact on the defensive posture of the respective organization anyway. Assuming that some well funded foreign signals int group did possess the very same 0day that the US GOV just spent time working on defenses for, they're going to have 10 more up their proverbial sleeves anyway. The NSC needs to stop being a so idealistic with the cyber topic and start familiarizing itself with the realities of how things get done outside of the whitehouse. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIHyQgtehAhL0gheoRAljcAJ9t8+NBU8EilOnN9WMGS0PgH+Sp7gCePQo5 SUx03YbbP/B1xFonKMbZcvQ= =+Dlg -----END PGP SIGNATURE----- From jf at danglingpointers.net Mon May 5 18:13:39 2008 From: jf at danglingpointers.net (jf) Date: Mon, 5 May 2008 22:13:39 +0000 (UTC) Subject: [Dailydave] NSA fixing bugs ? In-Reply-To: <481E1739.9010406@gmx.de> References: <481E1739.9010406@gmx.de> Message-ID: well just going by what you said my guess is that it means 'hey, we should patch our systems from the 0day we buy' On Sun, 4 May 2008, Halvar Flake wrote: > Date: Sun, 04 May 2008 22:06:17 +0200 > From: Halvar Flake > To: dailydave at lists.immunityinc.com > Subject: [Dailydave] NSA fixing bugs ? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey all, > > unfortunately, I haven't seen this news article in english yet: > > http://www.heise.de/newsticker/US-Regierung-will-zur-Cybersecurity-staerker-das-Offensivwissen-der-Geheimdienste-nutzen--/meldung/107362 > > The article essentially says that the decision has been made that > "offensive" capabilities developed by US government institutions should > be examined to determine potential "defensive" capabilities that arise > from them. > > Does anyone on this list feel like speculating what this might imply ? > > Cheers, > Halvar > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFIHhcvEeADZqHdZi0RAklfAKCC5duXIOxzkIq4/oialCKhaT3x4wCfWieU > v5wIFi3UsWDnNHfLN87aewI= > =CKmY > -----END PGP SIGNATURE----- > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > From dan at geer.org Tue May 6 06:47:51 2008 From: dan at geer.org (dan at geer.org) Date: Tue, 06 May 2008 06:47:51 -0400 Subject: [Dailydave] reminder of upcoming deadline Message-ID: <20080506104751.4059133DCC@absinthe.tinho.net> Call for Participation MetriCon 3.0 Third Workshop on Security Metrics Tuesday, 29 July 2008, San Jose, California Overview Security metrics -- an idea whose time has come. No matter whether you read the technical or the business press, there is a desire for converting security from a world of adjectives to a world of numbers. The question is, of course, how exactly to do that. The advantage of starting early is, as ever, harder problems but a clearer field though it is very nearly too late to start early. MetriCon is where hard progress is made and harder problems brought forward. The MetriCon Workshops offer lively, practical discussion in the area of security metrics. It is a, if not the, forum for quantifiable approaches and results to problems afflicting information security today, with a bias towards practical, specific implementations. Topics and presentations will be selected for their potential to stimulate discussion in the Workshop. Past events are detailed here [1] and here [2]; see, especially, the meeting Digests on those pages. MetriCon 3.0 will be a one-day event, Tuesday, July 29, 2008, in San Jose, California, USA. The Workshop begins first thing in the morning, meals are taken in the meeting room, and work/discussion extends into the evening. As this is a workshop, attendance is by invitation (and limited to 60 participants). Participants are expected to "come with findings," to "come with problems," or, better still, both. Participants should be willing to discuss what they have and need, i.e., to address the group in some fashion, formally or not. Preference will naturally be given to the authors of position papers/presentations who have actual work in progress. Presenters will each have a short 10-15 minutes to present his or her idea, followed by a another 10-15 minutes of discussion. If you would like to propose a panel or a group of related presentations on different approaches to the same problem, then please do so. Also consistent with a Workshop format, the Program Committee will be steered by what sorts of proposals come in response to this Call. Goals and Topics Our goal is to stimulate discussion of, and thinking about, security metrics and to do so in ways that lead to realistic, early results of lasting value. Potential attendees are invited to submit position papers to be shared with all, with or without discussion on the day of the Workshop. Such position papers are expected to address security metrics in one of the following categories: Benchmarking of security technologies Empirical studies in specific subject matter areas Financial planning Long-term trend analysis and forecasts Metrics definitions that can be operationalized Security and risk modeling including calibrations Tools, technologies, tips, and tricks Visualization methods both for insight and lay audiences Data and analyses emerging from ongoing metrics efforts Other novel areas where security metrics may apply Practical implementations, real world case studies, and detailed models will be preferred over broader models or general ideas. How to Participate Submit a short position paper or description of work done or ongoing. Your submission must be brief -- no longer than five (5) paragraphs or presentation slides. Author names and affiliations should appear first in or on the submission. Submissions may be in PDF, PowerPoint, HTML, or plaintext email and must be submitted to metricon3 AT securitymetrics.org. These requests to participate are due no later than noon GMT, Monday, May 12, 2008 (a hard deadline). The Program Committee will invite both attendees and presenters. Participants of either sort will be notified of acceptance quickly -- by June 2, 2008. Presenters who want hardcopy materials to be distributed at the Workshop must provide originals of those materials to the Program Committee by July 21, 2008. All slides, position papers, and what-not will be made available to all participants at the Workshop. No formal academic proceedings are intended, but a digest of the meeting will be prepared and distributed to participants and the general public. (Digests for previous MetriCon meetings are on the past event pages mentioned above.) Plagiarism is dishonest, and the organizers of this Workshop will take appropriate action if dishonesty of this sort is found. Submission of recent, previously published work as well as simultaneous submissions to multiple venues is entirely acceptable, but only if you disclose this in your proposal. Location MetriCon 3.0 will be co-located with the 17th USENIX Security Symposium at the Fairmont Hotel in San Jose, California. Cost $225 all-inclusive of meeting space, materials preparation, and meals for the day. Important Dates Requests to participate: by May 12, 2008 Notification of acceptance: by June 2, 2008 Materials for distribution: by July 21, 2008 Workshop Organizers Dan Geer, Geer Risk Services, Chair Bob Blakley, The Burton Group Fred Cohen, Fred Cohen & Associates & California Sciences Institute Dan Conway, Indiana University Lloyd Ellam, Iceberg Networks Andrew Jaquith, The Yankee Group Elizabeth Nichols, PlexLogic Gunnar Peterson, Arctec Group Bryan Ware, Digital Sandbox Christine Whalley, Pfizer 1 http://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0 2 http://securitymetrics.org/content/Wiki.jsp?page=Metricon2.0 From bbinger123 at yahoo.com Wed May 7 02:35:04 2008 From: bbinger123 at yahoo.com (Bee Binger) Date: Tue, 6 May 2008 23:35:04 -0700 (PDT) Subject: [Dailydave] suggestion for pwnie award for lamest vendor response Message-ID: <98634.6999.qm@web56010.mail.re3.yahoo.com> An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080506/fcd6d7b0/attachment.htm From jim.geovedi at gmail.com Thu May 8 02:37:14 2008 From: jim.geovedi at gmail.com (Jim Geovedi) Date: Thu, 8 May 2008 13:37:14 +0700 Subject: [Dailydave] BCS2008 CFP Message-ID: <87d5db160805072337p33744c63k9f7f0f50381aebaa@mail.gmail.com> The call for papers and conference registration is now open for Bellua Cyber Security Asia 2008, our fourth annual information security & hacking conference. Speakers from numerous disciplines are invited to join Bellua Cyber Security Asia 2008 to discuss present and future information security and hacking issues through an intensive series of business and technical sessions and demonstrations. We invite proposals for paper presentations and demonstrations on any topic relevant to information security and hacking including but not limited to: Business Topics * ISO 27001?Information Security Management Systems (ISMS) * Business processes & security * Compliance management * Handling security failure & incidents * Banking security * Telecommunication security * Internet fraud * Security awareness * Social engineering * Privacy, anonymity, ethics * Cyberlaw and enforcement Technical Topics ================ * 0-day hacking & security * Penetration testing * Telecom security/phreaking * Secure programming * Reverse engineering * Exploit development * Computer forensics * Wireless security & hacking * Web application security * Cryptography * Spyware/malware/worm/virus * Physical security Your submission should include: 1. Name, title, address, email and phone number 2. Draft of the proposed presentation (in PDF, PowerPoint or Keynote format), proof of concept for tools and exploits, etc. 3. Short biography, qualification, occupation, achievement and affiliations (limit 150 words). 4. Summary or abstract for your presentation (limit 150 words) 5. Time (40-60 minutes). Include time for discussion and questions. 6. Technical requirements (video, internet, wireless, audio, etc.) Please send your proposal to bcs2008-cfp at bellua.com as soon as possible and no later than 30 September 2008. Proposals will be evaluated in the order received; submit early to maximise your chances of being selected. Each non-resident speaker will receive accommodation for 3 nights at the Hotel Mulia Senayan and Bellua Cyber Security Asia 2008 will cover travel expenses up to USD 1,000. We do not accept product, service or vendor related presentations. Bellua Cyber Security is endorsed by the Ministry of Communication and Information of Republic Indonesia and is hosted by Bellua Asia Pacific. Links: * Bellua Cyber Security Asia 2008 http://www.bellua.com/bcs/ * Bellua Cyber Security Annual Conferences in Facebook: http://www.facebook.com/group.php?gid=8357873979 From fw at deneb.enyo.de Wed May 7 15:38:41 2008 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 07 May 2008 21:38:41 +0200 Subject: [Dailydave] German/Afghanistan Trojan Horse Affair In-Reply-To: <48172E66.6010408@gmx.de> (Halvar Flake's message of "Tue, 29 Apr 2008 16:19:18 +0200") References: <48172E66.6010408@gmx.de> Message-ID: <87hcd9vr9a.fsf@mid.deneb.enyo.de> * Halvar Flake: > There's a lot of hoopla in German media about the german SIGINT folks > having to admit that they trojanized Afghanistan's Ministry of Commerce > and Industry. > (http://www.spiegel.de/international/germany/0,1518,550212,00.html) > > The entire situation is hilarious, And DER SPIEGEL cannot decide if Ms Koelbl's email messages were of a journalistic or a private nature. It's also not clear if Yahoo is hemorrhaging customer mail, or if the messages were actually intercepted at the minister's terminal. The latter has been claimed by just one news agency, and it hasn't been properly sourced. From dr at kyx.net Thu May 8 23:54:47 2008 From: dr at kyx.net (Dragos Ruiu) Date: Thu, 8 May 2008 20:54:47 -0700 Subject: [Dailydave] Final EUSecWest 2008 Speakers Message-ID: <200805082054.48088.dr@kyx.net> The selected papers for EUSecWest 2008 are: * PhlashDance, discovering permanent denial of service attacks against embedded systems - Rich Smith, HP Labs * Attacking Near Field Communications (NFC) Mobile Phones - Collin Muliner, trifinite * Abusing X.509 certificate features - Alexander Klink, Cynops GmbH * Phoenix, and automated vulnerability finding - Tim Burrell, Microsoft * Cisco IOS Rootkits - Sebastian Mu?iz, Core * Advances in attacking interpreted languages - Justin Ferguson, IOActive * One Token to Rule Them All: Post-Exploitation Fun in Windows Environments - Luke Jennings, MWR InfoSecurity * Building the bridge between the Web Application and the OS: GUI access through SQL Injection - Alberto Revelli, Portcullis * Satellite Systems - Adam Laurie, RFIDIOt.org * Browser Exploits - Attacks and Defense - Saumil Shah, Net Square * WebSphere MQ Security - Martyn Ruks, MWR InfoSecurity Paper synopses are now up on the website. This year there will be three Security Masters Dojo courses on May 19/20, including a new course from Foundstone: * Ultimate Web Hacking - Nick Murison, Foundstone, a division of McAfee * Advanced Honeypot Tactics - Thorsten Holz, Aachen University * The Exploit Laboratory - Advanced Edition Saumil Shah and Christopher Owen Net-Square and Consault cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K. May 21/22 - 2008 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp From meddington at gmail.com Wed May 14 13:53:21 2008 From: meddington at gmail.com (Michael Eddington) Date: Wed, 14 May 2008 10:53:21 -0700 Subject: [Dailydave] Peach 2.1 BETA2 Released Message-ID: <2db0cefa0805141053t609cd66j56a7f7a48ace1321@mail.gmail.com> The latest in the Peach 2 series has been posted. This release includes many bug fixes, features, improvements, and supersedes 2.0 as the recommended version to use. * Fuzzers written in XML by defining data definitions * Unittests to improve stability and reliability * Improved COM support including properties * Improved state machine * Fuzz network clients easily by listening for connections, not just creating them * Remote publishers allow sending data through a Peach Agent to a remote host * Improved Linux and OS X support via debugger.UnixGdb monitor (uses beta pygdb module) * Deterministic fuzzing will perform test count calculation in separate thread to speed fuzzing * Improved documentation. See the Peach 2 Tutorial which is quickly becoming the Peach 2 Guide :) http://peachfuzz.sf.net (website) http://sourceforge.net/project/showfiles.php?group_id=149840 (downloads) http://code.google.com/p/pygdb (pygdb) Peach 2 Training is available at BlackHat Vegas http://blackhat.com/html/bh-usa-08/train-bh-usa-08-lv-fuzzing.html -mike From dailydave at digitaloffense.net Wed May 14 16:29:08 2008 From: dailydave at digitaloffense.net (H D Moore) Date: Wed, 14 May 2008 15:29:08 -0500 Subject: [Dailydave] Debian OpenSSL Fun Message-ID: <200805141529.08655.dailydave@digitaloffense.net> http://metasploit.com/users/hdm/tools/debian-openssl/ From dave at immunityinc.com Thu May 15 13:05:59 2008 From: dave at immunityinc.com (Dave Aitel) Date: Thu, 15 May 2008 13:05:59 -0400 Subject: [Dailydave] Debian, or lack thereof. Message-ID: <482C6D77.4040907@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ah, the pain that is debian right now. When will the worm come out to twist the knife? Funny image: http://img502.imageshack.us/img502/2996/pmeo9hcjp7aw9.jpg In unrelated news - I'm slowly coming out of my hole and getting back to work, so you now have a new place to flame me: http://www.securityfocus.com/columnists/472/2 - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFILG12tehAhL0gheoRAlkOAJ45KXtzbwz8k3nvycjG0FX00MmN+gCY4AH3 xcG5Ly9umxGH65R0SKxLFQ== =OiJ6 -----END PGP SIGNATURE----- From morin.josh at gmail.com Thu May 15 13:34:08 2008 From: morin.josh at gmail.com (Joshua Morin) Date: Thu, 15 May 2008 13:34:08 -0400 Subject: [Dailydave] Debian, or lack thereof. In-Reply-To: <482C6D77.4040907@immunityinc.com> References: <482C6D77.4040907@immunityinc.com> Message-ID: <1917baa40805151034p2a6aea1egb5d6f53ec9427d23@mail.gmail.com> Another funny image: http://imgs.xkcd.com/comics/random_number.png On Thu, May 15, 2008 at 1:05 PM, Dave Aitel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ah, the pain that is debian right now. When will the worm come out to > twist the knife? > > Funny image: http://img502.imageshack.us/img502/2996/pmeo9hcjp7aw9.jpg > > In unrelated news - I'm slowly coming out of my hole and getting back to > work, so you now have a new place to flame me: > http://www.securityfocus.com/columnists/472/2 > > - -dave > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD4DBQFILG12tehAhL0gheoRAlkOAJ45KXtzbwz8k3nvycjG0FX00MmN+gCY4AH3 > xcG5Ly9umxGH65R0SKxLFQ== > =OiJ6 > -----END PGP SIGNATURE----- > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080515/1e1d4c94/attachment.htm From jon.passki at hursk.com Fri May 16 08:52:00 2008 From: jon.passki at hursk.com (Jon Passki) Date: Fri, 16 May 2008 07:52:00 -0500 Subject: [Dailydave] Debian, or lack thereof. In-Reply-To: <1917baa40805151034p2a6aea1egb5d6f53ec9427d23@mail.gmail.com> References: <482C6D77.4040907@immunityinc.com> <1917baa40805151034p2a6aea1egb5d6f53ec9427d23@mail.gmail.com> Message-ID: On Thu, May 15, 2008 at 12:34 PM, Joshua Morin wrote: > > Another funny image: http://imgs.xkcd.com/comics/random_number.png And another: http://imgs.xkcd.com/comics/security_holes.png > On Thu, May 15, 2008 at 1:05 PM, Dave Aitel wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Ah, the pain that is debian right now. When will the worm come out to >> twist the knife? >> >> Funny image: http://img502.imageshack.us/img502/2996/pmeo9hcjp7aw9.jpg >> >> In unrelated news - I'm slowly coming out of my hole and getting back to >> work, so you now have a new place to flame me: >> http://www.securityfocus.com/columnists/472/2 >> >> - -dave >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD4DBQFILG12tehAhL0gheoRAlkOAJ45KXtzbwz8k3nvycjG0FX00MmN+gCY4AH3 >> xcG5Ly9umxGH65R0SKxLFQ== >> =OiJ6 >> -----END PGP SIGNATURE----- >> >> _______________________________________________ >> Dailydave mailing list >> Dailydave at lists.immunitysec.com >> http://lists.immunitysec.com/mailman/listinfo/dailydave > > > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > -- Cheers, Jon Passki, Partner The Hursk Group, LLC "Obvia conspicimus, nubem pellente Mathesi." e: jon.passki at hursk.com ph: 651/222.3020 cal: http://www.google.com/calendar/hosted/hursk.com/embed?src=jon.passki%40hursk.com pgp: 1BB0 A946 927B 93C3 ED6A 0466 6692 6C2C 84BE 4122 From meissner at suse.de Fri May 16 11:04:25 2008 From: meissner at suse.de (Marcus Meissner) Date: Fri, 16 May 2008 17:04:25 +0200 Subject: [Dailydave] Debian, or lack thereof. In-Reply-To: References: <482C6D77.4040907@immunityinc.com> <1917baa40805151034p2a6aea1egb5d6f53ec9427d23@mail.gmail.com> Message-ID: <20080516150424.GA20538@suse.de> On Fri, May 16, 2008 at 07:52:00AM -0500, Jon Passki wrote: > On Thu, May 15, 2008 at 12:34 PM, Joshua Morin wrote: > > > > Another funny image: http://imgs.xkcd.com/comics/random_number.png > > And another: > http://imgs.xkcd.com/comics/security_holes.png He seems to be missing the point that Ubuntu was affected though. Ciao, Marcus From prabu at hackinthebox.org Fri May 16 23:33:05 2008 From: prabu at hackinthebox.org (Praburaajan) Date: Sat, 17 May 2008 11:33:05 +0800 Subject: [Dailydave] CFP for HITBSecConf2008 - Malaysia now open Message-ID: <482E51F1.6000608@hackinthebox.org> Hello from Malaysia! The Call for Papers (CFP) for the 6th Hack In The Box Security Conference in Malaysia (27th - 30th October 2008) is now open. We've got some really cool stuff lined up this year including an open-hack competition for charity, a third track in the conference (hitb-labs), 4 keynote speakers + 30 international experts, the usual team based capture the flag competition, a new wireless (bluetooth, rfid, 802.11) village and lock picking village! Summaries not exceeding 1250 words should be submitted (in plain text format) to cfp -at- hackinthebox.org for review and possible inclusion in the programme. Submissions are due no later than 30th of June 2008 TOPICS Topics of interest include, but are not limited to the following: # 3G/4G Cellular Networks # Apple / OS X security vulnerabilities # SS7/Backbone telephony networks # Analysis of network and security vulnerabilities # Firewall technologies # Intrusion detection # Data Recovery, Forensics and Incident Response # HSDPA and CDMA Security # Identification and Entity Authentication # Network Protocol and Analysis # Smart Card and Physical Security # Virus and Worms # WLAN, RFID and Bluetooth Security # Analysis of malicious code # Applications of cryptographic techniques # Analysis of attacks against networks and machines # File system security PLEASE NOTE: We do not accept product or vendor related pitches. If your talk involves an advertisement for a new product or service your company is offering, please do not submit. Your submission should include: # Name, title, address, email and phone/contact number # Short biography, qualification, occupation, achievement and affiliations (limit 250 words). # Summary or abstract for your presentation (limit 1250 words) # Technical requirements (video, internet, wireless, audio, etc.) Each non-resident speaker will receive accommodation for 2 nights/3 days. For each non-resident speaker, HITB will cover travel expenses up to USD 1,000.00. HITBSecConf2008 - Malaysia - Sponsorship Options For an opportunity to position your company as a major supporter of this event, we have several sponsorship packages which offers an extensive variety of direct and exclusive mechanisms for pre-event exposure and direct business generation during the event. If you are interested in further details regarding sponsorship of HITBSecConf2008 - Malaysia, please contact us. === On a related note, the keynote presentation videos from HITBSecConf2008 - Dubai is also now available for download from here: Day 1 Keynote: http://materials.hitbsecconf.org/hitbsecconf2008dubai/videos/Keynote-1.mov Day 2 Keynote: http://materials.hitbsecconf.org/hitbsecconf2008dubai/videos/Keynote-2.mov See you guys in October! The HITB Team. From ferruh at mavituna.com Mon May 19 10:25:27 2008 From: ferruh at mavituna.com (Ferruh Mavituna) Date: Mon, 19 May 2008 15:25:27 +0100 Subject: [Dailydave] DoS attacks using SQL Wildcards Message-ID: <6dc88c3c0805190725q660fd2fah4ef7023d19d7dcda@mail.gmail.com> This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers using only the search field present in most common web applications. It can be downloaded from http://www.portcullis-security.com/uplds/wildcard_attacks.pdf Majority of the Microsoft SQL Server based web applications are vulnerable to this attack. Other databases could be vulnerable depending on how the applications implement search functionalities although common implementation of the search functionality in SQL Server back-end applications is vulnerable. There are real world scenarios and detailed analysis in the paper which explains and shows the impact of this attack. Regards, -- Ferruh Mavituna From dave at immunityinc.com Mon May 19 16:00:03 2008 From: dave at immunityinc.com (Dave Aitel) Date: Mon, 19 May 2008 16:00:03 -0400 Subject: [Dailydave] Bouncing with PHP Message-ID: <4831DC43.5050506@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There are lots of operating systems that are not within Immunity's direct focus for whatever reason. But when you're hip-deep in a network, you don't want to hear "I can't bounce that exploit through a ten year old AIX webserver". One solution is to spend lots of time writing MOSDEF back-ends for every platform under the sun. The other one is to write MOSDEFSock implementations in a bunch of interpreted languages, and hope the target has PHP, Perl, Python, or Java installed. Not in that order, probably. So recently we updated the PHP trojan to support MOSDEF-Sock, and you can see a little demo of it working here: http://www.immunityinc.com/documentation/php_demo.html This is good for two reasons: 1. Lots of things have PHP so you know you always have the ability to install a callback trojan on them you can bounce through even if you can't execute real binaries. 2. All of the PHP Include and PHP Eval() bugs can now be used to directly bounce other attacks through, without ever loading code on the target system. This makes forensics harder and is convenient to boot! Hurrah! As a side note, for those of you with iTunes you can now download Flight of The Conchords, which is about two kiwi musicians and is quite funny. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIMdxCtehAhL0gheoRAo8XAJ0Q4VLCWkYSxsdcb+VW9TIaqVWFtACfY7Cl iT6xkmTCAJcX4GBfXO5rp4g= =1ir2 -----END PGP SIGNATURE----- From jeremy at austin.ibm.com Mon May 19 17:08:41 2008 From: jeremy at austin.ibm.com (Jeremy Kelley) Date: Mon, 19 May 2008 16:08:41 -0500 Subject: [Dailydave] Bouncing with PHP In-Reply-To: <4831DC43.5050506@immunityinc.com> References: <4831DC43.5050506@immunityinc.com> Message-ID: <20080519210841.GA14694@ark.ibm.com> Quoting Dave Aitel (dave at immunityinc.com): [snipped] > 1. Lots of things have PHP so you know you always have the ability to > install a callback trojan on them you can bounce through even if you > can't execute real binaries. > > 2. All of the PHP Include and PHP Eval() bugs can now be used to > directly bounce other attacks through, without ever loading code on the > target system. This makes forensics harder and is convenient to boot! > Hurrah! I think we're going to see a lot more of this for a couple of reasons. 1) the interp'd languages are so mature now. I want to upload/download something to/from your box and http does that quite well and will pass through firewalls. I don't have ot reinvent the wheel each time. Python's motto is "batteries included" referring to the libraries that are included. Ever looked at just what's enabled in a default install of PHP on the big linux distros? Everything. 2) Seems that php/python/ruby is what most people really are comfortable using now. Schools are even starting to teach php and python as secondary languages for projects, etc so the userbase just builds on itself. > As a side note, for those of you with iTunes you can now download Flight > of The Conchords, which is about two kiwi musicians and is quite funny. Youtube has a bunch also, which works on linux. :) -j -- Jeremy Kelley Sr. Threat Analyst gpg 1024D/E0DF8B2D 4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D That's the problem with science. You've got a bunch of empiricists trying to describe things of unimaginable wonder. -Bill Watterson From dr at kyx.net Mon May 19 22:48:48 2008 From: dr at kyx.net (Dragos Ruiu) Date: Mon, 19 May 2008 19:48:48 -0700 Subject: [Dailydave] Some security related information :) Message-ID: <2D7EDF16-CE45-4456-AB70-B095B073BFBC@kyx.net> I think most folks here will find these of interest :-): http://eusecwest.com/sebastian-muniz-da-ios-rootkit.html http://eusecwest.com/justin-ferguson-interpreter-vm-attacks.html http://eusecwest.com/collin-mulliner-near-field-communication.html http://eusecwest.com/alexander-klink-ssl-vulnerabilities.html http://eusecwest.com/alberto-revelli-gui-access-by-sql-injection.html http://eusecwest.com/saumil-shah-browser-exploits.html cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K. May 21/22 - 2008 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080519/4a5b3bb3/attachment.htm From paul at securityexperiment.com Tue May 20 11:32:03 2008 From: paul at securityexperiment.com (Paul Battista) Date: Tue, 20 May 2008 10:32:03 -0500 (EST) Subject: [Dailydave] DoS attacks using SQL Wildcards Message-ID: <10893.206.213.251.47.1211297523.squirrel@securityexperiment.com> Great description of using SQL wildcards to perform a DoS! I often use wildcards to test for the existence of a SQL injection vulnerability. Most times you do not need to put increased load on a database in order to determine if it is vulnerable. You can first find a generic query that returns specific results and then craft a query with wildcards where you expect the same result. For example: ?username=bob Should return same results as: ?username=bo[a-z] ?username=bo[abc] But the following will fail to return the same results: ?username=bo[cde] My recommendation to clients has been to treat these like any other SQL injection vulnerability. First queries must be parameterized so that user input never affects SQL logic. For example, the above query for "bo[a-z]" will literally search for that string and not a string that starts in "bo" and ends in any character a through z. Only as a secondary control to prevent against SQL injection, developers should whitelist or blacklist user input. Paul Battista > This paper discusses abusing Microsoft SQL Query wildcards to consume > CPU in database servers using only the search field present in most > common web applications. > > It can be downloaded from > http://www.portcullis-security.com/uplds/wildcard_attacks.pdf > > Majority of the Microsoft SQL Server based web applications are > vulnerable to this attack. Other databases could be vulnerable > depending on how the applications implement search functionalities > although common implementation of the search functionality in SQL > Server back-end applications is vulnerable. > > There are real world scenarios and detailed analysis in the paper > which explains and shows the impact of this attack. > > > Regards, > > -- > Ferruh Mavituna > _______________________________________________ > Dailydave mailing list > Dailydave at lists.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > From jeremy at austin.ibm.com Tue May 20 18:48:40 2008 From: jeremy at austin.ibm.com (Jeremy Kelley) Date: Tue, 20 May 2008 17:48:40 -0500 Subject: [Dailydave] Bouncing with PHP In-Reply-To: <5BA9127B88DFD347AE9A8F1C05A6E08B024F2E8C@exchange04.terremark.org> References: <4831DC43.5050506@immunityinc.com> <20080519210841.GA14694@ark.ibm.com> <5BA9127B88DFD347AE9A8F1C05A6E08B024F2E8C@exchange04.terremark.org> Message-ID: <20080520224840.GA4581@ark.ibm.com> Suhosin helps immensely by the simple fact that it disables remote file inclusions. That one feature alone would have stopped about 90% (made up statistic, don't know...) of the php app attacks from the last couple of years and before declare_globals was defaulted off. -j Quoting John Dangler (jdangler at terremark.com): > How does Suhosin affect the odds in a PHP5 web application? -- Jeremy Kelley Sr. Threat Analyst gpg 1024D/E0DF8B2D 4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D That's the problem with science. You've got a bunch of empiricists trying to describe things of unimaginable wonder. -Bill Watterson From dave at immunityinc.com Wed May 21 09:53:43 2008 From: dave at immunityinc.com (Dave Aitel) Date: Wed, 21 May 2008 09:53:43 -0400 Subject: [Dailydave] Hyper-V Message-ID: <48342967.7050007@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So recently I installed Hyper-V RC1 on a Windows Server 2008 machine and I wanted to share my experience. Essentially modern Linux that is not Ubuntu is hard to install on anything, since half the time it doesn't see your CDRom and half the time it doesn't see your SATA hard drive. This is also true with installing Linux on Hyper-V in my experience. Fedora, Centos, etc. all failed. I'm not man enough to install Gentoo, but I assume it works. Ubuntu 7.10 does NOT work. It won't even boot - this is a known bug in Ubuntu and not Hyper-V's fault. Nothing installed on Hyper-V except Ubuntu 8.04. And yes, I tried all sorts of kernel options on the init line. (See below for details of various attempts) However, Ubuntu 8.4 works great, as long as you have the "legacy network adapter" installed. The text framebuffer linux uses is really really slow under Hyper-V, which makes installing it a bit weird, but once you've got the system installed you don't really care. And it can do snapshots and all the other things we've come to expect from a modern hypervisor. If you google for information on Hyper-V, you really don't find anything useful, but for future users: Just go straight to Ubuntu 8.04 + legacy network adapters and you'll be ok. Other notes: You may think you can get the SuSE drivers to work with Linux so you don't need the legacy adapter. This is not true. To get the fast networking you need to install a Xen kernel, and then some special drivers, and it's just going to be hell on earth unless every linux vendor does a U-turn and starts supporting Hyper-V specifically. It's not a real option now for anyone but a Microsoft engineer. The "howto" Microsoft provides is a Office 2007 document, which you can read in OpenOffice 2.3 or above, but which should be a ODF/PDF since people doing this don't all have Office 2007. That document says to do this, once you have the integration tools on your Linux machine: ./setup.pl drivers /boot/grub/menu.lst What they really meant was just ./setup.pl drivers, which will say success even when it fails. Networking not working? : modprobe -v tulip to get the emulated legacy dec network driver up and running if Ubuntu doesn't see it immediately. Specific boot issues for the record: Fedora 9 and Centos 5.1 (x64) both fail trying to find the CDRom drive after loading the kernel successfully. (ATA issue? For what it's worth they have the same issue on our real-iron server). With CentOS I tried to set it up for network install, but it failed to DHCP off the legacy network controller. OpenSuse 10.3 x64 can't even load the installer (same bug as Ubuntu 7.10) - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFINClmtehAhL0gheoRAhFQAJ47hY9oFUkoVBaE3y6AVrvbUshM+QCfap5Q c20sWIQk82ODXJFaSGsMPIc= =GANh -----END PGP SIGNATURE----- From c0d3rz_team at yahoo.com Fri May 23 02:03:09 2008 From: c0d3rz_team at yahoo.com (Kaveh Razavi) Date: Thu, 22 May 2008 23:03:09 -0700 (PDT) Subject: [Dailydave] Hyper-V In-Reply-To: <48342967.7050007@immunityinc.com> Message-ID: <639592.78641.qm@web36802.mail.mud.yahoo.com> Gentoo installation is not as hardcore as it used to be: http://mirror.mcs.anl.gov/pub/gentoo/releases/amd64/2008.0_beta2/livedvd even stage3 installation doesn't bother a lot if you are looking for a stable release: http://www.gentoo.org/doc/en/gentoo-x86-quickinstall.xml and after it is up and running you wouldn't want to change it with the world. Kaveh ';" type="text/css"> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080522/824dc4af/attachment-0001.htm From listuser at nvlabs.in Mon May 26 08:02:10 2008 From: listuser at nvlabs.in (listuser at nvlabs.in) Date: Mon, 26 May 2008 17:32:10 +0530 Subject: [Dailydave] Accessing Bitlocker volumes from linux Message-ID: <483AA6C2.1060206@nvlabs.in> Might be useful for understanding the Internals of BitLocker Encryption system Vista . NVbit is a linux fuse driver to access Windows Vista's BitLocker Volumes from linux, provided you have the right keys. A white-paper and supporting presentation is also available. The research was done around an year ago.Work was stopped prematurely, Don't expect things in clean/finished shape.The code is in alpha state. Both the paper and presentation are incomplete draft versions. However, missing things can be referred from NVbit source code. NVbit allows read-only access.(Though writing can be done just in reverse order but still it doesn't exist for now). Presentation,white-paper & tool( For Accessing Bitlocker volumes from linux ) is available at: http://www.nvlabs.in/node/9 Regards, Nitin Kumar. From dave.aitel2 at gmail.com Tue May 27 19:38:18 2008 From: dave.aitel2 at gmail.com (Dave Aitel) Date: Tue, 27 May 2008 19:38:18 -0400 Subject: [Dailydave] Collisions Message-ID: <5af738920805271638k269163feq7d15a2b07c345dec@mail.gmail.com> Kostya and I flew into Hong Kong last night for SyScan 08 HK. For some people Asia is an addition - for me I admit it's at least a mild intoxicant. I never really got into Europe traveling. Maybe Europe is like a fine wine with subtle flavors that takes experience and skill to appreciate, but it always feels too familiar to me. Last night Kostya and I had goose webs and snow fungus for dinner - not our standard fare. On the way to the hotel here our cab driver hit an old woman crossing the street. She ragdolled against the car, bounced off onto the street, and then got up and walked away looking more sad than angry. In any case, hope to see you here! -dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080527/adf9c77f/attachment.htm From cryptreaper at gmail.com Wed May 28 07:16:38 2008 From: cryptreaper at gmail.com (Cryptreaper) Date: Wed, 28 May 2008 16:16:38 +0500 Subject: [Dailydave] Possible Google Account loophole Message-ID: Hi, There is a slight possibility that an attacker can guess password of a google account due to a possible loop hole in their captcha system. It happens when a user tries to login to a Google account with a wrong password for a number of times, the system challenges the user with a captcha. If the attacker enters both wrong password and captcha they are given a warning that they have entered wrong username/password as well as captcha text not being correct. Also if only the user name/password if wrong, the warning message says wrong password. But if the user name password combination is correct but ONLY captcha test fails, the user is given only the captcha warning. This means that user name /password combination was correct and thus the attacker (which could be an automated bot) need not provide correct captcha text in order to figure out the password. From dan57170 at yahoo.com Fri May 30 05:41:23 2008 From: dan57170 at yahoo.com (H. Daniel Regalado Arias) Date: Fri, 30 May 2008 02:41:23 -0700 (PDT) Subject: [Dailydave] WebScarab .NET SSL Error Message-ID: <16875.34019.qm@web30203.mail.mud.yahoo.com> Hi Friends, I  am testing a .NET-SSL enabled web application, and i discovered a possible SQL Injection, then because of lack of space in the input field of the form, i start trying to use a Proxy like WebScarab or Acunetix, but after submit the request through this proxies the application stops responding  and i am not able to inject any code. I think could be because of .NET certificate trust validation, if so? Do you know how to bypass this issue? Have you ever been able to test an https .NET application through a Proxy? Thanks in Advanced. Danux, ____________________________________________________________________________________ Yahoo! Deportes Beta ?No te pierdas lo ?ltimo sobre el torneo clausura 2008! Ent?rate aqu? http://deportes.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080530/a99e56cc/attachment.htm From dave.aitel2 at gmail.com Fri May 30 17:59:14 2008 From: dave.aitel2 at gmail.com (Dave Aitel) Date: Fri, 30 May 2008 17:59:14 -0400 Subject: [Dailydave] The paradox of our security measures Message-ID: <5af738920805301459uf2d8a10k36cf7cbb890a4c5e@mail.gmail.com> I like the smaller security conferences better. Big conferences are like weddings - just enough time to remind people you're still alive and pass along a phone number or email address. There's usually less media glare and so speakers can avoid the prostrations necessary to avoid painful PR battles and just get straight to the technical facts. For example, one of the speakers demonstrated 4 different vulnerabilities in various anti-virus products. It was just part of the talk, not meant as publicity whoring. One thing I liked as well was Thomas Lim's introductions which provided a context to the talks. Recently the Hong Kong police have had confidential information leakage via a P2P program called "Foxy", for example. Likewise the Beijing Olympic tickets are going to have RFID chips with everyone's name and address, passport number, picture, birthday, and anything else an identity thief would want. It's a great way to build up a huge database, I guess, but based on Adam Laurie's excellent talk, anyone 60 feet around you can just pick that information right out of the air. Like Anti-Virus and IDS, RFID is another cool example of how adding a security measure ends up reducing your security. -dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080530/230bbaf2/attachment.htm