Category Archive

A presentation and paper on Reverse engineering JTAG at the 26th Chaos Communication Congress is now available to download here:

http://events.ccc.de/congress/2009/Fahrplan/track/Hacking/3670.en.html

Other Hacking and reverse engineering papers and talks from the conference can be found here:

http://events.ccc.de/congress/2009/Fahrplan/index.en.html

The hacking track is here:

http://events.ccc.de/congress/2009/Fahrplan/track/Hacking/index.en.html

It might not be because they are secure, but simply because the ROI is just a mere phone handset! Add to that the device, OS, and carrier variations.

Read more here:
http://mobile.slashdot.org/article.pl?sid=09/03/25/1238246&from=rss
and here:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Mobile+and+Wireless&articleId=9130346&taxonomyId=15&pageNumber=1

Watch in on Fora.tv to see the whole transcript as in the Pouge video in the previous post.

The video is Long (32 Minutes!).
- It starts with a parody song (as usual!).
- 3:35 Trends for 2009
- 4:30 VoIP cell phones
- 6:40 VoIP on Mobile Phones with T-Mobile (By the way BT has it too!)
- 10:40 Grand Central: A service that rings all your phone numbers at once at the same time on a single number! Watch the demo
- 12:50 Google Cellular: Free SMS and Voice initiated 411 directory enquiry service
- 16:25 1800 Cha Cha: Ask any question by voice and get answer by text
- 18:00 Voice Messagase by email or SMS services e.g. spinvox, PhoneTag and CallWave
- 21:00 More on Callwave and a feature demo
- 22:35 Popularity Dialer .com
- 23:50 iPhone beginings. How iPhone changed US carriers
- 25:00 iPhone with internet all the time
- 26:30 iPhone shuffle and App Store apps demos like: Midomi, Pandora, Urban Spoon
- 28:30 T-Mobile G1 and Verizon
- 29:30 End with a Song: The iPhone Song

The LayerOne 2008 talk by David Hulton titled: Intercepting Mobile Phone/GSM

Visit the GSM Hakcing WIKI at:
http://wiki.thc.org/gsm
The USRP is available at: http://www.ettus.com
Learn more about the GNU RADIO project at: http://www.gnu.org/software/gnuradio

David is the Chairman of Toorcon

MyPhone2008.com

An interesting news article about the work of BT (formerly British Telecom), Glamorgan University, Australia’s Edith Cowan University and Sim Lifecycle Services where researchers recovered data from handsets from mobile phone recycling companies:

Mobile phones can never be totally wiped clean of data

To get more information on the research at Edith Cowan University and its upcoming conferences please visit SECAU Security Research Centre’s website:

http://www.secau.org/

Here are some published refereed journal and conference papers to give you an idea of what to expect for the Edith Cowan University conferences in December:

- Valli, C. and A. Jones (2008). A study of 2nd Hand Blackberry for sale - World class security foiled by humans. Proceedings of the 2008 World Congress in Computer Science, Computer Engineering, and Applied Computing - SAM 2008 - The 2008 International Conference on Security & Management., Las Vegas, USA.

- Al-Zarouni, M. (2007, 3rd December, 2007). Introduction to Mobile Phone Flasher Devices and Considerations for their Use in Mobile Phone Forensics. Paper presented at the The 5th Australian Digital Forensics Conference, Edith Cowan University, Mount Lawley Campus, Western Australia.

- Yap, L. F., & Jones, A. (2007, 3rd December, 2007). Profiling Through a Digital Mobile Device. Paper presented at the The 5th Australian Digital Forensics Conference, Edith Cowan University, Mount Lawley Campus, Western Australia.

- Yap, L. F., & Jones, A. (2007). Deleted Mobile Device’s Evidence Recovery:. Paper presented at the Media and Information-War Conference 2007, Kaula Lumpur, Malaysia.

You can register to attend Edith Cowan University’s conferences here:

http://conferences.scis.ecu.edu.au/

Hope to see you there

Here is a link to the T-Mobile G1 website where you can play around with a basic emulator without having to download the SDK. You can also get a basic guide on features here:
http://tmobile.modeaondemand.com/htc/g1/

A more functional emulator can be downloaded with the Android SDK here:
http://code.google.com/android/reference/emulator.html

Finally here is a good video Introduction on Android OS for Developers. A must see if you have anything to do with the Android Platform(WARNING: 52 MINUTES LONG!):

More demo videos on user interface and applications can be found on the Android developer site:
http://code.google.com/android/index.html

Here is one of them to get you started:

Where: Chicago, Illinois, USA.

When: 8-10 May 2008

What: World’s first conference to be dedicated to performing Mobile Device Forensics.

How much:  Registration prior to March 1, 2008: $250 and after $300USD

More details can be found on the official website:

http://mobileforensicsworld.com/

Speakers include:
Rick Ayers, NIST
Sam Brothers, CBP
Michael Harrington, MSP
Wayne Jansen, NIST
Gary Kessler, Champlain College
Ben LeMere, USCG
Kyle Lutes, Purdue University
Agents from Matrix Solutions
Kevin Mansell, Control-F
Rick Mislan, Purdue University
Lee Reiber, MFI
Amber Schroader, Paraben
Greg Smith, TrewMTE
Workshop Sessions in:
Cellebrite UME36
Cellular Data Resources
Control-F
CSurv Cell Site Analysis
DataPilot
Pandora’s Box
Paraben Forensics
Project-A-Phone

The First International Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia will be held in Adelaide, South Australia from January 21st to 24th 2008. Call for Papers closes on September 28th 2007. Topics include data mining, multimedia source identification, image tamper detection and data carving. For more information please visit the conference website.

Preliminary Call for Papers
 The First ACM Conference on Wireless Network Security (WiSec ‘08)
          
When: March 31 - April 2, 2008, Alexandria, Virginia, USA.

WiSec aims at exploring attacks on wireless networks as well as techniques to thwart them.

Topics include:

- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attacker modeling
- Incentive-aware secure protocol design
- Jamming
- Cross-layer design for security
- Monitoring and surveillance
- Computationally efficient cryptographic primitives

The considered wireless networks encompass cellular, metropolitan,
local area, vehicular, ad hoc, satellite, underwater, and sensor
networks as well as RFID.

Important dates:

Paper submissions due: September 15, 2007
Notification of acceptance: December 10, 2007
Camera-ready version due: January 15, 2008
Conference: March 31 - April 2, 2008

WiSec results from the merger of three workshops:
- ESAS (European Workshop on the Security of Ad Hoc and Sensor
 Networks)
- SASN (ACM Workshop on the Security of Ad Hoc and Sensor Networks)
- WiSe (ACM Workshop on Wireless Security)

For more information, go to:

http://discovery.csc.ncsu.edu/WiSec08/

Venue: Sheraton by the Creek,Dubai, UAE.
Duration: 2-5 April 2007

Details:
Date: 2nd April 2007
Time: 0900 - 1800
Item: 4-tracks Hands-On Technical Training (Day 1)

Date: 3rd April 2007
Time: 0900 - 1800
Item: 4-tracks Hands-On Technical Training (Day 2)

Date: 4th April 2007
Time: 0800 - 1600
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 1)

Date: 5th April 2007
Time: 0800 - 1600
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 2)

Hands-On Technical Training
TECH TRAINING 1 - Advanced Web Application & Services Hacking
Trainer: Shreeraj Shah (Director, Net-Square)

TECH TRAINING 2 - Tactical VoIP : Applied VoIPhreaking
Trainer: The Grugq (Independent Network Security Researcher)

TECH TRAINING 3 -Structured Network Threat Analysis and Forensics
Trainer: Meling Mudin (spoonfork) and Lee Chin Shing (geek00l)

TECH TRAINING 4 - Packetmastering the Monkey Way
Trainers: Dr. Jose Nazario (Senior Software Engineer, Arbor Networks)

Keynote Speakers
1.) Mikko Hypponen (Chief Research Officer, F-Secure Corp)
2.) Lance Spitzner (Founder, Honeynet Project.)

Invited Speakers (alphabetical order)
1.) Anthony Zboralski (Founder, HERT & PT. Bellua Asia Pacific)
2.) Emmanuel Gadaix (Founder, Telecom Security Task Force, TSTF)
3.) Fabrice Marie (Manager, FMA-RMS Singapore/Malaysia)
4.) Jim Geovedi (Member of HERT & Security Consultant, PT Bellua Asia Pacific)
5.) Dr. Jose Nazario (Senior Software Engineer, Arbor Networks)
6.) Raoul Chiesa (Board of Directors Member@ Mediaservice.net ISECOM Group & TSTF)
7.) Roberto Preatoni (Founder, Zone-H Defacement Mirror)
8.) Shreeraj Shah (Director, Net-Square)
9.) The Grugq (Independent Network Security Researcher)
10.) Window Snyder (Chief Security Something-or-Other, Mozilla Foundation)

Links:
http://conference.hitb.org/hitbsecconf2007dubai/
http://conference.hackinthebox.org/hitbsecconf2007dubai/?p=56
News Links:
http://star-techcentral.com/tech/story.asp?file=/2007/2/5/corpit/20070205183948&sec=corpit
http://www.itp.net/news/details.php?id=23403&category=
Thanks David for the heads up

Takes place 11th-12th December 2006. In Sheikh Rashid Hall, Dubai International Convention Centre, Dubai, UAE.

Visit their website at:  http://www.hackerhalted.ae

It takes place from August 13 to 15, 2007 in Pittsburgh, USA. Call for Papers is open untill April 6, 2007. For more information, please go to:
http://computer.forensikblog.de/en/2006/10/dfrws_2007.html

The forum is organized by the Dubai School of Government, in partnership with the Ash Institute for Democratic Governance and Innovation, at the Kennedy School of Government - Harvard University. The objective is to facilitate the development of capacity for innovation in the Arab public sector, creating a knowledge base of innovations, and establishing a network of Arab innovators. The purpose of the Forum is to bring together ‘theory’ and ‘practice’ and to create a meeting space for policy makers, governance innovators, academics, social activists, representatives of the media, and all those concerned with improving governance.

Link:
http://www.dsg.ae/iig/conference.htm

Thanks Dr. Bigdeli

Two weeks ago I have been in Cambridge at XI ICCRP symposium were we had a speech on network centric principles and world cargo security. With Barbara Torell, who is an expert on advanced risk management, we wrote a paper on network centric principles and world cago security. Paper and presentation on the web site are not updated but are useful to have a clue of what we did. The title of the document is misleading, because the paper got an unexpect direction ending up to exposures of maritime supply chain but also on how complex adaptive systems manage their inner force (you can find more useful the presentation on this topic) and reasons for which law agencies at all levels (from upper military down to city bodies) should improve efforts for information sharing .

The good news for all aussie friends is that the best paper was the one written by Celina Pascoe and Irena Ali from DSTO “Network Centric Warfare and the New Command and Control: An Australian Perspective”.

All papers are available at CCRP web site in the Events section.

It was also my pleasure to meet Dr. Alberts - CCRP director, Dr. E. Smith (author of the EBO book on which I loosed more than one night to prepare exams on information warfare) with which we talked about boundaries and complexity, Dr. Hayes from EBR and Anne-Marie Grisogono still form DTSO author of very interesting papers I read during the research.

Well, all in all it was a very intersting conference and a great opportunity to meet some of best minds arounds.

I wish once again thank ECU professor Mr. Bill Hutchinson (my previous lecturer when I was a Perth student) who gave some interesting hints on which we worked during the writing.

See you next year in Newport, Rhode Island.

 

In August, the IEEE released IEEE.tv, its Internet broadcasting network, which features coverage of IEEE conferences, interviews with IEEE book authors, primers on technology-related careers, and overviews of IEEE products and services.

IEEE.tv comes in two formats: the Member/Basic format, available only to members, can be accessed through the myIEEE members-only portal (www.ieee.org/myieee), while the freely available Public Access format (www.ieee.org/ieeetv) offers information about careers in technology and engineering and offers demonstrations of new technology used in everyday applications. The presence of a padlock-shaped icon in the margin of a program indicates that it’s only for member access.

Link:
http://www.ieee.tv

I haven’t been to Defcon for a while now (2001) and I miss all the show and tell part of it.  I was browsing thesecure.net today and I found a link to this article:
http://www.tgdaily.com/2006/08/30/defcon2006_janus_project/

It has 8 cards and it can sniff data from up to 300 networks at one time. It can also crack WEP, WPA, and WPA2 keys quickly. Best of all, the off switch stops everything instantly, and the hard disk is AES 256 bit encrypted! To start the computer back up again a USB key with a 2000-bit passkey and a password must be entered…. Respect!

This kind of stuff you just don’t see in the corner of your friend’s apartment (at least not my friends)… You need to go all the way to Las Vegas to see it.

The 2006 RNSA conference will be held in Canberra and will showcase research fostered by the RNSA, with a focus on current issues in Australian CIP and comparisons with overseas experiences. The conference will feature the latest science, engineering and technology (SET) and social sciences developments designed to enhance national security. There conference will also include an Industry Exhibition.  The conference is part of the 5th Homeland Security Summit & Exposition which is held between 19-21 of September 2006.Link:
http://www.secureaustralia.org/Activities/AnnualConference.php

Program:
http://www.safeguardingaustraliasummit.org.au/Program.html#rnsaprogram

National Vulnrabilities Database’s upcoming sister project, the National Checklist Program (NCP), will be offering a repository of security configuration guidance for popular software. These checklists will be provided in standards-based machine readable formats ingestible by compliant COTS vulnerability scanning tools as well as in English prose.

Link:
http://www.cccure.org/modules.php?name=News&file=article&sid=1004

Download the USA 2006 breifings from the Blackhat website:
http://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#us-2006

Second International Conference on Security and Privacy in Communication Networks takes place in Baltimore, MD, USA, between Aug. 28 and Sep. 1, 2006.  For more information please visit:

http://www.securecomm.org/

Read more on it on Domber’s Basecamp!

Link:
http://code-foundation.de/?p=31
for more blackhat news, go to google news:
http://news.google.com/news?hl=en&ned=us&q=blackhat

UPDATE: Read http://code-foundation.de/?p=69

Important Dates: Conference: 25-26 July 2006 • Exhibition: 24-26 July 2006

The conference is co-organised by National ICT Security and Emergency Response Centre (NISER). The list of speakers includes John Meakin, Group Head of Information Security, Standard Chartered Bank, UK;  Steve Orlowski, ex-Chair, APEC e-Security Task Group, Former Special Adviser IT Security Policy, Information and Security Law Division, Attorney-General’s Department, Australia. In addition to some (ISC)2 board members such as Howard Schmidt, Former Cyber-Security Advisor to the President of the USA and Professor Corey D. Schou, PhD, University Professor of Informatics & Information Systems, Associate Dean, College of Business, Idaho State University.

Registration for (ISC)2 members is US$380 and US$420 for others.

Link:
http://www.informationsecurityasia.com/home.htm

SCISSEC 2006 Conferences 

The conferences official website is http://scissec.scis.ecu.edu.au/conferences. The conferences will run concurrently and will be held on the ECU Mount Lawley Campus in Perth, Western Australia on 4th and 5th December 2006. The conferences are:

• 4th Australian Digital Forensics Conference
• 7th Australian Information Warfare Conference
• 4th Australian Information Security Management Conference

Important Dates (All Conferences)
Papers Due 1st October, 2006
Feedback 1st November, 2006
Final Papers Due 15th November,2006