BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Pentabarf//Schedule 0.3//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALDESC;VALUE=TEXT:0sec09 Schedule Release 1.0 X-WR-CALNAME;VALUE=TEXT:0sec09 Schedule X-WR-TIMEZONE;VALUE=TEXT:Europe/Berlin BEGIN:VEVENT METHOD:PUBLISH UID:30@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091016T200000 DTEND;TZID=Europe/Berlin:20091016T210000 DURATION:PT1H00M SUMMARY:Are you sure you are who you say you are\, and how do you know ? - Introduction to biometric recognition DESCRIPTION: Biometric devices and systems have appeared everywhere in various incarnations\, from fingerprint scanners at the borders to 3D face matchers in private banks. Despite the diversity\, the core scie ntific principles stay the same. This talk givesa firm foundation for understanding a number of biometric recognition techniques\,by insisti ng on the scientific and engineering background they share in signal p rocessingand pattern recognition.We will cover the principles of signa l acquisition\, feature extraction\, modellingand recognition\, evalua tion\, and datasets for popular modalities such as face\,fingerprints\ , speech\, signature\, and others. The math will be kept to the legal minimum. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/30.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Jonas Richiardi":i nvalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:43@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091016T233000 DTEND;TZID=Europe/Berlin:20091017T000000 DURATION:PT0H30M SUMMARY:Coreboot Research Update DESCRIPTION: Last year's talk about coreboot focused on basics and sec urityproperties of coreboot. In the meantime\, a lot of interestingdev elopments have happened. People have proposed to use the embeddedcontr ollers in laptops for trojan horses\, and locking down machinesagainst casual attackers has become easier\, while sophisticated attackshave become harder to detect. Embedded controller vendors have opened upsom ewhat and major chipset vendors have opened their docs and evencontrib uted code. At the same time\, some companies try to introduce evenmore secrecy and undocumented blobs into the BIOS/EFI world.This talk focu ses on the challenges in today's firmware world\, how theyrelate to se curity\, and what to expect next. A technical explanation ofthe constr aints of firmware programming and associated securitymechanisms will b e given. If desired\, generic coreboot questions aboutmainboard/chipse t/processor support will be answered as well. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/43.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Carl-Daniel Hailfi nger":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:32@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T110000 DTEND;TZID=Europe/Berlin:20091017T120000 DURATION:PT1H00M SUMMARY:doors opening CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/32.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:34@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091016T170000 DTEND;TZID=Europe/Berlin:20091016T180000 DURATION:PT1H00M SUMMARY:doors opening DESCRIPTION: Let's start 0sec 2009. We open our doors at 18:00. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/34.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:28@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T163000 DTEND;TZID=Europe/Berlin:20091017T173000 DURATION:PT1H00M SUMMARY:Exposing Crypto Bugs through reverse engineering DESCRIPTION: Breaking good crypto is hard\, but so is programming cryp to correctly.The easiest way to break a system is thus often to revers e engineer thecrypto and to find the bugs. We will demonstrate this wi th three systemsthat were broken in our audits:- The FIPS 142-3 level 2 certified MXI stealth USB key (before it gotpatched)- A version of t he E-capsule private safe from EISST- Data Beckers now defunct Private Safe software CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/28.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Philippe Oechslin" :invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:42@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091016T230000 DTEND;TZID=Europe/Berlin:20091016T233000 DURATION:PT0H30M SUMMARY:Flashrom and BIOS rootkits DESCRIPTION: BIOS rootkits have been a major topic in the last few mon ths and variouspeople have claimed that such rootkits are impossible t o detect\, whileothers claim that detection is possible with the help of some sideeffects of the rootkits.This talk focuses on the history o f BIOS rootkits\, the current situationon the market\, and on detectin g rootkits and other undesirablemodifications of the firmware in your computer\, and finally on theability (or lack thereof) to clean up any existing infection. The toolsfor such analysis and recovery are expla ined and there will be a smalldemo of the usage. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/42.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Carl-Daniel Hailfi nger":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:37@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091016T213000 DTEND;TZID=Europe/Berlin:20091016T223000 DURATION:PT1H00M SUMMARY:Forget AV Signatures\, they haven’t been crucial for years DESCRIPTION: Most people still think that modern Anti Virus rely mainl y onsignatures\, which is wrong. Others think signatures are long dead \, whichis wrong as well ;-) The fact is\, AV signatures are still use d in somecases\, but there are more crucial parts that do the main wor k Today.Learn strength and weaknesses of newer methods like behavior b aseddetection\, reputation based white listing (don’t care about clo uds) orapplication policy based protection. And clear up some myth fro m the AV CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/37.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Candid Wüest":inv alid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:38@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091018T143000 DTEND;TZID=Europe/Berlin:20091018T153000 DURATION:PT1H00M SUMMARY:Fun with Firefox Extensions DESCRIPTION: Firefox is a very popular browser. Its open designed fram ework makes iteasy to extend the functionality either by changing the core codedirectly or by creating extension plug-ins that work on multi ple OSs.Any installed extension has the same full rights as the browse r itselfand can do quite some mischief\, similar to BHOs in IE. This i ncludesfile I/O\, network sockets\, registry etc. and all that cross p latform. Anideal starting point for an attacker\, don't you think.Lear n what current malware does with FF extensions\, how they hide. Seehow easy it is to create a bot or Trojan as FF extension\, making it runi nside the browser\, cross platform\, stealing data etc. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/38.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Candid Wüest":inv alid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:41@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T230000 DTEND;TZID=Europe/Berlin:20091018T000000 DURATION:PT1H00M SUMMARY:GSM protocol fuzzing and other fun things you can do to GSM DESCRIPTION: With the recent availability of more Free Software for GS M protocols\, such asOpenBSC\, GSM protocol hacking is no longer off-l imits. Everyone can play withthe lower levels of GSM communications.I t's time to bring the decades of TCP/IP security research into the GSM world\,sending packets incompatible with the state machine\, sending wrong lengthfields and actually go all the way to fuzz the various lay ers of the GSMprotocol stack. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/41.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Harald Welte":inva lid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:27@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T153000 DTEND;TZID=Europe/Berlin:20091017T163000 DURATION:PT1H00M SUMMARY:Lugh - The malware data collector DESCRIPTION: Current online malware analysis systems (e.g.\, Joebox\, Anubis\, NormanSandbox\, CW Sandbox\, Threat Expert) generate behavior datacharacterizing the malware being analyzed. The behavior data typi callyconsists of calls to the operating system kernel and relatedsubsy stems\, and API calls in user space. In some cases this data isinsuffi cient to understand the workings of a malware sample andadditional dat a - describing system behavior more deeply - needs to beavailable to t he malware analyst. Examples of "deep data" arehistories of file modif ications\, including the actual contents of thefiles being modified\, histories of full memory traces\, etc. Currently\,such information is recovered manually using debuggers and similartools. The goal of the Lugh project is to develop a novel deep data capturingtool that overco mes the limitations of existing tools. Lugh iscurrently able to captur e complete file modification and memory changehistories\, stack back t races\, partial instruction traces andscreenshots on Windows operating systems. The memory inspectionfeatures allow to track self-modifying code and eventually to unpackpacked code by using a novel efficient me mory analysis algorithm. Infact\, first tests have shown that Lugh is able to unpack the code ofall widely used and publicly available packe rs. Lugh is implemented as a kernel driver in C++ and uses kernel mod edetour hooking to capture system events. Compared to\, e.g.\, emulato rbased analysis systems\, it is thus relatively hard to detect andevad e.In this talk\, we are going to give an indepth discussion of thefeat ures and some implementation aspects of Lugh. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/27.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Stefan Bühlmann": invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:33@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T190000 DTEND;TZID=Europe/Berlin:20091017T213000 DURATION:PT2H30M SUMMARY:Lunch CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/33.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:36@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T130000 DTEND;TZID=Europe/Berlin:20091017T140000 DURATION:PT1H00M SUMMARY:Making a link between law and hacking DESCRIPTION: The thrill of fame due to hacking expertise has now evolv ed into a profit making exercise. This session will take a simple look at how law and business are adapting to this new technological danger . The objective is to highlighting the general trends - good or bad - that present hack attacks are instigating within the world that surrou nds us. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/36.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Federico Pagiola": invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:31@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T213000 DTEND;TZID=Europe/Berlin:20091017T223000 DURATION:PT1H00M SUMMARY:Please have your e-passport and fingertips ready please! - Tec hniques\, issues and challenges in the global move to biometric passpo rts DESCRIPTION: Biometric passports are increasingly mandatory for citize ns in industrialised countriesand others. Where did the trend come fro m? Beyond the politico-legal aspects\, deployments of such systems to populations in the millions are bound to come withvery challenging pro blems. In this talk\, we'll review the technical background of ICAO e- passports and investigate issues that are likely to appear.We will cov er biometric data quality issues\, acquisition ergonomics\,age-related issues\, interoperability of biometric data/templates/decision thresh olds\,large-scale population effects and the Zoo\, the information con tent of biometrics\,and reversibility and synthetic forgeries. Time pe rmitting we'll also dig intoprivacy-preserving biometric templates.Thi s talk builds on the technical principles explained in my first talk\, "introduction to biometric recognition". CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/31.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Jonas Richiardi":i nvalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:29@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091018T130000 DTEND;TZID=Europe/Berlin:20091018T140000 DURATION:PT1H00M SUMMARY:Scanning teh Internet - Developing and Using a Distributed Por t Scanner for Educational Purposes DESCRIPTION: Ever wondered what you would be able to accomplish if you had a chance toactually scan every Ip Adress on the Net? - Hold Your breath.For the last two years NiceNameCrew has been researching a lot of ITsecurityTopics and publishing good Tools and Information forResea rchers/Hackers/Admins.I know we have been quiet for a few months now ( after sending ourmembers asspeakers to a whole lot of it security cons ). But beeing quiet doesnt meanwe have something cool in the making. S o Here we go!This is acutally the Corresponding Talk to the release of the newest addionin our set of publication.A distributed port scannin g 'framework' called snaqx! It is a toolused to perform grand scale sc ans on networks aswell as scanning onespecificnetwork from a whole lot of computers (so the scanning creates less noise ona possible iDS or iPS).After having explained what snaqx is\, i would like to bring your attentionto what this talk is about. Its about scanning your own or y our companysnetwork to provided better security. Participents will lea rn how to acutallyscan effectivly\, what to look out for and how to ha ndle the results.We are aware\, possibly everyone in the it field know s about port scannin\,however you would be supprised how many individu als never ever performeda scan or how often you get a answer like: " w e have nmap for that" butwhen they acutally need to scan something the y are totally frustated withquestions like: "what port scanning method to choose". "Wtf is thedifferencebetween tcp_connect\, tcp_syn\, xmas scan and so on".We will of corse not only provide participents with t he base knowlege toget stuff done. We are also going to Publish result s of our grand scalenetwork scans on the "Internet".Therefore this tal k provides a nice bridge between beginners Materialsand Experts knowle ge. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/29.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="natano":invalid:no mail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:40@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T180000 DTEND;TZID=Europe/Berlin:20091017T190000 DURATION:PT1H00M SUMMARY:Tearing down the fences - Why politics and Free Software belon g together DESCRIPTION: What does software have to do with politics? What goals a re FreeSoftware activists trying to reach\, and how do we do it? How d o webring the computer's binary logic together with the messy compromi seof politics?Free Software was a political project from the start. Wh en we want toshare knowledge\, we need to get rid of the technological and legalfences that are holding us back. But how?This talk will expl ain how the Free Software Foundation Europe worksto change the way in which our society manages knowledge. It pointsout possibilities to do political work for Free Software while keepingyour sanity. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/40.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Karsten Gerloff":i nvalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:39@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091017T140000 DTEND;TZID=Europe/Berlin:20091017T150000 DURATION:PT1H00M SUMMARY:Voice security and privacy - Confidentiality protection\, toda y solutions and upcoming technologies and standards DESCRIPTION: The changes of telecommunication market\, from telco mono polist of the80's to multiple operators working across different count ries\, alongwith the diffusion of new technologies like VoIP completel y changed therules and the needs of law enforcement that are required to interceptcommunications\, and of private citizen that want to prote ct theirprivacy.An overview analysis of voice protection and voice int erceptiontechnologies available now and in the near future\, used and usable byprivate and by governments will be shown.Technical\, politica l and jurisdictional issues about interception andprotection systems w ill be presented.Zphone\, VPN\, voice security standards\, passive int erceptiontechnologies\, tactical interception technologies\, satellite relatedissue\, ETSI lawful interception rules\, national european and northamerican laws\, the chinese threat are part of the information t hat willbe presented.A new "open standard" secure telephony protocol\, based on ZRTP anddeveloped jointly with Philip Zimmermann\, will be i ntroduced andpresented compared to other available technologies. CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/39.en.html LOCATION:Talk ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Fabio Pietrosanti" :invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:35@0sec09@pentabarf.org DTSTART;TZID=Europe/Berlin:20091016T180000 DTEND;TZID=Europe/Berlin:20091016T190000 DURATION:PT1H00M SUMMARY:welcome apéritif CLASS:PUBLIC STATUS:CONFIRMED CATEGORY:Lecture URL:/fahrplan/2009/events/35.en.html LOCATION:Lounge ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="0sec orga team":in valid:nomail END:VEVENT END:VCALENDAR