a private security event for friends Berne Berne 2009-10-16 2009-10-18 3 1.0 11:00 00:30 20:00 01:00 Talk biointro Introduction to biometric recognition Talks Lecture English Biometric devices and systems have appeared everywhere in various incarnations, from fingerprint scanners at the borders to 3D face matchers in private banks. Despite the diversity, the core scientific principles stay the same. This talk gives a firm foundation for understanding a number of biometric recognition techniques, by insisting on the scientific and engineering background they share in signal processing and pattern recognition. We will cover the principles of signal acquisition, feature extraction, modelling and recognition, evaluation, and datasets for popular modalities such as face, fingerprints, speech, signature, and others. The math will be kept to the legal minimum. Jonas Richiardi 21:30 01:00 Talk avsignatures Talks Lecture English Most people still think that modern Anti Virus rely mainly on signatures, which is wrong. Others think signatures are long dead, which is wrong as well ;-) The fact is, AV signatures are still used in some cases, but there are more crucial parts that do the main work Today. Learn strength and weaknesses of newer methods like behavior based detection, reputation based white listing (don’t care about clouds) or application policy based protection. And clear up some myth from the AV Candid Wüest 23:00 00:30 Talk flashrom Talks Lecture English BIOS rootkits have been a major topic in the last few months and various people have claimed that such rootkits are impossible to detect, while others claim that detection is possible with the help of some side effects of the rootkits. This talk focuses on the history of BIOS rootkits, the current situation on the market, and on detecting rootkits and other undesirable modifications of the firmware in your computer, and finally on the ability (or lack thereof) to clean up any existing infection. The tools for such analysis and recovery are explained and there will be a small demo of the usage. Carl-Daniel Hailfinger 23:30 00:30 Talk coreboot Talks Lecture English Last year's talk about coreboot focused on basics and security properties of coreboot. In the meantime, a lot of interesting developments have happened. People have proposed to use the embedded controllers in laptops for trojan horses, and locking down machines against casual attackers has become easier, while sophisticated attacks have become harder to detect. Embedded controller vendors have opened up somewhat and major chipset vendors have opened their docs and even contributed code. At the same time, some companies try to introduce even more secrecy and undocumented blobs into the BIOS/EFI world. This talk focuses on the challenges in today's firmware world, how they relate to security, and what to expect next. A technical explanation of the constraints of firmware programming and associated security mechanisms will be given. If desired, generic coreboot questions about mainboard/chipset/processor support will be answered as well. Carl-Daniel Hailfinger 17:00 01:00 Lounge dooropenfriday Other English Let's start 0sec 2009. We open our doors at 18:00. 0sec orga team 18:00 01:00 Lounge welcomeapero Other English 0sec orga team 13:00 01:00 Talk linklawhacking Talks Lecture English The thrill of fame due to hacking expertise has now evolved into a profit making exercise. This session will take a simple look at how law and business are adapting to this new technological danger. The objective is to highlighting the general trends - good or bad - that present hack attacks are instigating within the world that surrounds us. Federico Pagiola 14:00 01:00 Talk voicesecurity Confidentiality protection, today solutions and upcoming technologies and standards Talks Lecture English The changes of telecommunication market, from telco monopolist of the 80's to multiple operators working across different countries, along with the diffusion of new technologies like VoIP completely changed the rules and the needs of law enforcement that are required to intercept communications, and of private citizen that want to protect their privacy. An overview analysis of voice protection and voice interception technologies available now and in the near future, used and usable by private and by governments will be shown. Technical, political and jurisdictional issues about interception and protection systems will be presented. Zphone, VPN, voice security standards, passive interception technologies, tactical interception technologies, satellite related issue, ETSI lawful interception rules, national european and north american laws, the chinese threat are part of the information that will be presented. A new "open standard" secure telephony protocol, based on ZRTP and developed jointly with Philip Zimmermann, will be introduced and presented compared to other available technologies. Fabio Pietrosanti 15:30 01:00 Talk lugh The malware data collector Talks Lecture English Current online malware analysis systems (e.g., Joebox, Anubis, Norman Sandbox, CW Sandbox, Threat Expert) generate behavior data characterizing the malware being analyzed. The behavior data typically consists of calls to the operating system kernel and related subsystems, and API calls in user space. In some cases this data is insufficient to understand the workings of a malware sample and additional data - describing system behavior more deeply - needs to be available to the malware analyst. Examples of "deep data" are histories of file modifications, including the actual contents of the files being modified, histories of full memory traces, etc. Currently, such information is recovered manually using debuggers and similar tools. The goal of the Lugh project is to develop a novel deep data capturing tool that overcomes the limitations of existing tools. Lugh is currently able to capture complete file modification and memory change histories, stack back traces, partial instruction traces and screenshots on Windows operating systems. The memory inspection features allow to track self-modifying code and eventually to unpack packed code by using a novel efficient memory analysis algorithm. In fact, first tests have shown that Lugh is able to unpack the code of all widely used and publicly available packers. Lugh is implemented as a kernel driver in C++ and uses kernel mode detour hooking to capture system events. Compared to, e.g., emulator based analysis systems, it is thus relatively hard to detect and evade. In this talk, we are going to give an indepth discussion of the features and some implementation aspects of Lugh. Stefan Bühlmann 16:30 01:00 Talk exposingcrypto Talks Lecture English Breaking good crypto is hard, but so is programming crypto correctly. The easiest way to break a system is thus often to reverse engineer the crypto and to find the bugs. We will demonstrate this with three systems that were broken in our audits: - The FIPS 142-3 level 2 certified MXI stealth USB key (before it got patched) - A version of the E-capsule private safe from EISST - Data Beckers now defunct Private Safe software Philippe Oechslin 18:00 01:00 Talk tearingdownfences Why politics and Free Software belong together Talks Lecture German What does software have to do with politics? What goals are Free Software activists trying to reach, and how do we do it? How do we bring the computer's binary logic together with the messy compromise of politics? Free Software was a political project from the start. When we want to share knowledge, we need to get rid of the technological and legal fences that are holding us back. But how? This talk will explain how the Free Software Foundation Europe works to change the way in which our society manages knowledge. It points out possibilities to do political work for Free Software while keeping your sanity. Karsten Gerloff 21:30 01:00 Talk biopass Techniques, issues and challenges in the global move to biometric passports Talks Lecture English Biometric passports are increasingly mandatory for citizens in industrialised countries and others. Where did the trend come from? Beyond the politico-legal aspects, deployments of such systems to populations in the millions are bound to come with very challenging problems. In this talk, we'll review the technical background of ICAO e-passports and investigate issues that are likely to appear. We will cover biometric data quality issues, acquisition ergonomics, age-related issues, interoperability of biometric data/templates/decision thresholds, large-scale population effects and the Zoo, the information content of biometrics, and reversibility and synthetic forgeries. Time permitting we'll also dig into privacy-preserving biometric templates. This talk builds on the technical principles explained in my first talk, "introduction to biometric recognition". Jonas Richiardi 23:00 01:00 Talk gsm Talks Lecture English With the recent availability of more Free Software for GSM protocols, such as OpenBSC, GSM protocol hacking is no longer off-limits. Everyone can play with the lower levels of GSM communications. It's time to bring the decades of TCP/IP security research into the GSM world, sending packets incompatible with the state machine, sending wrong length fields and actually go all the way to fuzz the various layers of the GSM protocol stack. Harald Welte 11:00 01:00 Lounge openingday2 Orga Other 0sec orga team 19:00 02:30 Lounge lunchday2 Food Other 0sec orga team 13:00 01:00 Talk scanningtheinternet Developing and Using a Distributed Port Scanner for Educational Purposes Talks Lecture English Ever wondered what you would be able to accomplish if you had a chance to actually scan every Ip Adress on the Net? - Hold Your breath. For the last two years NiceNameCrew has been researching a lot of IT security Topics and publishing good Tools and Information for Researchers/Hackers/Admins. I know we have been quiet for a few months now (after sending our members as speakers to a whole lot of it security cons). But beeing quiet doesnt mean we have something cool in the making. So Here we go! This is acutally the Corresponding Talk to the release of the newest addion in our set of publication. A distributed port scanning 'framework' called snaqx! It is a tool used to perform grand scale scans on networks aswell as scanning one specific network from a whole lot of computers (so the scanning creates less noise on a possible iDS or iPS). After having explained what snaqx is, i would like to bring your attention to what this talk is about. Its about scanning your own or your companys network to provided better security. Participents will learn how to acutally scan effectivly, what to look out for and how to handle the results. We are aware, possibly everyone in the it field knows about port scannin, however you would be supprised how many individuals never ever performed a scan or how often you get a answer like: " we have nmap for that" but when they acutally need to scan something they are totally frustated with questions like: "what port scanning method to choose". "Wtf is the difference between tcp_connect, tcp_syn, xmas scan and so on". We will of corse not only provide participents with the base knowlege to get stuff done. We are also going to Publish results of our grand scale network scans on the "Internet". Therefore this talk provides a nice bridge between beginners Materials and Experts knowlege. natano 14:30 01:00 Talk ffextensions Talks Lecture English Firefox is a very popular browser. Its open designed framework makes it easy to extend the functionality either by changing the core code directly or by creating extension plug-ins that work on multiple OSs. Any installed extension has the same full rights as the browser itself and can do quite some mischief, similar to BHOs in IE. This includes file I/O, network sockets, registry etc. and all that cross platform. An ideal starting point for an attacker, don't you think. Learn what current malware does with FF extensions, how they hide. See how easy it is to create a bot or Trojan as FF extension, making it run inside the browser, cross platform, stealing data etc. Candid Wüest