Archive for March, 2013

20th DFN CERT Workshop

Monday, March 25th, 2013

I was fortunate enough to be able to attend this year’s DFN Workshop which happened to be an anniversary as the event turned 20. Needless to say that I didn’t make all 20 ;-) Well, I did a few anyway.

The keynote was surprisingly political. Marcus J. Ranum (Tenable Network Security) talked about Cyberwar – A Matter of Logistics and Privilege and made witty and thoughtful points. So he asked questions such as whether Stuxnet was an act of terrorism and whether its victims could sue the US to get their damages reimbursed. Highly interesting subject, highly interesting speaker.

Jan Ole Malchow presented “distPaste”, a HTML 5 based webapp that uses all the browsers to store data. So a distributed storage. Might be related to the fun project FillDisk.com.

Jens Liebchen from the awesome Redteam Pentesting did again a nice presentation this year. They got a new “Multi Function Printer” like a Canon C5051i (so a huge thing…) and had certain requirements regarding its security. He presented a threat model and shared some insights he gained while dealing with the vendor, and, more importantly, after having analysed the machine himself. It turns out that the device has a regular hard drive and runs some flavour of Linux with a big BLOB for their services. However, data was found to be spread over the partitions even though they bought a licence for “secure deletion” of data. They, rightfully, did not expect to find traces of their print or scan jobs. He mentioned that the security properties of such devices were not assessed yet. So there are loads of toys to play with.

Also funny was the work of Benjamin Kahler and Steffen Wendzel who did “Wardriving against building automation“. Basically, the question was how easy it is to break into a network and remote control the building, i.e. open doors and windows. Turns out, there are standard products which are not well secured and the deployment is usually not done properly either, so that network boundaries either don’t exist or can be passed easily.

The security of Android-App’s SSL/TLS usage was presented by Matthew Smith. They examined many many “Apps”, decompiled them and statically analysed how well they handle various conditions when building up a TLS connection. Apparently, many programs just do not care about the security properties of their TLS connection so that they just disable the verification of the certificate chain. The model is said to be too complex and too burdensome to set up during development. They also recommended to introduce a new privilege, namely sending data unencryptely. So that a user could select that an application must not transfer data as plain text.

Besides listening to the talks and chatting to people, I tried to get on the wireless in the hotel. Turns out, they interfere with your traffic, i.e. they block everything and redirect your web traffic to present you a landing page from which you are supposed to log in to the gratis wireless. The credentials to be entered were the room number and the last name of a guest of that room. Well, given the speakers and attendees list (or some knowledge of popular names in the region) it seems easy enough to just poke some data in and hope for the best. Or, instead of doing that manually, have a program doing that for you. Voila, je vous presente “petitelysee”. A simple Python script to try to log in to a landing page. As I’ve said, it’s the result of three hours or so work. So it’s not very nicely done and I obviously didn’t try it out. It has just been coded in a way that I *think* might work.

GNOME.Asia 2013 is now Calling for Papers

Wednesday, March 6th, 2013

A shameless copy from over there:

GNOME.Asia 2013 is calling for papers. GNOME.Asia Summit is Asia’s GNOME user and developer conference, spreading the knowledge of GNOME across Asia. The conference will be held in NIPA Business Center, Sangam-dong Seoul, Korea on May 24 -25, 2013. The conference follows the release of GNOME 3.8, helping to bring new desktop paradigms that facilitate user interaction in the computing world. It will be a great place to celebrate and explore the many new features and enhancements to the ground breaking GNOME 3 release and to help make GNOME as successful as possible.

Call for Papers

Submit a Talk!

Important Information

The deadlines:

  • Submission: March 8th, 2013
  • Notification of Acceptance: March 15th, 2013

Conference:

  • Conference Date: May 24th – 25th , 2013
  • Venue: Nuritkum Square – Business tower(3F, 4F), Sangam-dong 1605, Mapo-gu, Seoul, Korea

Main Topics

Possible topics include, but are not limited to

    1. How to Promote/Contribute to GNOME in Asia
      • GNOME Marketing
      • Promotion of Free and Open Source Software
      • How to run a Local GNOME User Group
      • Asia Success Stories/Local GNOME Projects
      • GNOME and Education
      • GNOME Outreach Program for Women
      • Google Summer of Code
    2. Hacking GNOME
      • Lastest Development in GNOME
      • GNOME 3 & GNOME 3 Usability
      • GNOME Human Interface Engineering (Icons and Graphic Design)
      • Bugsquadding in GNOME
      • GNOME Accessibility
      • GNOME 3 Coding How-to
    3. Adapting GNOME to New Types of Devices
      • Develop GNOME on mobile device, like smart phone, tablet PC
      • Develop GNOME on embedded system or open source hardware
      • On-going Projects, Success Stories
      • Find FOSS Friendly Hardware Manufacturers
    4. Localization & Internationalization
      • Translation
      • Input Methods
      • Fonts
    5. Other topics

Any topics related to free and open source which are not listed above is still welcome.

Lightning talks

A five-minutes presentation to demonstrate your work or promote an interesting topic. Reservation and on-site application are both accepted.

A standard session at GNOME.Asia 2013 will be scheduled as 45 mins (35 mins talk + 10 mins Q&A). Please take into consideration any time you will need for preparation. The session could be a technical talk, panel discussion, or BOF.

If you’d like to share your knowledge and experience at GNOME.Asia 2013, please fill in the form at http://2013.gnome.asia/cfp before March 8th, 2013. Please provide a short abstract about your proposal (under 150 words). Include your name, biographical information, a photo suitable for the web, a title, and a description of your presentation . The reviewing team will evaluate the entries based on the submitted abstracts and available time in the schedule. You will be contacted before March 15th, 2013 on whether your submission has been accepted or not.

All interested contributors are highly encouraged to send in their talks. Please help us to spread the invitation to other potential participants. Even you do not plan to be a speaker, please consider joining GNOME.Asia 2013. This is going to be a great event!