Termin:Chaotic Congress Cinema Nr. 35

Aus Attraktor Wiki

Wechseln zu: Navigation, Suche


Chaotic Congress Cinema Nr. 35

Beginn:

19.10.2011 20:00

Ende:

19.10.2011 22:00


Needs to be there, but does not need to be seen by a visitor Yes Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter Chaotic Congress Cinema.

hacking smart phones

expanding the attack surface and then some

There's been a fair bit written and presented about smartphone's, and yet, when it comes to the attack surface of the operating systems running on them, and the applications running on top of those, much still has to be explorer. This talk will dive a bit deeper into that attack surface.

This talk will take a look at the smart phone attack surface, only from and end-to-end point of view. the baseband type stuff and things owned by the telco's will not be covered. Basically, it'll cover 5 major areas:


  1. identifying operating systems (through for example the user-agent with mms)
  2. identifying entrypoints
  3. identifying trust boundaries
  4. identifying bugs
  5. exploiting bugs


There has been a fair amount of cellphone and smartphone reseach done in the past, and yet, when it comes to attack surface, we've barely scratched the surface. SMS alone allows for a dozen or so different types of messages, there's mms, all sorts of media codecs are build into smart phones. The entrypoints can be roughly categorized as:

primary entypoints: - zero-click remote attacks over default communication network (sms, mms, ...) secondary entrypoints: - zero- click remote attacks over non-default communication network (email, ...) tertiary entrypoints: - proximity attacks (wifi, bluetooth, irda, mitm wifi connection, ...) - not-zero click remote attacks (e.g. start application XYZ and connect to my evil server)

The main focus in this talk will be on the primary entrypoints, however some of the secondary and tertiary entrypoints will be talked about aswell, in particular irda, since unlike bluetooth and wifi, very little security research has ever been done with irda, which on itself is weird, since after less than a day of poking around it became quite clear most irda stacks are pretty weak (as a hilarious irda sidenote which got me started to look at idra, one should read the following microsoft bulletin http://www.microsoft.com/technet/security/bulletin/ms01-046.mspx).

once's the interesting entrypoints for various smartphones are explored the talk will dive into some of the trust boundaries on different smartphones, things their sandboxes allow, things they don't, wether or not it's documented and wether or not the documentation is actually accurate.

in the spirit of keeping the best for last, some of the bugs discovered during the smartphone research will be discussed, both the details of them, as well as the pains the speaker had to go through to make exploits for them.


http://events.ccc.de/congress/2010/Fahrplan/events/4265.en.html

http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4265-en-hacking_smart_phones.mp4

Cognitive Psychology for Hackers

Bugs, exploits, and occasional patches

Experience firsthand some of the most interesting, surprising, and perspective-changing findings from cognitive and social neuropsychology. With perceptual illusions, priming, biases, heuristics, and unconscious influences, humans have tons of firmware "bugs". All have exploits; some even have patches.

Learn how to improve your own thinking, use others' bugs to your advantage, and gain new perspective on the unconscious and often illusory processes involved in your perceptions.

This interactive talk goes through as many interesting, surprising, perspective-changing findings from the cognitive sciences as I can fit in one hour while ensuring that as much as possible has a real, live demonstration that the audience participates in (rather than merely being told about).

It's not just a collection of 'stupid human tricks' (though I'll be using lots of those for examples); this is a coherent narrative about surprising ways in which humans are flawed, how these aren't just things that happen to "other people", and how one might go about improving the situation at least for oneself. Every point will be supported by good science, with references to papers for those who care to read up more about them.

Come to the meditation workshop afterwards to learn several more interesting and powerful techniques to proactively control your own mindstate.

Tags: #27c3 #cogsci @saizai (emails also appreciated)

See below for blinking disks illusion from Akiyoshi Kitaoka, inspired by Faubert and Herbert (1999). Stop staring at it if it makes you dizzy. No, it's not actually moving - if you point at / fixate on any part of it, that part will remain stable.


http://events.ccc.de/congress/2010/Fahrplan/events/4276.en.html

http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4276-en-cognitive_psychology_for_hackers.mp4

Diese Seite wurde zuletzt am 21. Oktober 2011 um 16:57 Uhr geändert. Diese Seite wurde bisher 2.641 mal abgerufen.