Termin:Chaotic-Congress-Cinema-28C3 Nr. 02Aus Attraktor Wiki
Chaotic Congress Cinema Nr. 2
Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-) Weitere Informationen unter Chaotic Congress Cinema. Data Mining the Israeli CensusInsights into a publicly available registry The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census. The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses. In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so. We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
Ooops I hacked my PBXWhy auditing proprietary protocols matters This talk is cautionary tale about developers forgetting to remove debug interfaces from finished products and the need of repetitive system reviews. A midrange PBX systems (non web) configuration interface is used as an example of what flaws you can actually find in commercial systems. The Idea behind this talk is to give you an idea what can happen when developers do not audit their code on regular basis. It is not meant to make anybody laugh at another ones stupidity but as a reminder what could happen to YOU if you're a developer. > As an example of what could possibly go wrong, a problem in the way the configuration interface is authenticating its administrators on a PBX is used. It is about dissecting a proprietary TCP IP based protocol used to configure telephones with system integration through the PBX and unexpectedly finding a flaw which not only allows to modify configuration of phones but also manipulate the PBX. The even bigger oversight was that all communication is possible without using any authentication. It is also a little bit about protocol design and some (false) assumptions still made when when preparing an impending product launch. But for the sake of honesty: No names and no brands will be given, the talk is based upon a true example but because of responsible disclosure procedures not all information will be released to the public. |