Termin:Chaotic-Congress-Cinema Nr. 25Aus Attraktor Wiki
Chaotic Congress Cinema Nr. 25
Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-) Weitere Informationen unter Chaotic Congress Cinema.
SIP home gateways under fireSource routing attacks applied to SIP The SIP home gateway -- which combines a NAT router, a SIP proxy, and analogue phone adapters -- is the weakest link in a Voice over IP network. SIP's numerous source routing mechanisms share the well-known security weaknesses of IP source routing. The talk discusses possible exploits and countermeasures. Telephony is steadily moving to Voice over IP, opening up a world of hacking opportunities. While many security issues have long been addressed in standardization, real-world VoIP suffers from incomplete and sometimes broken implementations. SIP home gateways -- which combine a NAT router, a SIP proxy, and a phone adapter are especially at risk. The predominant VoIP protocol SIP (Session Initiation Protocol) has been designed as an -- almost -- stateless protocol. The network elements responsible for call routing only keep very little and short- lived state. This makes SIP highly scalable and substantially simplifies fail-over. To achieve this, SIP uses source routing mechanisms extensively. Due to its security weaknesses, the network layer protocols have long abandoned the idea of source routing, despite its theoretical appeal. Some IP source routing attacks and countermeasures can be applied to SIP. The talk will discuss
identity + how to trick a home gateway into sending UDP packets to an arbitrary host and port in a victim's LAN. + how to make a victim's home gateway call an arbitrary number (with some effort) + how to get material for your off-line password guessing attack + what SIP providers do about those issues + how SIP passed the IETF's security reviews + how home gateway vendors should improve their products to avoid all this mess.
http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4181-en-sip_home_gateways_under_fire.mp4
Safety on the Open SeaSafe navigation with the aid of an open sea chart. In maritime shipping accurate positioning is vital to preserve damage to life, ship, and goods. Today, we might tend to think that this problem is sufficiently solved yet because of the existence of electronic positioning systems like, most notably, the Global Positioning System (GPS) or the Russian counterpart GLONASS. This is wrong. Positions in terms of latitude and longitude just make sense together with an accurate sea chart (and of course, together with a navigator that is able to translate charting data into reality). Sea charts are available of national geospatial agencies and business companies as hard-copy or as digital maps and dependent on costs one might spend they are more or less accurate. In today's open world the idea of making an open sea chart is obvious. Several projects now started to apply the rules used for the OpenStreetMap, "...a free editable map of the whole world." (http://www.openstreetmap.org/), to create a free editable sea chart of the whole world and it turns out to be much more difficult because of potential serious consequences in case of charting errors. A sea chart contains a lot of vital information to a navigator. It has to be accurate, up to date, and confidential. Since we (the open sea chart community) cannot just chart every navigational important item on the world we are dependent on information that was already charted before or on third-party information. The latter could be for example measurements or GPS tracks of people that are somehow involved into maritime shipping but not necessarily into details of marine mapping. Thus, data accuracy may be questionable but still valuable. The fact that unauthenticated people are editing data in an open database is a big challenge for an open community since safety and security of life heavily depends on it. This talk covers the basic principles of sea charts and marine mapping. It emphasizes the problems of an open sea chart in general and its distinction to an open street map since requirements to ensure safety at sea are very different. Data preparation and import of other sources are discussed in detail, mainly focused on lights and depths. The lecture will connect real world shortcomings to a pedantic definite IT world for an IT-oriented audience and approaches IT security from a different angle.
http://events.ccc.de/congress/2010/Fahrplan/events/4183.en.html http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4183-en-safety_on_open_sea.mp4 |