Termin:Chaotic Congress Cinema Nr. 35: Unterschied zwischen den VersionenAus Attraktor Wiki
Aktuelle Version vom 21. Oktober 2011, 16:57 Uhr
Chaotic Congress Cinema Nr. 35
Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-) Weitere Informationen unter Chaotic Congress Cinema. hacking smart phonesexpanding the attack surface and then some There's been a fair bit written and presented about smartphone's, and yet, when it comes to the attack surface of the operating systems running on them, and the applications running on top of those, much still has to be explorer. This talk will dive a bit deeper into that attack surface. This talk will take a look at the smart phone attack surface, only from and end-to-end point of view. the baseband type stuff and things owned by the telco's will not be covered. Basically, it'll cover 5 major areas:
primary entypoints: - zero-click remote attacks over default communication network (sms, mms, ...) secondary entrypoints: - zero- click remote attacks over non-default communication network (email, ...) tertiary entrypoints: - proximity attacks (wifi, bluetooth, irda, mitm wifi connection, ...) - not-zero click remote attacks (e.g. start application XYZ and connect to my evil server) The main focus in this talk will be on the primary entrypoints, however some of the secondary and tertiary entrypoints will be talked about aswell, in particular irda, since unlike bluetooth and wifi, very little security research has ever been done with irda, which on itself is weird, since after less than a day of poking around it became quite clear most irda stacks are pretty weak (as a hilarious irda sidenote which got me started to look at idra, one should read the following microsoft bulletin http://www.microsoft.com/technet/security/bulletin/ms01-046.mspx). once's the interesting entrypoints for various smartphones are explored the talk will dive into some of the trust boundaries on different smartphones, things their sandboxes allow, things they don't, wether or not it's documented and wether or not the documentation is actually accurate. in the spirit of keeping the best for last, some of the bugs discovered during the smartphone research will be discussed, both the details of them, as well as the pains the speaker had to go through to make exploits for them.
http://events.ccc.de/congress/2010/Fahrplan/events/4265.en.html http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4265-en-hacking_smart_phones.mp4 Cognitive Psychology for HackersBugs, exploits, and occasional patches Experience firsthand some of the most interesting, surprising, and perspective-changing findings from cognitive and social neuropsychology. With perceptual illusions, priming, biases, heuristics, and unconscious influences, humans have tons of firmware "bugs". All have exploits; some even have patches. Learn how to improve your own thinking, use others' bugs to your advantage, and gain new perspective on the unconscious and often illusory processes involved in your perceptions. This interactive talk goes through as many interesting, surprising, perspective-changing findings from the cognitive sciences as I can fit in one hour while ensuring that as much as possible has a real, live demonstration that the audience participates in (rather than merely being told about). It's not just a collection of 'stupid human tricks' (though I'll be using lots of those for examples); this is a coherent narrative about surprising ways in which humans are flawed, how these aren't just things that happen to "other people", and how one might go about improving the situation at least for oneself. Every point will be supported by good science, with references to papers for those who care to read up more about them. Come to the meditation workshop afterwards to learn several more interesting and powerful techniques to proactively control your own mindstate. Tags: #27c3 #cogsci @saizai (emails also appreciated) See below for blinking disks illusion from Akiyoshi Kitaoka, inspired by Faubert and Herbert (1999). Stop staring at it if it makes you dizzy. No, it's not actually moving - if you point at / fixate on any part of it, that part will remain stable.
http://events.ccc.de/congress/2010/Fahrplan/events/4276.en.html http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4276-en-cognitive_psychology_for_hackers.mp4 |