Presentations – IT-DEFENSE 2010

Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using

Optical Sampling Of Mechanical Energy And Power Line Leakage - Andrea Barisani & Daniele Bianco

TEMPEST attacks, exploiting Electro Magnetic emissions in order to gather data, are often mentioned by the security community, movies and wanna-be spies (or NSA employees we guess...).
While some expensive attacks, especially the ones against CRT/LCD monitors, have been fully researched and described, some others remain relatively unknown and haven't been fully (publicly) researched.
Following the overwhelming success of the SatNav Traffic Channel hijacking talk we continue with the tradition of presenting cool and cheap hardware hacking projects.
We will explore two unconventional approaches for remotely sniffing keystrokes on laptops and desktop computers using mechanical energy emissions and power line leakage. The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required.
We will show in detail the two attacks and all the necessary instructions for setting up the equipment. As usual cool gear and videos are going to be featured in order to maximize the presentation.

Managing a worst case communication scenario - crisis prevention and crisis communication in dealing with data scandals and IT security problems - Frank Roselieb

The déjà vu of the data scandal at Lidl, the controversy over data retention or hacker attacks on online shops. There is a wide range of possible data scandals and IT security problems and the image of an organization could easily be damaged. How can companies and authorities prepare for a possible crisis in the IT sector? What steps should be taken for effective communication in a crisis? What standards are there for good crisis communication and prevention if IT security problems arise? Frank Roselieb answers these and other questions.


  • Lessons learnt? Case examples and special issues of crisis communication in dealing with data scandals and IT security problems
  • Prepared for an emergency: addressing IT security issues for crisis prevention
  • Identify weak signals: early crisis detection by systematic crisis and issue management
  • Avoid worst case communication scenario: crisis management and media relations in data scandals
  • Use opportunities: strategies for confidence-building crisis follow-up to IT security problems

McColo & Atrivo - the dark side of the Internet - Volker Kozok 

From bulletproof hosting through botnet services to Russian business networks - IT service for criminals
Phishing, SPAM, botnet, child pornography, malware, money laundering - cyber criminals need a well-functioning IT infrastructure which is offered by so-called bulletproof hosting. The threats and risks associated with these services can affect companies, authorities and private IT users. The illegal providers use the expertise of hackers, combining it with high-performance IT systems and an efficient organization.
It is very difficult for IT security systems to distinguish between attacks or actions of organized crime and government organized attacks, industrial spying, intelligence actions or traditional hacker attacks. The available means and purchased IT competence help create a market that commercializes and criminalizes traditional hackers.
The speech describes the various fields of crime and its consequences, indicates how "fulfillment" of demand works and shows how difficult it is to identify and evaluate such actions from an IT security perspective. Appropriate government response through criminal prosecution or possible back-hacking is legally and technically extremely difficult.

Tuplamakupirtelöt - from Finnish milkshakes to data security law - Prof. Dr. Thomas Hoeren

Those dealing with data security may be in for some trouble. New legislation has increased the liability of security officers and board members for data security.
The German data-protection law has recently been changed to require disclosure of security breaches. The responsibility for data loss has also been extended by the German Supreme Court. The speech analyzes the recent changes in legislation and presents possibilities for prevention.

Some Tricks For Defeating SSL In Practice - Moxie Marlinspike 

This talk will cover some past and present vulnerabilities in SSL/TLS implementations as well as some problems with the way that SSL/TLS is deployed on the web.  It will also demonstrate some tools that can be used to exploit these vulnerabilities, which ultimately prove deadly in practice.

How to own the world - one browser at a time - Saumil Shah 

It is 2010 and the underground cyber economy is flourishing. Spam has become a lucrative business, writing exploits fetches real money, financial fraud is on the rise and the worms are loose. It is interesting to know how all the pieces fit together. We've known about classic web hacking, exploiting binaries, shellcode, abusing protocols and tricking users. This talk explores what forms the attack patterns of tomorrow. How do individual SQL Injection, Browser exploits, PDF bugs, XSS, etc fit together? What have we learned from the past, and what are the core design issues in HTTP, HTML, Browsers and application programming that make mass ownership possible? In our quest for mashups and Web 2.0, have we compromised on fundamental security principles?
Last year, I talked about some of the core problems that plagued browsers. This year, the talk goes beyond just browsers and looks at examples of mass ownage, new infection vectors, advanced client-side exploitation, malicious payloads, browser infection with toolbars and more.

"No-Tech Hacking" - Johnny Long 

Based on the book No-Tech Hacking, this presentation shows life through the eyes of today's hacker. I'll show what kinds of tactics a hacker will employ and the perspective they have that allows them to stay one step ahead of the good guys. I'll focus on the hacker mind, showing in a compelling way the mindset that must be adopted when it comes to protecting (or violating) assets, resources and and information. 

I will show how easy it is to break into buildings, access corporate networks, perform identity theft, steal data and more, all without complicated equipment and tools, focusing instead on manipulating the human elements of trust following the path of least security resistance. 

Packed with tons of photos and videos, this talk presents real-world situations, applying the true hacker mindset to each one. I'll warn you though, while you're laughing yourself silly at some of these examples, you may never see the world the same way again.

Effective Network Security in a Dynamic World - Martin Roesch

Today's threats-and networks-are dynamic. Unfortunately, most security offered to date has been static-leaving you blind to the network. Your network security solution may be new, but chances are it is based on outdated assumptions. How can you truly protect your network if you can't see what is running on it, don't know what to protect, and can't identify the threats facing you?

During this session, Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort® will clearly show why today's network security isn't doing an adequate job.  He will point out why network security must be intelligent to be effective-providing full network visibility, relevant context, and automated impact assessment and IPS tuning. Mr. Roesch will also show why network security must adapt to dynamic networks and threats in real time. Finally, he will share some of his vision on where network security is heading in the future.

Cracking GSM EncryptionKarsten Nohl

GSM is the world's most successful wireless technology. However, its security level has long been inadequate for protecting sensitive information. GSM's A5/1 encryption dates back to cold war days when strong cryptography was banned from civilian use. Even though commercial GSM decryption tools that exploit the weak crypto are readily available, GSM is still considered secure enough by many. The talk introduces an open distributed computing project that will change this fact.

The right way to secure OraclePete Finnigan

So often people try and secure Oracle databases by following checklists and applying all the settings recommended to their databases. But often this will not secure the data that matters; It could be possible to spend man-years of labour applying a checklist BUT the key data is still not secure. Checklists do not directly mention your critical data or tables. Pete shows how to target your efforts.

System Management Mode Design and Security Issues  -  Loïc Duflot

In this presentation, we try to explain why security should be taken into account during the early steps of the design of any hardware or software function. We take the example of System Management Mode (SMM, one of the most privileged mode of operation of x86 CPUs) and show that, as security was not taken into account in the first place, preventing an attacker from running code in system management mode is about impossible. We show that although access control mechanisms to SMM code have been designed on modern platforms, there are many completely different ways for an attacker to run code in SMM. This presentation will mostly build on the 2009 Cansecwest "Getting into the SMRAM: SMM reloaded" presentation and take a step back to look at all the different ways that an attacker might use to get to run code in SMM.

Hacking Biometric Systems - Jan Krissler aka Starbug

Biometry is used in more and more areas of our daily lives, for example, in entry and access control, payment processes in supermarkets or border control. Many systems, however, do not live up to the manufacturers' promises. Nevertheless, they are used in many security-sensitive environments. We will review the current systems and identify their strengths and weaknesses in specific operational scenarios, particularly focusing on protection against spoofing.

Vulnerabilities, Exploits, and Mitigations: Effective Defensive Tools for a Dangerous World - Bruce Dang

The Internet is a dangerous place. Attackers are exploiting vulnerabilities in Acrobat, Flash, Internet Explorer, Office and many other popular apps for financial or information gains. In this talk, we discuss the patterns of vulnerabilities/exploits and introduce two effective tools (they are also free) to detect and mitigate both known and unknown user-mode exploits. These tools can be useful to security professionals or corporate/home users.