These noted security experts will discuss current IT security issues and provide an insight into strategy and security concepts during two conference days.

RFIDIOts!!! - Hacking RFID without a soldering iron (or a patent attorney) – Adam Laurie
RFID is being embedded in everything... From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...
This talk will look at the underlying technology, what it's being used for, how it works and why it's sometimes a BadIdea(tm) to rely on it for secure applications, and, more worryingly, how this off-the-shelf technology can be used against itself... Software and Hardware tools and techniques will be discussed and demonstrated, and a range of exploits examined in detail.

Hacking Vehicle Telematics: Satellite Navigation Hacking and Other Attacks Against your Car – Andrea Barisani & Daniele Bianco
The 2007 presentation "Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation." [1] met worldwide success showing the potential for abuse of inadequately secured in-car telematics systems.
A new version of the presentation will follow-up the Satellite Navigation Traffic Message Channel hacking research with more in-depth coverage and new techniques, ideas and concerns for current and future in-car Navigation and Telematics Systems.

The Spying Game? – Annie Machon
I would like to give a presentation about the role of intelligence agencies in the current era of the unending “war on terror”, how they monitor us, and the implications for our democracies.
In the name of protecting national security, spy agencies are being given sweeping new powers and resources. Their intelligence has been politicised to build a case for the disastrous war in Iraq, they are failing to stop terrorist attacks, and they continue to collude in illegal acts of internment and torture, euphemistically called “extraordinary rendition”. Most western democracies have already given so many new powers to the spies that we are effectively living in police states. As an informed community, what can we do about this?
1. What it was like to be recruited and work for MI5?
2. The crimes of MI5 and MI6. These include:
  • MI5 files held on government ministers,
  • IRA bombs that could and should have been prevented
  • Illegal MI5 phone taps
  • Lying to go government
  • The 1994 bombing of the Israeli embassy in London by Mossad, and the subsequent wrongful imprisonment of two innocent people
  •The illegal MI6 assassination attempt against Colonel Gaddafi of Libya
3. How to go “on the run”, what it’s like to cross the secret state, and how to survive
4. The lack of accountability and oversight. The spies literally get away with murder
5. The current situation. Despite glaring intelligences failures, both in the run-up to the Iraq war and in a number of recent terrorist attacks on the UK, our government still continues to grant more resources and powers to the spies. Why?
6. The implications of these new laws for our democracy
7. On a lighter and more hopeful note – examples of the spies’ technological ineptitude
8. The failure of the mainstream media to effectively hold the spies to account

What can we do? We have a (probably limited) window of opportunity to halt this slide towards totalitarianism. It’s time for our fight back.
"All that is necessary for the triumph of evil is for good men to do nothing.” Edmund Burke, MP

Exploiting Embedded Systems - The Sequel! – Barnaby Jack
This presentation will give a walk through of an attack on an embedded device. From retrieving and reverse engineering firmware, through to hardware assisted debugging, and finally - reliable remote exploitation. The techniques that are described are applicable to all popular embedded architectures. Additionally, I will discuss some exploitation methods that are specific to ARM based processors. Live demonstrations will be given throughout the talk.

How I Learned to Stop Fuzzing and Find More Bugs – Brian Chess Ph.D.
Fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, excersising and re-excersising trivial paths through the program, or just plain missing bugs (as Microsoft did with the .ANI cursor vulnerability). Fuzzing effectively takes a lot of customization and a lot of time.
Proponents of fuzzing often avoid static analysis, citing irrelevant results and false positives as key pain points. But is there a more effective way to channel the energy required for good fuzzing in order to find more bugs faster? This presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible.
We will compare static and dynamic approaches to testing and look at:
- The fundamental problems involved in fuzzing
- Why static analysis is harder for humans to think about than fuzzing
- Interfaces for customizing static analysis tools
- The kinds of bugs static analysis is good at finding
- Why static analysis is both faster and more thorough then fuzzing
- Where static analysis tools break down

Black Box Analysis and Attacks of Nortel VoIP Implementations Reloade – Richard Gowman & Eldon Sprickerhoff
The presenters performed black-box analysis of against Nortel Call Management VoIP implementations. Nortel VoIP infrastructure is widely implemented worldwide, but very little attention appears to be paid to its security issues, probably due to the fact that a proprietary protocol (UNIStim) is used. The presenters will discuss the methods used to reverse engineer the protocol, specific attacks they developed, and how successful they were.
In this updated talk, details that we were not able to make previously (due to responsible disclosure - Nortel has since released patch MPLR 23899) will be revealed.
Updated (currently unavailable) code (UNISTimpy NG) will be released.

Companies at risk! If security managers are unaware of any shortcomings in their processes – Stephan Schlentrich
When there is talk of attacks on companies today, no other explanation is needed: IT is the target, the path, the tool - in most cases! There is a very high level of criminal energy, the technology is malicious, the know-how of the "enemy" tricky - and damage in the billions. IT is the key. Those who can prevent danger are successful.
But the more companies take precautions against attacks around the world and close all the doors and windows, the higher the risk that other dangers are ignored or are not recognized at all. What kind of threat is this, what strategy should be used by innovative and medium-sized or large companies to prevent danger? How can companies be made really secure? Or is this goal only an illusion?

Regular Exceptions – Tavis Ormandy & Will Drewry
Programming and design errors in string manipulation facilities have plagued software over the years. Despite this, modern string manipulation mechanisms receive very little attention from the security community even with their ubiquity in hostile environments. We investigate these overlooked mechanisms, detailing the flaws and limitations exhibited across programming languages and platforms in widely deployed software. In addition, we discuss mitigation techniques applicable to the development and deployment of these facilities.

Core Wars – Tobias Klein
This lecture deals with vulnerabilities in advanced operating system kernels. Using some concrete examples, the following problems are treated: Why are kernel vulnerabilities always fatal? How can kernel vulnerabilities be found? How can kernel vulnerabilities be exploited? A kernel vulnerability has been detected, now what? Contact the manufacturer, sales, ...? What protective measures are available?