lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 08 Apr 2009 19:29:09 +0100
From: Major Malfunction <majormal@...ate-radio.org>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, 
	dc4420 <dc4420@...420.org>
Subject: Pre-announcement! New venue for DC4420 - Thursday
	30th April

hey all!

so this month we've decided to go crazy and make DC4420 coincide with 
Infosec London to give all you out-of-towners a chance to come and meet 
up, so get this in your diary if you're heading in for Infosec...

we're getting to the point where we've outgrown our current home anyway, 
so we've moved location to just down the road at the Sound Club in 
Leicester Sq., which has much greater capacity, so we are confident 
we'll be able to host the swelled ranks this month, and we've even 
managed to negotiate pub pricing on the bar although it's in a west-end 
club, so don't panic!!!

oh, and we've got a dedicated chef and kitchen for the entire duration, 
serving everything from bar snacks to a full-on a-la-carte menu, so 
bring appetites as well!

doors open at 18:00 and talks start at 19:30 sharp as some people need 
to get home, but we've got the location through till Midnight for 
further socialising, and an optional late license to 03:00 if enough 
people want to stay for further liver damage... shweeet! =:O

time / date:

   18:00 for 19:30
   Thursday 30th April

location:

   Sound Club
   1 Leicester Square,
   London,
   WC2H 7NA

http://maps.google.com/maps?f=q&source=s_q&hl=en&q=1+Leicester+Square,+Westminster,+London+WC2H,+United+Kingdom&sll=21.826091,75.608125&sspn=0.013824,0.027874&ie=UTF8&cd=1&geocode=FTT-EQMdeAH-_w&split=0&z=16&iwloc=A

this is the NW corner of the square... if you stand facing the Empire 
Cinema/Casino, it's two doors to the left...

tube:

   Leicester Square on the Piccadilly and Northern Lines.
   Piccadilly Circus on the Piccadilly and Bakerloo Lines.

bus:

http://www.tfl.gov.uk/tfl/gettingaround/maps/buses/pdf/leicestersquare-10899.pdf

and, finally, we've lined up some awesome talks this month...

***  Andrea Barisani & Daniele Bianco:

      Sniffing Keystrokes With Lasers/Voltmeters - Side Channel Attacks 
Using Optical Sampling Of Mechanical Energy And Power Line Leakage


TEMPEST attacks, exploiting Electro Magnetic emissions in order to
gather data, are often mentioned by the security community, movies and 
wanna-be spies (or NSA employees we guess...).

While some expensive attacks, especially the ones against CRT/LCD 
monitors, have been fully researched and described, some others remain 
relatively unknown and haven't been fully (publicly) researched.

Following the overwhelming success of the SatNav Traffic Channel
hijacking talk we continue with the tradition of presenting cool and 
cheap hardware hacking projects.

We will explore two unconventional approaches for remotely sniffing
keystrokes on laptops and desktop computers using mechanical energy 
emissions and power line leakage. The only thing you need for successful 
attacks are either the electrical grid or a distant line of sight, no 
expensive piece of equipment is required.

We will show in detail the two attacks and all the necessary
instructions for setting up the equipment. As usual cool gear and videos 
are going to be featured in order to maximize the presentation.

***  Ari Takanen - Codenomicon:

      Fuzzing - The Fun of Destructive Software Testing

This presentation will give some dirty details of fuzzing, and how to
integrate fuzzing into product security processes. Fuzzing is relatively
new penetration testing technique for finding critical security problems
in any type of communication software. Fuzzing feeds a program, device
or system with malformed and unexpected input data in order to find
critical crash-level defects. The next generation fuzzing methodologies
are based on model-based testing where tests are both generated and
executed automatically. You just point and click, and havoc is brought
to the test target.

Modern day fuzzing is highly effective! In our tests, we have seen very
few products that do not fail under fuzzing. And there are no false
positives in fuzzing, each issue found is always security critical.
Fuzzing is a black-box testing technique that does not require any
access to the source code of the system under test. The tests can be
conducted against any system, whether it is internally built or
developed by third parties. It can also be used in any phase of the
software life-cycle, from development into acceptance testing.

In this presentation, we will analyze latest fuzzing techniques and
several different use cases for fuzzing, including latest advances in
XML security tests. We will look at both free and commercial fuzzing
tools and frameworks. The presentation is based on Ari's book on
fuzzing, published by Artech House in 2008.


***  Room for one more! If you've got a proposal for a talk, get it to 
me or alien asap...

more details/announcements at http://dc4420.org

... and don't forget... if this is your first night at dc4420... you 
*have to* talk... :)

cheers,
MM
-- 
"In DEFCON, we have no names..." errr... well, we do... but silly ones...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ