lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <A3E7D041-CDB1-4244-9AD5-F606D131F30F@Gmail.com>
Date: Thu, 4 Feb 2010 01:26:11 +0700
From: Philippe Langlois <philippe.langlois@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Hackito Ergo Sum 2010 – Call For Paper – HES2010 CFP

Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
http://hackitoergosum.org

Hackito Ergo Sum conference will be held from April 8th to 10th 2010  
in Paris, France.
It is part of the series of conference "Hacker Space Fest" taking  
place since 2008 in France and all over Europe.

HES2010 will focus on hardcore computer security, insecurity,  
vulnerability analysis, reverse engineering, research and hacking.

INTRO
The goal of this conference is to promote security research, broaden  
public awareness and create an open forum so that communication  
between the researcher, the security industry, the experts and the  
public can happen.

A recent decision of justice in France has convicted a security  
researcher for disclosing vulnerabilities and exploits. These laws  
(similar to the one in Germany), descending from USA's DMCA law, are  
orienting freedom of research and knowledge into a situation where  
"illegal knowledge" can happen, restricted to the only ones blessed  
by governmental silent approval and military. Scientific research and  
public information cannot be made into another monopoly of state,  
where "some" can study and publish and "some others" cannot.
Such approach just show how misinformed some politics are and how  
little understanding they get of the struggle they are acting in.

Not understanding that the best way to improve security is to attack  
it shows the lack of maturity of some stakeholder by being cut out of  
independent information sources.
This is where our ethics and responsibility is to say "No, we have a  
right for free information and true independence in research", and  
this responsibility is the one of anybody, not just the  
responsibility of academically blessed scientists.

This conference will try to take in account all voices in order to  
reach a balanced position regarding research and security, inviting  
businesses, governmental actors, researchers, professionals and  
general public to share concerns, approaches and interests during.
During three days, research conferences, solutions presentations,  
panels and debates will aim at finding synthetic and balanced  
solutions to the current situation.


CONTENT

 > Research Track:
We are expecting submissions in english or french, english preferred.
The format will be 45 mn presentation + 10mn Q&A.

For the research track, preference will be given for offensive,  
innovative and highly technical proposals covering (but not  
restricted to) the topics below:

Attacking Software
* Vulnerability discovery (and automating it!)
* Non-x86 exploitation
* Fuzzing with SMT and its limits
* New classes of software vulnerabilities and new methods to detect  
software bugs (source or binary based)
* Reverse Engineering tools and techniques
* Static analysis (source or binary, Lattices to blind analysis, new  
languages and targets strongly encouraged)
* Unpacking
* Current exploitation on Gnu/Linux WITH GRsecurity / SElinux /  
OpenWall / SSP and other current protection methods
* Kernel land exploits (new architectures or remote only)
* New advances in Attack frameworks and automation

Attacking Infrastructures
* Exotic Network Attacks
* Telecom (from VoIP to SS7 to GSM & 3G RF hacks)
* Financial and Banking institutions
* SCADA and the industrial world, applied.
* Governmental firewall and their limits (Australia, French's HADOPI,  
China, Iran, Danemark, Germany, ...)
* Satellites, Military, Intelligence data collection backbones ("I  
hacked Echelon and I would like to share")
* Non-IP (SNA, ISO, make us dream...)
* Red-light and other public utilities control networks
* M2M

Attacking Hardware
* Hardware reverse engineering (and exploitation + backdooring)
* Femto-cell hacking (3G, LTE, ...)
* Microchip grinding, opening, imaging and reverse engineering
* BIOS and otherwise low-level exploitation vectors
* Real-world SMM usage! We know it's vulnerable, now let's do something
* WiFi drivers and System on Chip (SoC) overflow, exploitation and  
backdooring.
* Gnu Radio hacking applied to new domains
* Toll-booth and fast-lane payment systems

Attacking Crypto
* Practical crypto attacks from the hackers perspective (RCE,  
bruteforce, ...)
* SAT-solver applied to cryptanalysis
* Algorithm strength modeling and evaluation metrics
* Hashing functions pre-image attacks
* Crypto where you wouldn't think there is

We highly encourage any other presentation topic that we may not even  
imagine.

Required informations:
* Presenter's name
* Bio
* Presentation Title
* Description
* Demo?
* Needs: Internet? Others?
* Company (name) or Independent?
* Address
* Phone
* Email

Send your submission to:
hes2010-cfp __AT__ lists.hackitoergosum.org


 > Business & Society Track:
Format:
20 minutes slots to present a tool, an innovative product, a solution  
(commercial, open source, free); a customer experience or open  
research domain; a society issue or a subject of public interest.

Demos are mandatory for tool, product or solutions presentations.
Pure-marketing presentation will be moderated (i.e. interrupted).
Follow-up with private group can be arranged for in-depth demo or  
analysis.

Submission needs to be sent to:
hes2010-cfp __AT__ lists.hackitoergosum.org

 > Other interests
If you want to organize a Capture The Flag, Reverse Engineering  
contest, Lockpicking contest or any other activity during the  
conference, you are most welcome. Please contact us at: hes2010- 
orga@...ts.hackitoergosum.org

DATES
2010-01-18    Call for Paper
2010-03-01    Submission Deadline
2010-04-08    Start of conference
2010-04-10    End of conference

PROGRAMMING COMMITTEE
The submissions will be reviewed by the following programming committee:
* Sebastien Bourdeauducq (Milkymist, /tmp/lab, BEC)
* Rodrigo Branco "BSDaemon" (Coseinc)
* Jonathan Brossard (P1 Code Security, DNSlab)
* Emmanuel Gadaix (TSTF)
* Laurent Gaffié (Stratsec)
* Thomas Garnier (Microsoft)
* The Grugq (PSP)
* Dhillon Kannabhiran (HITB)
* Kostya Kortchinsky (Immunity)
* Itzik Kotler (Radware)
* Philippe Langlois (P1 Telecom Security, PSP, TSTF, /tmp/lab)
* Moxie Marlinspike (Institute for Disruptive Studies)
* Karsten Nohl (deGate, Reflextor)
* Nicolas Thill (OpenWRT, /tmp/lab)
* Julien Tinnes (Google)
* Nicolas Ruff (EADS, Security Labs)
* Carlos Sarraute (CORE Security Technologies)
* Matthieu Suiche (Sandman, win32dd)
* Fyodor Yarochkin (TSTF, o0o.nu)

FEES
Business-ticket                                                 120 EUR
Public entrance                                                  80 EUR
Reduction for Students below 26                                  40 EUR
Reduction for CVE publisher or exploit publisher in 2009/2010    40 EUR

Entrance fees and sponsors fees will be used to fund international  
speakers travel costs.

VOLUNTEERS
Volunteers who sign up before 2010-03-01 get free access and will  
need to be present onsite two days before (2010-04-06) if no further  
arrangement is made with the organization.

SPONSORS
Sponsors are welcome to contact us to receive the Partnership Kit at:
  hes2010-orga __AT__ lists.hackitoergosum.org

LOCATION
Paris, France.

CONTACT
hes2010-orga __AT__ lists.hackitoergosum.org

Hackito Ergo Sum 2010 conference - http://hackitoergosum.org

Hacker Space Festival - http://www.hackerspace.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ