Notes from the Chaos Communication Congress 2003
The Chaos Communication Congress is an annual hacking conference organised by the Chaos Communications Club. I made it somewhat of a habit of going there "between the years". This year it was somewhat more fun, as we had a small CISSP-FFM BoF meeting around it.

- Below are my notes from the event.
(Some facts, also spelling, might be wrong.)

You can find more details on the Congress website.
Most workshops have been documented on video. 41 congress videos of the event are online.

Security Nightmares 2003
- embedded systens?
- hacks at WLAN spots (e.g. trains, airports)
arp-spoofing at airport lounge (took place [fr])
- zombies on consoles (lots) [didn't happen, or did it?)
- sichere Kontoinformationen an BaFin (KWG §24c) seit 1.4.03
- silent bugfixes (i.e. a seemingly small bugfix also fixes other serious holes)
- MS monthly patch cycle (provides for 0day prepartaion and sysadmin vacation planning)
- network scanning tools for symbian (nmap,..) (->atstake etc, oli whitehouse)
- fake mails
- oss server distro/dev compromises
- gpg el gamal fuckup
- physical security (two australian gov servers stolen)
- OpenSSH and OpenSSL --> wide_open...
- DDOS as commercial service in 2003 (from eastern Europe)
- "Content"-Viren, harmful code in Media-Daten
- voting machines issues
- US implements blinkenlights with regions.. (black-outs)
- problems with car key systems and wireless cash restaurant systems, lpd and (car key systems work at 433 MHz)
- etherreal overflows, kismet overflows (via malicious SSID)

--> aiba.org (sp?)[building hacking, bus ...]

Security Nightmares - future
- problems with IP-connected end-user devices
- automatic pushing of business cards (palms and bluetooth) .. on cebit 04
- superwormzz, malicious payloads .. (2 mins to format 14,000 out of 16,000 in simulated network?)
(worms speaking ABAP? [participant question])
- OSS develop infrastructure
- SPAM
- ERP on the Internet
- UMTS
- distributed computing "issues"
- ARP Spoofer hunt on airports
- exploits via VoIP/Videotelefonie (codec sourcen not sufficiently auditted, many buffer overflows..)
[voice spoofing][covert surveillance, open mikes..][patching...]
- Telephone systems (PBX)
- IPv6 (bypass IPv4 packetfilters, no need for NAT?? ...]
- vuln in online games (multiplayers, real money, ebay)
- instant messaging "issues"
- biometry (identity spoofing)
- voting machine massacre US presidential elections 2004 ?
- RFID-scare overdrive
(anti-personnel mines aimed at US army boot RFID tags? effects of RFID on money bills for robbers?)
-


Big Brother Awards
- www.supervilainizer.ch

Toll-collect
- Kunstschnee aus der Dose

Cryptophone (http://www.cryptophone.de )
- 1,800 Euro a system, but free PC software
- encryption in GSM very much broken
- expects amateur GSM sniffing within 2-3 years
- cheap sniffing hardware from india, russia

RSA-1024 insecure
- because of FPGA chips more available, custom hardware cheaper, TWIRL
- TCG: must have RSA-2048 or better (TCG 1.2)
- SHA-1: too small output?

Windows Insecurity (Volker Birk) (his website and slides)
- shatter attacks (vs. personal firewalls)
- no security model between apps on IPC, DDE, ActiveX, COM, ...
- any process using window very vulnerable

Phenoelit (SAP exploit, Unicode wchar script)
- buffer overflow exploits in SAP A-Gate (4) and mySAP.com
- (SAP web software implementation flaws)
- venetian exploits, script
- ollydbg

bioweapons
- search for "dark winter"

JTAG
- access to flash, memory through testing interface (without running system)

Biometrics
- US VISIT program using JPEGs for finger print data? (no templates used?)


  ¶ permanent link