Monday, December 31, 2007

24c3 quick roundup

Originally posted on geekbazaar.
  • Lightning talks - consisting of 5 minute talks. The one that I liked best was regarding Mac OS X widgets. The idea is that since these widgets have access to the system() function and make use of Web 2.0 stuff most of the times, a simple injection (JSON injection / Cross site scripting) has further implications compared to normal web applications. This means that such flaws can easily give remote system access. The speaker (Thomas Roessler) then showed a gmail widget that was vulnerable to such attack. It would be interesting to find out if such vulnerabilities can also be present in the iPhone.
  • Just in Time compilers - breaking a VM. Interesting mostly because it shows what can be done with Just in time compilers and that includes not just Java but also other stuff like javascript and actionscript.
  • Modelling Infectious Diseases in Virtual Realities - a scientific talk which shows how a disease in a virtual reality, in this case it is WoW (world of warcraft) can be used to further understand modelling of infections and recovery. The speaker also gave ideas on how this knowledge can be used to efficiently contain an infection and also suggestions to Blizzard to reintroduce infections in WoW.
  • Toying with barcodes - just watched this one. Excellent stuff. The talk was very flowing and had a good sense of humor injected as well. The speaker (FX) showed how security is really underestimated in the technology that is probably most used to track physical objects - barcodes. He picked on postal services, automated dvd rental systems, newspapers showing 2d barcodes, and a few other examples.
  • "Building a hacker space" - some of the original ccc founders gave their ideas on what to do and what not to do if you want to start a hacker group. Stuff like providing the guests with ample caffeinated drinks .. fun and quite motivational I guess.
  • Making cool things with microcontrollers - where the speaker (Mitch) kept referring to his sexiest toy.. a mind bendin, hallucination inducing spectacles. Worth a watch.
  • Port scanning improved presents a very reasonable scenario where Phenoelit needed to build a faster port scanner which does nothing else but scan. Faster than nmap - in fact the talk was full of comparisons with nmap and showed how the authors of the tool went around congestion control.
  • DIY Survival by Bre of make magazine was totally hilarious. Gives a few excuses to add to the growing number of gadgets in the store room.
  • Crouching Powerpoint, Hidden Trojan: I didn't manage to get there from the start, but this talk details the findings of one researcher. Technically, nothing new came out of it really but it's always good to hear of unique accounts or experiences in the field of targeted attacks.
  • Not exactly a talk .. but the Phonoelit party was pretty kewl. Very geekfriendy ;-)

No comments: