Presentations – IT-DEFENSE 2019
When I grow up – Karla Burnett
As security engineers, we like to think that the code we write is fairly secure. Even assuming that it is, what happens when that code is left on its own? What happens when it is changed by other engineers, and new features are added? How do we keep our code secure as it grows up?
This talk will discuss writing code at organizations compromised of a mix of security engineers and other programmers. We'll discuss mistakes made over several years at a large Bay Area startup, the lessons learned from them, and how you can design your code in ways that keep it safe into the future.
I know what you printed last summer: network printers as an element of uncertainty – Jens Müller
The paperless office has been predicted for decades. Still, a lot of companies and private households cannot do without a printer. Instead of having been abolished, however, printers have turned from simple machines into complex computer systems that are directly integrated into the corporate network and process sensitive information. This makes them an attractive target for attackers.
Different vulnerabilities in standard printer languages such as PostScript, which are supported by almost any laser printer, will be discussed during this presentation. They allow various attacks, from DoS and access to the file system or other users’ print jobs to the execution of random program code. An evaluation of 20 printers from different manufacturers has shown that all tested devices are prone to at least one attack.
Additionally, it is demonstrated how systems exceeding the classic printer can be attacked with similar techniques, for instance, cloud printing or document processing websites. The presentation is accompanied by live demonstrations.
Irrationalities of our Risk Perception – Fascination of Behavioral and Purpose Economy – Prof. Dr. Bernd Ankenbrand
When is risk a risk? And how do we perceive risks? In order to better understand risks and the way we perceive them, Prof. Dr. Bernd Ankenbrand is researching the value and risk yardsticks that consciously or unconsciously guide individuals and organizations in their decisions. Because whether something is considered “risky” rather depends on the applied yardstricks than on the matter itself. Irrationalities in our decisions sometimes make us take risky paths. Bernd Ankenbrand is renowned for his presentations providing fascinating insights into the often surprising phenomena of behavioral and purpose economy, also demonstrating applied solution paths.
Compromising Online Accounts by Cracking Voicemail Systems – Martin Vigo
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in some of the attack vectors. Can we leverage the last 30 years innovations to compromise voicemail systems? And what is the real impact today of pwning these?
In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the impact of gaining unauthorized access to voicemail systems and introduce a new tool that automates the process.
Tor: Internet privacy in the age of big surveillance – Roger Dingledine
Tor is a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 8000 volunteer relays carry traffic for millions of daily users, including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, people around the world whose Internet connections are censored, and even governments and law enforcement.
In this talk I'll take you on a tour of the Tor landscape, starting with a crash course on Tor, how it works, and what security it provides. I'll explain why Tor's open design and radical approach to transparency are critical to its success, and then compare the censorship circumvention arms race to the nation-state surveillance arms race. We'll end with a discussion of onion services, which are essentially an even stronger version of https, but which you might instead know from confusing phrases like "the dark web".
Securing Renewable Energy Control Systems – Jason Staggs
Electric utilities across the world are investing heavily in renewable energy generation. Renewable energy promises to provide clean and sustainable energy for the foreseeable future. However, such renewable energy systems are being insecurely designed and integrated without fully understanding the cybersecurity ramifications to the OT environment. This talk will discuss the cybersecurity issues pertaining to the control systems of emerging renewable energy sources.