Marie Moe: Unpatchable – Living with a Vulnerable Implanted Device

My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart’s attack surface.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can’t easily be patched without performing surgery on patients, my personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

Marie Moe (@MarieGMoe):
Marie Moe is passionate about incident handling and information sharing, she cares about public safety and securing systems that may impact human lives, this is why she has joined the grassroots organisation “I Am The Cavalry”. Marie is a research scientist at SINTEF ICT, and has a Ph. D. in information security. She has experience as a team leader at NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College in Norway. Marie loves to break crypto protocols, but gets angry when its in her own body.

Annonser

Martin Johns: Your Scripts in My Page – What Could Possibly Go Wrong?

When it comes to web security, there is the one policy to rule them all: The Same-origin Policy. Thanks to this policy, sites hosted on disjunct origins are nice and cleanly separated, thus preventing the leakage of sensitive information into the hands of unauthorized parties. Unfortunately, HTML predates the Same-origin Policy and, thus, was not designed with the origin-based security model in mind. In consequence, HTML tags can freely reference cross-domain locations and include cross-domain content in their hosting web pages.

In this talk, we will present an attack, resulting from this circumstance, that has been widely overlooked in the past but affects a surprisingly high number of Web sites: Information leakage via cross-domain script inclusion.

Modern web sites frequently generate JavaScript on-the-fly via server-side scripting, incorporating personalized user data in the process. Thanks to HTML’s general ignorance of the Same-origin Policy, an attacker is able to include such dynamic scripts into web pages under his control using script-tags pointing to the vulnerable site. This, in turn, allows him to learn many of the secrets contained in these scripts, through the scripts interaction with the page it is included in. In our experiments, we were able to obtain personal information such as name & address of the logged-in user, leak CSRF tokens, read the users emails, and occasionally fully compromise the user’s account. All possible by simply including a script-URL into one of our web pages.

To systematically investigate the issue, we conducted a study on its prevalence in a set of 150 top-ranked domains, in which we observed that a third of the examined sites utilize dynamic JavaScript. Using our attack techniques, we able to leak sensitive data from more than 80% of these sites via remote script inclusion. In the talk we will present the study in general, and the most interesting cases in detail, showing the wide range of possible attack variations along with a bag of tricks how the including page can be prepared to efficiently leak a script’s secrets. Furthermore, we present an efficient detection mechanism, in the form of a browser extension, as well as defensive measure, which enable robust protection.

Martin Johns (@datenkeller)
Dr. Martin Johns is a research expert in the Security and Trust group within SAP SE, where he leads the Web application security team. Before joining SAP, Martin studied Mathematics and Computer Science at the Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990s and the early years of the new millennium he earned his living as a software engineer in German companies. He is board member of the German OWASP chapter, holds a Diploma in Computer Science from University of Hamburg and a Doctorate from the University of Passau. Martin is a regular speaker at international security conferences, incl. Black Hat, the OWASP AppSec series, ACSAC, ESORICS, PacSec, HackInTheBox, RSA Europe, or the CCC Congress.

Michele Orrù (@antisnatchor) – Dark FairyTales from a Phisherman Vol III

Phishing and client-side exploitation DevOps for all your needs. Combine BeEF, PhishingFrenzy and your fishy business to automate most of the usual phishing workflow while minimizing human interaction. Multiple real-life phishing engagements will be discussed, together with the shiny new BeEF Autorun Rule Engine.

Michele Orrù a.k.a. antisnatchor is the lead core developer and smart-minds-recruiter for the BeEF project. Michele is also the co-author of the ”Browser Hacker’s Handbook.” He has a deep knowledge of programming in multiple languages and paradigms, and is excited to apply this knowledge while reading and hacking code written by others. Michele loves lateral thinking, black metal, and the communist utopia (there is still hope!). He also enjoys speaking and drinking at a multitude of hacking conferences, including CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra AllStars, OWASP AppSec USA, 44Con, EUSecWest, Ruxcon, InsomniHack, PXE, BlackHat and more we just cant disclose. Besides having a grim passion for hacking and programming, he enjoys leaving his Mac alone, while fishing on saltwater and praying for Kubricks resurrection.

 

Göteborgselektronikerna Skyltfönsterspelning Kulturnatta 2016

Göteborgselektronikerna performing on Moog Voyager, Moog Voyager Old School, Roland SH101, Logan String Melody and lots of other interesting stuff!

Göteborgselektronikerna är en elektronisk orkester där vi spelar och skruvar våra synthar och trummaskiner live utan datorer eller backingtracks. Musiken hämtar inspiration från 70-80-talet med Kraftwerk, Jarre, Knight Rider och Miami Vice men är samtida förpackad och med lokalpatriotiska element i texterna. Rösten görs med talkbox och vocoder.

Vi kommer bjuda på en spelning med några låtar från vår kommande debut och några helt improviserade.

Vi spelar, precis som förra Kulturnatta, på Galleri PS. Skillnaden denna gång är att det i år blir en skyltfönsterspelning där vi står inne medan publiken får stå utanför och titta in. Så klä er varmt, men vi ska göra vårt bästa för att ni ska hålla värmen uppe.

Förbered er på gött elektroniskt sväng med liveskruvade trummor, rejäl Moog-bas och sköna analoga synthslingor som kranas och spelas fram i stunden. Pluspoäng till de som ropar med på sin favorithållplats i Hållplatz!

Göteborgselektronikerna: Jam Kulturnatta 2016

Göteborgselektronikerna jamming on Moog Voyager, Moog Voyager Old School, Roland SH101, Logan String Melody and lots of other interesting stuff!

Göteborgselektronikerna är en elektronisk orkester där vi spelar och skruvar våra synthar och trummaskiner live utan datorer eller backingtracks. Musiken hämtar inspiration från 70-80-talet med Kraftwerk, Jarre, Knight Rider och Miami Vice men är samtida förpackad och med lokalpatriotiska element i texterna. Rösten görs med talkbox och vocoder.

Vi kommer bjuda på en spelning med några låtar från vår kommande debut och några helt improviserade.

Vi spelar, precis som förra Kulturnatta, på Galleri PS. Skillnaden denna gång är att det i år blir en skyltfönsterspelning där vi står inne medan publiken får stå utanför och titta in. Så klä er varmt, men vi ska göra vårt bästa för att ni ska hålla värmen uppe.

Förbered er på gött elektroniskt sväng med liveskruvade trummor, rejäl Moog-bas och sköna analoga synthslingor som kranas och spelas fram i stunden. Pluspoäng till de som ropar med på sin favorithållplats i Hållplatz!