Saturday, January 25 2014
This is an early update for February. Two reasons, I have stuff to write
about right now, second I'm going to be super busy in February.
This year I attended ShmooCon for the first time. I liked it a lot and plan
to go again. I didn't know ShmooCon was running for 10 years already. They
seem to have a good grip on the conference and don't let it explode in size.
Conferences
CanSecWest one of my favorite cons (maybe my #1). Talks: No Apology Required: Deconstructing Blackberry10 - Zach Lanier, Ben Nei ; Duo Security & Accuvant. Outsmarting Bluetooth Smart - Mike Ryan ; iSEC Partners. The Real Deal of Android Device Security: the Third Party - Colin Mulliner, Jon Oberheide ; Northwestern University, Duo Security.
Troopers (Heidelberg, Germany). There is one mobile talk in the main conference but there in addition they have TelSecDay (invite only) that focuses on Telecommunication security. The main conference talk is: Modern smartphone forensics: Apple iOS: from logical and physical acquisition to iCloud backups, document storage and keychain; encrypted BlackBerry backups (BB 10 and Olympia Service)
by Vladimir Katalov.
nullcon (Goa, India) has a mobile talk this year: Modern smartphone forensics: Apple iCloud, encrypted BlackBerry backups, Windows Phone 8 cloud backup - by Vladimir Katalov.
SyScan 2014 looks super awesome this year. Josh "Monk" Thomas : "How to train your Snapdragon: Exploring Power Regulation Frameworks on Android". Dr Thaddeus (The) Grugq : "Click and Dragger: Denial and Deception on Android Smartphones". Alex Plaskett & Nick Walker "Navigating a sea of Pwn? : Windows Phone 8 AppSec".
Black Hat Asia THE INNER WORKINGS OF MOBILE CROSS-PLATFORM TECHNOLOGIES by Simon Roses Femerling.
HITB Amsterdam Shellcodes for ARM: Your Pills Don't Work on Me, x86 by SVETLANA GAIVORONSKI and IVAN PETROV.
RootedCON (Spain) talks: Raul Siles - iOS: Regreso al futuro, Pau Oliva - Bypassing wifi pay-walls with Android. Some talks look like they are mobile talks too :) (my Spanish is kinda bad)
Links
There are a lot of interesting talks in the next month. I'm working on (and finished) some interesting projects that I can hopefully talk about soon.
Our Android book is finalized and thus should be available in April.
The Defcon CFP is already open so make sure you submit your talks early. Also checkout Area 41 a fine security conference in Switzerland, the CFP is still open.
This year I'm co-chairing ARES an academic security conference. Please consider submitting your papers.
If you are interested in NFC (Near Field Communication) check out the current draft of the Web NFC API. The standard defines how a "web page" can interact with NFC devices.
Sunday, January 05 2014
30C3 was
awesome. A lot of good talks, many friendly people, and an awesome location.
The recordings of all talks can be found here.
The slides and source for my talk Android DDI are available here: slides and source.
I was super busy so I guess I missed a lot that was going on in the 2nd half of December. I will start posting stuff again later this month.
I'm going to ShmooCon in mid January and to Troopers in March.
Advertisement: If you are a computer science student and are interested in security and want to spent some time in the US, please contact me. I'm always looking for motivated people to do research with.