...stuff I do and things I like...

Review RSA

Last week I attend the RSA Conference for the first timer ever. I always had the impression that it is not worth going but this year I went anyway. The plan was to just hang around at the various side events that take place during RSAC. Meeting with people etc. That part is totally worth it if you can spent the day doing actual work. I ended up going to the conference to speak on the Mobile Security Battle Royale panel (as a replacement for Jon Oberheide). So I got a conference pass and could checkout the actual conference and expo. The expo was pretty standard if you are used to attend events like CeBIT or maybe CES. Just smaller and security companies only. I didn't have the chance to attend other talks besides Big Brother's Greek Tragedy State-Deployed Malware & Trojans so I can't really make my mind up if it is worth the money or not.

SC Magazine wrote an article about the panel I spoke on. Here are some comments: Android certainly does support remote updates. But the problem really is that manufacturers and mobile carriers stop supporting devices after 12-18 month.

Conferences

Infiltrate posted a few more talks. The one I'm really interested in is: Josh "m0nk" Thomas - NAND-Xplore -> Bad Blocks = Well Hidden.

Troopers in Heidelberg Germany (March). They have a few interesting talks: UI Redressing Attacks on Android Devices by Marcus Niemietz, Malicious Pixels: QR-Codes as attack vectors by Peter Kieseberg, Corporate Espionage via Mobile Compromise: A Technical Deep Dive by David Weinstein and a few other non mobile talks that look really interesting.

Hack in the Box Amsterdam LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements, SMS To Meterpreter: Fuzzing USB Internet Modems. I really need to go to HITB some day.

New Conferences

NSC - NoSuchCon is a new conference held in May in Paris, France. The organizers seek strong (only) technical content.

News

HTC Settles Privacy Case Over Flaws in Phones Interesting read, quote: The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows-based phones in ways that let third-party applications install software that could steal personal information, surreptitiously send text messages or enable the device's microphone to record the user's phone calls.

Personal note:

Wiley announced our book Android Hacker's Handbook