Personal tools

Difference between revisions of "Eth0:2015 winter talks"

From Eth0Wiki

Jump to: navigation, search
Line 25: Line 25:
 
Fugu and failbaitr will tell you what they did to build the Frack lasercutter. What do you need to pay attention to, what software options do you have, and what issues still remain.
 
Fugu and failbaitr will tell you what they did to build the Frack lasercutter. What do you need to pay attention to, what software options do you have, and what issues still remain.
  
=Add Your Talk=
+
=Add Your Talk (sunday)  =
Some intro
 
  
'''when'''
+
== 14:00 - 15:00 - NetBSD Security Advisory 2013-008: tcpdrop networking security vulnerability explained ==
 +
 
 +
In August 2013, I held a talk at OHM2013 presenting and publicly
 +
disclosing a security vulnerability bug within the NetBSD operating
 +
system's kernel authorization framework ("kauth").
 +
 
 +
The bug was trivially easy to exploit, had been in NetBSD for over
 +
3.5 years, and allowed local attackers to hijack a host's networking
 +
facilities. It got fixed by NetBSD at the start of the talk, committing
 +
a patch I provided as part of my earlier disclosure to NetBSD.
 +
 
 +
Exploit scenarios included completely owning a host by denying all remote
 +
service to all users (including root), locking out specific users of
 +
the host, and exercising more fine-grained filtering power, resembling
 +
a host based firewall. The talk included a video demonstrating some
 +
of these exploitations, as well as inner details about the bug and the
 +
kauth framework in general.
 +
 
 +
A famous blog covered the talk. Also, in the months following the talk,
 +
quite some people within the German hacker scene expressed their personal
 +
interest in the talk to me. Unfortunately, the recording of the talk
 +
turned out not to have succeeded.
 +
 
 +
The above, combined with the bug being as peculiar as it is, led to the
 +
idea of redoing the talk at another conference, preferably (but not
 +
necessarily) in Germany. A talk proposal or two got rejected though,
 +
and with that, redoing the talk more or less became a long term personal
 +
wish as well -- after a year and a half now getting fulfilled at eth0.
 +
 
 +
This talk will be in English.
 +
 
 +
A video recording will be made by eth0. The speaker kindly requests the
 +
audience not to make any additional recordings or pictures of the talk
 +
without asking consent beforehand.
 +
 
 +
External links:
 +
 
 +
OHM2013 talk:
 +
https://program.ohm2013.org/event/252.html
 +
 
 +
NetBSD Security Advisory 2013-008 (note: contains talk spoiler details):
 +
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-008.txt.asc
 +
 
 +
Sander Bos is a long term Unix and free software specialist, contributor
 +
to free software and related community projects, and occasional speaker
 +
at international software and computer security conferences. Sander's
 +
main focus points in the computing field include Unix and GNU/Linux
 +
system administration, free software, Internet technology, and overall
 +
computer security.
 +
 
 +
== Your talk ==

Revision as of 13:13, 21 February 2015


Add Your Talk

14:30 - 15:30 - (Practical) Escapism for the Modern Rogue.

This will be an on-hands workshop, detailing several methods of escaping from commonly used restraints. The workshop will mostly focus on bypassing flaws or features and exploiting weaknesses in the used restraint or material.

There will be a short introduction and demonstration, then the floor is open for practical application... on you! Practice while supplies last. This workshop is bound to keep you on the edge of your seat, figuratively or otherwise.

15:30 - 16:30 - Building the led-ball

Brainsmoke will tell us what he did do build his awesome led ball, capable of animations, high-framerates and intense brightness. What problems he found during development, and what tools (both at the hackerspace, and in china) he used to get the physical parts ready for "production".

16:30 - 17:30 - Making money with just one webpage

Juard will explain how his one website makes him a decent part of his income

17:30 - 20:00 - Noms

Elmer will provide

20:00 - 20:45 - Buildlog - Frack lasercutter

Fugu and failbaitr will tell you what they did to build the Frack lasercutter. What do you need to pay attention to, what software options do you have, and what issues still remain.

Add Your Talk (sunday)

14:00 - 15:00 - NetBSD Security Advisory 2013-008: tcpdrop networking security vulnerability explained

In August 2013, I held a talk at OHM2013 presenting and publicly disclosing a security vulnerability bug within the NetBSD operating system's kernel authorization framework ("kauth").

The bug was trivially easy to exploit, had been in NetBSD for over 3.5 years, and allowed local attackers to hijack a host's networking facilities. It got fixed by NetBSD at the start of the talk, committing a patch I provided as part of my earlier disclosure to NetBSD.

Exploit scenarios included completely owning a host by denying all remote service to all users (including root), locking out specific users of the host, and exercising more fine-grained filtering power, resembling a host based firewall. The talk included a video demonstrating some of these exploitations, as well as inner details about the bug and the kauth framework in general.

A famous blog covered the talk. Also, in the months following the talk, quite some people within the German hacker scene expressed their personal interest in the talk to me. Unfortunately, the recording of the talk turned out not to have succeeded.

The above, combined with the bug being as peculiar as it is, led to the idea of redoing the talk at another conference, preferably (but not necessarily) in Germany. A talk proposal or two got rejected though, and with that, redoing the talk more or less became a long term personal wish as well -- after a year and a half now getting fulfilled at eth0.

This talk will be in English.

A video recording will be made by eth0. The speaker kindly requests the audience not to make any additional recordings or pictures of the talk without asking consent beforehand.

External links:

OHM2013 talk: https://program.ohm2013.org/event/252.html

NetBSD Security Advisory 2013-008 (note: contains talk spoiler details): http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-008.txt.asc

Sander Bos is a long term Unix and free software specialist, contributor to free software and related community projects, and occasional speaker at international software and computer security conferences. Sander's main focus points in the computing field include Unix and GNU/Linux system administration, free software, Internet technology, and overall computer security.

Your talk