30 minutes
defenses, commercial security solutions, and pragmatic real world
security experience will be presented in a three days series of
informative tutorials. We would like to announce the opportunity to
submit papers, and/or lightning talk proposals for selection by the
hack.lu technical review committee. This year we will be doing
workshops on the first day PM and talks of 1 hour or 30 minutes in
the main track for the two following days.
A capture the flag contest will take place during the whole conference.
Scope ======
articles, but the Evaluation Committee may give priority to those that do.
* Proposals may be presented in English, Portuguese or Spanish.
* Proposals must be submitted in Portable Document Format (PDF)
* Submissions must be created directly using a word processing system
(scanned articles will not be accepted)
* Presentations may not be longer than 30 minutes.
Submitting a Proposal
Those interested in presenting at LACSEC 2011 must send the following
consisting of alphanumeric characters and symbols fall within an even
smaller range of hash outputs (~8k), making this trivial to brute force
over the network. To excaberate matters, loginLib has no support for
account lockouts and the FTP daemon does not disconnect clients that
consistently fail to authenticate. This reduces the brute force time for
the FTP service to approximately 30 minutes.
To demonstrate the hash weakness, the password of "insecure" hashes to
the value "Ry99dzRcy9". The password of "s{{{{{^O" also hashes to the
same output. The hashing algorithm itself is based on an additive sum
with a small XOR operation. The resulting sums are then transformed to a
* Caipirinha and Feijoada Hacks
* and everything else information security related that our attendees
would enjoy
We do like shorter talks, so, please submit your talks and remember
they must be 30 minutes long. (yes, we do strictly enforce that)
We’re also opened to some 15-minute talks, some of the smart people
around might not need 30 minutes to deliver a message, or it might be
a project that has been just kicked-off.
15 minutes might be your thing and that's nothing to be ashamed about.
No matter the encryption to the database the username is passed in
plain text inside the sql query sent to the server.
The Standard Encryption is easy to crack just by changing your
password to all of one letter and observing the data coming back in
HEX. Building the key takes less than 30 minutes.
Enhanced Encryption is only slightly better since it takes the
Standard Encryption rotational keyed password and then sends it to the
database to be stored in a binary field instead of a text/varchar
field. Even using this "encryption" once the password is over four
<script>
document.getElementById(1).submit();
</script>
This CSRF will disconnect the user from the internet for longer.
“The process to get back online from a factory default condition could take from 5 to 30 minutes.”
<html>
<form id=2 method=post action=’http://192.168.100.1/configdata.html’>
<input name=’BUTTON_INPUT’ value=’Reset+All+Defaults’>
</form>
<html>
To avoid credential brute force attacks, Weblogic server have a locking
mechanism that lock the corresponding account after some invalid login
attempts.
The default lock shots if 5 invalid login attempts were made. The lock
remains 30 minutes.
S21SEC has found that exists an internal servlet that allow the guess of
valid credentials even if the attacked account is locked.
This allows infinite invalid authentication attempts against an account.
As is obvious from rule #1 and rule #2, one player gets exclusive access
to any target at one time.
4. Players take turns, no hogging the targets
Players are limited to 30 minutes per attempt. We will mercilessly
disconnect your cable at the end of each attack slot. Be fast!
We will reboot the targets before each session begins.
5. First come, first served access to targets.
As is obvious from rule #1 and rule #2, one player gets exclusive access
to any target at one time.
4. Players take turns, no hogging the targets
Players are limited to 30 minutes per attempt. We will mercilessly
disconnect your cable at the end of each attack slot. Be fast!
We will reboot the targets before each session begins.
5. First come, first served access to targets.
* and everything else information security related that our attendees
would enjoy, the coolest/ different/ most creative submissions win,
keep that in mind!
We do like shorter talks, so, please submit your talks and remember
they must be 30 minutes long. (yes, we do strictly enforce that)
We’re also opened to some 15-minute talks, some of the smart people
around might not need 30 minutes to deliver a message, or it might be
a project that has been just kicked-off.
15 minutes might be your thing and that's nothing to be ashamed about.
Abstract plus a draft version of the slides to be used for the presentation.
* Proposals may be presented in English, Portuguese or Spanish.
* Proposals must be submitted in Portable Document Format (PDF)
* Submissions must be created directly using a word processing system
(scanned articles will not be accepted)
* Presentations may not be longer than 30 minutes.
Submitting a Proposal
Those interested in presenting at LACSEC 2012 must send the following
Following our supah successful January meet, where we actually ran out
of time because of the volume and quality of talks (or was it volume of
alcohol the speakers had imbibed?), this month we are going to limit the
talks to 30 minutes and the number of speaking slots to 3 so we have
more time for drinking/socialising in between...
The lineup this month is:
The Current State of Wifi - Arhont
o Infrastructure Security (Wireless, Bluetooth, OS, Device etc)
o Browser Security
o Regulations (PCI, SoX 404, Clause 49 , ISO etc.)
* Rapidfire Sessions (30 Minutes): These sessions are focused around Information Security Management issues that will be addressed through:
o Business Case
o Panel Talk / Open Discussion with more than one speaker
o Upto speed (Old attack vector, new attack technique)
* Caipirinha and Beer Hacks
* and everything else security related you might think would be good for
the conference
We do like shorter talks, so, please submit your talks and remember they
must be 30 minutes long.
The new thing for this year is that we also are opened to some 15-minute
talks.
Some of the smart people around might not need 30 minutes to deliver a
message, or it might be a project that has been just kicked-off.
15 minutes might be your thing and that's nothing to be ashamed about.
Every subject related to IT security would be welcomed but the originality of the proposal is also reviewed.
* Talks are open to anybody, expert presentation skills are not necessary but keep in mind that speaking in front of a crowd is not so easy.
* For all workshops you should specify your needs (material, space, or anything else). This would be taken in account at acceptance time.
TALK DURATION
Talks should last 30 minutes (question time included). We will not hesitate to interrupt a talk to keep the event right on time.
WORKSHOPS
Workshops would take place in parallel of the talks with dedicated stalls.
CONTACT
>> dissemination, it only took 15 minutes to crash all the Internet
>> infra-structure
> How exagerate ;)
Yeah, you're right, it took a little bit more: 30 minutes. 8-D
> Nope, we didn't. But people stopped writing worms, because writing bots
> is much more rewarding, economically.
101% true. And that's even worse than worms. Because they are
- Ero Carrera and Jose Duart - Packer Genetics: The Selfish Code
- Gynvael Coldwind and Unavowed - Syndicate Wars Port: How to port a DOS
game to modern systems
- Dino Dai Zovi - Mac OS X Return-Oriented Exploitation
- Nicolas Falliere - Reversing Trojan.Mebroot's Obfuscation
- Yoann Guillot and Alexandre Gazet - Metasm Feelings (30 minutes)
- Travis Goodspeed - Building hardware for exploring deeply embedded systems
- Sean Heelan - Applying Taint Analysis and Theorem Proving to Exploit
Development
- Alex Ionescu - Debugger-based Target-to-Host Cross-System Attacks
- Ricky Lawshae - Picking Electronic Locks Using TCP Sequence Prediction
www.meitsec.ae for further details on paper submissions.
The submissions:
Session languages: We accept submissions in both English and Arabic
* Presentation session duration: 30 minutes
* Training session duration: 1 – 3 days
* Format: abstract [1-3 pages pdf], full text [pdf, ppt]
* Submission deadline: July 31, 2008 [abstract] / August 31,
2008 [full text]
* Acceptance notification: September 30, 2008
www.meitsec.ae for further details on paper submissions.
The submissions:
Session languages: We accept submissions in both English and Arabic
* Presentation session duration: 30 minutes
* Training session duration: 1 – 3 days
* Format: abstract [1-3 pages pdf], full text [pdf, ppt]
* Submission deadline: July 31, 2008 [abstract] / August 31,
2008 [full text]
* Acceptance notification: September 30, 2008
|
