2006-02-26

IT Underground report

Yesterday afternoon I returned from the IT Underground conference in Prague, where I was an invited speaker. I gave a talk on the possible exploatations of smart-cards, and, well, I amazed myself. I had only 16 slides and was a bit worried what am I going to talk about during the two hours planned in the agenda. In the end I had no problem talking and also gave a small demonstration of stealing data from applications.

The conference was very well organized - kudos to the orgranizers. It was held in the Hotel STEP, in the outer part of the town. The hotel was new, modern and pleasant to stay in (except that shower cabins in the bathrooms were a bit small). The hotel was within 10 mins of walking to the nearest metro station, and with Prague's excellent public transport system, it was easy to get to the centre of the city to look around a bit and taste Czech excellent cuisine and beer (for those who will visit Prague: garlic soup (nb! NOT onion soup) is a must to try). Prague is a beautiful city, and I was a bit nostalgic when I had to leave. And extremely cheap, compared Oslo. I could get used to living there very quickly.

To me (and to the most of the audience, I believe) the most impressive lecture was Shawn Merdinger's on vulnerabilities of VOIP phones. I couldn't believe how vulnerable those phones are. Shawn investigated 11 different phones so far, and all of them had some security flaw - either open HTTP, remote debugging, telnet shell, etc. He gave a live demonstration of telnetting onto a VOIP phoe, getting a shell and instructing it to make a phone call to another number. When you answer the other phone, you can listen to whatever the first phone transmits. An ideal spying device! Passwords? What passwords? Except maybe some default and well-known ones.

I made contacts, learned some interesting stuff, and had fun with some cool people. To put it shortly: it was great :)

5 comments:

Dinko Korunic said...

Congrats, I'm glad it was fine. I've expected from you no less :-)

zvrba said...

Heh, thanks :)

negative said...

zvrba, t'was real pleasure hanging out with you and other speakers.

PS: Come to asia to see the "real sun". And yes, I finally admitted to myself that cold is a state of mind. :-)

zvrba said...

To negative: same here. And lol at cold :) As for Asia - well, you never know, one day I might even show up there. Never been there yet, so one more reason for a visit :)

negative said...

zvrba, if you want more reason... there will be HITBSecConf2006 (Kualalumpur, Malaysia), SyScan '06 (Singapore), and BCS06 (Jakarta, Indonesia). So far, SyScan and BCS06 already publish their CFP.

So make up your mind, and submit your proposal... :-)