“Things to do in London if you’re a Security Geek”

Things to do in London if you’re a Security Geek

DEF CON’s London chapter has a new home

DEF CON is one of the world’s largest hacking conventions – it’s beyond my description so if you’re not aware of it you should really read the Wikipedia page to get a taste, and then go browse some of the talks from last year.

For want of a better description the London chapter is called DC4420 – think international direct dial codes – and I’ve literally just returned from the basement of a nice pub just off Oxford Circus, with decent food, beer, and presentations.

“What can happen when hardware authentication tokens get 0wned?”

What can happen when hardware authentication tokens get 0wned?

How bad can it be? Can two-factor authentication turn into an open door?

This is not an RSA SecurID story – there are plenty of those, you can find them all over the place, or read some extraordinarily timely advice shipped by US-CERT to US Government agencies about (ahem) best practices in systems assurance.

Instead this is a personal war-story.

“Certificate Authorities and SSL: building on cracked foundations.”

Certificate Authorities and SSL: building on cracked foundations.

A hierarchical model of trust requires trustworthiness. Oops.

SSL (strictly named SSL/TLS) is the encryption layer commonly used in HTTPS, IMAP, Instant Messaging and other common Internet protocols, and is supposed to provide at least three benefits to the developer and users.

In approximate order of importance these benefits would be: