FRhack in live !

FrHack in live… (I’m doing it in english, since FRhack is international !)

Below, you’ll find the live report of FRhack international conference in Besançon, for the first day.  But here is a snall overview of the contents of this conference (in french, sorry !), ripped from the local news :

France 3 : late news sept. 23:00 7th 2009 France 3 : evening news 19¦20 sept. 7th 2009
short version (0:34) long version (2:35) incl. Richard Stallman interview

If you want to continue and see photos of the event, please click below !

Sunday 18:00 I drove to Besançon and am at the hotel since 4PM, with my hardware and a big box of books (yes!) that is used for the talk I’m giving tomorrow morning… since it’s more or less a 2000 pages summary. The main issue is that I had to spend the last hours finishing my slides, as I took the wrong version of the presentation with me ;((

20:00. Most speakers are now here, including Philippe Oechslin (the Rainbow Tables inventor), Richard Stallman and more really famous people, that’s great !

I’m gonna leave, speaker’s dinner is now…

23:19. Dinner is over. Very international ! Where I was seated, the 6 guys were from New-York, Seattle, Russia, Japan, France x2 (including Jérôme Athias, the organizer) and Switzerland (myself). At the other table, Richard Stallman (which speaks a really good french, thus a suprise for me) is friendly, and spent half of the dinner on his laptop…

090906-frack001

23:23. I’ve gotta put a final touch to my presentation… I’m the first presenter tomorrow morning, and since I realized the other presentations would be really good, that adds up a little more stress 😉 Oh, and by the way all the talks will be broadcasted on streaming

090906-frack002

090906-frack003

Monday, 07:30 : Time to wake up and have breakfast. I’ve finished remaking my slides, what a relief 😉

09:00 After an introduction from Jerome in a really nice looking old theatre, there are now two tracks in parallel.

A very nice place, the city’s old theater :

090906-phrack003

09:30 Here I am, talking about psycho-social behavior tweaks :

090906-phrack004

10h30 : My presentation about behavior is over and now I’m listening to Philippe Oechslin which explains in a great presentation how even FIPS140-3 certified biometric encrypted USB keys can be defeated by **stupid** implementation errors…below, he explains that (most) developers are (really) bad in understanding anything in crypto :

090906-phrack005

11:32 : We had a break after Philippe’s speech. Time for me to upload some photos.

Next conference is about using CUDA and FPGA to accelerate GSM cracking. Unfortunately I missed part of it since I was busy with the arrival of RMS (Richard Stallman).

12:37 : Richard Stallman exposes his vision in front of the France 3 television camera. Expressing himself in a perfect french, he explains that free software (NOT open source, which is different) englobes ideas « Liberté, Egalité, Fraternité ». He also explained that there was another music distribution system that could be similar to the controversial global licence, but more suited for everybody. His quick speach was concluded by applauses from the small crowd !
090906-phrack006

14:00 Lunch with Philippe Oechslin, Jerôme’s girlfriend and Basile Remaury, a film producer which is realizing a fiction about hackers

090906-phrack007

14:30 : Back to the talks. Cesare Cerrudo, the Argentina windows vulnerabilities guru show us that the automatic behavior of Internet Explorer is very weak, and can cause a lot of security issues, especially because of the weak settings by default. It is for example possible to do phishing on the windows desktop by creating a fullscreen IE imitation of the Windows desktop, which will confuse the user. Some other attacks demonstrated involved XSSQL (SQL Injection over XSS !).

090906-phrack008

15:15 : For the second time this day, I’m in front of the camera, helping the France3 guys as a translator to interview David Hulton about how he uses FPGA hardware to break codes and makes a living with that.

090906-phrack009

15:20 : David Hulton (Seattle, US) on the left (by the way, I love his tee-shirt !!), Abhijeet Hatekar (India) and Blake Cornell (New-York, US) on the right, which are both specialized in VoIP attacks.

090906-phrack010

15:25 : A funny tee-shirt ! There are lot of different original tee-shirts over here…

090906-phrack011

15:00 : Nguyen Amh Quynh explains us how he created a nice memory forensic tool using Firewire. Basically it’s a kind of FW iPod attack, but adapted to dump and alter memory of a live system.

090906-phrack012

16:30 : Andres Riancho explains us a web testing framework using different techniques like fuzzing and spidering, able to nice results.

090906-phrack013

17:30 : Richard Stallman, as usual, presents his vision of the future, GNU and GPL software

090906-phrack016

He has brought a lot of fun stickers and goodies… I couldn’t resist taking a picture of the stand, and also took back some stickers for myself and friends :

090906-phrack014

Some stickers are quite… oriented !

090906-phrack015

19:19 I’ve been playing with the Reactable since 15 minutes… it’s simply great !!!

Reactable music

090906-phrack017

090906-phrack018

19:27 : Finally Richard Stallman’s looong talk ends, as usual with his now legendary appearance :

090906-phrack019

21:00 : Tonight was artistic. Jerôme organised a modern art exhibition, a philarmonic concert, and finally a concert with the Reactable.

090906-phrack020

23:00 Afterwards, we ended up in some coffees to meet each others and discuss about differents things. Around some beers, Blake Cornell did show us an impressive attack using SIP (telephony over IP) to create accounts… Very nice proof of concept !

23:30 : Time for me to leave, unfortunately, and drive back home since I’ve got to be at the office tomorrow morning… I’m sorry not being able to continue this photo-report, and hope someone else will be able to describe tuesday’s talks.

Ce contenu a été publié dans Conferences - Speakings, IT Security. Vous pouvez le mettre en favoris avec ce permalien.

18 réponses à FRhack in live !

  1. Christophe dit :

    J’espère que M.Stallman utilise au moins GNU/Hurd sur son portable ^^ En tout cas bon courage pour demain !

  2. Thank you for this « live » blog post, Bruno 🙂

    You’re gonna be great, as usual, no doubt about it. We have to spend a night someday when you visit me, talking about some aspects of some of your books … 😉

  3. After an introduction from Jerome in a really nice looking old theatre, there are now two tracks in parallel. My presentation about behavior is over and now I’m listening to Philippe Oeschin which explains in a great presentation how even FIPS140-3 certified biometric encrypted USB keys can be defeated by **stupid** implementation errors…

  4. @cedric : sure, I’ll let you informed next time I come to Paris. By the way I’ll be more than glad to invite you at home.

  5. Paganel dit :

    Quel est exactement le netbook de RMS, Bruno ?

  6. GNULover dit :

    c’est quoi qu’il a comme PC Mister stallman ??

  7. miib dit :

    Join us now and share the software;
    You’ll be free, hackers, you’ll be free.
    (http://www.gnu.org/music/free-software-song.html)

    Thank you for this « live » post, I’m sure you’re will not be lost in translation 🙂

  8. Régis Senet dit :

    Excellente présentation représentant bien la première journée.
    Merci à Bruno pour toutes les explications qu’il a bien voulu apporter à nombreux d’entre nous 🙂

  9. @Regis : And me, I’ve been really happy to participate to such an exciting conference, and physically meet all those great experts from around the globe !

    … And it also was a pleasure to discuss with you and others, like I said yesterday it’s delightful to teach and explain things, sharing knowledgs is, like RMS could have said, invaluable 😉

    Have a nice day, I hope everything’s well

  10. newsoft dit :

    Enorme la vidéo de France 3 ! On reconnait ta voix 🙂

  11. et oui ! Disons qu’outre l’interview que j’ai donné (et qui a finalement été coupée au montage), je leur ai servi d’interprète pour l’interview de David Hulton (cf. une des photos ci-dessus), et par ailleurs je leur ai fourni quelques images pour illustrer leur reportage :
    – une démo 4k, Atrium, faite pour la BreakPoint 2008 par le groupe de demomakers TBC. C’est ce qu’on voit en 3d au début
    – une trace animée de Ollydbg (calc.exe !), qu’on voit à la fin.
    – un plan « par terre » avec Jérôme et moi devant nos laptops… pour l’anecdote, Jérôme n’avait plus de batteries, son PC était éteint, mais chuuut !!!

  12. mmu_man dit :

    Ca aurait été sympa de mettre les liens vers les vidéos, parce que tout le monde n’a pas flash (et pi c’est mal!), et ça devient fatiguant de devoir fouiller dans le html juste pour ça…
    http://bruno.kerouanton.net/videos/frhack-soir3.flv
    http://bruno.kerouanton.net/videos/frhack-19h20.flv

  13. « Tout le monde n’a pas flash » ==> l’iPhone, c’est mal !

  14. Nicolas dit :

    Merci pour le report, pour les photos et pour ton effort permanent de vulgarisation lors de ces instants passés à ton contact.
    Respectueusement.

  15. Ping : Links 09/09/2009 (9/9/9): Debian switches to Upstart, Palm introduces Pré junior | Boycott Novell

  16. Blake Cornell dit :

    FRHack was great. Glad you liked the SIP fuzzer. 😉

  17. mmu_man dit :

    @Bruno Kerouanton
    « l’iPhone, c’est mal ! »

    Euh je n’ai pas d’iPhone, moi! Il n’y a pas que l’iPhone qui n’a pas flash, de loin. Tous les OS moins connus (*BSD, Haiku, …) par ex doivent se débrouiller avec des hacks pour utiliser cette antithèse du web.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *