Cognitive and Scientific Brainology

EuSecWest 2010 - 'Hacking printers for fun and profit'

EuSecWest 2010 - ‘Hacking printers for fun and profit’

Most probably you have come to the right place if you were looking for:
- “Hacking printers for fun and profit” paper from EuSecWest 2010
- Andrei Constin or Andrei Constantin presentation from EuSecWest 2010

Actually, by a mis-fortunate spelling mistake on the initial publication of the speakers list for EuSecWest 2010, which (given the copy-paste and propagation effect of the blogs and mailing-lists) transformed my correct name Andrei Costin to become Andrei Constin which then by Google’s “wisdom” became Andrei Constantin.

Download here: EuSecWest 2010 “Hacking Printers for fun and profit” Andrei Costin

Download here: Remote-initiated PPE (printer payload exploit) using Java applets.

ESW10 Feedback

Seems some people really liked the talk, paper and the ideas, while others took their most hilarious laughs ever (not sure if it was because of my talk or because of Amsterdam treats =)) ).

Tweetfeeds of the conference can be found here and here.

All in all, the event was very nice. Special thanks to Dragos and all the crew for organizing a great event.

After hearing about hackers on the plane and hackers on the train, we were doing hackers on the boat on Amsterdam’s canals. Also, it was nice to see that a cool crowd from ESW10 DoS-ed the tram literally on their way to the boats .
PS: we almost got owned by the boat captain like a group of kindergarten kids =))… shhhhh and quiet, otherwise get kicked in the ass

And yeah, props to Dragos for the pelican case full of beer and to the guys caring the heavy devil of ice and beer .

EUSecWest 2010 is near

I invite you to take a look at EUSecWest 2010 agenda and register. Perhaps we could meet there, who knows…

"Programmers should be able to program!" program

“Programmers should be able to program!” program

Well, sad and true in the same time… It is an entertaining reading and one full of insights…

Maybe it’s just one of those reasons why software is getting more crappy, unreliable, insecure, etc.

The non-programming programmers

[...] Read more!

Comprehensive list of security and hackers conferences and conventions 2010

Comprehensive list of security and hackers conferences 2010

Recently, there is a high span of various security and hackers conferences and conventions going on.

Keeping track of them is not as easy as it seems, since there is no central point where to look up their schedules, locations, call for papers, etc.

So I decided to compile a list for my own (well it doesn’t cover 100% of security related conferences out there, but it tries to cover most of the publicly known/accessible ones).

[...] Read more!

Learning Wireless Power: Part 1 - Security

Prolog

Wireless Power is not something new. It’s an old idea, an old dream, an old demo. However, it now revived with new forces in form of new technology products.

Mainly, there are two camps trying to use magnetic induction to charge things:

one offering a charging pad
other trying for over-the-air power

However, the post is not about going over this technology itself - if you want to explore, check the links provided at the end.

To the point

The point of this post is to discuss the security perspective of wireless power transfer, especially for over-the-air type. Several couple of years proved consistently that wireless technologies (WiFi, RFID, remote controls, GSM, etc.) are very prone to security vulnerabilities (sadly, most often by design, rather by implementation).

The types of attack one can envision are:

wireless power theft
[...] Read more!