PasswordsCon in Bergen

It’s december. While it’s getting colder and people prepare and shop for christmas, here in Bergen, a city in Norway, experts from several countries come together talking about Passwords – something you’re using while buying christmas presents online for example – at the PasswordsCon. This one held at the University of Bergen in the Auditorium Pi.

On the first day Katja Malvoni from Openwall talked about their research on “Energy-efficient bcrypt cracking” focusing on implementing cracking of bcrypt with FPGAs and RISC-platforms. Manoé Zwahlen and Nicoals Oberli focussed on securing passwords by creating a cheap DIY hardware password storage called “Pa$$ware”. Based on Teensy (a USB-Development board), together with an LCD and a SD-card reader for password storage.

The idea behind is to store password on the device which are encrypted, plug this device into a PC and release a password when needed. The SourceCode and Plans will be opensource, for everyone to use. It’s still in development and the roadmap lists a lot of interesting features. Andrey Belenko dug into iCloud and iOS Protection in his talk “The iCloud Keychain and iOS7 Data Protection”.

Andrey very well described the mechanisms behind and came to several conclusions as “Trust your vendor but verify his claims” and “Never use simple iCloud Security Code”. The final talk was given by Asbjørn Reglund Thorsen from Awareness Security about bypassing Passwords by using Cookies as attack method with a call to Owners of webresources with Login to turn on SSL, setting the secure flag in Cookies and use strict transport security.

What do attendees to PasswordsCon do during the Lunch break? Playing “Adobe Crossword” – which nicely educates on not using bad passwords.

PasswordsCon in Bergen

Your email address will not be published. Required fields are marked *



Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox