Mobile Privacy policies Suck: Designing for trust, privacy and security in an age of
It's a fact - research shows users care about their privacy and the security of their data on mobiles. They are especially concerned about apps that 'secretly' access and use their personal information. It's also a fact that users don’t read 100–page legalistic privacy policies. Users want transparency, choice and control in context over how their information is used. They want this in clear, simple and consistent ways that don’t burden them – but can this be done? What are the implications for us all if we don’t try? Will users trust us with their privacy and the security of their data and devices? Mobiles are fun – don’t make privacy a chore!
Speaker: Pat Walshe is responsible for the GSMA’s work on privacy. Pat is currently working with GSMA members and other key stakeholders to establish dialogue and explore ways to shape— collaboratively and collectively—the way privacy is advanced, managed and protected across the mobile ecosystem.
Pat has more than 13 years of experience in data privacy and regulatory policy in the fixed, mobile and internet sectors. He has represented industry on a number of privacy matters with various regulatory and international public interest groups.
Pat has a degree in Social Anthropology and Development and holds privacy and information security qualifications. He has served on the International Standard Organisation's Privacy Steering Committee and is a member of the British Computer Society.
IPv6 is finally coming, however still very slowly. Many people expect it is a modern protocol, so it will have lot of security properties.However the protocol was designed 1995, in a time where the Internet was still (mostly) secure and browser malware was still an unseen issue. This talk shows the vulnerabilities in the coming Internet, what the impact of those issues are, how to exploit them and also how to - maybe- protect against them.
Speaker: Marc "van Hauser" Heuse is performing security research since 1993, having found vulnerabilities in any kind of software like firewalls, DNS servers, SAP middleware, etc. and is the author of various well known security and pentest tools like hydra, amap, thc-ipv6, THC-Scan, secure_delete, SuSEFirewall and many more. In 1995 he founded the renowned security research group “The Hacker’s Choice”, which was the first group to e.g. crack A5 GSM in 2006. Since 1997 he is working as a security consultant in the top-5 enterprise consultant companies, since 2007 he is working as an independant security consultant. He is performing security research on IPv6 since 2005 and has spoken on many internationalconferences on this topic since then.
Cyberpunk- from Fiction to Fact
Take a ride on the The Cyberpunk Express train – a fast talk through the past, present and future of the CyberPunk culture, science fiction and popular culture and how Cyberpunk fiction inspired the reality of hacker culture today, why hackers are heroes, too, and how more women can be inspired to follow in the footsteps of infamous hacker girls of fiction.
Speaker: Keren Elazari. Born and Raised in Tel Aviv, Israel, Keren E has been a key member of the Israeli Cyber Security & Hacking scene for more than 10 years. Since 2000, Keren has been employed with leading Israeli security firms, government organizations, Big 4 and Fortune 500 companies. Keren holds a CISSP security certification, a BA in History and Philosophy of Science and is studying towards an MA in Security Studies from Tel Aviv University. Before taking up her current position of Teaching Fellow – Security with Singularity University.
In Mountain View , California, Keren was focused on developing innovative methods and tools for detecting advanced cyber threats, working with market leading Israeli security technology companies. Keren has organized, hosted and participated at international security events such as Y2Hack04 & ILHack09 in Tel Aviv, ITBN 2007 Security Day in Budapest, co-chaired IDC Herzliya Cyber Terrorism Workshop in 2010 and NATO International conference on Cyber Conflict in 2011 and 2012 and DLDWomen in Munich, July 2012. Keren is fluent in Hebrew & English, and likes to practice Aikido and travel the world.
This revolution will be unhosted
Speaker: Michiel de Jong is a freedom hacker with a background in theoretical computer science, artificial intelligence, and scalability engineering. He is currently unemployed by the Unhosted project, and lives as a digital nomad: travelling the world while programming for the revolution from his laptop. When he's away-from-keyboard, he enjoys urban cycling and learning new languages and cultures.
We are at the dawn of the XXI century. Our lives have changed. New technologies have allowed us conceive communications, business and entertainment in a different way. Possibilities are infinite. The Internet has made the world an easier and better place. But, with that, there are challenges we must defeat. If the Internet is the tool we wish to use to develop our constantly evolving society then we need to work together now to ensure its security. Mobile and online technology today is utilized extensively by our children; what are we subjecting them to and what can we do to improve it? In order to make a safer world for our children, free from potential predators, we need to work together to create a safer online future for them. Alia2 foundation brings together stakeholders. If we want to make the internet safe then it is you that needs to help as you are the parents that need to protect our children… We need millions of eyes to review all the on-line content, and if something is wrong you need to be able to report it to our hotline so that we can act. We need people like you because you are the reference when someone needs information about the Internet. So let´s work together and develop the tools and mindset of protecting our children, and their children. Please, help us to make a safer internet for our children and future generations.
Speaker: Miguel Comín majored in International Business Studies at the European Business School, and holds a Master in Strategic Management for Leaders of Non-Governmental Organizations from IESE Business School (2011 – 2012). He has worked in Luxembourg, Germany, Switzerland and the United Kingdom, all in the field of finance. In 2005 helped created the International child international advertisement awards "El Chupete" (the pacifier awards) where he promoted awareness of the risk and opportunities of internet for minors. It was there that he realized that something needed to be done and started work on creating a foundation to protect minors on the internet and to encourage them to use technology. In 2008 he assembled a team of personalities of extensive experience and relevance in the multidisciplinary fields necessary to successfully launch Alia2 Foundation. Miguel was selected Ashoka Fellow for his 3 years efforts on ensuring safer Internet for children by mobilizing key players through win-win relationships. By tapping into the core interests of parents, the education community, police forces around the world, Internet service providers, Internet users and others, Miguel is aligning existing efforts and making them more effective through the use of new open source software and technology.
Cyberstalking and online abuse has increased significantly since the popularity of social networks and the explosion in smartphone ownership. It is estimated that 1 in 6 women and 1 in 10 men will be stalked during their lifetime. It is important to understand there are different types of stalkers and how their obsession ruins lives. Today, technology means stalkers can be more effective and work 24/7. They use technology to carry out the abuse. But should developers consider how their products can be used by perpetrators? Should consumer safety risk assessment for products be a part of the development cycle?
Speaker: Jennifer Perry is a cyberstalking expert who works with a wide range of stakeholders including: government, enforcement agencies, industry groups, security and legal experts as well as support charities. She helps to develop new digital safety strategies, practical advice and is engaged in policy development.
She has a particular interest in domestic violence stalking victims, who make up a large section of stalking victims and who are also at higher risk. Jennifer wrote the first UK Internet Safety Guide for Survivors of Domestic Violence in 2009.
In 2012, she wrote new national guidelines for the Network for Surviving Stalking and Women's Aid. The guidelines provide an overview of the technology stalkers use, the risks they pose and recommendations on how to reduce those threats - Digital Stalking: A guide to technology risks for victims.
Jennifer is the cyberstalking spokesperson for the charity Network for Surviving Stalking and works with the National Stalking Helpline.
Can Security and Privacy Principles from the Desktop Era Shine Light on How the “Internet of Things” Will Evolve?
Excitement for the “Internet of Things” continues to grow. Because of rapid innovation in the field, it defies easy classification. Devices are imagined with uses ranging from saving lives -- like health sensors connected to the Internet -- to more mundane tasks like preheating your oven from the car on the drive home from work. But there’s still little regulation in this area thus far. This presentation will review several principles from laws regulating the Internet and imagine how those principles may ultimately apply to the “Internet of Things”.
Speaker: Joe Huser is a corporate and securities attorney in Los Angeles, California. He previously worked at the international law firm Baker & McKenzie where he specialized in venture capital and international transactions for companies ranging from early stage to Fortune 500. Today he practices law at his own firm and specializes in representing early stage tech companies including iPhone app and website developers, angel investors and various other owners of companies. Throughout his career he has worked on transactions ranging from $100 million investments to assisting university students in establishing their first companies. He received his Juris Doctorate from the University of Notre Dame Law School.
The aim of the LOST Project, developed by "La Salle - Ramon Llull University" in collaboration with ISECOM, the "Institute for Security and Open Methodologies", is the development of an eLearning environment that helps security trainers the teaching of hands-on technological knowledge on security testing and auditing, and engages students in the security world from the Ethical Hacking perspective. With this project our students learn by doing, improve their technical skills, participate in the development an exciting project and challenge themselves exploring the "deep blue sea" of IT security.
Speaker: Jaume Abella(Spain) is coordinator of the Degree in Telematics Engineering (Engineering of Networks and Internet Technologies), received his degree in Electronics Engineering from La Salle - Ramon Llull University of Barcelona (URL) in 1994 and his degree in technical telecommunications engineering from the same university in 1992. He is Professor of Networking Engineering and IT Security at Campus La Salle, Ramon Llull University, in Barcelona since 1997 and instructor of CCNA and CCNP CISCO certifications since 2000.
Finding Optimism in Cyber Security
Security has traditionally been playing "catch-up" whenever new technologies emerge. We live in a world where hacking and data breach news hit headline every other day. Cyber security is stereotyped as a daunting, stressful, and often boring (compare to 'hacking') profession, and often, it really is. However we need to find ways to change it. From bio-inspired self-healing systems, Security-as-a-Service, big data security analytics, gamification of security, to cyber peace-keeping, in this talk, speaker will take the audience on a journey to discover some promising trends and futuristic thinking on the future, and perhaps also beauty, of cyber security
Keyun Ruan worked as a PhD researcher at Centre for Cybersecurity and Cybercrime Investigation (University College Dublin) and Cyber Security Research lab (EADS). She is one of the pioneering researchers on the emerging area of Cloud Forensics and is the editor of "Cloud Forensics and Cybercrime: Applications of Investigative Processes", world's first scholarly volume explicitly on the topic. She is a contributor to various international standardization projects on cloud security and forensics. She also has a diploma in Art and Design.
Terms of Services: Didn´t Read!
Nobody wants to read the long `Terms of Services' for web applications. But it is important to understand them: what happens with your data depends on it.
Did you ever want to get a glimpse at your daily web apps' dirty secrets? We will dive in the complexities of Terms of Services and Privacy Policies to understand what really happens today when we use the Web: Copyright, data collection, data use, third-party tracking, government injunctions, advertisement, formats lock-in… ToS; DR wants to make all these legal details as simple to understand as Creative Commons licenses.
But you may not like what you will see…
Speaker: Hugo Roy is a Free Software hacktivist at Free Software Foundation Europe and a law student. He is currently working as "Legal Liberator" with Unhosted on a new project code-named: "Terms of Service; Didn'tRead!". He is often referred to as a Zappa Freak.
E-mail communication is like sending a postcard: Everyone who wants to, can read it as it is transferred in plain text over countless computers in the world wide web, and is not "folded in any envelope". However, most e-mail users do not use encryption or signatures - and a common stereotype is that e-mail encryption would serve only nerds and paranoids. But can you be sure that an e-mail is really from the sender addressed, if this e-mail is not cryptographically signed in addition? With my talk, I want to describe the power of PGP in e-mail security. After a short introduction about the background of e-mail and encryption, I am going to show in an easy-to-understand workshop how to install and use GnuPG with Thunderbird and Claws Mail in a Linux or Windows environment.
Speaker: Jan Leutert, born 1982 in Jena, lives and works in Frankfurt/Main. Since his apprenticeship as a doctor's assistant, Leutert worked as a system administrator in a rehabilitation clinic. In 2005, he became involved in politics; debuting in the CDU and 2009 changing to the Pirate Party in Germany. Furthermore, he is a member of the Pirate Parties in Luxembourg and Switzerland. As a data security engineer (certified by the German Technical Inspection Association, TÜV), he is strongly interested in matters of data privacy. He believes that "the education of citizens in their data privacy behaviour is an important subject in the 21st century"
Leutert is on Twitter as @pyth2_0 and is blogging on http://blog.janleutert.de.
This presentation gives an overview of the RFID and NFC technology.
Most RFID Security is security by obscurity, this presentation gives an
overview of the practical RFID hacks and attacks.
Speaker: Lukas Grunwald is the CTO of DN-Systems Enterprise Internet Solutions GmbH (Hildesheim/Germany) a globally acting consulting firm working mainly in the field of security solutions for enterprises and federal governments in europe and asia. He is also the head of the Hacking Lab where new technology is evaluated. Mr. Grunwald has been working in the field of IT security for nearly 15 years now. He is specializing in security of wireless and wired data and communication networks, forensic analysis, audits and active networking. Mr. Grunwald regularly publishes articles, talks and press releases for specialist publications. He also participates actively at serveral conferences all over the world. Mr. Grunwald is co-author of RFDump an RFID attack and audit tool, that is free software and got some attention for the firsttime clone and attack the ePassport live at BlackHat.
The Embarrasment Filter
In this presentation you will be shown how to cover your tracks on the web in every life situation.
In the first part Christian will demo his Chrome extension "Embarrassment Filter" which makes sure that you are protected from embarrassing situations involving your browsing history in your day to day life.
In the second part of his presentation he will strive to teach you how to cruise the web in a way that will protect you not only from embarrassment but also from prosecution of any kind.his presentation gives an overview of the RFID and NFC technology. Most RFID Security is security by obscurity, this presentation gives an overview of the practical RFID hacks and attacks.
Speaker: Christian Smorra is a 21 year old web developer and CS student.
Open Bank Project
Now is the time for an approach to (financial) security and business based on openness rather than obscurity. The Open Bank Project is an open source powered web application and API for banks that facilitates the real time sharing of transaction data with trusted individuals and the public whilst still protecting sensitive information. The Open Bank Project originated as a response to corruption and fraud. At a time when financial malpractice is a daily news occurrence, perhaps now is the time for an approach to (financial) security and business based on openness rather than obscurity.
Simon Redfern. I'm CEO of TESOBE, a Berlin based tech agency that designs and builds web and mobile apps using Python, Scala and Node. I started working on data driven web applications in 1996: Started building musicpictures.com in 2002, the social platform Eviscape in 2006, founded the Open Bank Project in 2008 and Polarize.it (a simple brainstorming, feedback and voting platform) in 2012. I just returned from Cameroon where TESOBE is a co-leading a project called Feowl to gather on going data about power cuts in Douala. I'm also a composer (piano & electronics), and enjoy table tennis, chess and go.
Basic Data Protection
In the Basic Data Protection Workshop you will get a rough overview over basic concepts of security and encryption. We will tell and show you how to encrypt your data and communication and how to generally improve the security of your system. We will also give some background information on how all the stuff works. With this workshop we do not aim for completeness. We try to give you an understanding how to set up a basic line of defense against all the bad people in the networks out there. Always remember: There is no absolute security, it is only about raising the cost of attacks.