Friday, 23 December 2016

in-flight entertainment vs avionics

For those of you who have had the opportunity to see one of my presentations "Can you really hack an airplane: Myths & Truths", you are already familiar with what is really happening and the confusion between in-flight entertainment systems and avionics (https://en.wikipedia.org/wiki/Avionics). I was asked to put this article up by a number of friends in the security industry to highlight a few very important points. The purpose of this article is to provide food for thought. Especially, when you hear someone saying that "hacked" an airplane, or made it fly "sideways" by tampering with its systems through the in-flight entertainment system. Consider the following points and come to your own conclusions. 

Anyone who is trying to "generalise" and claim that during an actual flight, for example through the in-flight entertainment system, managed to take control of the plane and/or that it is possible to actually fly an aircraft like this, should first read what the law has to say about this. (Tokyo Convention 1963). 
Do you really want someone with the excuse of being a "security researcher" tampering with the airplane's systems while you are on an actual flight, because he/she decided that has nothing better to do? I am sorry, but from where I stand, we (security researchers) respect the law, and make sure we have permission to conduct any security assessments & penetration testing, in a safe and approved environment. 

Saturday, 26 November 2016

IRISSCON 2016 - 8th IRISSCERT Cyber Crime Conference

IRISSCON 2016 - The 8th #IRISSCERT Cyber Crime Conference
Ireland's first CERT (Computer Emergency Response Team)

This year, my talk was all about Cyber Resilience. The talk provided the opportunity to participants to familiarise and understand what the term really means, and why it should not be considered as another buzzword used in the industry.  








"Threats constantly evolve based on the way our defences counter-evolve, and this cycle is something that is going to happen no matter what. What matters the most, is in what way we act upon, and how our decisions need to be part of a bigger forward looking strategy that does not treat security in an ad-hoc manner, especially when it is too late"

Saturday, 12 November 2016

IRISSCON 2016 - IRISSCERT

The 8th IRISSCERT Cyber Crime Conference will be held this year on Thursday the 24th of November 2016 in the Ballsbridge, Pembroke Road, Dublin. www.iriss.ie 

This all day conference, focuses on providing attendees with an overview of the current cyber-threats throughout the world and focuses especially on threats that affect businesses in Ireland, and what should be the best course of action when it comes to defending against these threats. You can find my recap blog post for last year's event here.

Like every year, professionals that work in cybersecurity and tackle cybercrime / cyber threats on a daily basis, will be sharing their thoughts and experiences, while attendees have a unique opportunity to ask questions,discuss cybersecurity strategies, and most importantly will meet and network with likeminded individuals allowing them to share their views and opinions.

I am honoured to be invited to speak at this event and get to share my thoughts and views on cybersecurity and most importantly, on cyber resilience, which is also reflected by my talk's title: "All aboard, next stop; Cyber Resilience". 

The abstract for my talk can be found below and I do hope you find it interesting. If you find yourselves in Dublin during the conference, I strongly suggest getting a ticket on time and join us at IRISSCON, and please come and say hi. It is always a pleasure to meet people who are passionate about information security and cybersecurity, and want to discuss/share their thoughts and opinions. Looking forwards to seeing you all there.

Wednesday, 2 November 2016

BruCON 2016 (0x08) - Speaking about POS, POI & VT (the undisclosed talk)

It was a great honour for me to present this year at a hacking conference like BruCON (brucon.org)
As many of you already know, I started this because I wanted to know how the payment process works behind the scenes (Payment Card Industry - PCI) and how secure these systems are, which we take for granted on a daily basis. 

After researching Point-of-Sales (POS), Point-of-Interaction (POI) devices and Virtual Terminals (VT) for almost 4 years, it was about time to do a presentation that wouldn't be behind closed doors as I usually do. I talked with a number of acquires, issuers, payments processors and POI OS manufacturers and let them know about my findings way before this talk. 


Tuesday, 18 October 2016

Parrot AR.Drone 2.0 Power Edition (How to)

I recently got a Parrot AR.Drone 2.0 Power Edition and I had a few issues with setting things up and running. After researching on the Internet many others had similar issues and a number of opinions and solutions were being suggest but without definitive answers. 
Due to the fact I had to spend a lot of time trying to find out who is right and who is wrong on the forums, I decided to make this non-security related blog-post because I believe it will really help a lot of people when it comes to that particular drone.