Philippe Langlois weblog

I'll be presenting "SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones" at Black Hat Briefings in March in Amsterdam. My speech is on March, 29 and I'll be showing there the recent advances in penetration techniques against SS7 networks.

When people ask me "Why are you researching this?", I wondered and it came down to this reasonning: I like to explore, to discover things, to know about things that are unknown. And definitely, the SS7 network is one of the most used network (every time you make a phone call, it's the SS7 network that makes it possible), and yet most unknown to the general public (Go ahead, ask anybody if he knows Internet or SS7 network, replace SS7 by "Phone system" and you get a different answer). I think this governs quite a few things in my life: trying to understand things which are not very much studied but yet govern by their shape and interaction a lot of what we do.

Black Hat Briefings Europe 2007 Schedule

The outline of the conference

Lire la suite

A game is just a game, right. Recently, on a virtual massively-multiplayer on-line game called "EVE Online", gaming and real life just got suddenly mixed.

To sum up the situation, a gamer used spying techniques in the game in order to gain intelligence and advantages: something that is rather encouraged by the game developer. In the game, you're a living form in space and pilot spaceships, trade, assault, defend, ... Space Far West.

This user (Kugutsumen) did so well at manipulating and spying that he discovered a tough truth about the game developer: one of them was at the same time playing and using his developer status in order to win the game and give an unfair advantage to the alliance he was part of.

When disclosed, this information was a real bomb: it mixed virtual life and real life, showed that dirty techniques existed in both world, and.... gave a strange outcome.

CCP, the software company that runs the game decided to ban Kugutsumen instead of first investigating the issue. Then, faced with so much outrage and shouts, made an investigation and recognized that one of its developer had indeed played bad.

If you advocate bad behaviors, you'll probably end up with more, in this game it was obvious. And that even for funny (games) thing, you can end up with dirty tricks and "security through obscurity".

Lire la suite

Interesting video showing evolution from web1.0 in its beginning, up to web2.0 changes.

It's not just the look, it's the way everything is structured in a new dynamic.

Short (4:31) and interesting intro to web2.0.

Lire la suite

I'll be making a presentation at IT Underground in March. The subject of this presentation will be:

SCTPscan - Finding entry points to SS7 Networks & Telecommunication Backbones

This will be followed by a hands on workshop on how to test SIGTRAN / SS7 over IP networks and how to use SCTPscan and other tools to do this.

Lire la suite

Are you the kind of person who love computer graphic representation of complex systems? Well... then, Opte is going to satisfy you. Something like an open source-minded version of CAIDA.org, it's a real pleasure to see this project going strong.

Lire la suite