Philippe Langlois weblog

Funny way to backdoor a Vista system.

Lire la suite

I'll be presenting "SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones" at Black Hat Briefings in March in Amsterdam. My speech is on March, 29 and I'll be showing there the recent advances in penetration techniques against SS7 networks.

When people ask me "Why are you researching this?", I wondered and it came down to this reasonning: I like to explore, to discover things, to know about things that are unknown. And definitely, the SS7 network is one of the most used network (every time you make a phone call, it's the SS7 network that makes it possible), and yet most unknown to the general public (Go ahead, ask anybody if he knows Internet or SS7 network, replace SS7 by "Phone system" and you get a different answer). I think this governs quite a few things in my life: trying to understand things which are not very much studied but yet govern by their shape and interaction a lot of what we do.

Black Hat Briefings Europe 2007 Schedule

The outline of the conference

Lire la suite

A game is just a game, right. Recently, on a virtual massively-multiplayer on-line game called "EVE Online", gaming and real life just got suddenly mixed.

To sum up the situation, a gamer used spying techniques in the game in order to gain intelligence and advantages: something that is rather encouraged by the game developer. In the game, you're a living form in space and pilot spaceships, trade, assault, defend, ... Space Far West.

This user (Kugutsumen) did so well at manipulating and spying that he discovered a tough truth about the game developer: one of them was at the same time playing and using his developer status in order to win the game and give an unfair advantage to the alliance he was part of.

When disclosed, this information was a real bomb: it mixed virtual life and real life, showed that dirty techniques existed in both world, and.... gave a strange outcome.

CCP, the software company that runs the game decided to ban Kugutsumen instead of first investigating the issue. Then, faced with so much outrage and shouts, made an investigation and recognized that one of its developer had indeed played bad.

If you advocate bad behaviors, you'll probably end up with more, in this game it was obvious. And that even for funny (games) thing, you can end up with dirty tricks and "security through obscurity".

Lire la suite

Interesting video showing evolution from web1.0 in its beginning, up to web2.0 changes.

It's not just the look, it's the way everything is structured in a new dynamic.

Short (4:31) and interesting intro to web2.0.

Lire la suite

I'll be making a presentation at IT Underground in March. The subject of this presentation will be:

SCTPscan - Finding entry points to SS7 Networks & Telecommunication Backbones

This will be followed by a hands on workshop on how to test SIGTRAN / SS7 over IP networks and how to use SCTPscan and other tools to do this.

Lire la suite

Are you the kind of person who love computer graphic representation of complex systems? Well... then, Opte is going to satisfy you. Something like an open source-minded version of CAIDA.org, it's a real pleasure to see this project going strong.

Lire la suite

SCTPscan is a new tool to scan SCTP endpoints. SCTP is a protocol like TCP with builtin support in major OS (Linux kernel 2.6, Solaris 10, FreeBSD 7, Mac OS X with kernel extension, ...). SCTP has some very interesting features (multihoming, multi-stream, resists well to Denial of Service - DoS, high performance). It's used for telecommunication backbone over IP (SS7 over IP aka SIGTRAN), Internet2 transfers, Cluster high-speed communication.

SCTPscan is like nmap for SCTP. It's released as a GPL Open Source free software.

Lire la suite

List of interesting companies in web2.0. This well presented site lists the most innovative companies on the web2.0 scene. Have a look.

Lire la suite

It's always a pain to see a good computer slowed down by Windows XP running tons of unnecessary services.

Here is a list of all the things you can throw away and also, tips to enhance your (already painful enough) Windows experience!

Lire la suite

Ce n'est pas une nouvelle danse, mais une simplification (merci) des methodes de developpement et de gestion de projet Agiles / eXtreme Programming. La base de cette methode, c'est de se rencontrer souvent entre developpeurs, et frequemment avec le client.

Allez, venez scrummer avec nous.

Lire la suite

Petite decouverte des Fullerenes, la guest-star du monde extraordinaire des nanotechnologies. Beaucoup de promesses, quelques applications. What's next?

Lire la suite

Un excellent guide dont on avait bien besoin.

Lire la suite

Excellent projet pour faire du broadcast TV avec sa carte graphique PC.

Lire la suite

Tres drole a memoriser...

Lire la suite

Un tres bon outil d'analyse de texte!

Lire la suite

Utiliser Skype au maximum et l'interconnecter au reste du monde...

Lire la suite

Comment construire son microcontrolleur actif sur le reseau a partir d'une carte ether et d'un circuit imprime? Bon petit site!

Lire la suite

C'est un Satellite Stratospherique, ca ressemble a un croisement entre une baleine et un balon dirigeable, et ca permet de rester sur la meme position GPS pendant des mois? annees? et de relayer des communication bidirectionnelle en couvrant une surface de la taille de l'etat du Texas.

Lire la suite

Nice tools by Hellekin & S5 By Eric Meyer.

Lire la suite

Interessant car on peut le faire a la maison... :)

Lire la suite

Une maniere amusante de gerer la proximite des sites web. Simple et Excellent.

Lire la suite

Des ordinateurs embedded tres tres petits, et directement utilisables...

Lire la suite

Cet article montre qu'un risque denomme comme local (le risque lie au BlueTooth) peut en fait etre exploite depuis une grande distance.

Lire la suite

Avec la complexite croissante des reseaux, notamments avec l'apparition de certains protocoles de routages "dynamiques", il devient difficile de prevoir l'impact de certains changement dans le reseau. De fait, des outils de "Network Modeling" apparaissent pour simuler les impacts de changements.

Lire la suite

Utilisation interessante des SNS et de l'audit / conseil en entreprise.

Lire la suite