‘Where nightmares and dreams unite’ – Security outlook 2010 @ 26C3

Title inspired by “Bridge to Solace”

In case you didnt have a chance to watch the final talk of this years Chaos Communication Congress (26C3 – ‘Here be dragons’) titled ‘Security Nightmares’ here a few key points raised. As expected the talk was a blast to listen to as Ron and Frank didn’t hold back with sarcasm.

No surprise that they started off painting a rather gloomy picture for ‘Cloudy computing’ in 2010. If you’ve been following the security news for the last months you’ll have noticed that cloud computing is of interest to all kind of businesses – including the more shadowy ones. It sounds like they consider hypervisor escapes a possibility going by the signs and rumors on the ground. But even if we wont see any serious cloud exploits in 2010 the fact that the CCC guys are mentioning that there is a lot of work done in that area should be a red flag. Focusing on social networks – jokingly categorized in ‘harmful for your career’ and ‘advantageous for your career’ – they emphazised what everyone should know by now anyway; consider anything that you put on the internet as publicly accessible. Interesting that they mentioned (jesting or not) signs of a shift in social acceptance when it comes to incongruous content like pictures of you totally wasted at that party last month. Jokingly they added it is soon to be expected that an employer will be suspicious if they cannot find pictures of an applicant online showing him/her drunken or vomiting.
Under the motto ‘ the most honest communication happens between a human and his search engine’ they raised concerns around privacy not only with Google. During their talk which lasted over an hour they also touched on familiar topics like the ‘incident’ of unencrypted video feeds of U.S. drones, the questionable security/survivability of smartmeters, electronic ID cards and the aftermath of Confiker and Co.

As of now the recorded version of ‘Security Nightmares’ is not available on the official site. I do recommend watching it as soon as it is however (not sure if the english translation will be up). Most of the other talks are available here and most of them are well worth watching.