Latest Event Updates

Janne Haldesten – Please hold, your call is being rerouted: Vulnerabilities in the SS7 protocol

Posted on

Janne Haldesten SS7Signalling System No. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, messaging and other mass market services.

While vulnerabilities in SS7 for tracking, interception and denial of service have been reported as far back as 2001, the overall impact of these vulnerabilities on various sectors has not been detailed publicly. The abuse of SS7 for the purpose of attacking individuals and infrastructure should be considered extremely serious.

Interception of voice can be done easily using SS7, being undetectable and unpreventable by the user with current technology.
Using techniques to deny data services could force users away from secure to less secure methods of communication such as GSM voice/data allowing interception.

This presentation will point out why we are vulnerable, the attack vectors as well as current ongoing mitigation efforts.

Janne Haldesten is a fairly seasoned security specialist at Cybercom Group who just loves offensive security and network forensics!
He has worked as an adviser and subject matter expert to various government organisations and corporations nationally and internationally in matters regarding national security, critical infrastructure protection, information assurance, incident handling and investigation.

Janne is also a fellow at the Cyber Security Forum Initiative (CSFI) as well as a co-teacher at the Chief Information Assurance Officer program (CIAO) at the Centre for Asymmetric Threat Studies at the Swedish Defence University (CATS/SEDU). Janne is an occasional guest lecturer at George Washington University and Halmstad University apart from public speaking engagements where he presented on SS7 in Washington D.C. late August this year.

Marielle Eide – The new General Data Protection Regulation – Are you ready?

Posted on Updated on

Marielle EideIn May 2018 a new data protection regulation (“GDPR”) will enter into force. GDPR includes, among other things, extended security requirements for personal data which companies need to adapt to, such as “privacy by design and privacy by default”. A company that doesn’t follow the rules risk getting administrative fines of up to 4 %, so it’s time to start preparing! During the seminar you will get a brief introduction to GDPR in general, and to the security requirements in particular. This seminar will give you basic knowledge and some practical advice that may help you and your organization along the way towards GDPR compliance.

Marielle Eide is lawyer specialized in IT, online and privacy law. She helps companies to achieve success in business by writing and negotiate good contracts and providing legal advice, including how to tackle the legal aspects of data protection law. Marielle is part of Delphi law firm’s IT law team which is top ranked in Sweden.

Lukasz Olejnik – (Ab)using Web Sensors: Privacy for the Modern Web

Posted on Updated on

Lukasz OlejnikFor majority of users, web browser is the most important computer application. Increasingly complex, exciting and rich, features are standardized by W3C and implemented in web browsers on a normal basis. New browser features introduce interesting privacy challenges for standardization, research and development. I will demonstrate privacy analyses of a number of web browser mechanisms, discussing the past, present and future. I will detail modern and advanced web browser functionalities allowing to access information about the user’s system or the details about the user’s behaviour and his direct surrounding. Increasingly complex data provided by web browsers may mean that privacy impact assessments will be the standard in web application development.

Lukasz Olejnik is a London-based security and privacy consultant and a researcher at University College London. He completed his Computer Science PhD at INRIA (France). Prior to that, he worked at Poznan Supercomputing and Networking Center, and CERN. His interests include information, computer security and privacy, especially web, mobile and Internet of Things and Web of Things security and privacy.

Lukasz published his works in top academic venues. He has publications spanning fields such as quantum cryptography, security and privacy. He authored a number of influential projects related to privacy. His recent project, analyses privacy footprint of web sensors. Lukasz is a World Wide Web Consortium’s (W3C) Invited Expert where he works on privacy aspects of web standards. He advises to the National Security Bureau of the Republic of Poland’s Cybersecurity Expert Group.

2015 Line-up and Videos

Posted on Updated on

In 2015 the first #owaspgbgday conference was  held with amazing workshops and speakers, thank you! If you cannot wait until november make sure to check out the presentations from last year!

Read the rest of this entry »

We are looking for workshops as well!

Posted on Updated on

Papers and presentations are awesome but getting ones hands dirty in a workshop is also critical in learning. Remember that for #owaspgbgday we are also looking for workshops.

Make sure to checkout our call for papers and submit your workshop idea. If you’d rather hold a presentation, of course we would love to hear about it as well.

See you on OWASP Gothenburg Day 2016!

The Call For Papers is open!

Posted on Updated on

The CFP for #owaspgbgday has opened and WE WANT YOU!

We want talks and workshops so go a head and check out the details on the CFP page.

Venue has been booked!

Posted on Updated on

For those of you who were with us on #owaspgbgday last year, you will remember the amazing venue on Lindholmen Conference Center.

We are glad to tell you we will be there once more!

The story continues!

Posted on Updated on

After the success of OWASP Gothenburg Day (#owaspgbgday) in 2015 we are now in the midst of planning the 2016 successor. CFP will open soon and we are actively talking with speakers right now, the venue is already booked and the date has been set!

As you see, it is only a matter of time so stay tuned!

Date: 2016-11-24
Venue: Someplace
Cost: Stay tuned!