Harald Welte's blog

deDECTed.org receives massive number of hits

One of the projects that I'm hosting (and which I've helped to initiate) on gnumonks.org is the deDECTed.org project about security research and analysis of the DECT protocols.

Like I've pointed out in many of my presentations and here in this blog, there are many communication systems in use today which don't even remotely receive as much scrutiny as TCP/IP, the Internet and the PC world. RFID is one of them, which is why I helped to get OpenPCD, OpenPICC, librfid and other projects started. My recent work on GSM protocol analysis as well as OpenBSC are of similar nature. And deDECTEd.org is doing the long-neccessarry scrutiny to evaluate practical DECT cordless telephone security.

As it seems, the news about the insecurity of most cordless phones has made its way into mainstream news, and the website is now getting thrashed quite a bit, despite running on a dual-core Opteron with quite a bit of RAM and fast SCA disks. Which is good. This means that people are indeed caring about the confidentiality of their cordless phones. It's a pity that the industry missed that fact and is shipping outdated technology way beyond todays state-of-the-art in IT security. Proprietary symmetric ciphers, weak RNGs, no user indication if the protocol falls back to no encryption, etc.

I've changed one of my e-mail signatures a couple of years back to a quote from the ETSI DECT spec: "Privacy in residential applications is a desirable marketing option". A Marketing option. Not something anyone would have to give much thought about. I hope the hardware vendors will now get sufficient public pressure to get their act together...

It's also great to see Patrick McHardy of netfilter.org fame now work on implementing a DECT protocol stack for the Linux kernel. Very exciting work.

The only sad thing is that all I can do is sit back and watch. I so much wanted to work on this project, but never got a chance. There are too many high-priority things going on, and I'm basically spending all my time in exciting (but unpaid) GSM protocol related work right now.

Presenting on Linux Coding Style / Mainline Merge and gnufiish at III

Today I was invited to present at the Taiwanese Institute for the Information Industry about two topics.

The fist talk was on How to write code compatible with the Linux Coding Style and submit patches to the mainline kernel, a seminar that I have given a number of times before, but which still raises a lot of interest.

The second talk that the III requested was surprising: About the gnufiish.org project, an effort to port Linux to E-TEN glofiish PDA phones. It is a very low-level hacker-oriented talk, and I was surprised that I should give it in front of an audience consisting of software developers working for "the industry". But I think it was received very well, and maybe it has made some people to start thinking about why people have to go to that extreme (reverse engineering) rather than some hardware vendor actually embracing the Open Source revolution and helping those people to make more software run on their devices.

Harald Welte's blog

	RSS Harald's Web gnumonks.org hmw-consulting.de sysmocom.de Projects OpenBSC OsmocomBB OsmocomTETRA deDECTed.org gpl-violations.org gpl-devices.org OpenMoko gnufiish OpenEZX OpenBeacon OpenPCD librfid openmrtd opentom.org netfilter/iptables Categories Root (1092) ccc (27) dect (2) electronics (21) gsm (126) osmocom-bb (7) knf (4) linux (699) a780 (39) conferences (128) cyberjack (4) gnuradio (5) gpl-violations (139) gspc (6) mobile (29) mrtd (35) netfilter (117) openmoko (52) opentom (7) samsung (1) via (23) misc (21) osmocom (13) personal (114) bollywood (17) taiwan (5) photography (9) politics (30) swpat (3) tetra (3) Archives 2013 (7) March (2) February (3) January (2) 2012 (31) December (1) November (1) September (2) June (4) May (6) April (2) March (8) February (1) January (6) 2011 (47) 2010 (96) 2009 (146) 2008 (106) 2007 (53) 2006 (154) 2005 (248) 2004 (198) 2003 (5) 2002 (1) Other Bloggers David Burgess Zecke Dieter Spaar Michael Lauer Stefan Schmidt Rusty Russell David Miller Martin Pool Jeremy Kerr Tim Pritlove (German) fukami (German) fefe (German) Bradley M. Kuhn Lawrence Lessig Kalyan Varma Aggregators kernelplanet.org planet.netfilter.org planet.openezx.org planet.openmoko.org planet.foss.in identi.ca twitter flattr Linked in Xing Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License. Contact/Impressum	Wed, 21 Jan 2009 deDECTed.org receives massive number of hits One of the projects that I'm hosting (and which I've helped to initiate) on gnumonks.org is the deDECTed.org project about security research and analysis of the DECT protocols. Like I've pointed out in many of my presentations and here in this blog, there are many communication systems in use today which don't even remotely receive as much scrutiny as TCP/IP, the Internet and the PC world. RFID is one of them, which is why I helped to get OpenPCD, OpenPICC, librfid and other projects started. My recent work on GSM protocol analysis as well as OpenBSC are of similar nature. And deDECTEd.org is doing the long-neccessarry scrutiny to evaluate practical DECT cordless telephone security. As it seems, the news about the insecurity of most cordless phones has made its way into mainstream news, and the website is now getting thrashed quite a bit, despite running on a dual-core Opteron with quite a bit of RAM and fast SCA disks. Which is good. This means that people are indeed caring about the confidentiality of their cordless phones. It's a pity that the industry missed that fact and is shipping outdated technology way beyond todays state-of-the-art in IT security. Proprietary symmetric ciphers, weak RNGs, no user indication if the protocol falls back to no encryption, etc. I've changed one of my e-mail signatures a couple of years back to a quote from the ETSI DECT spec: "Privacy in residential applications is a desirable marketing option". A Marketing option. Not something anyone would have to give much thought about. I hope the hardware vendors will now get sufficient public pressure to get their act together... It's also great to see Patrick McHardy of netfilter.org fame now work on implementing a DECT protocol stack for the Linux kernel. Very exciting work. The only sad thing is that all I can do is sit back and watch. I so much wanted to work on this project, but never got a chance. There are too many high-priority things going on, and I'm basically spending all my time in exciting (but unpaid) GSM protocol related work right now. [ /ccc \| permanent link ] Presenting on Linux Coding Style / Mainline Merge and gnufiish at III Today I was invited to present at the Taiwanese Institute for the Information Industry about two topics. The fist talk was on How to write code compatible with the Linux Coding Style and submit patches to the mainline kernel, a seminar that I have given a number of times before, but which still raises a lot of interest. The second talk that the III requested was surprising: About the gnufiish.org project, an effort to port Linux to E-TEN glofiish PDA phones. It is a very low-level hacker-oriented talk, and I was surprised that I should give it in front of an audience consisting of software developers working for "the industry". But I think it was received very well, and maybe it has made some people to start thinking about why people have to go to that extreme (reverse engineering) rather than some hardware vendor actually embracing the Open Source revolution and helping those people to make more software run on their devices. [ /linux/conferences \| permanent link ]