All posts by Graeme Jenkinson

CfP: BSides London 2017

====================================================================
BSides London 2017
7th June 2017
ILEC Conference Centre, 47 Lillie Road London, SW6 1UD
https://www.securitybsides.org.uk/
====================================================================

We invite proposals for BSides London 2017, to be held on the 7th June, 2017 in London, UK.

Please note that all submissions must be submitted at: https://bit.ly/BSidesLDN2017CFP

———————————————————

Important dates

CfP opens – February 14th
CfP closes – March 27th
Voting on CFP Open – March 30th
Voting on CFP Close – April 13th
email notification to proposers – April 14th
Deadline for speakers to confirm attendance – April 21st
BSides London schedule published – May 1st
BSides London! – June 7th, 2017

(All deadlines are 11:59pm GMT)

———————————————————

What is BSides?

Each BSides is a community-driven framework for building events for and by information security community members.  The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.  It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

———————————————————

Scope

This year our focus will be on a theme that is a fundamental to InfoSec: “Sharing is Caring: Disclosure, leaks as well as knowledge transfer it is all about sharing”. We seek original contributions that present attacks, analyses, designs, applications, protocols, systems, practical experiences, and theory. As usual the theme is not prescriptive, and proposals may include (but are not limited to) the following topics:

* Information technology
* Network security & Cryptography
* Web Application security
* Mobile security
* Usable security
* Virtualization and cloud computing
* Innovative attack / defense strategies
* Forensics / Malware
* Embedded device security / IoT
* Physical security and lockpicking
* Biometrics
* Hardware hacking
* Biohacking and modification
* Open source software
* Robotics (bonus points for bringing an actual robot)
* Massive abuse of technology
* Evolutionary computing
* Ethical and philosophical implications of hacking

———————————————————

Advice to  presenters

PRESENTATIONS should describe novel technical contributions within the scope of the call. The presentations will be subjected to open (non-blind) peer review by the organising committee.  The allotted time for each presentation will typically be between 45 minutes to 1 hour (including Q&A); though shorter presentations are also welcome.

Remember that our participants’ backgrounds and experience are varied. There must be something for everyone, so when choosing a subject go with something you are comfortable with no matter the difficulty level. Your presentation should tell us a story:

– Here is a problem
– It’s an interesting problem
– It’s an unsolved problem
– Here is my idea
– My idea works (details, data)
– Here’s how my idea compares to other people’s approaches

If your talk is not selected, please keep in mind that we aim to provide a “lighting talks” track where speakers can present their topics on a first come/first served basis.

Best of luck and thanks for being part of Security BSides London! For additional information or questions regarding the process please email cfp at securitybsides.org.uk

———————————————————

Organization

As in previous years, the schedule for BSides London 2017 will be selected by public vote.

Passwords 2015 call for papers

The  9th International Conference on Passwords will be held at Cambridge, UK on 7-9 December 2015.

Launched in 2010 by Per Thorsheim,  Passwordscon is a lively and entertaining conference series dedicated solely to passwords. Passwordscon’s unique mix of refereed papers and hacker talks encourages a kind of cross-fertilization that I’m sure you’ll find both entertaining and fruitful.

Paper submissions are due by 7 September 2015. Selected papers will be included in the event proceedings, published by Springer in the Lecture Notes in Computer Science (LNCS) series.

We hope to see lots of you there!

Graeme Jenkinson, Local arrangements chair

Why password managers (sometimes) fail

We are asked to remember far too many passwords. This problem is most acute on the web. And thus, unsurprisingly, it is on the web that technical solutions have had most success in replacing users’ ad hoc coping strategies. One of the longest established and most widely adopted technical solutions is a password manager: software that remembers passwords and submits them on the user’s behalf. But this isn’t as straightforward as it sounds. In our recent work on bootstrapping adoption of the Pico system [1], we’ve come to appreciate just how hard life is for developers and maintainers of password managers.

In a paper we are about to present at the Passwords 2014 conference in Trondheim, we introduce our proposal for Password Manager Friendly (PMF) semantics [2]. PMF semantics are designed to give developers and maintainers of password managers a bit of a break and, more importantly, to improve the user experience.

Continue reading Why password managers (sometimes) fail