Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 12 Apr 2011 00:43:41 +0400
From: Solar Designer <>
Cc: Per Thorsheim <>
Subject: Fwd: Passwords^11 - Call for Papers ending April 17!

I am forwarding this CFP because I think someone in here might want to
speak at Passwords^11.  I am sorry for the short notice.

bartavelle, Matt - notice the first topic suggested below.

----- Forwarded message from Per Thorsheim <> -----

Subject: Passwords^11 - Call for Papers ending April 17!
From: Per Thorsheim <>
To: bugtraq <>
Date: Mon, 11 Apr 2011 21:06:36 +0200

A quick reminder that the Call for Papers for Passwords^11 ends on
Sunday, April 17. We have already accepted and announced some of the
speakers, with more to come.

We are still interested in talks, especially within some narrow areas:

1. Hybrid-wordlist-mangling ruleset construction logic for tools like
JtR, *hashcat and others

2. Mobile device password bypass, such as forensics tools to extract MS
activesync (or similar) data from iPhones, Android, Blackberry, Symbian,
WP7 etc.

3. Biometric authentication, especially blood vein authentication
(fingerprint is *so* 00's), as a replacement to old-style password
authentication. (We're doing a panel debate on "will we ever get rid of

We have also opened up for registration, details available here:

Best regards,
Per Thorsheim

> PASSWORDS^11 will be held at the University in Bergen (Norway), on June
> 7-8, 2011. The 2-day conference will be free and open for everyone to
> attend. Primary audience will be academics and security professionals
> with deep technical knowledge. Limited seats available. Passwords &
> PINs, nothing else.
> (Presentations as well as video recordings from most of the 
> presentations at Passwords^10, Dec 2010, are still available at 
> == DATES ==
> March 9 - Public CFP
> April 17 - CFP submission ends
> April 24 - All notifications sent to speakers (accept / reject)
> Registration opens at - TBA
> The conference will be held at the University in Bergen (, with
> help and participation from The Selmer Center ( and
> NISNet ( We'll start Tuesday at 09:00, ending Wednesday
> 17:00. We'll sleep somewhere in the middle. Like in December, we'll
> probably only do a single track of talks, everybody get to attend all
> presentations.
> We are looking for relevant content within ATTACKS, DEFENSE and
> USABILITY towards passwords & PIN codes. Presentations will be either 1
> hour (45-50 minutes + questions), or 2 hours including a break. We are
> especially interested in:
> Protecting against online attacks, such as detecting, rate-limiting and
> blocking them, implementing hashing schemes such as PBKDF2, Bcrypt and
> PBMAC, and attacks against passwords on mobile devices. If you mention
> forensics or PCI-DSS somewhere in there as well, you just might be a
> winner.
> Cool Guy Challenge:
> We'd like to see a presentation on the probability & feasibility of
> *ever* getting rid of passwords. Business cases, even crazy ideas
> suggesting that leaving passwords for something better could be a good
> thing to do (faster, cheaper & better). (Blizzard protects their games
> using 2-factor authentication, while many banks still uses usernames &
> passwords only....)
> ATTACKS include online and offline attacks against all types of
> passwords and & PINs, where the purpose is to gain access to, circumvent
> or recover a password in some form. (Mind reading is out of scope). New
> & updated tools & techniques are most welcome.
> DEFENSE includes ways to defend against online/offline attacks against
> passwords, including IDS, logging, ciphers, policies, awareness etc.
> USABILITY includes user interaction designs, password policies, security
> awareness, password reset / recovery from a user perspective, statistics
> and so on. 
>  == HOW TO SUBMIT ==
> Send your proposal to Submissions will be reviewed
> by people from the Selmer Center and me (Per Thorsheim). Submissions
> MUST include the following information:
> 1. Speaker(s) name
> 2. Bio (short, should include link to online profile, website, blog etc)
> 3. Title and short abstract of your presentation
> 4. List of facilities required beyond the usual equipment available
> 5. If you will allow materials, presentation and video to be made
> available online after the conference
> All papers and presentations must be in English. With free participation
> and a very limited budget, we can't offer much more than the fun and
> usability of talking to other experts in this area, as well as free
> lunch both days. 
> No product marketing will be accepted. Materials presented should be
> your own work. No limits to technical depth - expect well educated and
> highly experienced security professionals in the audience. We will do
> video recordings of all presentations and make them available for free
> after the conference, unless you disagree. (We may even consider live
> streaming!)
> We will make arrangements for an official conference hotel, preferably
> with a price discount available. We will also try to help those who
> would like to see the fjords (see before or after 
> the conference. Of course we'll try to gather everyone for dinner on 
> Monday evening (before we start), as well on Tuesday evening. There will
> be plenty of sightseeing opportunities available at this time of year. 
> If anyone would like to sponsor the conference in any way, please contact 
> me ASAP, we're open to any suggestions you might have. We MAY be able to 
> do limited travel reimbursements for 1-2 speakers, but only for people 
> attending privately (not representing any commercial organization).
> Questions and comments are welcome.

----- End forwarded message -----

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.