Tag: news

Posted on

Forgot about t2 | Program beta out now

It’s pretty crazy that even Dr Dre managed to release new music since the last time t2 was organized. The 3.5 years without a conference definitely put a dent on the proverbial ’64 Impala, despite a steady stream of releases from our favorite artists. Even FSMCs performed live!

“They wanna know if AB still got it,
They say confs’ changed, they wanna know how we feel about it”

— Still t2

Coming back from the cold, CFP was one of the hardest ones we’ve had so far. The most brutal reviews and expectations for whether we curated a relevant program consisting of decent content or not comes from within the AB. “Why is that?” you ask sitting on a comfortable lobby bar sofa.

The Advisory Board of t2 has always had an aspirational goal of some day achieving certified status with the prestigious Security Vacation Club, yet we have decided to not submit an application until we can demonstrate a track record of at least twenty successful events.

On practical terms, using random puzzle pieces to put together a sensible picture, isn’t just dependent on the quality of individual pieces. It also depends on other ones on the table at the same time.

Right now we feel there’s a credible set of heavy hitters to warrant publishing our program in beta. Having said that, we are still working on it to make sure there’s the right recipe in the mix to facilitate those lobby bar discussions.

We still have about 25 tickets left. If you plan on attending and have not yet bought a ticket, it’s more or less the perfect moment (and second-to-last chance to do). The closer the event gets, the more likely it is someone comes and just buys 5+ at a time.

And yes, it’s on – with additional small print: a t2 Scarab challenge winner who uses a white ’86 Testarossa for ground transportation during the whole duration of t2’23 receives a free entry to t2’24 and t2’25.

Posted on

t2’21 changelog

For the first time during the history of the event, we’re skipping a year. In our previous post we shared our thoughts on the topic, and in this one, we’re announcing some changes and updates to practicalities.

First and most importantly, starting next May t2 will take place in Clarion Hotel Helsinki. This is something which really excites us. Not only is Clarion one of the newest hotels in Helsinki, they have a spectacular Sky Room offering beautiful views and refreshing (c|m)ocktails for the weary traveler. Located just across the street from the previous hotel, with easy access by boat, we’re confident t2 is able to cater to demands of even the most discerning conference guests. In fact, anyone attending t2 with a Wellcraft Scarab 38′ KV will be treated to a bottle of champagne or dinner on the AB. Terms and conditions apply.

In our effort to push t2 in to the Security Vacation Club Global Top 5000 list, we paid particular attention to Clarion’s rooftop pool and terrace. Open to all hotel guests, two saunas and a heated pool make it almost too easy to enjoy the Helsinki weather. For the seasoned conference guests, we can recommend saunas with unheated pools or easy access to the Baltic sea.

While t2 has always had that welcoming and safe atmosphere of a community-driven event, where many of our attendees have delivered a talk at some point, and/or know organizers, speakers or other long-time attendees personally, we realize it’s time to make the unofficial official by introducing documented incident reporting procedures. Beginning with t2’21 we will be publishing a transparency report documenting any incidents or noteworthy events related to the conference. Previously we’ve had the localhostess supporting attendees during the event, organizers actively keeping everyone entertained and safe, and a conference EULA setting the expectation for polite behavior. Against this historical background we are expecting the transparency report to hopefully be uninteresting and devoid of content.

In the meanwhile, stay safe.

Terms and conditions for the “t2 Scarab challenge”

  • The boat must be in legal possession of the participant (owned or rented) for the duration of the event
  • The participant must arrive to the conference with the boat (subtle flair, and making a grandiose entrance are both expected, but not mandatory)
  • At least one Advisory Board member must be able to perform an off-shore inspection on the boat, at which time the claimant must demonstrate ability to wear shoes without socks.
  • In case multiple attendees co-own or co-rent an applicable Scarab, the offer is valid for the captain only.
  • Challenge limited to the first 15 claims, in order of berthing. Number of lifetime claims limited to five per participant.
Posted on

t2 2021 officially announced

The next edition of t2 will happen in spring 2021. We’re opening our thought process below.

As the first phase of COVID-19 pandemic is almost behind us, it may initially seem counter-intuitive to cancel now. Rest assured, we still know what we’re doing. t2 has always been an event for the community by the community, and shifting the traditional October event was not an easy decision, but it was the only one we could make.

This isn’t the case of being risk averse, rather it’s about understanding both the upsides and the downsides, our own values and focusing on what truly matters.

As a community event, protecting both our audience and speakers is the only important thing at the moment. While countermeasures and protocols against the novel coronavirus and other infectious diseases have been implemented all over Europe, there’s very little practical experience on living with the “new normal”. Second wave might be coming in the fall and that’s just Europe. Last year we had visitors from 17 different countries.

Being a practically-non-commercial event, we can err on the side of caution – there’s no need to calculate “acceptable infection rate”. If you don’t personally know your audience and guests, you might be tempted to categorize “95-99% uninfected” as a job well done, and the few infected just being the cost of doing business. Yet, many of our visitors are longtime t2 attendees and good friends – the rest, new friends and (hopefully) future t2 visitors. Who’s an acceptable casualty?

With the heavy parts out of the way, we can now ridicule glitchy webinars as full blown conference replacements. No doubt watching a hung-over Grugq deliver a keynote over Zoom, wearing just Vibrams without pants, and waiting for the video to buffer like it’s RealPlayer’s heyday, is the epitome of conference immersion for many. After all, how cool it is to sit at home, unshaven and alone, in pajamas, while tweeting how awesome a conference you’re attending? During breaks, you can either join a chat room with thirty to fifty other introverts trying to make awkward small talk all implementing CSMA/CD, or better yet, call one of the other attendees you know and with whom you speak weekly in any case. Instead of proving Dave Aitel so wrong by serving him pizza in Europe at 02:30AM, you can play online (chat) roulette or read someone else’s retweets.

The in-person interaction, exchange of gifts/drinks/insults/cash/exploits, lobby bar chats, meeting new people or old friends whom you mostly meet in conferences, or just casually (and legally!) analysing the security level of a publicly available computing device are the key ingredients for a successful t2. Just like Campari & Soda, t2 is an acquired taste.

By postponing the event to 2021, we have plenty of time to scout for a new venue, with a functional lobby bar. Having t2 in spring means better weather in Helsinki – we’re expecting to finally reach the Security Vacation Club Global Top 5000 list and are thus preparing accordingly. In the meanwhile, we’ll collect more data on the global pandemic and event safety processes, which actually work. 

Exact dates and CFP will come out later. Stay safe. Be Brave.

Posted on

2019 dates announced

Get your calendar out and be ready for another edition of t2! Like a French scientist once remarked, in the field of observation, chance favors only the prepared mind.

Dates announced: t2 infosec in Helsinki | October 24-25, 2019 | 15 years of technical security excellence #t2infosec

With that out of the way, we are also updating the process for giving out complimentary tickets. After successfully running the t2 challenge for over a decade, and then giving a shot at other formats, we are retiring the concept of a challenge. While this marks the end of an era, it does not mean we have stopped appreciating fresh and upcoming talent – on the contrary, we feel it is extremely important to give young guns a helping hand and an opportunity to jump-start their artisanal career in the craft of cyber.

Instead, starting 2019, each member of the advisory board has the power to annually reward a person (or an entity) with a free ticket. As before, this free entry entitles the recipient to all the same benefits given to a regular ticket holder. To commemorate that special moment, we have ordered custom t2 challenge coins. All hints and tips are naturally appreciated, so if you know someone who in your opinion deserves a free entry, please let us know! Elegant bribery, trickery, subterfuge, exploitation or other artful, mischievous behavior requiring skill is always appreciated.

Greetings to Daniele Bianco for the awesome challenge coin design! Pics will be posted on Twitter once the coins arrive.

Posted on

t2’18 challenge winner announced

This year we altered the challenge format once again, and ran it in the form of a free-format application over e-mail between the 4th of July and 4th of August. Neither attempts at bribery nor cheating were noticed, which was a slight but acceptable disappointment for the Advisory Board.

As it has been the case in the past, the same names often show up in the Hall of Fame. Whether it’s the technical talent, persistent effort or being in the right place at the right time, Fortune favors the bold.

Congratulations Carl “Zeta Two” Svensson! Well done!

To demonstrate what it took to receive the ticket, here are selected highlights from his long application:

We would also like to thank everybody who participated in the challenge this year. Your submissions were greatly appreciated. In other news, the ticket sales have been active during the summer and we are expecting a flood of registrations once the preliminary schedule is released. To make sure you don’t miss out, register now to guarantee your place at the 15th anniversary edition of t2.

Posted on

t2’17 Challenge winner announced

This year’s free ticket was awarded at LocalTapiola HackDay to the team who discovered the most severe vulnerability. After a full day of analyzing, verifying and rating the reported vulnerabilities, we had a clear winner rising above the competitors.

Congratulations Harri Kuosmanen of team ROT! Well done!

We would also like to thank all the other teams and those participating in the challenge during the summer. The countdown to t2’17 starts now – see you on Thursday! (..or Wednesday night at one of the many pre-event meetups/lobby bar gatherings)

If you have ideas on how to give out free tickets to our 15th anniversary event next year, please let us know!

Posted on

What ever happened to the t2 challenge?

So, the t2 challenge of 2017.. It’s over for sure, but not in a way we anticipated. Before we get ahead of ourselves, let’s get back to the beginning.

The challenge was originally created in 2005 to give out free tickets to people with fantastic technical talents – there were two tracks, speed and elegance. You could either win by being the first one to solve the challenge, or by submitting the finest write-up. The idea was that also those without a personal training budget had a chance of participating the event – in practice, many new talents got a turbo boost for their contacts and career in security.

The format was successful for almost a decade, until the successful completions, attempts and downloads/page views started to drop steadily. The numbers were coming down and there was no denying it – the format of each year’s challenge appeared to have no effect on this.

We tried to compensate by putting more effort into creating the challenges, and promoted them also on Twitter in addition to the traditional channels. Alas, this did not work and we pivoted to a bug bounty this year.

The challenge was open for three full months over the summer, and during that time our own tweets alone reached over 130 000 people. Further promotion was done on our own blog, and mailing list, in addition to Full Disclosure and DailyDave. In the spirit of past challenges, the rules emphasized quality submissions and finesse to allow people to focus on what truly matters. Most importantly, the target had been selected exclusively for the t2 challenge, and had not been previously subjected to a bug bounty.

Despite a major scope increase two weeks before the challenge end date, we received exactly zero submissions. Not one, not two, but Z-to-the-E-to-the-R-to-the-0. Talk about failing..

Our question now to you, esteemed fellow hackers is:

How should we give out the free tickets in the future?

Please tweet or e-mail us, we want to hear your ideas! All feedback on the subject is appreciated.

There is sunshine after the rain – our good friend Leo Niemelä invited t2 to judge the annual LocalTapiola Hack Day. That’s the where the story continues in the following post.

Posted on

Call for papers 2017

Do you have a fear of being naked[0] in front of other people? Can you name a president[1] who has climbed a palm tree during an official state visit? Do you prefer small and efficient airports? Would you like to present world class research to a highly technical audience? If not sure yet, please continue reading.

t2 infosec is warmly welcoming you to Helsinki, on October 26-27 2017 – CFP is now open, and by submitting a talk, you get a chance to answer one or more of the previous questions.

Finland, the country in the heart of darkness, has managed to survive neutral and independent throughout its history despite facing pressure from the global superpowers due to her geopolitically strategic location. Dominance over the Baltic sea depends on controlling a handful of islands, Åland islands being one of the areas of importance. In a very typical Finnish fashion, we have embraced the 160 years of Åland islands demilitarization by drinking at home, alone, in our underwear[2]. Even Vogue[3] approves that.

While many people here would like to officially see us as the gateway between the East and the West – either through our land border with Russia or the fastest flights between Europe and Asia [4], the biggest advantage comes from the side alleys of the Internet. On the imageboards, the last sanctions for true freedom of speech, Finnish tactical meme capabilities hold a special stature – loved, admired, feared and hated, sometimes all of those at the same time. Classics like Spurdo spärde are shitposted with an intensity only a country with a long history in developing Linux, Internet protocols and mobile phones can provide, while new organic highly viral OC is pushed out at a rate comparable to major information warfare centers.

In addition to meeting the nation, which produces above average amounts of hackers, memelords and F1 drivers per capita, Helsinki in October offers you a mix of modern architecture and the Classics, saunas, casual foreign intelligence activities [5], early days of Northern European winter and cold weather, and chance to visit neighboring countries by just hopping onto a ferry at one of the harbors.

We organize this conference out of love and do our best to make it a memorable experience to both speakers and audience alike. If you’re in doubt, just send questions with #t2infosec hashtag on Twitter for an (un)biased opinion. This is an event from hackers to hackers.

t2’17 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in strategic offensive capabilities, practical applications for 48 Laws of Power, snakeoil-less security certifications, scientifically proven remote sensing, dropping zero days during presentations, scaling defense or buildings, detection mechanisms and tactics, preventing diamond heists, putting the ASL into ASLR, new vulnerability classes or something completely different containing love, happiness and traces of technical security.

The advisory board will be reviewing submissions until 2017-08-09.
First come, first served. Submissions will not be returned.

Quick facts for speakers

  • presentation length 60-120 minutes, in English
  • complimentary travel and accommodation for one person [6]
  • decent speaker hospitality benefits
  • no marketing or product propaganda

Still not sure if this is for you? Check out the blast from the past.

Considering many of our visitors know what they want and trust us to deliver, we’re making their life easy.. The registration is now open!

How to submit
Fill out the form at https://t2.fi/action/cfp

References

[0] No worries, we have saunas to cater to both nude or non-nude guests.
[1] Urho Kekkonen https://upload.wikimedia.org/wikipedia/commons/a/a1/Kekkonen-Tunis-1965.jpg
[2] https://toolbox.finland.fi/images/finland-emojis/kalsarikannit/
[3] http://www.vogue.com/article/finnish-trend-kalsarikannit-vogue-archive
[4] http://www.cnbc.com/2016/10/17/finnair-launches-singapore-to-helsinki-route-claiming-fastest-way-to-get-to-europe.html
[5] http://yle.fi/uutiset/osasto/news/finnish_intelligence_warns_foreign_powers_targeting_young_politicians/9540600
[6] Except literally @nudehaberdasher and @0xcharlie
[42] Ladies, gentlemen, and hackers, this year our headlining keynote speaker is the voice of reason when it comes to cyber policies, offense and Buffy the Vampire slayer, the person who needs no introductions,  Dave Aitel!

Posted on

Surviving the times

The beauty of good research is that it rarely gets old over night. Instead it matures, giving perspective to fundamentals or an outlook to a different time – possibly even igniting or re-igniting the passion and serving as a platform for fresh ideas. New technologies fall in the face of old methods yet defensive tactics still work despite being exposed to the real world for decades/centuries/millennia.

In 2015 we recorded talks for the first time, and continued doing so last year. These will be released semi-regularly, in no particular order, in the coming months. Having had the privilege of witnessing world class content at t2 over the years, we know what stands the test of time. While memes and movie references can either become classics or disappear completely, talent and fruits of persistent work remain.

Conferences are all about meeting people, making connections and exchanging information. By showcasing past presentations we hope to inspire you to start doing research and tinkering with technology – you will meet like-minded people from all over the world at t2.