The Iron Lion

Related tags: defcon security

Defcon 0x0f - Day 2

August 3, 2007 Tagged as: defcon hack hacker security

Day 2 of Defcon was as good as the first. I've been finding the idea behind Hacker Spaces to be almost invaluable, and if I had a garage or something, could find myself creating something like that. Having come to Defcon as more of an observer, and desiring to get involved, I wish I had brought more stuff (like a solderig iron at least...) Hacker Spaces definitely satisfied my need for that.

Ne0nRain's "Hack Your Brain with Video Games" presentation was sorta "botched" because her "BioTetris" game got stuck in customs. The basic idea was that by hooking something up to your brain, and playing a specially designed video game, you could overcome mental disabilities, learn to conquer stress, or learn/perfect skills that would normally require years of practice. I'm all for cutting corners when it comes to learning.

The highlight of my day was Dan Kaminsky's "Black Ops 2007" talk. His talk last year was absolutely phenomenal. The idea of getting a graphical diff of a binary intrigued me last year, so I came back this year for more. The simple fact that it was a full house should tell you something. First, he demonstrated that he ported his graphical binary diff tool from last year to a Winamp plugin. He then moved on to his newest toy: a vpn concentrator in your browser (which he named Slirpie). This required quite a large amount of trickery, and I really wonder where he gets all his free time to do this, but it was a combination of a perl DNS server, a TCP implementation in Javascript (holy crap), and a Flash program that opens your LAN to the internet. Oops!

As I sat in Kaminsky's talk, I realized that there are WAY too many web applications (my own included) that assume the javascript being invoked to configure a page is the javascript you linked in your page. This is a bad idea, and I'm realizing it more and more as I write more GreaseMonkey code. Once the page is loaded and the javascript engine takes over, I win, hands down. It's my content now. This makes me want to go back through and perform a CRAPLOAD code audit on my own code... Yeesh

Daniel Peck and Ben Feistein presenting a tool called CaffeineMonkey which was designed to detect malicious javascript. This is a great idea, although I have my doubts as to how well it works with obfuscated javascript (they claimed it did rather well, which makes me wonder how). One thing I did find interesting is that as they collected 8GB of data from MySpace, the javascript was relatively banine, consisting mostly of trackers, etc. Considering that there is another talk tomorrow about MySpace attack vectors, this is quite surprising, considering the amount of phishing that goes on in MySpace.

The last talk I went to was a talk entitled "Hardware Hacking for Software Geeks." This talk was a bit disappointing for me, because it didn't cover anything I didn't already know. Granted, it was only 50 minutes long, they went over the tools you need to start hardware hacking, but I wanted to know a great place to get started, like PIC development and their tools or something. I picked up a few books on hardware hacking in the vendor area, so I guess that's where I start.

Seriously though, I'm sitting in the Hacker Spaces Prototype right now, owning everyone in Wii Sports, and feeling a good comraderie with other geeks. A girl just came in with a problem with her PCMCIA wireless card fighting with her wired NIC. We sat down and fought through it, and got her back up and working. Oh how I pine for a geographically close network of geeks.

Defcon 0x0F : Day 1

August 2, 2007 Tagged as: defcon hack hacking security

Alright, now that I've got a safe internet connection (via my Bluetooth connection to a 3G network), I can finally blog about Defcon 15. So far, it's been super good, and I've been able to meet some great people and see some good talks. Here's my review of Day 1.

The Church of Wifi has made some great progress in the WPA cracking. Last year, they presented the possibility of using FPGAs to crack WPA, using a 7GB set of Rainbow tables. This year, they've expanded those tables to more that 35GB, touting a word dictionary of more than a million words. Up at the Wireless Village, render was copying those tables to as many external hard drives as could be provided. They've also gone as far as creating their own live cd based on Backtrack. Although it's a great idea, it doesn't sound too stable yet. I'm still trying to find the cd on their site

Thomas Wilhelm discussed creating your own pen test lab in your home. I'll swear by this methodology. While I understood a lot of the basic pen testing because I'm familiar with Linux, the concepts of finding bugs in compiled software was not something I was very familiar with, because I lack a lot of experience with compiled languages. If you'd like to follow in my footsteps (ooh, I'm not a role model), check out Damn Vulnerable Linux. The videos and tutorials were great for me.

Jacob Applebaum called me out of the audience for some Mac settings with power management. Lucky me. Linux geek recently converted to OS X less than a week ago, and I'm caught with my pants down. Apparently, on hibernate of OS X, a systemimage is written. However, this is not deleted on resume, so you've got a systemimage saved on your system. Ew. He did add that EFI has the option of loading modules into the kernel on boot, and that there is a possibility of removing the file on resume yourself. Silly that it has to be hacked together like that.

Johnny Long's talk, the last of the night, took the cake for the highlight of my day. Last year, his talks were so charismatic that I just had to sit in on his talk this year. It was entitled "No Tech Hacking" and detailed his exploits into social engineering. With the exception of hotel cable hacking, there was absolutely no technical hacking performed. It was information gathering consisting of dumpster diving (or rather, dumpster picture taking), badge forgery, and shoulder surfing.

I went up to the Wireless Village, expecting there to be some workshop-type instructions, and found a few cliques. My mental firmware doesn't have clique support, so I spent a bit of time people watching, and decided that I'd just go see some more talks. Maybe I'll try again tomorrow. Overall, I've already felt quite rewarded for this little trip.

About Me

Allo! I'm Paul Hummer. This is where I blog about my life, which consists of everything from free software, robotics and hardware hacking, network security, and python, to web development, my various projects and ideas, my job as a software engineer, and all sorts of other shiny things I tend to find on the sidewalks of the internet.

If you're still curious about who I am and what makes me tick, feel free to check out my bio.

RecentPosts

PopularPosts

Contact me

TheIronLion.net and all contents copyright © 2007 by Paul Hummer unless otherwise noted. Content from this site is licensed under the Creative Commons License. Visual design and layout may be literally stolen from me without permission. Code snippets are released under public domain unless otherwise noted.

All opinions expressed here constitute my (Paul Hummer's) personal opinion, and do not necessarily represent the opinion of any other organization or person, including, but not limited to, my fellow employees, my employer, its clients or their agents.