Archive for the ‘DEFCON 31’ Category

DEFCON 31 news flash.

Friday, September 8th, 2023

By way of Hacker News, and I only discovered this 15 minutes ago so I haven’t had time to go through all of it yet:

“Snoop unto them, as they snoop unto us”.

Here’s the original description:

BLE devices are now all the rage. What makes a purpose built tracking device like the AirTag all that different from the majority of BLE devices that have a fixed address? With the rise of IoT we’re also seeing a rise in government and corporate BLE surveillance systems. We’ll look at tools that normal people can use to find out if their favorite IoT gear is easily trackable. If headphones and GoPro’s use fixed addresses, what about stun guns and bodycams? We’ll take a look at IoT gear used by authorities and how it may be detectedable over long durations, just like an AirTag.

The first link will get you to slides, video of the talk, files, and code. As you know, Bob, Bluetooth is a thing for this blog, so this is relevant to my interests…

DEFCON 31 notes, part 3.

Monday, August 14th, 2023

There’s a story in The Register about the Johannes Willbold “Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites” presentation at Black Hat.

But I’m not going to link it. Instead, I’m going to link the Hacker News discussion of the story, which I think is more interesting (and contains a link to the story itself).

There was a suspicious package discovered on Saturday night, and DEFCON was evacuated until it was dealt with. There’s a lot of speculation floating around that I don’t want to link to, so I’m only providing the official statement.

Here’s a really detailed and clear write-up of “A Pain in the NAS: Exploiting Cloud Connectivity to PWN Your NAS”.

And here’s more on “All Cops Are Broadcasting: Breaking TETRA After Decades in the Shadows”, including the team’s paper for the USENIX Security Symposium.

I know I pointed folks to the media server the other day for preliminary presentation slides, but I want to call this presentation out specifically: “Private Keys in Public Places”.

DEFCON 31 notes, part 2.

Friday, August 11th, 2023

Slides are up for Thursday’s Black Hat presentations. At least some of them, including:

Here’s a link to the DEFCON 31 presentations on the DEFCON media server.

Thursday’s DEFCON presentations that I was interested in:

As I noted earlier, the current state of Twitter makes it almost impossible for me to keep up with and provide presentation updates. Your best bet (and I feel like a lazy journalist saying this) might be to check out the decks on the media server for any presentations you are interested in, check out those folks Twitter or Mastodon feeds (if you’re on one of those services, and they’ve put that in their deck) and look for updates there.

Tips in comments are welcome.

DEFCON 31 notes.

Wednesday, August 9th, 2023

The Black Hat Briefings in Las Vegas started today.

DEFCON 31 starts tomorrow, though it seems like Friday is when things pick up.

Despite the recent, and much appreciated, shout-out from Borepatch, I’m feeling kind of ambivalent about trying to keep up with DEFCON this year.

My recent trip (write-up coming in the next few days, promise) blew a pretty big hole in my schedule. I haven’t had any time to do prep work for DEFCON/Black Hat. And I have a whole bunch of things I want to do, and so little time to do them in.

I also rely heavily on Twitter for links to presentations. And the current state of Twitter makes that almost impossible.

It also feels like DEFCON has moved past me. It used to feel like a gathering of one of my tribes. Now it feels like…something else. I note that DEFCON admission is now $460. And you don’t get free admission, or even a discount, if you go to Black Hat.

Still, tradition is tradition. So let’s see how badly I can do this.

(more…)