“Welcome and the Making of the DEF CON 19 Badge”: didn’t bother going. I don’t care much about the making of this year’s badge.
“WTF Happened to the Constitution?”: perfectly fine talk. Except for some of the case law theprez98 referenced, pretty much everything he covered was already familiar to me from “The Agitator” and “Hit and Run”. That’s not his fault, though, and I’m sure a lot of what he covered was new to the rest of the audience. I was also previously unaware of The Assault on Privacy, and will have to add that to my blogroll.
“From Printer To Pwnd”: This was a fun little talk, covering multi-function printers and the vulnerabilities they introduce into networks. Basically, people get sloppy with these devices and fail to do things like change default passwords; also, many of these devices have bugs in the embedded firmware. The presenter, Deral Heiland, demonstrated some interesting attack vectors: “malformed” URLs which allow you to bypass authentication on certain devices, “information leakage” attacks which allow you to get useful information (like passwords) out of the web admin pages, “forced browsing” attacks which allow you to grab device address books (which may also contain passwords), and “passback attacks” which trick the device into communicating with an attacker (for example, using LDAP configuration script testing). All of this culminated in the release of Praeda, an automated toolkit for attacking multi-function devices. The latest version can be found here: I don’t have a link to the slides, but will add one when I do.
“Black Ops of TCP/IP 2011“: You know how people talk about wanting the old funny Woody Allen back? This was the old funny Dan Kaminsky back; the guy who does deep arcane magic with TCP/IP packets and DNS.
His talk broke down roughly into three parts:
- Bitcoin. Short summary: Bitcoin is remarkably secure (“there are entire classes of bugs that are missing”) but it isn’t anonymous, and doesn’t scale well. Kaminsky found a way to basically build a file system on top of BitCoin (BitCoinFS) and also outlines ways of breaking BitCoin anonymity. In the process, Kaminsky also outlined a serious flaw with the Universal Plug and Play (UPNP) protocol used by many wireless routers.
- IP spoofing. Kaminsky was running a little behind (it took a while to fill the Penn and Teller theater) and was speeding through this portion of his talk. Rather than attempting to give detailed summaries of how all this stuff works at the low TCP/IP level, I’ll suggest you check out the slides.
- Net neutrality. Kaminsky’s developed two tools: N00ter and Roto-N00ter, designed to detect ISPs playing silly buggers with packets (for example, giving preference to packets destined for Bing over packets destined for Google).
“And That’s How I Lost My Eye“: the funniest panel I went to today. Deviant Ollam, Bruce Potter, and Shane Lawson wanted to see if it was possible to destroy a hard drive in less than 60 seconds such that the data was unrecoverable, without setting off alarms or damaging any nearby humans, and without spending a lot of money on something like the SEMShred.
Ollam took the explosives/incendiary part of the equation. His results can be summarized as: it might be possible to use explosives, especially the popular “boomerite” type explosives used in exploding targets, to destroy a hard drive. But playing around with explosives, especially when you’re activating them electronically, is a good way to attract the attention of unpleasant people with badges. Apparently, those same people have no problems with explosives triggered by a rifle bullet, so if you want to affix an M1A above your server with a ton of “boomerite” below, go ahead…
Chemical methods didn’t work out very well either. Cobalt isn’t highly reactive, and the type of acids that can quickly dissolve a hard drive platter aren’t easily available at Home Depot and don’t play well with people and other living things. There were a lot of slides of vats of acid doing nothing to hard drive platters.
It’s also hard to destroy a drive physically. Hole saws, spade bits, and grinders did nothing.
The presenters did discover that a combination of a salt solution and electricity could strip the plating off of ceramic platter drives. But that didn’t work on aluminum platter drives.
What finally did work was fire. Propane and MAPP gas (which you can’t get in the US any more) will melt aluminum, but it’s hard to apply those to a spinning drive and have it melt; the spinning drive tends to dissipate heat. The presenters were working on an automated solution involving a glow plug, propane, and an Arduno, but ran out of time before they could finish that project.
However, you don’t have to melt a drive to render it unreadable; you only have to heat it to the Curie point. That’s not quite as spectacular as a spinning drive throwing off chunks of molten aluminum, but it will work. (However, if I understand Wikipedia right, the Curie point of colbalt is 1100 degrees C, and the melting point of aluminum is 660 degrees C. So I’m not sure what that buys you.) I wonder:
- Could you come up with some sort of inductive heating method for hard drives?
- I also wonder, thinking about Deviant Ollam’s approach, what would happen if you fired a nail gun loaded with the right kind of nails into a spinning hard drive at close range? I wonder if Snoop ever tried that. (I also wonder if a nail gun at close range would trigger “boomerite”.)
“Key Impressioning“: I can’t give this panel a fair evaluation. In brief, impressioning consists of sticking a blank key into a lock, moving the blank up and down, removing it, noting where the lock pins hit the key, filing down the contact points, and repeating the process until all the pins reach the proper depth and you have a working key. The presenter gave a live demo of this process, and was impressively quick at it.
The problems I had with this panel were:
- the camera that was set up for the demo did a poor job of showing the actual process.
- the sound was off for over half the panel. Combined with tbe presenter’s accent, that left me able to make out about one out of every four words he said. I’m sure he’s an okay guy; I just couldn’t see what he was doing, or hear much of what he said.