Archive for August, 2009

People who deserve a “Thank You” (part 1 of an ongoing series)

Monday, August 3rd, 2009

Joseph Hall, for his excellent set of instructions on setting up WireShark under OS X.

Dining in Las Vegas 2009

Monday, August 3rd, 2009

So where did I eat while I was in Las Vegas?

Well, I had a great meal Thursday night at Lotus of Siam, one of my favorite restaurants in the world.

Breakfast on Friday morning was at Blueberry Hill on Flamingo, one of the locations of a very good local chain. Friday night dinner was at a place called Himalayan Cuisine, also on Flamingo, which serves Nepalese, Tibetan, and Indian food; the lamb Sekuwa was quite good.

Saturday night, I decided to try one of the local oddities (at least, I think this is local; I haven’t run across it in Austin or any other cities); all you can eat sushi, in this case at Yami Sushi, also on Flamingo. (Are you detecting a trend here?) Decent sushi at a reasonable price (about $23 for the all-you-can-eat option). However, there’s an extra charge if you don’t eat the rice, there’s an extra charge if you don’t clean your plate…I was slightly put off.

Sunday breakfast: The Egg and I, one of two locations of a local family-run chain. The egg puns are a little tiresome, but the food is wonderful; this gets an official Whipped Cream Difficulties endorsement. (Try the Collision Course; it will keep you going all day long.)

Sunday dinner: I was a little disappointed by the Tillerman last year, and tried to come up with a better idea. However, I couldn’t, the closing ceremonies ran long, and…well, I ended up back there again this year. Good thing; they’ve added a new “Monthly Specials” menu (not on their website), and the rainbow trout with a honey/citrus sauce was very good, and a steal at $22 (including mashed potatoes and the Tillerman’s massive “salad bar”).

DEFCON notes: Day 2

Monday, August 3rd, 2009

Saturday was a little calmer than Friday from my perspective. Part of the reason for that may have been Adam Savage‘s talk (and the meet and greet afterwards) took a lot of folks out of circulation for two or three hours. (I didn’t go.)

More quick takes:

“Hacker vs. Disasters Large & Small”: Michael Schearer, who did the first part of the presentation, also did the Hacker In Iraq presentation. As a Naval officer, he went through SERE school, so he’s got some hands-on survival experience which makes him worth paying attention to. Schearer’s part of the presentation basically covered short-term wilderness survival (as in, “I’m cold and there are wolves after me.“) and was more practical. Renderman’s half of the presentation was a more long-term, “How do we survive and rebuild society after the Big One?”, philosophical presentation. (Edited to add: links to the final versions of the slides; Part 1, Part 2.)
Key takeaways:

  • “Hacker skills are largely compatible with the skills necessary to survive in the wilderness or during a natural disaster.”
  • “Don’t be squeamish about breaking or destroying something to help you stay alive.”
  • “You are not Jack Bauer, MacGuyver, or Survivorman; you need practice to survive.”

“Personal Survival Preparedness”: Nice guy, okay talk, mostly dealing with survival in an urban environment after some devastating event (Katrina or worse).

“Picking Electronic Locks Using TCP Sequence Prediction”: Excellent presentation, short, and scary. Brief summary: many electronic lock systems are IP based and the traffic on the network is not encrypted. This makes the locks vulnerable to a man-in-the-middle attack (to capture an unlock command) and a replay attack with a spoofed TCP sequence number (to replay the command). These attacks bypass the existing control software, so the spoofed unlock command leaves no audit trail. The author is a network admin at Texas State University; woo hoo! Greater Austin/San Marcos Metropolitan Area represent!

Sniff Keystrokes With Lasers/Voltmeters”: Two pretty amusing guys with another excellent presentation. In the first half, they presented an attack on PS/2 keyboards with very simple hardware; all you need is a slightly hacked power cord connected to a common circuit with the computer in question on one end, and an ADC plus a micro-controller (for data acquisition, filtering, and storage) on the other and viola! In the second half, they outlined a acoustic-based attack that builds on previous research, combined with microphone hardware using freaking laser beams. As the authors said, “How cool is that?”
Key takeaway: “girls will melt when you show this…”

“Bluetooth, Smells Like Chicken”: Pretty much what I expected from the summary. Using software-defined radio gear (about $1000) you can monitor the Bluetooth frequencies. Bluetooth does frequency hopping over about 79 MHz, and the software-defined radio gear can only monitor about 25 MHz (max) at one time. But you can monitor one channel and use information from that packet to actually predict the frequency hopping cycle. The authors also presented a technique that allows aliasing of the entire Bluetooth spectrum to the 25 MHz available in the radio gear they were using without compromising the ability to extract packets. Finally, they discussed Bluetooth attacks using off-the-shelf sub-$10 hardware to sample and inject data.

Key takeaway: there is no longer any such thing as a non-discoverable Bluetooth device.

DEFCON notes: Day 1

Sunday, August 2nd, 2009

I’ve been running a little behind on these, but I’m trying to catch up. I’m also going to try to insert links to the actual presentations as they go up.

Quick takes:

“Is your IPhone Pwned?”: This was turned into a more general talk about the whole class of smartphones, including Windows mobile devices. They demonstrated one exploit that involves settings on Windows devices from some vendors. (Basically, the exploit involves misconfigured security settings that allow a remote computer to send malicious WAP push messages that the phone will accept.) Patching mobile vulnerabilities is difficult; there’s a lot of QA issues that have to be dealt with by each vendor for each platform, plus the FCC gets involved if you touch the radio code. Beyond that, the presenters spent a lot of time discussing the design of their Fuzzit tool for finding phone vulnerabilities. Key takeaway: the state of mobile security today is roughly equivalent to the state of network security as of 1999.

“Hacking With the iPod Touch”: Key takeaways:

  • There’s a lot of tools available for penetration testing on the iPod Touch if you’re willing to jailbreak the device. (Wilhelm’s presentation includes a long list of available tools. Did you know that you can run Perl, Python, and Ruby on the iPod Touch? Neither did I.)
  • Nobody gets suspicious if they see you fiddling with your iPod Touch. A full-sized laptop, or even a netbook, might be a different matter.

“That Awesome Time I Was Sued For Two Billion Dollars”: Jason Scott is a pretty good speaker, but this was sort of a “meh” talk. “Yeah, I got sued for two billion dollars by someone who is apparently mentally unbalanced (in the speaker’s opinion -DB) and the case got thrown out of court.” Key take away: Don’t let yourself be intimidated by legal (or legal-looking) documents.

“Three Point Oh”: Couldn’t get in to see Long’s talk.

“Something About Network Security”: Kaminsky’s talk this year concentrated on vulnerabilities in the PKI infrastructure, and specifically certificate attacks. I still think Kaminsky is the cat’s pajamas, but his talk this year seemed a bit off, compared to some of his previous talks (for example, the tunneling data over DNS hack).

I heartily endorse this event or product.

Saturday, August 1st, 2009

Pico, makers of fine FPGA development boards.

I haven’t actually worked with any of their products (though learning more about FPGAs is on my list of things I’d like to do) but the people they sent to DEFCON 17 were very nice. I even got two of their “business” cards.

IMG_0318

Someone’s getting one of these as a slightly late birthday present.