“Beauty and the Beast”.
(Photo credit: Mike the Musicologist.)
Archive for August 4th, 2010
I like to call this one…
Wednesday, August 4th, 2010After action report: Las Vegas, NV.
Wednesday, August 4th, 2010I covered a lot of stuff in my previous travel report, so this will mostly just be updates.
- Project e worked spectacularly well at DEFCON. This is the first chance I’ve had to really push the battery life, and I was able to get an good 12+ hours out of the battery without running it totally dry. (This was with the machine set to “powersave” and putting it into “standby” or “hibernate” when I was in the dealer’s room, or driving around with Mike the Musicologist and Andrew. Continuous usage with the wireless would have been more like 6+ hours, I think, which is still pretty impressive.)
- My one regret is that I forgot my Alfa external WiFi adapter. I would have enjoyed playing with that at the convention.
- The 5.11 bailout bag also worked out well for lugging around Project e and various other equipment. Again, I was able to carry a pretty good load, including the laptop, charger, books, a couple of bottles of water, the small camera, and miscellaneous other necessities.
- MtM has the Nikon with him and has been taking a lot of photos. As you saw below, I did use the Nikon to take some Gehry photos. When I have more time, I’m going to put up an expanded and annotated Flickr photo set; I did some side-by-side experiments with aperture priority vs. automatic exposure.
- Food in Las Vegas was, without exception, pretty darn good. The worst meal I had (at the Four Kegs) was still better than average (and I didn’t order the stromboli, which is the house specialty). We also had a very good (if loud) tapas meal at Firefly* on Paradise, the usual wonderful meal at Lotus of Siam, the previously mentioned dinner at Shabu-Shabu Paradise, and a Moroccan meal at Marrakech. (I had not previously had Moroccan food, so I can’t comment on how authentic it was. I certainly enjoyed my meal, and the belly dancer didn’t hurt.)
Vegas does have something of a shortage of good breakfast places outside of the casinos (and even inside of the casinos, if you’re not looking for a buffet). We had several good breakfasts at Blueberry Hill on Flamingo and one excellent breakfast at The Egg and I on Sahara. I know that MtM and Andrew went to a good Italian place in New York, New York while I was at the convention, and I’ll let them comment on that. - Between Tucson and Las Vegas, the refurbished Kindle I ordered arrived, and it went on this trip. I’m sure I’ll have more to say about the Kindle later on, but my first impression is “Meh”. I did manage to read John Clark’s Ignition! in PDF format and a Project Gutenberg MOBI format copy of Heart of Darkness without too much trouble, but my experiences with other PDF files and eBooks have been inconsistent.
- On the other hand, I finished, and highly recommend, Ubuntu for Non-Geeks 4th Edition
and am almost finished with Cisco Routers for the Desperate 2nd Edition
(also recommended). No Starch Press rocks. And the coupon code “DEFCON18” will get you a 30% discount. And they’re running a half-price sale on all e-books.
- My Southwest experience this time was much more pleasant. No misplaced bags, and no flight delays. One thing that was particularly unusual was going through the security line in Las Vegas; I had, literally, no wait. Just walked straight up to the TSA agent and got in line for the metal detector. It took longer to take my shoes off and the laptop out than it did to get through the rest of security.
My thanks to, in no particular order, the DEFCON 18 staff and presenters, No Starch Press, UNIX Surplus, SEREPick, Lotus of Siam, Shabu-Shabu Paradise, Sarah at the iBar in the Rio, and the unknown belly dancer at Marrakech.
Special thanks to my high-speed, low-drag travel companions in the primary, Mike the Musicologist and Andrew “Porous concrete? What were they thinking?” Wimsatt.
Speaking of the bad guys…
Wednesday, August 4th, 2010pdb has a link up to a report produced by the Border Security Operations Center on a massive drug cartel shootout in Nuevo Laredo. This was a running gun battle between opposing groups (with, according to BSOC, some involvement by Mexican armed forces) over a two to three hour period.
The BSOC presentation includes photos, and some of those photos are graphic. Viewer discretion is advised. Skip to page 21 for the summary, if you don’t want to deal with the photos.
Edited to add: Jay G. has a post up at his site in which he points out a remarkable similarity between the right-hand photo in the second row on page 20, and this photo of a Suburban supposedly holed by F-16 fire when it wandered onto the wrong part of a military base. There’s some speculation in the comments about whether someone inserted an unrelated photo just to make things look better, or whether this is part of an evil master plan to play up the “drug gangs armed with American assault rifles” canard and get more funding. I’m leaving this post up, but Jay G.’s post makes me a lot more skeptical.
DEFCON 18 notes: Day 3.
Wednesday, August 4th, 2010“The Search for Perfect Handcuffs… and the Perfect Handcuff Key“: It seems that Sunday morning at DEFCON has become the default time for the lock picking and other physical security panels. Sometimes this bugs me a little; I can only sit through so many panels on compromising high security locks with common household objects before my eyes glaze over and I leave for the dealers room. It isn’t that these panels aren’t interesting, but three in a row…
Anyway, I say all that to say that this presentation from TOOOL was one of the better Sunday morning lock bypass presentations I’ve seen at DEFCON. Deviant Ollam and his crew gave a comprehensive overview of handcuffs, how they work, and how they can be defeated. Some key points:
- A group of Dutch hackers managed to defeat the high security Dutch handcuffs by taking a photo of the key (hanging off someone’s belt) and using a 3D printer to duplicate it. The key can be found here.
- You can shim many handcuffs with paper, believe it or not. Paper money (especially European paper money, which in many cases is more like plastic or Tyvek than paper) works especially well for this, as currency is generally designed to be tear resistant.
- Handcuffs are generally a pretty simple mechanism. If they aren’t double-locked, it’s really easy to “shim” them (force a flat piece of metal, or something like that, down between the pivoting ratchet arm and the cuff itself), or pick the lock with something like a paper clip. (You know what really works well for a cuff pick? The sort of U-shaped metal arm that comes on those steel binder clips you can buy at Office Depot.)
- If the cuffs are double-locked, it makes shimming and picking attacks harder. One way to defeat double-locking is the “whack attack”; slam the cuffs against a hard surface, and inertia will pop the double-lock locking bar back into the unlocked position.
- It doesn’t take a lot of strength to break handcuffs. Breaking them is just a matter of binding the chains up. Once you’ve done that, it’s just leverage and simple physics to break the chain.
- You can also rough up the chain with a small easily concealed diamond saw blade to make it easier to break. The folks at SEREPick sell such a thing; you can hide it in the seams of your clothes, in a belt, in the top of a shoe…
- There’s a lot of design variation in handcuffs, which can cause problems, especially if you’re trying to find a universal handcuff key. Keyway sizes, size and number of pawls…lots of things can cause problems.
- The TOOOL folks have collected a bunch of cuffs, so they got as many as possible together, took very precise measurements of the keys, and came up with a single “universal” handcuff key that opened all the cuffs they were able to try. No, they don’t sell it, but diagrams and measurements for the key were part of the presentation. The easiest thing to do, according to the presenters, is to start with a Smith and Wesson handcuff key, as that’s closest to the final dimensions of the universal key. After that, all you need is some minor cutting and filing which can be done with a Dremel tool.
(I suspect there are some people who are going to ask “Why would you want to break out of handcuffs? And don’t you feel bad about sharing this information with criminals?” In the first place, the criminals have already learned all these tricks at one of our many institutes of higher education. In the second place, the bad guys are starting to use things like handcuffs and zip ties to restrain their victims; you might as well learn how to defend yourself.)
“Electronic Weaponry or How to Rule the World While Shopping at Radio Shack“: I’ll cut some slack for this guy being a first time presenter, but this was a “Meh” panel for me. It was heavy on the theory of things like RF jamming and EMP attacks, but short on practice. Most of the theory I already knew, so there wasn’t a whole lot there for me. At the end, he did demonstrate a “sound cannon”, which was interesting. It did not, however, even approach the “annoying” level for me, much less the “weapon” one, though the presenter was running it without amplification.
“Breaking Bluetooth By Being Bored”: Dunning (who also built Vera-NG, a Bluetooth and WiFi sniping rifle) presented a series of tools for banging on Bluetooth. These tools included:
- SpoofTooph, a utility for cloning and spoofing Bluetooth devices. SpoofTooph can also be run in a logging mode, where it will collect data on devices it encounters.
- The Bluetooth Profiling Project, which uses programs like SpoofTooph to collect Bluetooth device profiles for analysis. (For example, which device addresses correspond to which manufacturer?)
- vCardBlaster, a utility for running a denial of service attack against a Bluetooth device by flooding it with vCards.
- Blueper, which sends a stream of files over Bluetooth. You can send files to multiple devices in range, or target a single device and flood it with files. This is interesting because many devices cache received files before asking the user to accept them; if you push a continuous stream of files to one of those devices, you can fill up internal storage and possibly crash the device.
- pwntooth, a suite of automated Bluetooth testing tools.
As a side note, after some banging around (mostly to resolve dependencies) I managed to compile and install SpoofTooph on Project e. So far, I’ve only tested it in my lab environment, but it seems to work as designed. This is one of the reasons I love going to DEFCON, as there’s nothing like that moment when you say “Holy f—ing s–t, that f—ing f—er actually f—ing works! S–t!”
There was no final attendance figure announced at the closing ceremonies. According to Joe Grand’s badge documentation, there were 7,000 electronic badges made, and those went fast. I would not be shocked if there were 15,000 people at DEFCON this year, and from what I saw in the closing ceremonies, a lot of those folks were attending for the first time.
The big piece of news from the closing ceremonies is that, after four years at the Riveria, DEFCON is moving to the Rio next year. My hope is that the move will make it easier to get into the more popular panels (DEFCON apparently will be using the Penn & Teller Theater at the Rio), and provide more room to move around. (And maybe even more room for vendors.)
Coming up later on: the final after action report and thank-yous.